Ransomware: expert prevention and mitigation advice

Posted by:

Ask anyone who’s been through it: ransomware attacks are nasty, insidious beasts that can spike stress levels, lean hard on resources and steal funds from organizations. They impact brand reputation, deflate morale and significantly disrupt normal business operations.

Worst of all, ransomware reports on the rise.

A recent survey shows that the biggest cost to business is downtime, not the ransom payment. The other interesting finding is that almost half of all attacks target firms with more than ...

Read More →
0

Want to outsource your IT security? 43 questions to ask

Posted by:

When it comes to outsourcing IT security, there is no one size fits all.

In the last blog post, Is outsourcing your IT security right for your organization, we looked at why some companies choose to outsource their IT security requirements.

Here, we are going to find out how you identify a good IT security firm.

IT security is specific to every organization. It depends on what assets you are trying ...

Read More →
1

Is outsourcing your IT security right for your organization?

Posted by:

Imagine you are running a large, swanky five-star hotel where guests expect to pay for luxury services. You might conclude that having full-time medical doctors on staff is worth the investment.

However, were you running a leaner hospitality operation, the associated costs of full-time doctors would simply be prohibitive, putting your business under unnecessary financial strain.

Now compare this scenario to that of a growing business needing to secure its systems, data and users from unauthorised access and malicious software.

For a few ...

Read More →
0

How to provide IT security training that works

Posted by:

All IT teams in medium to large organizations know that they should be providing regular IT security training to staff members. Small businesses should be doing it too, but might not be as aware of the need for cybersecurity training for non-IT staff.

Thing is, other jobs always seem to get in the way. Firefighting system availability, authentication, confidentiality and security issues means that training often drops down the priority list.

Even in security-conscious organizations, months, and even years, can pass without ...

Read More →
0

Are legacy apps lurking on your network?

Posted by:

Network audits can be instrumental in sanitising your systems, ensuring there are no legacy, outdated or vulnerable applications lurking on the network.

You probably don’t need us to tell you that networks are complex beasts. Network administrators walk a tightrope between making sure all files are available for the right people at the right time, and ensuring that the unauthorised are denied access at every turn.

Knowing what is on your system is vital – we’ve previously Read More →

0

TBG Security secures top placement in the Palmetto Cyber Defense Competition

Posted by:

Earlier this month, TBG Security took part in the The Palmetto Cyber Defense Competition (PCDC).

PCDC is a three-day cyber defense competition created through the collaboration of two organizations: the Space and Naval Warfare Systems Center Atlantic (SPAWAR) and the South Carolina Lowcountry Chapter of the Armed Forces Communications and Electronics Association (AFCEA).

Designed to energize high school and college students about an exciting future in the cybersecurity ...

Read More →
0

Addressing the PEBCAK scenario: protecting systems against rogue employees (PART 2)

Posted by:

malicious employeeIn the PART 1, we discussed how non-malicious employees can disrupt business continuity. This post will focus on the malicious or rogue employee and outline what you can do to obstruct an inside job.

First off, many wonder just how big of a problem is posed by rogue employees? Take a look at these recent ...

Read More →
0

The PEBCAK scenario: securing systems against non-malicious employees

Posted by:

Ever use the expression PEBCAK? What about ID-Ten-T error?*

While many variations exist, they all mean the same thing: user error. Ignoring the negative sentiment implied, it’s effectively a shorthand to say, “not our fault.”

In the world of, say, technical support, perhaps this expression might be acceptable. Many tech support teams exist simply to ensure their widgets are functioning correctly. But when an IT representative uses such terms to refer to a user within the organization, shouldn’t it raise a red ...

Read More →
1

How to get stakeholder ‘buy in’ for regular penetration testing

Posted by:

Yet another massive breach was confirmed last week, after 2.2 million patient and employee private records at cancer treatment provider 21st Century Oncology Holdings were found to be accessible to unauthorized third-parties.

Patients’ names, Social Security numbers, physicians’ names, diagnoses and treatment information, as well as insurance records could now all be in the clutches of unauthorized individuals. Ouch.

The FBI made the organization Read More →

0

Penetration testing: Don’t caught with your pants down

Posted by:

Why is penetration testing important?
You can’t fix what you don’t know is broken.

Discovering a leak only when some unauthorized visitor has taken advantage of it sucks.

Ask anyone who’s gone through it. Hackers might have slipped into your network to snoop around, nab confidential information and/or cause havoc…Whatever the case, this is most definitely a situation that is better avoided.

At USENIX Enigma 2016, NSA TAO Chief Rob Joyce presented Disrupting Nation State Hackers. In this ...

Read More →
0
Page 7 of 8 «...45678
})
SEC Cybersecurity Exams