Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can take many forms and has evolved to become more sophisticated, making it imperative for individuals and...

The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as "death threats against county clerks, polling-place violence, and AI-fueled disinformation," the protection of voting machine security is still a pressing concern.Securing electronic voting infrastructure...

If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes. The Standard includes limited exceptions for specific requirements, classifying them as...

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined.The IoT Security ChallengeSecuring the Internet of Things (IoT) presents complex challenges that stem primarily from the scale, heterogeneity, and distributed nature of IoT networks:Inconsistent security standards: One of the most pressing issues is the...

In the past four years, cyberattacks have more than doubled. Cybercriminals are leveraging emerging technologies like artificial intelligence (AI) to facilitate more sophisticated attacks. Geopolitical tumult has increased cyber risk. Couple these factors with a near-ubiquitous desire for businesses to expand their operations, and it’s easy to understand the need for scaling Security Operations...

I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives. This model can be applied...

The Internet of Things (IoT) refers to the global network of physical devices connected to the internet, capable of collecting and sharing data. IoT devices range from everyday household items to sophisticated industrial tools. By integrating sensors and communication hardware, IoT bridges the gap between the physical and digital worlds, enabling environments where smart devices operate...

“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report details further incidents...

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and...

On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and...

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents. In the physical world, the aftermath of a crime scene always yields vital...

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A...

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS, is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team’s attention,...

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few....

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...

The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance....

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business...