Cyber Security Awareness and Vulnerabilities Blog

Top Data Breaches of 2019: How You Can Minimize Your Risks

Jan 9, 2020
Your organization made the headlines! That’s great, right? Not if it’s because you had sensitive data breached. A data breach can wreak financial and logistical havoc for you, your customers, patients, employees, and others. More importantly, it can severely impact the reputation you’ve so carefully built up and nurtured over time with existing as well as potential customers.

Three Big Takeaways from the Gartner IAM Summit You Need to Know

Jan 1, 2020
They say what happens in Vegas stays there, right? Well, that may not always be the case. Especially when it comes to the Gartner Identity & Access Management Summit last December. In fact, we are pretty sure the more than 2,200 attendees will take back with them new identity and access management insights, strategies, and intelligence to address their biggest challenges in their own organizations.
Pen tester in hoodie

Three Challenges of Pen Testing

Dec 26, 2019
There is no arguing that a penetration test can be an invaluable exercise to evaluate the security of an IT infrastructure. Despite the necessity for these critical evaluations, many security teams struggle to maximize the effectiveness of pen tests in their organization. What are the top challenges that organizations are looking at today when facing an upcoming pen test? Read on to find out.
What is?

What Is IAM Security?

Dec 25, 2019
Identity and Access Management (IAM) security is an essential part of overall IT security that manages digital identities and user access to data, systems, and resources within an organization. IAM security includes the policies, programs, and technologies that reduce identity-related access risks within a business. IAM programs enable organizations to mitigate risks, improve compliance, and increase efficiencies across the enterprise.

Top 2019 SIEM Content in Review: Five Key Takeaways

Dec 17, 2019
With cyber attacks continuing to increase, it seems like most security teams are having to learn how to do more, and do it faster. Security Information and Event Management (SIEM) solutions help to efficiently identify and escalate critical security events, enabling a swift and effective response. SIEM use remained a popular security tool in 2019, and shows every sign of remaining prevalent for years to come.
Security Tips

Four Cyber Threats in 2019 and How to Manage Them in 2020

Dec 15, 2019
What’s the best way to get a leg up on cybersecurity in 2020? Learning from the biggest problems of the past year can show emerging patterns and trends that can help shape your security strategy, ensuring that you know what to watch for and prioritize. Read on to learn how to deal with four major cyber threats of the past year that will continue to evolve and plague organizations into 2020 and beyond.
Fingers types with digital security icons

Taking Command: A Three Step Approach to Surviving Today’s Cyber Domain

Dec 11, 2019
Over just a few decades, science fiction has become reality with the advent of cyberspace.  Organizations can instantly communicate across the globe, completing work faster than ever thanks to these innovations. And though cybersecurity quickly became one of the most rapidly growing fields, cyber threats continue to improve right alongside these digital advancements.
5 Security Tips

How to Tackle the Top Five Healthcare Information Security Challenges

Dec 9, 2019
Healthcare information security is one of the leading priorities in the healthcare sector today—and for good reason. Healthcare organizations are primary targets for attacks with the amount of sensitive data they protect. A recent study published in the Annals of Internal Medicine found that 70 percent of breaches targeted demographic or financial information rather than medical information only.
5 Security Tips

Five Major Reasons Healthcare Organizations Need Identity Governance

Nov 13, 2019
Healthcare organizations today face extraordinary challenges in a dynamic, complex landscape. During the last two decades, the healthcare industry has seen increasing regulations, an acceleration of technology and workforce growth, acquisitions and consolidation, and the pressure to increase operational efficiencies and decrease overall costs, while meeting growing patient demands. The pressures to comply with regulations, coupled with pressures to compete with other healthcare organizations, also make for a challenging environment.
Digital gears

Better Together: How Pen Testing Helps Take Vulnerability Assessments to the Next Level

Nov 12, 2019
While many inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests, others explain the differences as though you have to choose between the two. Vulnerability assessments are tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure.
Shield with keyhole

When Should You Replace Your Free SIEM Tools?

Nov 5, 2019
Free Security Information and Event Management (SIEM) solutions have significant benefits, providing visibility into security environments and enabling proactive vulnerability management for many small and mid-sized organizations. However, these tools often come with limitations that will lead security teams to consider commercial options. How do you know when it’s time to upgrade?
Identity & Access Management

Three Reasons Micro-Certifications Are Essential in Identity Governance

Oct 26, 2019
Access certification is one of the most important types of reviews within organizations today. An access certification, also called an attestation, occurs when a manager reviews a user’s access and validates that the user still requires—or no longer requires—access to an application, system, or platform. If access is considered unnecessary, then it should be removed.
Core Impact Tiered Pricing

Three Action Items to Consider After Completing a Pen Test

Oct 22, 2019
In order to complete a successful penetration test, a great deal of time is often spent in the planning stage. Time should also be invested into the post-test process.

How Commercial Pen Testing Tools Can Make Your In-House Testing Program More Effective and Efficient

Oct 20, 2019
Penetration testing is an undeniably effective way to improve an organization’s security, allowing cybersecurity professionals to safely validate the exploitability of security weaknesses, before a malicious attacker does. Though threat actors are more persistent than ever, the good news is that more and more organizations have recognized this and want to begin their own penetration testing program in-house. With the advent of increasingly more sophisticated penetration tools, organizations can build and grow their own successful penetration testing program.

