Cyber Security Awareness and Vulnerabilities Blog
Mar 29, 2017
How do you look at vulnerability management? We’ve seen several blogs on this topic in the past month and even a webinar with one of our security consultants but the truth is that everyone looks at this issue differently. From scanning and assessments to prioritization and patching, vulnerability management is a lot of different things but it is not and never should be seen as:
Mar 27, 2017
We’ve let you in on some of the not-so-secret mistakes people make with pen-tests last week in "Horrible Mistakes You're Making With Pen-Testing Pt. 1" and we’re continuing with that theme today. There are more potential mistakes and we want to make sure you’re aware of them in order make your pen-tests successful. Read on and stay tuned to see just how many there actually are!
Mar 22, 2017
Wouldn’t it be nice to sleep easy at night and not have to worry if your vulnerability management program is really catching all the vulnerabilities that could be and are in your environments? Wouldn’t it even be nicer if you could get them prioritized by risk and truly make sure they are mitigated or remediated based on what attackers may try to leverage first? How about that resource(s) who now spends 100% of their job on vulnerability management, although it wasn’t why they were hired?
Mar 20, 2017
For some, running a pen test is merely something to do to pass a compliance check for the year. However, there are many more benefits than just adhering to a precedent set out before you. If done correctly – correctly being the main emphasis here – you should already know of the added benefits pen-tests have towards maintaining a healthy security posture. If you feel like you could improve even just a little bit on this matter, keep reading.
Mar 15, 2017
March Madness, the annual college basketball championship, is here! Whether that means gearing up for the basketball tournament or getting ready to face spring and summer seasons, this is the beginning of a very busy time for a lot of people and organizations. The problem is, it's a busy time for hackers as well. The CIA/Wikileaks revelations have vendors scrambling to patch products. This time of year brings a high volume of identity theft via stolen W2s and other tax records. Let's face it, there is no "off season" for bad actors.
Mar 13, 2017
THE WORLD OF COMPLIANCE At the official start of summertime 2016 in Britain we are starting to consume the labour of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear the horrible details), enough to say I watch each step like a hawk to ensure a batch does not become tainted.
Mar 13, 2017
THE GOOD, THE BAD AND THE UGLY I was at the Red Hat Summit in Boston at the end of June. We had a lot of activity at our exhibitor stand, and a lot of discussions being passed on to me by our sales team I continued to have the same conversation again and again over the three days. This seems to be the year people have finished bedding down Puppet in their server/VM infrastructure, and are looking for ways to fill gaps where Puppet isn’t so useful. Like problems with OS security.
Feb 27, 2017
Penetration testing versus vulnerability scanning. It all sounds the same or does the same thing, doesn’t it? Mistakenly, these terms are often used interchangeably even though there are some fundamental differences. Here we will distinguish the two and help you see what value each could bring to your business.
Feb 20, 2017
Are you guilty of any of these mistakes in your pen-tests? Maybe you've never done these before and now you'll forever remember these as things to avoid when running any future penetration tests. 1. Improperly disposed network gear It’s surprising how often there are still configurations on network gear after disposal. This is putting your company at risk beyond their lifespan. 2. Devices with easily guessed SNMP community strings Easily guessable SNMP community strings hive bad actors the ability to manipulate networks at the most fundamental level.
Feb 6, 2017
If testing your antivirus program or other applications sounds silly, then consider this your wake-up call. Just because you’ve bought something to protect your services, doesn’t mean it’s a surefire way to protect your data. System applications, embedded applications, games and more are not invincible either. It’s safe to assume that the protection services you have in place have loopholes that bad actors know about and are just one step away from obtaining data.
Feb 1, 2017
Day after day we hear stories of companies being breached because of vulnerabilities in their systems. While some of these vulnerabilities may be new, the majority of breaches are caused by vulnerabilities that have had a patch available for weeks, months, even years but are left unpatched. If you know that there are vulnerabilities on your network, why wouldn’t you patch them immediately? Simply put, there are too many vulnerabilities and not enough time. So the question becomes not “how can I patch all of my vulnerabilities” but “how can I know which vulnerabilities to patch first?”
