Resources

Blog

WEF Report Details Best Practices for Zero Trust Deployment

Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019...
Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to...
Blog

Developing an Effective Change Management Program

Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of...
Blog

Getting started with Zero Trust: What you need to consider

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Blog

Why DevSecOps must be embraced in healthcare organizations

As the healthcare industry becomes more digitally inclined, there’s a need for systems to be put in place to avoid breaches in the security of data records. Most healthcare organizations are already embracing the DevOps (Development and Operations) model, but unfortunately, security seems to be neglected, resulting in data breaches and numerous...
Blog

Privacy Updates in Q3 2022: Major Developments Across the Globe

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the...
Blog

5 Myths About Online Privacy

Every year has been an unfortunate year for online privacy for the past few years. Data breaches and social engineering attacks are at an all-time high, and the concept of online data privacy is challenged to its core, with millions of users being affected every month. IBM’s Cost of a Data Breach Report highlighted that the average data breach cost...
Blog

Brace yourself – ISO27001 changes are coming

If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations...
Blog

Keeping threat actors away from your supply chain

The supply chain is a complex environment that goes deep inside a business and involves the majority of its infrastructure, operations, personnel, and outer relations: vendors, partners, and customers. To protect that matrix is extremely difficult, as there are numerous sensitive nodes, lines, and processes that a security team has to take care of:...
Blog

New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive...
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with...
Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on remediation or, worse yet, it...
Blog

An Introduction to the State and Local Cybersecurity Grant Program (SLCGP)

Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity. Fortunately, a new program has been created by the Department of...
Blog

Stop blaming employees for cybersecurity breaches

When companies drive a wedge between their workforce and their security culture, not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work,...
Blog

VERT Threat Alert: October 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM...
Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm...