2019: What to expect in cybersecurity this year

Posted by:

Another year is upon us. 2018 was a cyber rollercoaster with massive internet scandals and data breaches.  With that in mind there are a number of IT security topics that should be top of mind for 2019.

Take a look at a few we’ve identified…

Security by Design

We expect to see a greater focus on baked-in security, be this in application development, or in IT and company strategies. In 2018, with the enforcement of Europe’s data ...

Read More →
0

Are employees really the weakest link in your cyber-defense strategy?

Posted by:

It’s been touted for awhile that people, be they employees, business partners or consultants, are the true weakness in the cyber defenses of an organization.

It is people – all with some level of access to the inner sanctum of the network – that have been a main focus for malicious agents (aka “the bad guys”).

It isn’t rocket science as to why – as technology gets more complex and savvy, it is more difficult to sneak into a system undetected from ...

Read More →
0

Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Convincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters.

Posted by:

We published an article recently about how many senior information security professionals, be they CISOs or CIOs, are worried about their systems being vulnerable to breach. One of the main problems is getting senior stakeholders, like the Board or the executive management team, to buy into your information security strategy. We shared a few approaches on how to address this ubiquitous problem.

Achieving executive buy-in on information security policies is much more difficult than ...

Read More →
0

Getting ahead of a new breed of Ransomware

Posted by:

We typically understand a ransomware attack to be a demand for payment in return for decrypting files. But evolution, even in malware, is inevitable. A fairly new disruptive cyber cell known as The Dark Overlord is relying on the threat of reputation damage to “encourage” its victims to pay up.

You might be thinking that reputation damage wouldn’t be enough to make your firm shake in its boots, but you’d be wrong. These Dark Overlord cyberbullies use nasty tactics ...

Read More →
0

Lessons learned from the Equifax Breach – Part 2

Posted by:

Here is Part 2 of Lessons learned from the Equifax Breach. See Part 1.

Own up, make changes and say sorry:

According to Whois, Equifax registered their Equifax Security 2017 site (would Equifax insecurity have been a better name I wonder?) in late August. Incidentally, this is a month *after* they claim to have witnessed suspicious network traffic associated with their US online dispute portal.  

Yet they only informed the world via ...

Read More →
1

Lessons learned from the Equifax Breach – Part 1

Posted by:

First, Props to @briankrebs for the evil Equifax logo. 

While those unaffected by the Equifax breach have been stuffing their faces with proverbial popcorn as they watch the latest unveilings and press announcements, those worried that their most sensitive and identifying details have been leaked simply look on in horror, unknowing how to proceed.

The exact details of how the hackers made off with so much data remain fairly obscure. Equifax has

Read More →
1
})
SEC Cybersecurity Exams