Jan 30, 2017
2016 really made a name for cyber-security. Now let’s make 2017 the year of executing strong cybersecurity plans. In order to fight the war online, you first need to understand what it is you are actually fighting. You hear the buzzwords such as “cybersecurity,” “pen-testing” and “IoT” – but do you know the full scope of what they really mean?
Jan 25, 2017
Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike. Here are 6 things to know about ransomware:
Jan 23, 2017
No matter what you call them: threats, weaknesses, risks or vulnerabilities, they’re out there. Are you ready to handle them? Do you have a team internally dedicated to conducting pen-tests regularly? Are the people you’ve hired trained and experienced in conducting pen-tests or seeking out weaknesses in your system? How about fixing or eradicating issues before they actually become problems?
Jan 16, 2017
Let’s not fall victim to just talking about securing our businesses or people without putting action behind it. Cyber-security has grown to be a hot topic as technology advancements continue and after many cyber-attacks, breaches and panic in 2016. When hearing details about the attacks that happened to Target, Yahoo or Anthem, you can’t help but wonder if you could be next.
Jan 11, 2017
Database and password incidents are so common today that it takes a massive breach to make headlines. Coverage of these breaches often highlights that stolen credentials were a key part of infiltrating the network. Even though we know credential theft is often at the heart of these incidents, why is it so difficult to convince our organizations, leadership, employees, and customers to take Identity and Access Management (IAM) seriously? Here are four key challenges of IAM:
Jan 9, 2017
Cyber-security firms are consistently talking about securing the Internet of Things, analyzing the latest hack or trying to sell you on the latest and greatest tool. Oftentimes, this makes you look at the newest security software to put in place (which we recommend you do) or increase the number of pen-tests to ensure your systems are in optimal condition. What you may be missing is the most common source of exploits and vulnerabilities—the people in your company currently using the devices, apps and more on your network.
Jan 4, 2017
One of the cool things about working in cyber-security is that you get to see a lot of really cool ideas for keeping your organization safe. You also see some pretty terrible mistakes that are leaving both yourself and your customers at risk. Read on for five of the most common cyber-mistakes and how you can fix them.
Dec 29, 2016
1. The Internet of Things as a Trojan Horse These seemingly innocent devices bring vulnerabilities into your network By default, these devices are open to the internet and are rarely reconfigured from the default settings meaning every connection from the IoT is putting your network in danger. If you do not have an IoT policy in place, now is the time to start. While default settings are easy for the user, they are an open door for bad actors to your data.
Dec 7, 2016
It’s the most wonderful time of the year and if you’re like me, you’re already counting down the days until Christmas. It’s a time to be with friends and family with the added bonus of unwrapping those gifts under your tree. What most of us don’t think about, is how those gifts can affect our organizations.
Nov 30, 2016
Did you know that, on average, 15 million residents in the U.S. are affected by identity theft and upwards of $50 billion are stolen each year? During the holiday season we hear a lot about keeping your identity safe when shopping online or in retail stores across the country, or even across the world. Why? The most obvious reasons are that your money can be stolen and in turn, your credit ruined. These are both valid points for consumers, but how can you apply that to your organization and more importantly, your money, intellectual property, and customer records?
Nov 15, 2016
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s the time for retailers to shine. It’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target retailers. In part one of this series, we discussed how PCI-DSS regulations were only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what to expect this Cyber-Monday.
Nov 13, 2016
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s a time for retailers to shine. But, it’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target them. In this two part series, we will discuss things retailers should consider this holiday season to better secure themselves from attacks and to ensure continuous compliance to industry regulations.
Nov 9, 2016
What once was only science fiction is now our reality, anything and everything can be hacked. For healthcare providers, ‘anything’ includes not only patient records and claims information, but sentient things like drug pumps and pacemakers. In addition, healthcare has operational functionality that make this space particularly challenging. The mobility challenge is particularly unusual because the workforce is constantly moving in and out of foundations, universities and hospitals.
Oct 24, 2016
“There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!" – Sneakers