Resources

Blog

Understanding the Evolution of Network Security

Network security has been around almost as long as we’ve had networks, and it is easy to trace the various elements of network security to the components of networking that they try to mitigate. Over the past 30-35 years or so, the expansion of networking, especially the increased reliance on the Internet both as an avenue for commerce and as the...
Blog

The Six Commandments of the GDPR

Otherwise known as the measuring stick by which your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are rarely acknowledged for one simple reason: five of the six have no real application in helping you in peddling...
Blog

5 Signs Your Cybersecurity Awareness Program Is Paying Off

Not too long ago, a client of ours who had just released a dynamic new cybersecurity awareness course told me how blown away he was with the response they were getting. His inbox was full of compliments, and his colleagues wanted to duplicate his training success in their own departments. He recounted how employees stopped him in the hallway to...
Blog

Attackers Targeting FTP Servers to Access Patient Health Data, Warns FBI

The FBI issued an alert to the healthcare industry warning of criminal actors actively targeting anonymous File Transfer Protocol (FTP) servers to access protected health information (PHI) and personally identifiable information (PII). According to the FBI’s Cyber Division, attackers are compromising such information from medical and dental entities...
Blog

Ultra Secret Chat Using Wi-Fi Covert Channel

"Covert Channel [Wikipedia]: a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy." Today, in a world where the hacking techniques are getting more and more sophisticated and security...
Blog

The Sackcloth & Ashes of WordPress Security

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security. "Security is not an absolute, it's a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It's about employing the appropriate security controls that best...
Blog

5 Lessons Lock Picking Can Teach You About Cyber Security

Security is a complex and connected web. Though there are many different categories within the all-encompassing field of security, there are still certain lessons that translate across the disciplines. Physical security can largely be seen as a manifestation of the ethereal elements of cyber security. Both the digital and the physical worlds of...
Blog

3 Trends in Support of a More Nuanced Approach to ICS Security

The security community has seen multiple high-profile incidents targeting industrial control systems (ICS) over the past few years. No one can forget Christmas 2015, when a threat actor linked to the Russian government sent spear-phishing emails to the Western Ukrainian power company Prykarpattyaoblenergo. Those messages were laced with BlackEnergy,...
Blog

Cerber Ransomware Infecting Users via "Blank Slate" Malspam Emails

Cerber ransomware is infecting unsuspecting users via malspam emails sent out by the "Blank Slate" attack campaign. Blank Slate is known for sending out attack emails with two defining characteristics. First, the emails don't come with any message text. Second, they don't contain any information that gives away the nature of their attachments. Even...
Blog

SCM: Reducing Security Risk via Assessment and Continuous Monitoring

As I discussed in a previous blog post, a key security control known as file integrity monitoring (FIM) helps organizations defend against digital threats by monitoring for unauthorized changes to their system state. But that's only half the battle. A change could be authorized but still create new security risk. Organizations need to watch for...
Blog

How to Protect Your E-commerce Business from Cyber Attacks

Just as traditional brick-and-mortar businesses are targeted by anarchists during protests or times of unrest, e-commerce businesses are targeted by cyber criminals, except they don’t wait for particular season or reason. Whether small, medium or large, every business is, sadly, at the mercy of hackers who will exploit every opportunity they get to...
Blog

Man Used BEC Scam to Defraud Two U.S. Companies of $100M

A man used a business email compromise (BEC) scam to defraud two internet companies based in the United States out of 100 million dollars. On 21 March, the FBI along with the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against Evaldas Rimasauskas, 48, of Vilnius, Lithuania. Lithuanian authorities arrested...
Blog

Making Mistakes in Security

At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I recently made a mistake. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world. Mistakes and human...
Blog

Bringing Clarity to Really Really Big Data: A Case for AI and Machine Learning to Help Crunch and Protect Our Data

It's funny how kids have an affinity for toys we enjoyed as kids – like Legos. They will spend hours creating the biggest “thing,” often leading to a parent’s near universal response, “Johnny! That is the biggest tower I have ever seen! Great job!” Children (and we) love Legos because they foster imagination, offering a limitless way to create...
Blog

The Importance of a Strategic Response to Cyber Incidents

There are a variety of ways a company can experience cyber incidents, ranging from a distributed denial of service network attack to internal information theft. The first response is usually to enlist incident response professionals to resolve the issue as quickly and efficiently as possible. However, there are several factors companies should...