Blog

Blog

ISO/IEC 27001 and Why It Matters for Your Business

ISO/IEC 27001 is a set of standards for information security management systems (ISMS) created by the International Organization for Standardization and the International Electrotechnical Commission, both independent, and non-governmental organizations. ISO/IEC 27001 is part of the broader ISO/IEC 27000 family, a set of standards designed to “[help]...
Blog

How to Confront the Cyber Security Workforce Crisis

The number of cyber security job openings around the globe is staggering. Cisco estimated that there were 1 million unfilled cyber security jobs worldwide in 2014, and Cybersecurity Ventures predicted there will be 3.5 million openings by 2021. The unprecedented need for cyber security experts has intensified as the industry has grown nearly 35...
Blog

The Many Hats Club: Color Doesn't Matter

Recently, I spoke with Stu and Dave, the founders of The Many Hats Club. I'd seen quite a few people talking about it on social media, so I wanted to find out what all the fuss was about. Here is how our conversation went: Joe Pettit: Let's get started. Can you tell me a bit about The Many Hats Club? How did it come about? Stu: Myself and Dave were on a thread talking about Steak and Infosec,...
Blog

Cloud vs. On-Premises: Understanding the Security Differences

More and more organizations are now entrusting their IT resources and processing to the cloud. This trend is likely to grow in the coming years. To illustrate, Gartner predicts that cloud data centers will process 92 percent of workloads by 2020. Cloud workloads are expected to increase 3.2 times in that same span of time, Cisco forecasts. With...
Blog

Mark Zuckerberg Doesn't Plan to Extend GDPR to All Facebook Users

UPDATED 05/04/18: Zuckerberg has since refuted this story in a call with reporters. As quoted by TechCrunch: Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in...
Blog

Practical Attacks with DNS Rebinding

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy (SOP) is domain-based, the JavaScript...
Blog

Women in Information Security: Amanda Berlin

Back by popular demand, I’ve interviewed a new group of women and non-males in information security for Spring 2018. I’m really honoured by all of the positive feedback I’ve been getting on this interview series since it launched in the fall of 2016. This series was even mentioned outside of the tech media during my appearance on a popular non-tech...
Blog

Saks Fifth Avenue, Lord & Taylor Suffer Payment Card Data Breach

Saks Fifth Avenue and Lord & Taylor have both suffered a data breach involving customers' debit and credit card information. The data breach became apparent on 28 March when Joker's Stash, a seller of stolen payment card details on underground markets, announced its "BIGBADABOOM-2" sale of five million cards. Working with financial organizations,...
Blog

Data Integrity Follow Up: Ways to Protect Your Data

Previously, I brought attention to what I believe is one of the biggest cybersecurity challenges: data integrity. As I note in a different piece, we have entered a strange phase in our history where questioning “evidence” is not such a ludicrous idea. For example, altering photographs digitally so you can’t tell there have been alterations is a full...
Blog

Payment Gateways – What Are the Risks Lurking Around?

Online businesses of all sizes need to be able to accept payments today. This really is the only way in which you can buy and sell products and services without a physical presence. It's convenient and economical but there are also some risks associated with it because of the information being shared. Payment gateways are something that you must...
Blog

The FBI's 10 Most-Wanted Black-Hat Hackers – #9 and #8

Recently, we renewed our countdown of the FBI's 10 most wanted black-hat hackers. First up was Bezhad Mesri at number 10. He is accused of having compromised Home Box Office (HBO) employees' emails and abused that access to steal data, extort the company for ransom, and leak the information online when he didn't get his way. This week, we present No. 9 and No. 8: Viet Quoc Nguyen and nine...
Blog

A Checklist for Online Gaming Privacy

Something that I like to discuss is the ease with which individuals open themselves up to cyberstalking. A lot of people don’t even realize the detail they are revealing during online conversations and gaming sessions. While these online gaming tips should be considered by adults, the goal of this checklist is to create a conversation point for...
Blog

Cambridge Analytica: The Devil Is in the (Contractual) Details

It appears we reached a global level of moral outrage surpassing a high warp factor during the week commencing 19th March 2018 with widespread news coverage of the machinations of Cambridge Analytica (CA). [I write as a long-time cynic who did not need to experience last week to know that “I am the product.”] We are all making choices daily – for...
Blog

Atlanta Struggling to Recover from Ransomware Infection Days After Attack

The city of Atlanta is struggling to recover from a ransomware infection days after the initial attack targeted its computer network. As of 26 March, the municipality was still struggling to collect customers' online payments for bills and fees. Such disruption continues to plague the State of Georgia's capital city at a time when Atlanta is busy...