Three Benefits of In-House Penetration Testing Capabilities

Oct 20, 2019
There are daily reminders seen in the news, or heard second hand, of hackers stealing or exposing data. Having just one pen test often exposes security weaknesses that are not adequately protected with compensating controls,  Which will help with  setting priorities and mitigating the associated risk. This begs the question, how could you improve your cyber security posture if you had a pen testing capabilities in-house?
IT Security

You Can’t Protect What You Can’t See: Improving Cybersecurity with Monitoring Solutions

Oct 6, 2019
When a data breach hits the headlines, questions often arise for those not familiar with cybersecurity. How did the organization not realize what was going on? Why did they ignore all the warning signs? Those more familiar with just how massive IT infrastructures can be understand that the issue is not a matter of ignoring warning signs, it’s an inability to see them at all. Security monitoring solutions like a SIEM can provide valuable insights and prioritize alerts, distinguishing between those that could lead to thwarting a devastating breach, and those that are harmless incidents.
Digital gears

Keeping Up with the Bots: How the Rise of RPA Impacts IGA

Oct 2, 2019
Robotic Process Automation (RPA) is a type of automation technology currently transforming the way businesses operate. RPA software robots manipulate and communicate with business systems and applications to streamline processes and reduce the burden on employees. RPA can automate tasks, including claims processing and call center support to data management, IT services, and invoice processing, and everything in between. Opportunities for automation exist virtually everywhere throughout the business, enabling greater organizational performance and efficiency.
Performance gears

Six Strategies to Ensure You Give the Right Access to the Right People at the Right Time

Sep 30, 2019
Part 2 of the Improving Your Security-Efficiency Balance Series:   One of the primary challenges organizations wrestle with in identity governance is how to achieve the right balance in their company between security and efficiency.
Digital lockpad inside circle

How to Strike the Right Balance Between Prioritizing Security and Increasing Efficiency

Sep 24, 2019
Part 1 of the Improving Your Security-Efficiency Balance Series:   Organizations of all sizes today face a unique balancing act when it comes to user access. Employees require access to multiple organizational systems, applications, and data to successfully do their jobs—from human resource information systems (HRIS) and customer relationship management (CRM) platforms to accounting software, patient care systems, or collaboration tools. Yet granting user privileges to these systems inherently creates risk to the organization.
IT Security

Evaluating Security Information and Event Management (SIEM) Solutions: The Pros and Cons of Freeware

Sep 17, 2019
With data breaches causing seemingly endless damage, from record breaking numbers of exposed records to millions spent on remediation, it’s clear that organizations must build stronger security portfolios than ever before.
Flying padlock

Navigating Toward a Password-Free Future with Privileged Access Management

Sep 12, 2019
Privileged accounts exist nearly everywhere within the organizational environment. Managing and protecting these privileged accounts has led to the rise of Privileged Access Management (PAM) solutions. These tools enable companies to centralize user administration, improve controls for granting user access, and more effectively manage and monitor privileged access to critical assets.
People icons connected

How to Identify and Prevent Insider Threats in Your Organization

Sep 10, 2019
Insider threats are on the rise. Whether they come from accidental insiders who are prone to phishing attempts or malicious insiders who are seeking to expose sensitive data, insider attacks have significantly increased in recent years. According to the 2019 Insider Threat Report from Cybersecurity Insiders, sponsored by HelpSystems, 70 percent of cybersecurity professionals surveyed believe that the frequency of insider attacks has increased in the last year alone.

The Human Element of Pen Testing and the Role Tools Can Play

Sep 4, 2019
Science fiction novels, TV shows, and movies often demonstrate the possibility of, and perhaps the danger of, computers and machines taking over the day to day jobs that humans once completed. While this has come to fruition in some instances, like with many factory jobs now being completed by highly specialized robots, more often than not, these inventions and innovations serve as tools to enhance human skills, not replace them. This is the case in the cybersecurity world, especially when it comes to penetration tests.
Typing on computer with security shield

How Identity Governance and Administration (IGA) Improves Security, Efficiency, and Compliance

Aug 29, 2019
In the complicated, tangled web of managing user rights, permissions and accounts, keeping track of who has access to different resources can seem nearly impossible. Organizations today are facing increasing demands, mandates, and compliance regulations as they manage access and support countless devices and systems that contain data critical to the organization. Identity Governance and Administration (IGA) solutions have provided the capability to create and manage user accounts, roles, and access rights for individual users in an organization.
IT Security

When is a False Positive Not a False Positive in Cybersecurity?

Aug 15, 2019
The phrase “false positive” has become so ubiquitous in Information Security that we often don’t stop to consider what it means or how it is used. Many use the term to describe every alert generated by a tool that does not lead to the discovery of a true infection when investigated. If every alert activated for trivial information is considered a false positive, this may overstate the intention and function of the tool and may even give the user a false sense that the tool has more features than it actually does.