Cyber Security Awareness and Vulnerabilities Blog

Data Security

Common Security Concerns and How to Reduce Your Risk

Mar 22, 2020
What common security risks/entry points are you most concerned about? In our 2022 Pen Testing Survey we asked what common security risks concerned respondents most. While phishing (80%) and ransomware (68%) were the top concerns, other options had a high enough percentage to warrant further discussion. These included: 
IT professionals in server room

Three Lessons Learned From A Data Breach

Feb 20, 2020
Data breaches have been plaguing organizations for years, and the numbers continue to climb. After a breach, an organization goes into survival mode—trying to recover data, reestablish trust, and ensure they can keep their business running. It’s understandable that there isn’t much leisure time to sit back and reflect on what could have been done differently. So we’ve done the work for you, laying out some simple lessons learned from the many breaches we’ve observed over the past few years, as well as ways they can be avoided.  
Man looking at a computer

How Voice Biometrics Became a Real Game-Changer at a Large Financial Services Organization

Feb 10, 2020
Voice biometrics, or voiceprint technology, has started gaining significant traction within the financial services industry. And for good reason. Passwords alone are no longer sufficient for protecting business-critical assets and applications. Instead, voiceprint technology instantly recognizes the voice patterns unique to each individual and can authenticate access securely. Industries like financial services are moving away from using passwords for account access and toward secure biometric authentication that is fast, convenient, secure, and cost effective.
Security lock breaking

How to Deal With Orphaned Accounts in Your Business

Jan 30, 2020
According to the 2019 Verizon Data Breach Investigations Report, 62 percent of all data breaches last year involved the use of stolen credentials, brute force, or phishing. Nearly half of these types of breaches were directly attributed to stolen credentials. Stolen credentials are not only a risk through active user accounts, but can be a significant risk through orphaned accounts.

Why is Multi Tenancy Important in a SIEM Solution?

Jan 27, 2020
All SIEMs are well known for their ability to monitor IT infrastructures for potential threats, escalating them to the appropriate party. Though these solutions share this core function in common, SIEMs differ widely in terms of features. It’s important to evaluate your own environment to determine what your priorities are. For certain organizations, particularly MSPs, multi tenancy is a key functionality.
Phishing hook

How Phishing Has Evolved and Three Ways to Prevent Attacks

Jan 23, 2020
The term “phishing” can be traced back to 1996, when it was used to reference a group of attackers that were imitating AOL employees using AOL messenger, asking people to verify their accounts or billing information. Many unsuspecting users fell prey to this scam purely due to their novelty. Though we would like to believe that we would never be fooled by such an attack these days, phishing remains as popular as ever. Though internet users may have become more discerning, attackers have also become more skilled in how they’re luring in more victims.

What is the California Consumer Privacy Act?

Jan 23, 2020
The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies.

The Basics of IGA ROI: How to Show Value in Identity Governance

Jan 15, 2020
Like most companies today, your business is likely facing increasing demands to support and protect more devices and systems that contain data critical to your business. You are spending increasing time and resources on manual, repetitive tasks for managing user accounts. And you are being squeezed by the business to do more with less.
What is?

What is the CMMC and How Can You Prepare for It?

Jan 13, 2020
Later this month, the U.S. Department of Defense (DoD) will release version 1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC will be a mandatory third-party certification for any DoD contractors and subcontractors, intended to help protect the government’s sensitive, unclassified data against cyber threats. How did the CMMC come together and what will it entail? Read on to find out other cyber threat mitigation standards, how they inspired the CMMC, and what to expect when the CMMC goes live.

Top Data Breaches of 2019: How You Can Minimize Your Risks

Jan 9, 2020
Your organization made the headlines! That’s great, right? Not if it’s because you had sensitive data breached. A data breach can wreak financial and logistical havoc for you, your customers, patients, employees, and others. More importantly, it can severely impact the reputation you’ve so carefully built up and nurtured over time with existing as well as potential customers.

Three Big Takeaways from the Gartner IAM Summit You Need to Know

Jan 1, 2020
They say what happens in Vegas stays there, right? Well, that may not always be the case. Especially when it comes to the Gartner Identity & Access Management Summit last December. In fact, we are pretty sure the more than 2,200 attendees will take back with them new identity and access management insights, strategies, and intelligence to address their biggest challenges in their own organizations.
Pen tester in hoodie

Three Challenges of Pen Testing

Dec 26, 2019
There is no arguing that a penetration test can be an invaluable exercise to evaluate the security of an IT infrastructure. Despite the necessity for these critical evaluations, many security teams struggle to maximize the effectiveness of pen tests in their organization. What are the top challenges that organizations are looking at today when facing an upcoming pen test? Read on to find out.
What is?

What Is IAM Security?

Dec 25, 2019
Identity and Access Management (IAM) security is an essential part of overall IT security that manages digital identities and user access to data, systems, and resources within an organization. IAM security includes the policies, programs, and technologies that reduce identity-related access risks within a business. IAM programs enable organizations to mitigate risks, improve compliance, and increase efficiencies across the enterprise.

