blog /
Jul 20, 2017
by
Ray Pompon
The personal and job-related information that employees often innocently post on various websites makes it easy for phishers to pull off their scams.
blog /
Jul 18, 2017 (MODIFIED: Jul 20, 2017)
by
Ray Pompon
A veteran auditor told us how organizations fail audits. Here are six detailed strategies to help you achieve success.
report /
Jul 13, 2017 (MODIFIED: Jul 18, 2017)
by
David Holmes
Safeguarding TLS against attack in the quantum computing age will require changes to today’s TLS key exchange algorithms.
blog /
Jul 11, 2017 (MODIFIED: Jul 20, 2017)
by
Ray Pompon
Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.
blog /
Jul 06, 2017 (MODIFIED: Jul 20, 2017)
by
Ray Pompon
In this five-part blog series, we look at how cyber scammers vacuum up information across the Internet to build profiles for phishing and other kinds of social engineering attacks.
blog /
Jun 29, 2017 (MODIFIED: Jul 20, 2017)
by
Kyle Robinson, Senior Manager at Grant Thornton
A veteran auditor walks through where he’s seen organizations fail during audit.
blog /
Jun 27, 2017 (MODIFIED: Jul 13, 2017)
by
Mike Convertino
Recent NSA and CIA leaks exposed advanced new techniques for building automated malware factories that churn out threats like SambaCry and Petya/NotPetya, which deploy over untraceable networks.
blog /
Jun 22, 2017 (MODIFIED: Jul 20, 2017)
by
Ravila White
Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.
blog /
Jun 21, 2017 (MODIFIED: Jul 18, 2017)
by
Ray Pompon
An undercover interview of two infamous Russian hackers speak volumes about skills, passion, and motivation of some of the world’s most dangerous cybercriminals.
blog /
Jun 15, 2017 (MODIFIED: Jul 11, 2017)
by
Sara Boddy, Jesse Smith, Doron Voolf
TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.
blog /
Jun 14, 2017 (MODIFIED: Jul 18, 2017)
by
Ray Pompon
Sometimes, CISOs spin their wheels doing useless security activity that only looks productive from the outside.
blog /
Jun 08, 2017 (MODIFIED: Jul 20, 2017)
by
Ray Pompon
Facing data breach disclosure requirements across the globe, organizations need to be prepare in advance to respond well.
blog /
Jun 06, 2017 (MODIFIED: Jul 20, 2017)
by
Lori MacVittie
Providers and manufacturers could go a long way toward reducing the very real threat of IoT.
blog /
Jun 01, 2017 (MODIFIED: Jul 18, 2017)
by
Bill Hughes
Learn to recognize different types of CISOs so you can ensure you’re hiring the right one.
blog /
May 31, 2017 (MODIFIED: Jul 06, 2017)
by
Michael Koyfman
How a token-based authorization model can help organizations dramatically reduce credential stuffing attacks.
blog /
May 26, 2017 (MODIFIED: Jul 11, 2017)
by
Malcolm Heath, Ray Pompon
With simple exploits plaguing Windows and Linux SMB week over week, do yourself a favor and patch for CVE-2017-7494 now to avoid having to do it in panic mode.
blog /
May 25, 2017 (MODIFIED: Jul 18, 2017)
by
Todd Plesco, CISO of Prescribe Wellness
Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.
blog /
May 23, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.
blog /
May 18, 2017 (MODIFIED: Jul 06, 2017)
by
Lori MacVittie
Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.
blog /
May 16, 2017 (MODIFIED: Jul 06, 2017)
by
David Holmes
Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.
blog /
May 12, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.
report /
May 10, 2017 (MODIFIED: Jul 13, 2017)
by
Sara Boddy, Justin Shattuck
With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...
blog /
May 09, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.
blog /
May 04, 2017 (MODIFIED: Jul 18, 2017)
by
Ravila White
Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.
blog /
May 02, 2017 (MODIFIED: Jul 06, 2017)
by
David Holmes
One simple error led to the capture of notorious hacker Sabu—and the revelation of his identity.
blog /
Apr 28, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.
blog /
Apr 25, 2017 (MODIFIED: Jul 06, 2017)
by
Lori MacVittie
Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.
blog /
Apr 20, 2017 (MODIFIED: Jul 18, 2017)
by
Mike Levin, Center for Information Security Awareness
Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.
blog /
Apr 18, 2017 (MODIFIED: Jul 06, 2017)
by
David Holmes
Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.
blog /
Apr 14, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.
article /
Apr 12, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.
article /
Apr 07, 2017 (MODIFIED: Jul 06, 2017)
by
Doron Voolf
Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.
blog /
Apr 04, 2017 (MODIFIED: Jul 06, 2017)
by
Wendy Nather, Duo Security
Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.
blog /
Mar 30, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon, Sara Boddy
Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.
blog /
Mar 30, 2017 (MODIFIED: Jul 06, 2017)
by
Mike Levin, Center for Information Security Awareness
The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.
article /
Mar 27, 2017 (MODIFIED: Jul 06, 2017)
by
Maxim Zavodchik, Julia Karpin, Ilya Chernyakov, Dylan Syme
A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is...
blog /
Mar 24, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon, Sara Boddy
Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.
blog /
Mar 20, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have.
blog /
Mar 13, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.
article /
Mar 10, 2017 (MODIFIED: Jul 06, 2017)
by
Ray Pompon
Since the Internet can’t survive without DNS, let’s make our best effort to defend it.