Lessons learned from the Equifax Breach – Part 2

Posted by:

Here is Part 2 of Lessons learned from the Equifax Breach. See Part 1.

Own up, make changes and say sorry:

According to Whois, Equifax registered their Equifax Security 2017 site (would Equifax insecurity have been a better name I wonder?) in late August. Incidentally, this is a month *after* they claim to have witnessed suspicious network traffic associated with their US online dispute portal.  

Yet they only informed the world via ...

Read More →
1

Lessons learned from the Equifax Breach – Part 1

Posted by:

First, Props to @briankrebs for the evil Equifax logo. 

While those unaffected by the Equifax breach have been stuffing their faces with proverbial popcorn as they watch the latest unveilings and press announcements, those worried that their most sensitive and identifying details have been leaked simply look on in horror, unknowing how to proceed.

The exact details of how the hackers made off with so much data remain fairly obscure. Equifax has

Read More →
1

Top 4 cybersecurity headaches plaguing Financial Services Institutions

Posted by:

Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.

FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a: cybersecurity risk.

This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become ...

Read More →
0

Tips for getting your IT security budget approved

Posted by:

“Many boards now have a clear focus on information security risks. This is not always reflected across the broader organization. Security and risk management professionals must manage and defend security budgets to meet stakeholder expectations of protection.”

These words, published on the Gartner website, are frustratingly true for many firms out there.

CIOs oversee the accessibility, confidentiality and integrity of files and systems. This means they must introduce new and maintain old systems, ensuring everyone can who ...

Read More →
0

When cheaper is not better: a quick guide to penetration tests

Posted by:

An IT administrator recently vented his frustration about having to conduct a penetration test.

He wanted an in-depth assessment of his system to make sure his network was operating with a low risk profile, all while still making all the required services available to his users.  

His firm has cloud services, several sensitive databases, internal and external networks, not to mention multiple operating systems (the designers “demanded” Apple products).

The idea was ...

Read More →
0

How to hire a good CISO: a short – but informative – guide

Posted by:

The deluge of cyberattacks hasn’t abated. Before we discuss what a CISO does and the different ways you can bring in CISO expertise into your organization, let’s take a quick at the current threat landscape.

As ever, we continue to be plummeted with scary news articles about companies suffering data breaches, ransomware attacks, dDoS attacks and vulnerability exploits.

It seems no industry is safe. We’ve read about attacks hitting hotels (Intercontinental), restaurants (Arby’s), telecommunications (Verifone, Verizon), healthcare ( Read More →

0

EU GDPR demystified: a straightforward checklist for US firms (PART THREE)

Posted by:

In this GDPR post, we provide you with a curated checklist to assist you during your  journey to compliance with the new European GDPR regulation, coming into effect in May 2018. Learn more about GDPR and its implications in our previous articles:

EU GDPR demystified: a straightforward reference guide for US firms – Part One 

EU GDPR demystified: a straightforward reference guide for US firms – Part Two

 

EU-GDPR REGULATION CHECKLIST FROM TBG SECURITY

 


Read More →
0

Petya or NotPetya – How It Spreads And What To Do About It

Posted by:

Petya or NotPetya That Is The Question

Actually, this latest ransomware outbreak is not Petya. The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya, but after the outbreak started, security researchers noticed that “the superficial resemblance is only skin deep”.
Researchers at Russia’s Kaspersky Lab redubbed the malware NotPetya, and then folks played the name game and variation like Petna, Pneytna began to spread as a result. As if that didn’t ...

Read More →
0

EU GDPR demystified: a straightforward reference guide for US firms (PART TWO)

Posted by:

Understanding whether you are impacted by GDPR is a key first step. A survey, carried out at RSA 2017 by Imperva, found that just 43% of companies are preparing for GDPR, 29% were not preparing, and 28% were unaware of any specific preparations being made.

Even if you have no base in one of the EU’s 28 countries, you can still be held accountable if you mishandle the personal data of EU residents. 

MORE FROM TBG SECURITY ON ...

Read More →
0

EU GDPR demystified: a straight-forward guide for US firms (PART 1)

Posted by:

Ahhh GDPR, the EU General Data Protection Regulation (EU-GDPR), the new European data legislation that revamps 20-year-old data protection laws to align with our digital age. It’s a radical and unprecedented piece of legislation, whittled down to a whopping 99 Articles, categorised in 11 Chapters.

Ugh.

AS if 99 articles isn’t bad enough, the effective date is coming sooner than you think….. May 2018, less than a year away.

Some of you, we know, are facing it head on, grappling with how ...

Read More →
1
Page 2 of 12 12345...»