Top 2019 SIEM Content in Review: Five Key Takeaways

Dec 17, 2019
With cyber attacks continuing to increase, it seems like most security teams are having to learn how to do more, and do it faster. Security Information and Event Management (SIEM) solutions help to efficiently identify and escalate critical security events, enabling a swift and effective response. SIEM use remained a popular security tool in 2019, and shows every sign of remaining prevalent for years to come.
Security Tips

Four Cyber Threats in 2019 and How to Manage Them in 2020

Dec 15, 2019
What’s the best way to get a leg up on cybersecurity in 2020? Learning from the biggest problems of the past year can show emerging patterns and trends that can help shape your security strategy, ensuring that you know what to watch for and prioritize. Read on to learn how to deal with four major cyber threats of the past year that will continue to evolve and plague organizations into 2020 and beyond.
Fingers types with digital security icons

Taking Command: A Three Step Approach to Surviving Today’s Cyber Domain

Dec 11, 2019
Over just a few decades, science fiction has become reality with the advent of cyberspace.  Organizations can instantly communicate across the globe, completing work faster than ever thanks to these innovations. And though cybersecurity quickly became one of the most rapidly growing fields, cyber threats continue to improve right alongside these digital advancements.
5 Security Tips

How to Tackle the Top Five Healthcare Information Security Challenges

Dec 9, 2019
Healthcare information security is one of the leading priorities in the healthcare sector today—and for good reason. Healthcare organizations are primary targets for attacks with the amount of sensitive data they protect. A recent study published in the Annals of Internal Medicine found that 70 percent of breaches targeted demographic or financial information rather than medical information only.
5 Security Tips

Five Major Reasons Healthcare Organizations Need Identity Governance

Nov 13, 2019
Healthcare organizations today face extraordinary challenges in a dynamic, complex landscape. During the last two decades, the healthcare industry has seen increasing regulations, an acceleration of technology and workforce growth, acquisitions and consolidation, and the pressure to increase operational efficiencies and decrease overall costs, while meeting growing patient demands. The pressures to comply with regulations, coupled with pressures to compete with other healthcare organizations, also make for a challenging environment.
Digital gears

Better Together: How Pen Testing Helps Take Vulnerability Assessments to the Next Level

Nov 12, 2019
While many inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests, others explain the differences as though you have to choose between the two. Vulnerability assessments are tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure.
Shield with keyhole

When Should You Replace Your Free SIEM Tools?

Nov 5, 2019
Free Security Information and Event Management (SIEM) solutions have significant benefits, providing visibility into security environments and enabling proactive vulnerability management for many small and mid-sized organizations. However, these tools often come with limitations that will lead security teams to consider commercial options. How do you know when it’s time to upgrade?
Identity & Access Management

Three Reasons Micro-Certifications Are Essential in Identity Governance

Oct 26, 2019
Access certification is one of the most important types of reviews within organizations today. An access certification, also called an attestation, occurs when a manager reviews a user’s access and validates that the user still requires—or no longer requires—access to an application, system, or platform. If access is considered unnecessary, then it should be removed.
Core Impact Tiered Pricing

Three Action Items to Consider After Completing a Pen Test

Oct 22, 2019
In order to complete a successful penetration test, a great deal of time is often spent in the planning stage. Time should also be invested into the post-test process.

How Commercial Pen Testing Tools Can Make Your In-House Testing Program More Effective and Efficient

Oct 20, 2019
Penetration testing is an undeniably effective way to improve an organization’s security, allowing cybersecurity professionals to safely validate the exploitability of security weaknesses, before a malicious attacker does. Though threat actors are more persistent than ever, the good news is that more and more organizations have recognized this and want to begin their own penetration testing program in-house. With the advent of increasingly more sophisticated penetration tools, organizations can build and grow their own successful penetration testing program.

Three Benefits of In-House Penetration Testing Capabilities

Oct 20, 2019
There are daily reminders seen in the news, or heard second hand, of hackers stealing or exposing data. Having just one pen test often exposes security weaknesses that are not adequately protected with compensating controls,  Which will help with  setting priorities and mitigating the associated risk. This begs the question, how could you improve your cyber security posture if you had a pen testing capabilities in-house?
IT Security

You Can’t Protect What You Can’t See: Improving Cybersecurity with Monitoring Solutions

Oct 6, 2019
When a data breach hits the headlines, questions often arise for those not familiar with cybersecurity. How did the organization not realize what was going on? Why did they ignore all the warning signs? Those more familiar with just how massive IT infrastructures can be understand that the issue is not a matter of ignoring warning signs, it’s an inability to see them at all. Security monitoring solutions like a SIEM can provide valuable insights and prioritize alerts, distinguishing between those that could lead to thwarting a devastating breach, and those that are harmless incidents.