TBG Data Breaches Part 2: It’s not (necessarily) your fault

Posted by:

Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.

Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...

Read More →
0

Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Social engineering series: the psychological norms exploited by fraudsters

Posted by:

Be nice.
Be helpful.

These life lessons are ingrained into most of us early on, and, sadly, it’s one of the reasons why many social engineering tactics are successful.

Social engineers manipulate targets into saying or doing things that will provide the desired information, which could be login information or sensitive data like customer lists, development plans or company strategies.

In order to control these ingrained friendly and helpful behaviours – by which I mean being able to identify situations that do not ...

Read More →
0

Social engineering attacks: Is security focused on the wrong problem?

Posted by:

social engineeringMalicious social-engineering attacks are on the rise and branching out far beyond simply targeting the financial sector. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far.

Adopting a “know thy data” approach — in terms of what it is, how valuable it is and where it is — and then ...

Read More →
0
})
SEC Cybersecurity Exams