Here I am, hack me

Here I am, hack me

Bad actors are constantly trying to find ways to penetrate our networks. Recent attacks at LabCorp and the City of Atlanta demonstrate, however, that we are putting the welcome mat out for hackers by leaving key network ports open. ...

08/09/18

Cybersecurity operations:  Don't wait for the alert

Cybersecurity operations: Don't wait for the alert

An SOC is a useful part of our cybersecurity arsenal, but its main benefit will be in helping to minimize damage from an issue that has already happened. A strong investigative team, on the other hand, can help to identify and resolve...

07/16/18

2018 – the year of the targeted attack?

2018 – the year of the targeted attack?

There is a definite increase in sophisticated bad actor groups focusing on specific, high value targets.

05/09/18

The best cybersecurity analysts should play the part of detective

The best cybersecurity analysts should play the part of detective

Today’s cybersecurity analysts need to be part detective, following their gut wherever it takes them and thinking like the very attackers.

04/03/18

Becoming vulnerability agnostic

Becoming vulnerability agnostic

Don't let the constant barrage of vulnerability announcements play with your emotions and drive up your stress levels.

02/05/18

Resolutions for a secure new year

Resolutions for a secure new year

Examining what we have learned about risk awareness, or should have learned, in 2017, which we can resolve to put into action in 2018.

01/02/18

Don't let the security hype get you down

Don't let the security hype get you down

How to maintain optimism and objectivity in information security.

11/27/17

Information security – let's get physical

Information security – let's get physical

If we fail to leverage the combined power of both logical and physical security, we cannot possibly expect to fully secure any organization.

11/13/17

Patch management – not for the faint of heart

Patch management – not for the faint of heart

If you're a U.S. consumer, you're likely pretty peeved at Equifax right now. By all accounts, a missed patch led to the exfiltration of highly personal data on more than 145 million consumers. If patch management were easy, Equifax...

10/09/17

Cyber resiliency – a key to corporate survival (and sleep)

Cyber resiliency – a key to corporate survival (and sleep)

The recent major cybersecurity events – including WannaCry, NotPetya, and most recently, the Equifax data breach – underscore the need for organizations to be able to respond quickly to incidents (in some cases multiple incidents at...

09/11/17

Using defense-in-depth to prevent self-inflicted cybersecurity wounds

Using defense-in-depth to prevent self-inflicted cybersecurity wounds

Sooner or later, one of your employees will fall for a phishing email or visit an infected website. Or an employee may deliberately damage your systems, for profit, or just out of spite. When you deploy a defense-in-depth strategy,...

05/02/17

Improve your internet privacy, with or without help from the government

Improve your internet privacy, with or without help from the government

President Trump, as part of his plan to roll back regulations put in place by President Obama, just signed legislation, passed by Congress, eliminating the prohibition against ISPs selling customer data without their written consent....

04/13/17

Insiders -- the invisible threat lurking in your office

Insiders -- the invisible threat lurking in your office

With all of the focus in the business world recently related to hackers, we have tended to overlook a group of potential bad actors who have already penetrated our perimeter security, and have access to our facilities – our employees...

03/31/17

Phishing: Draining the corporate bottom line

Phishing: Draining the corporate bottom line

Many don't realize the drain phishing attacks place on the information technology team, particularly the information security organization. Their efforts to contain phishing can leave a major dent in the corporate bottom line.

03/10/17

7 tips to turn threat data into true threat intelligence

7 tips to turn threat data into true threat intelligence

Threat intelligence can be your best friend or your worst enemy. Here are some tips to make sure you are making the most of it.

02/16/17

These are the threats that keep me awake at night

These are the threats that keep me awake at night

We have fortunately reached the date on the calendar when the myriad of articles predicting hot information security issues for 2017 have begun to wind down. I say fortunately, because I personally have never found much use for them....

02/02/17

Cybersecurity standards and guidelines -- are you just checking the boxes?

Cybersecurity standards and guidelines -- are you just checking the boxes?

While it is important for any organization to adopt a cybersecurity standard, just checking all of the boxes on one will not make you secure.

01/12/17

Is antivirus software dead at last?

Is antivirus software dead at last?

The debate about whether antivirus software is still useful has been going on for a few years now. This technology was once the mainstay of the security efforts for most businesses and home users. The challenge of late is the ability...

12/06/16

The risk of data theft -- here, there and everywhere

The risk of data theft -- here, there and everywhere

Today, the challenge of protecting sensitive data has increased exponentially, due to the fact that data has been leaking into the cloud, and individual PCs and mobile devices. This is how to address the challenges of this data...

11/14/16

Are we drowning in a sea of negative security press?

Are we drowning in a sea of negative security press?

It would seem from news accounts that the increase in the number of new vulnerabilities in devices, software and systems is escalating out of control. While the crisis is real, it has been blown a bit out of proportion by the consumer...

11/04/16

Load More