Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Top Five Data Breaches of Summer 2018

Posted by:

It seems that 2.6 billion records were exposed in the first half of 2018. Just to provide context, remember that there are less than 3 times that many people alive on the planet. Obviously, those records don’t represent unique users, but it goes to show the sheer scope of the problem.

And it is an expensive problem. In the U.S. the average price tag swells to $7.91 million per breach, with an average clean up time ...

Read More →
0

What is an information security framework and why do I need one?

Posted by:

An information security framework, when done properly, will allow any security leader to more intelligently manage their organizations cyber risk.

The framework consists of a number of documents that clearly define the adopted policies, procedures, and processes by which your organisation abides.  It effectively explains to all parties (internal, tangential and external) how information, systems and services are managed within your organisation.

The main point of having an information security framework in place is ...

Read More →
0

Cybersecurity predictions 2018: 5 key infosecurity trends to watch out for

Posted by:

In our last post, we talked about the most significant data breaches of 2017.  And what better way to wrap up 2017 than by pulling out our crystal ball and gazing into the near future.

Using our expertise in infosecurity, here is our shortlist of what to watch out for in the upcoming year:

Expect new EU regulation GDPR to make headlines.

The way in which your website collates ...

Read More →
0

Before you buy or connect a smart device (IoT), read this!

Posted by:

The Internet of Things (IoT), as a term, has been bandied around a lot over the last few years.

Many people – even those that work in the technology sector – are still unclear on what IoT really means.

In this blog series, we will define IoT, talk about why infosecurity experts are concerned, and delve into some of the issues facing both providers and consumers.

We’ll also provide some practical recommendations for both parties:

  • Consumers of IoT devices: Tips for choosing the right IoT ...
Read More →
1

How to hire a good CISO: a short – but informative – guide

Posted by:

The deluge of cyberattacks hasn’t abated. Before we discuss what a CISO does and the different ways you can bring in CISO expertise into your organization, let’s take a quick at the current threat landscape.

As ever, we continue to be plummeted with scary news articles about companies suffering data breaches, ransomware attacks, dDoS attacks and vulnerability exploits.

It seems no industry is safe. We’ve read about attacks hitting hotels (Intercontinental), restaurants (Arby’s), telecommunications (Verifone, Verizon), healthcare ( Read More →

0

We’ve all got password fatigue, but are NIST’s new policies wise?

Posted by:

Ah the necessary evil of passwords.

Those of us who have worked in organizations that require users to change passwords at set intervals know what I mean.

Typically every three to six months, users are requested to perform a password change – maybe in the form of an annoying pop-up alert. In some setups, the user is lock out of the system until a new memorable password (but one that follows the complex password creation guidelines) is set.

A ...

Read More →
0

Everything You Need To Know About WannaCry – Right Now

Posted by:

What is WannaCry?

WannaCrypt, aka WanaCrypt0r 2.0, WannaCry and WCry, is a new ransomware that hit over 74 countries in the last 24 hours, which spreads like a worm by leveraging a Windows vulnerability (MS17-010) that has been previously fixed by Microsoft in March of this year.  WannaCry is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that makes them unavailable to you anymore.

The express train speed with ...

Read More →
0

Trump’s budget blueprint: what’s it mean for cybersecurity?

Posted by:

Last week, we saw the release of the US’s 2018 budget blueprint.

Before I even read the document, I did a random search on some security-related keywords within the 2018 budget to see how many times each one showed up. I found the results rather revealing. Make of this what you will:

  • Cyber: 15
  • Security: 68 (5 of which refer to Homeland Security)
  • Attack: 4
  • Privacy: ...
Read More →
0

Why you can’t find a good CISO for love or money (but we have a solution…)

Posted by:

Are you one of those poor firms out there trying to hire some in-house cybersecurity expertise? Whomever you’re looking for – be it a senior representative, like CISO or CTO, or an IT administrator – we bet you’re having a hard time.

Even firms like TBG Security, where we can offer cutting-edge expertise, training and tools as well as a competitive remuneration packages, have to look really hard to find serious cybersecurity talent.

Want to know you ...

Read More →
0
Page 1 of 4 1234
})
SEC Cybersecurity Exams