Are employees really the weakest link in your cyber-defense strategy?

Posted by:

It’s been touted for awhile that people, be they employees, business partners or consultants, are the true weakness in the cyber defenses of an organization.

It is people – all with some level of access to the inner sanctum of the network – that have been a main focus for malicious agents (aka “the bad guys”).

It isn’t rocket science as to why – as technology gets more complex and savvy, it is more difficult to sneak into a system undetected from ...

Read More →
0

Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Penetration Tests: Why It Stops Trouble Before It’s Too Late

Posted by:

No matter what kind of company you work in, if it has online assets – like a web store or site, or databases containing sensitive information like business strategies, financials, or customer info – you face a dilemma: how do I stop unauthorized users from entering restricted systems and accessing files, yet ensure seamless accessibility to my users?

There are of course countless approaches to this problem, usually including layers of security, powerful software and enforced policies. Now, even in big ...

Read More →
0

The Big Case for Multi-Factor Authentication: October Cybersecurity Awareness Month

Posted by:

We are steaming through October’s cybersecurity awareness month. We have talked about how ignoring the everyday scams, malware and data grabs is detrimental to individuals as well as your organization’s risk posture. In fact, passwords are still the number one attack vector. Don’t think for a moment that the password problem has gone away.

In 2017, a Verizon report stated that 95% of web application attacks take advantage of weak ...

Read More →
0

Top Five Data Breaches of Summer 2018

Posted by:

It seems that 2.6 billion records were exposed in the first half of 2018. Just to provide context, remember that there are less than 3 times that many people alive on the planet. Obviously, those records don’t represent unique users, but it goes to show the sheer scope of the problem.

And it is an expensive problem. In the U.S. the average price tag swells to $7.91 million per breach, with an average clean up time ...

Read More →
0

Top five IT security threats AND what you can do about them

Posted by:

The job of a security administrator is far more complex today than ever. Plethoras of attacks attempt to blow down your corporate doors on a daily basis. Below, we’ve outlined today’s most prevalent attacks, and provided some expert advice on how to prevent being their next victim.

 

Malware and targeted attacks

Malware has moved a long way from the viruses and worms of the 1990s, becoming ever more crafted to target specific businesses or sectors, to steal ...

Read More →
0

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

U.S. and China trade wars: What’s the likely impact on information security?

Posted by:

Image courtesy of the Los Angeles Daily News

The U.S. political landscape is shifting dramatically, and no one knows what this shake out will uncover. For better or worse, it is certainly rocking the boat for U.S. residents, but changes are afoot for other global entities as well.

One of these entities is China.

According to media reports as recent as yesterday, China says it is “fully prepared” for a trade war with the U.S.

This coming ...

Read More →
0

Cryptomining – How Prevalent Is It And How To Stop It

Posted by:

One of the recent additions to the cyber threat landscape plaguing many organizations is the introduction of Crypto Miners. Due to the rise in popularity of Cryptocurrency, attackers have been shifting their attention and focus on gaining access to as many resources as they can find. The end goal of these attacks is to utilize the victim’s CPU to mine Cryptocurrency. To gain access to these resources the attackers are cycling in and out the latest and most popular exploitable ...

Read More →
0

Some useful advice for newly-appointed CIOs and CISOs

Posted by:

For the newly appointed CIO or CISO, being hit with an unexpected information security disaster is like a bone-crushing punch in the face.

Not only do you have to think on your feet and make decisions confidently and swiftly, but if you are still unfamiliar with the internal environment, you are swimming in dangerous waters: make the wrong call, and risk screwing up some essential service delivery or upsetting customers and shareholders. Each system, security policy, management team, staff ...

Read More →
0
Page 1 of 9 12345...»
})
SEC Cybersecurity Exams