Preparing for and defending against a cyberattack demands Active Directory (AD) be part of a company’s overall strategy. But AD often gets overlooked in security discussions because addressing AD vulnerabilities requires executive buy-in to allocate fo…Read More How to convince your boss that cybersecurity includes Active Directory
Consider this scenario: Morgan, a level 3 security analyst, arrives to a twelve-hour security operations center (SOC) shift and finds a message that a network sensor is offline. Morgan’s first hour is spent troubleshooting the sensor and bringing it ba…Read More SOC burnout is real: 3 preventative steps every CISO must take
Cybersecurity culture is nearly impossible to quantify due to an absence of measurement tools. Many businesses attempt to quantify the human element of their security posture by sending employees simulated attacks to find out how susceptible workers ar…Read More Shame culture is the biggest roadblock to increasing security posture
Unified communications (UC) has become a significant part of an organization’s digital transformation strategy, with the aim of establishing strong and reliable communication lines. UC tools, including video conferencing, instant messaging and VoIP, ar…Read More Driving network transformation with unified communications
Auctions have stood the test of time. History provides evidence as far back as 500 BC in Babylon by the Romans. Today, the ancient institution that has shaped the trading practices of modern-day society continues to reinvent itself. Earlier this year t…Read More Can blockchain and MPC technology protect the integrity of auctions?
These days, technology seems to evolve at the speed of light. Infrastructures change, attack surfaces reduce and multiply and, not surprisingly, your cloud environment advances. However, with new cloud deployment scenarios created to accelerate busines…Read More How to rethink risks with new cloud deployments
As cloud computing grows in popularity across all use cases, cloud workloads have never been more attractive to malicious actors. A recent McAfee report points to a 630 percent increase in attacks aimed at cloud services since January 2020. There are s…Read More Can on-prem security experts make the move to the cloud?
According to Enterprise Management Associates (EMA) and BlueCat’s recently published research report, nearly 3 in 4 enterprises (73%) have suffered security or compliance issues in the past year as a direct result of collaboration challenges between th…Read More 73% of enterprises suffer security and compliance issues due to internal misalignment
Internet of Things (IoT) devices fall into various categories. Some, such as those located in a hospital setting, are very sophisticated, with advanced operating systems and encryption and certificate capabilities built in. Other examples of note are R…Read More Preventing security issues from destroying the promise of IoT
The need for secure data access management is top-of-mind in the C-suite and boardroom. The question I keep hearing from IT departments is how to do it right, that is, how to ensure security and governance without frustrating users or slowing innovatio…Read More How to secure data one firewall at a time
With $3.7 billion raised in cybersecurity funding so far this year, 2021 is on track to overcome last year’s record $7.8 billion total. Many of these companies have very high valuations – and to some experts that sounds like a bubble. As damage f…Read More To identify cybersecurity vendor sustainability, start with the fundamentals
Installing a network sandbox to safeguard against external threats has been accepted by many as the gold standard for more than a decade. Sandbox-based cybersecurity solutions are a protected and isolated environment on a network that simulates a compa…Read More Are your cyber defenses stuck in the sandbox?
Power plants are one of the most vitally important components of modern civilization’s infrastructure. A disruption in energy production impacts all aspects of society from healthcare to national security. Eliminating a country’s ability to generate en…Read More Top security threats for power plants and how to proactively avoid them
When it’s time to hire a new employee, organizations go to great lengths to avoid hiring someone who would commit fraud: background checks, credit checks, drug tests, etc. But the truth is that few people deliberately join an organization with the inte…Read More Scammers aren’t always who we expect them to be: How AI and biometrics can help
Enterprises and end-users are constantly reminded of the dangers associated with clicking on unknown links and documents. Images rarely top the list as would-be vulnerabilities, but it’s important to be cautious of these potentially risky files as well…Read More A picture is worth a thousand words, but to hackers, it’s worth much more
What types of data are companies collecting, and when does it stop serving us? Value exchange: The ultimate differentiator First, let’s start by assessing the process of giving away data. It’s assumed that in 2020, every person produced approximately 1…Read More The obvious and not-so-obvious data you wouldn’t want companies to have
There’s an event referred to as spring cleaning, where we take some time from our regular routines to focus on bringing order back to our homes. We remove the junk that has accumulated, and clean and organize the remaining items so they look good again…Read More May 2021 Patch Tuesday forecast: Spring cleaning is in order
NFTs, or non-fungible tokens, have captured the attention (and wallets) of consumers and businesses around the world. This is largely in part to the big price-tag sales, such as the digital artwork by Beeple that sold for over $69M on Christie’s Auctio…Read More Are NFTs safe? 3 things you should know before you buy
Research suggests that email is the most common point of entry for malware, providing access in 94% of cases, so it’s unsurprising that phishing is the root cause of 32% of security breaches. Just last month the UK government’s Cyber Security Breaches …Read More Email security is a human issue
Q1 2021 has been a tumultuous period in our era of cyber espionage. The Center For Strategic & International Studies (CSIS), which has been tracking “significant cyber incidents” since 2006, lists 30 major attacks from January to March 2021. Over …Read More What contractors should start to consider with the DoD’s CMMC compliance standards
In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were …Read More Is it OK to publish PoC exploits for vulnerabilities and patches?
It has become a mantra for businesses targeted by hackers to describe the incident as a “sophisticated cyber-attack”. Although true in some instances, the reality is that most cyber-attacks involve the use of easily preventable tactics including phishi…Read More Defeating typosquatters: Staying ahead of phishing and digital fraud
People ignore information that isn’t relevant to them, which is why IT and HR departments have been approaching security training incorrectly for years. Long-form, all-hands security seminar trainings have contributed to nearly daily data breaches for …Read More Use longitudinal learning to reduce risky user behavior
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: risk-based cybersecurity produces proven results. The data shows that risk-based vuln…Read More Risk-based vulnerability management has produced demonstrable results
Few organizations would purposefully hand a huge responsibility to a junior staff member before letting them fly solo on their own personal projects, but that’s effectively what happens inside too many corporate networks: organizations delegate specifi…Read More Shedding light on the threat posed by shadow admins
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system of systems. Threat modeling can be conducted both in the design/development p…Read More What is threat modeling and why should you care?
Roughly 12 months ago, when the world shifted seemingly overnight to work-from-home, few companies were well-positioned to seamlessly scale their remote work solutions. Legacy remote desktop solutions, like Virtual Desktop Infrastructure (VDI) and Desk…Read More Enable secure remote workspaces without trashing your entire IT infrastructure
Email data breaches are on the rise. Our recent research found that 93% of organizations have experienced an email data breach in the last 12 months, at an average rate of one incident every 12 working hours. The vast majority of these incidents are ca…Read More Why contextual machine learning is the fix that zero-trust email security needs
Recently, much of the cybersecurity commentary and blogs have talked about new approaches for protecting the network, especially beyond the perimeter. For the past few years, the industry has focused on conditional access (i.e., identity as the new per…Read More Have we put too much emphasis on protecting the network?