Blog

Blog

CIS Control 06: Access Control Management

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse,...
Blog

US Government tells firms not to give in to ransomware demands

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury's Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent...
Blog

CIS Control 05: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to...
Blog

Cybersecurity Maturity Model Certification (CMMC) – A Model for Everyone

Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have...
Blog

How to Report a Data Breach per GDPR

The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification...
Blog

The Digital Pandemic - Ransomware

In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners...
Blog

Everything You Need to Know about Cyber Crisis Tabletop Exercises

Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID...
Blog

To Detect or Not to Detect, Is that the Question?

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file,...
Blog

Partnerships – The Key to Navigating the Industrial Security Landscape

The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic. More than three-quarters of respondents went...
Blog

CIS Control 04: Secure Configuration of Enterprise Assets and Software

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any...
Blog

Understanding the Benefits of Managed Cyber Services

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: The increasing...
Blog

VERT Threat Alert: September 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon...
Blog

Clearing Up Elements of Cloud Security

In this episode, Tripwire's Brent Holder and Raymond Kirk discuss what cloud security means today. Breaking down the different aspects of cloud security controls, they cover the technology, security implications and risks with cloud use. https://open.spotify.com/episode/4yvvrk2lWICFAN4DpLtCHS Spotify: https://open.spotify.com/show...
Blog

Where Should We Draw the Cyber Blue Line?

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable...
Blog

My "Cybercrime" Isn’t Your "Cybercrime"

Talk to cybersecurity experts about cybercrime on their network, and they will mention malicious activity like scans, attacks, events, and incidents. Probably at some point, they will slip into geek-speak with a vast array of confusing acronyms and jargon while explaining tactics and techniques by referencing infamous attacks, Internal protocols,...
Blog

CIS Control 03: Data Protection

For many years, there was a wide misunderstanding that encrypting some data is equivalent to protecting that data. If it’s encrypted, so the thinking goes, nobody else could access it, and it is therefore safe. While it is critical to encrypt data at rest as well as in transit, the job of protecting data goes much deeper. Encryption can mitigate...