Resources

Blog

2025's CISO: Managing Cyber Threats With Bigger Budgets But Higher Stakes

Today's CISOs wear many hats. They are expected to be experts in technologies, negotiators, strategists, influencers, and a source of inspiration throughout the value chain. As cybersecurity threats evolve and grow, the role of the Chief Information Security Officer (CISO) is becoming even more critical.Cybersecurity Budgets are BoomingFortunately, unlike other tech leaders, CISOs have largely...
Blog

The Role of Continuous Penetration Testing in Cyber Resilience

In recent years, organizations have learned how crucial penetration testing is for enhancing cyber resilience. However, traditional penetration testing is insufficient in today’s dynamic threat landscape. Recent trends highlight the need for a more continuous and proactive approach to security testing, and continuous penetration testing is set to record huge growth over the next few years, both...
On-Demand Webinar

Tackling the CIS: One Control at a Time

The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness. The latest iteration, CIS CSC v8.1, was released earlier this year. In this recorded webinar, Cybersecurity Researcher at Fortra’s...
Blog

The Overlooked Danger Within: Managing Insider Threats

When we think about cybersecurity, we think of malicious actors constantly devising new ways to breach our defenses. While this is critical, it's equally important to understand that another menace can be sitting down the hall. The risk of insider attacks is significant and should not be overlooked.These attacks have floored businesses of all sizes and in various industries, frequently with dire...
Blog

DSPM vs CSPM: Key Insights for Effective Cloud Security Management

Most modern organizations have complex IT infrastructures made up of various components like Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), public cloud, and sometimes hybrid environments. While these infrastructures bring significant benefits, including improved scalability, flexibility, and cost savings, increasing complexity has made it...
Blog

750,000 Patients' Medical Records Exposed After Data Breach at French Hospital

When we think about our data being leaked onto the internet, we often picture it as our financial records, our passwords, our names and addresses... what is less often considered is the exposure of our private medical information.A French hospital has found itself in the unenviable position of learning that hackers have gained access to the medical records of over 750,000 patients following a...
Blog

The Role of Security Configuration Management in Achieving Zero Trust Security Architectures

Zero Trust is a network security model that dictates that no one or no system should be trusted by default and that every attempt to access a network or application is a threat.For those who are naturally trusting of others, this concept is difficult to accept. However, distrusting every entity on a network until it has been verified is imperative today. Security Configuration in Zero TrustWhen...
Blog

CIS Control 12: Network Infrastructure Management

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default”...
Blog

Essential Security Best Practices for Remote Work

As we continue to embrace remote work, it’s crucial to keep our security practices sharp to protect both company and personal data. With increasing cyber threats, adhering to security best practices helps us safeguard our information and maintain our productivity. Here’s a quick guide to help you stay vigilant and secure while working remotely.Secure Your Home OfficePick a space that is private.Do...
Blog

BEC Cost Citizens Worldwide Over $55bn in Last 10 Years

Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather...
Blog

The Future of Cybersecurity: Why Vendor Consolidation is the Next Big Trend

The cybersecurity landscape is constantly changing as new technologies and threat trends emerge. Maintaining an effective cybersecurity strategy over time requires updating tools and practices with the evolution of cyberattacks, security capabilities, and business operations. Implementing the best tools for the most pressing issues as they arise has been the predominant tactic for many...
Blog

Identity Fraud and the Cost of Living Crisis: New Challenges for 2024

Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape.The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud. The report is...
Blog

Cyberbiosecurity: Where Digital Threats Meet Biological Systems

Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where...
Guide

Adjusting to the Reality of Risk Management Framework

For many reasons, aligning IT security, compliance and IT Operations has been an ongoing challenge in the federal ecosystem. There are plenty of stories about waste and misalignment of IT security for federal systems, such as systems that are compliant but not secure, and investments on tools that didn’t make anything more secure or were difficult to run. IT Operations people will point to issues...
Blog

ShrinkLocker Ransomware: What You Need To Know

What is ShrinkLocker?ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan.So far, so normal. What makes it noteworthy?The ShrinkLocker ransomware is unusual because it uses VBScript...
Blog

Exploring the Security Risks of VR and AR

In an era where innovative technologies are emerging left, right, and center, two of the most influential in recent years are experiencing exponential growth. Virtual Reality (VR) and Augmented Reality (AR) are immersive technologies that have now firmly integrated into numerous industries.As these technologies have become more prevalent in our personal and professional lives, they bring with them...
Live Event
Are you interested in using the MITRE ATT&CK framework to determine your cybersecurity posture and stop the kill chain in its tracks? Or wondering how to evaluate the effectiveness of your cybersecurity tools? The MITRE ATT&CK framework helps create better informed cybersecurity teams as well as better informed cybersecurity buyers. At a time when every dollar counts, knowing...
Blog

CIS Control 13: Network Monitoring and Defense

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks.Key Takeaways for Control 13Enterprises should understand that their systems and networks are never perfectly...
Blog

The Rising Cost of Cybersecurity: How Companies Can Effectively Communicate the Value of Protection

Data shows that financial motivation is a huge incentive for threat actors, which explains the rising prevalence of ransomware and other extortion breaches in the corporate world. In 2023 alone, business email compromise (BEC) complaints received by the FBI amounted to over 2.9 billion. SourceThis situation highlights an uncomfortable truth that has...
Blog

VERT Threat Alert: November 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43451A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal...