Cybersecurity budget: CISO advice for getting your Board of Directors to take notice

Posted by:

There are many CISOs and CSOs out there hiding their proverbial sweaty palms.

They’re stressed out, worried that it is just a matter of time before their network gets caught up in some embarrassing data debacle – perhaps it will be ransomware, or a targeted attack or an insider leak.

And they know they will then truly be in the hot seat.

Thing is, for many, it is a fingers-crossed game, because ...

Read More →
1

Cybersecurity predictions 2018: 5 key infosecurity trends to watch out for

Posted by:

In our last post, we talked about the most significant data breaches of 2017.  And what better way to wrap up 2017 than by pulling out our crystal ball and gazing into the near future.

Using our expertise in infosecurity, here is our shortlist of what to watch out for in the upcoming year:

Expect new EU regulation GDPR to make headlines.

The way in which your website collates ...

Read More →
0

Getting ahead of a new breed of Ransomware

Posted by:

We typically understand a ransomware attack to be a demand for payment in return for decrypting files. But evolution, even in malware, is inevitable. A fairly new disruptive cyber cell known as The Dark Overlord is relying on the threat of reputation damage to “encourage” its victims to pay up.

You might be thinking that reputation damage wouldn’t be enough to make your firm shake in its boots, but you’d be wrong. These Dark Overlord cyberbullies use nasty tactics ...

Read More →
0

IoT Developers: checklist for building more secure Smart Devices.

Posted by:

[This is Part 2. Part 1 of this blog series is here: Before you buy or connect a smart device (IoT)…]

Having worked for more than 20 years in the technology and information security industry, I have seen first hand how hard management can push their teams.

There is no doubt that the IoT race is on, but whipping teams into a frenzy so that they race through the development, testing and production phases has a real ...

Read More →
0

Lessons learned from the Equifax Breach – Part 2

Posted by:

Here is Part 2 of Lessons learned from the Equifax Breach. See Part 1.

Own up, make changes and say sorry:

According to Whois, Equifax registered their Equifax Security 2017 site (would Equifax insecurity have been a better name I wonder?) in late August. Incidentally, this is a month *after* they claim to have witnessed suspicious network traffic associated with their US online dispute portal.  

Yet they only informed the world via ...

Read More →
1

Lessons learned from the Equifax Breach – Part 1

Posted by:

First, Props to @briankrebs for the evil Equifax logo. 

While those unaffected by the Equifax breach have been stuffing their faces with proverbial popcorn as they watch the latest unveilings and press announcements, those worried that their most sensitive and identifying details have been leaked simply look on in horror, unknowing how to proceed.

The exact details of how the hackers made off with so much data remain fairly obscure. Equifax has

Read More →
1

Top 4 cybersecurity headaches plaguing Financial Services Institutions

Posted by:

Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.

FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a: cybersecurity risk.

This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become ...

Read More →
0

EU GDPR demystified: a straightforward checklist for US firms (PART THREE)

Posted by:

In this GDPR post, we provide you with a curated checklist to assist you during your  journey to compliance with the new European GDPR regulation, coming into effect in May 2018. Learn more about GDPR and its implications in our previous articles:

EU GDPR demystified: a straightforward reference guide for US firms – Part One 

EU GDPR demystified: a straightforward reference guide for US firms – Part Two

 

EU-GDPR REGULATION CHECKLIST FROM TBG SECURITY

 


Read More →
0

Petya or NotPetya – How It Spreads And What To Do About It

Posted by:

Petya or NotPetya That Is The Question

Actually, this latest ransomware outbreak is not Petya. The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya, but after the outbreak started, security researchers noticed that “the superficial resemblance is only skin deep”.
Researchers at Russia’s Kaspersky Lab redubbed the malware NotPetya, and then folks played the name game and variation like Petna, Pneytna began to spread as a result. As if that didn’t ...

Read More →
0

We’ve all got password fatigue, but are NIST’s new policies wise?

Posted by:

Ah the necessary evil of passwords.

Those of us who have worked in organizations that require users to change passwords at set intervals know what I mean.

Typically every three to six months, users are requested to perform a password change – maybe in the form of an annoying pop-up alert. In some setups, the user is lock out of the system until a new memorable password (but one that follows the complex password creation guidelines) is set.

A ...

Read More →
0
Page 1 of 5 12345
})
SEC Cybersecurity Exams