Cyber Security Awareness and Vulnerabilities Blog
May 29, 2017
You may know that you need to penetration test your organization for the sake of compliance - but there is more to gain from a pen-test than just adhering to set regulations to avoid a fine. We've compiled a list of reasons to pen-test your infrastructure to help your company operate out of a healthy security posture.
May 24, 2017
There is no doubt about it, the Internet of Things (IoT) has made life better. I’m not just talking about the fact that I can be connected 24/7 through my laptop, tablet or phone. The rapid expansion of devices that are connected to the internet and weaved into our everyday life is remarkable. For example, this morning I woke up and didn’t have to get out of bed before Alexa told me today’s weather and top stories and my iPhone gave me a traffic alert that it would take longer than usual to get to my 8AM meeting.
May 17, 2017
WannaCry may be the latest outbreak or ransomware to hit the news, but it is not the 1st or the last. In 2016 alone, it is estimated that $1 billion dollars in cyber ransoms were paid out to cyber criminals. If this widespread attack proved anything it's that the threat is real.
May 15, 2017
According to the Anti-Phishing Work Group, 1.2 million individual phishing attacks took place in 2016 – a 65% increase from the year before. These attacks have been mentioned across all industries and the most recent Verizon Wireless Data Breach Report states that 95% of phishing attacks that led to a breach were followed by some sort of software installation- usually malware.
May 10, 2017
Did you know that one of the top nine attack types consistently covered in Verizon’s Data Breach Report are insider threats and privileged misuse? According to this year’s report, 66% of insiders steal information in hopes of selling it for cash, 17% are just unsanctioned snooping and 15% are taking it in order to take the information to a new employer. What is the root cause of all of these problems? Access.
May 8, 2017
It seems as if government agencies, both locally and nationally, are making headlines for mostly the wrong reasons these days. From scandals to breaches and cybersecurity this has become such a sensitive subject within the past year that these events have left most folks feeling even more on edge. As stated by Thales Data Threat Report, within the past year alone, 33% of government agencies reported that they experienced a data breach. Not to mention the ones that have remained unnoticed, for now at least.
May 1, 2017
Retail is arguably the leader in terms of the most financial transactions executed in an industry. With that in mind, the retail industry also makes up 8% of all data breaches. It may feel nerve-racking to both work and participate in such a risk dense environment. However, if you have the right security measures in place and remain aware of other’s security breaches and best practices you may be able to breathe a bit easier.
Apr 24, 2017
Don’t for a minute think that bad actors have no interest in the information you collect in your state or local office. Whether you work for the City Water Department or the Department of Tax and Revenue for your county, you are collecting data that is critical to not only your job – but for all of the organizations and people that work and live within your territory. Even if you aren't employed by these organizations, your personal data may be harbored here. So what are you doing about it?
Apr 17, 2017
Download the full infographic
Apr 10, 2017
The integration of technology in classrooms has changed school environments tremendously. It seems as if each year at earlier ages, students are more comfortable using a tablet than putting pen to paper. However, there’s more to be concerned with than kids growing up with poor penmanship.
Apr 5, 2017
Late last year the New York State of Financial Services (DFS) announced that New York would be proposing a "first in the nation" rule on cyber-security to go into effect on March 1, 2017 which would impact any bank, insurance company and anyone else covered by DFS. The rule requires any regulated company design a cybersecurity program that assesses its risks to ensure the safety and soundness of the cybersecurity protections in place with the goal of providing further protections of its customers.
Apr 3, 2017
We are a full three months into 2017 and hopefully you’ve remained unscathed. Have you had some things on your “to-do” list that just haven’t happened? Or maybe something didn’t work or produce as much of a “punch” as you were hoping it would? Maybe some things have served your company far better than you thought—like putting a company-wide security training in place paired with password reset or even knocking out a pen-test for the year.
Mar 29, 2017
How do you look at vulnerability management? We’ve seen several blogs on this topic in the past month and even a webinar with one of our security consultants but the truth is that everyone looks at this issue differently. From scanning and assessments to prioritization and patching, vulnerability management is a lot of different things but it is not and never should be seen as:
Mar 27, 2017
We’ve let you in on some of the not-so-secret mistakes people make with pen-tests last week in "Horrible Mistakes You're Making With Pen-Testing Pt. 1" and we’re continuing with that theme today. There are more potential mistakes and we want to make sure you’re aware of them in order make your pen-tests successful. Read on and stay tuned to see just how many there actually are!
Mar 22, 2017
Wouldn’t it be nice to sleep easy at night and not have to worry if your vulnerability management program is really catching all the vulnerabilities that could be and are in your environments? Wouldn’t it even be nicer if you could get them prioritized by risk and truly make sure they are mitigated or remediated based on what attackers may try to leverage first? How about that resource(s) who now spends 100% of their job on vulnerability management, although it wasn’t why they were hired?
Mar 20, 2017
For some, running a pen test is merely something to do to pass a compliance check for the year. However, there are many more benefits than just adhering to a precedent set out before you. If done correctly – correctly being the main emphasis here – you should already know of the added benefits pen-tests have towards maintaining a healthy security posture. If you feel like you could improve even just a little bit on this matter, keep reading.
Mar 15, 2017
March Madness, the annual college basketball championship, is here! Whether that means gearing up for the basketball tournament or getting ready to face spring and summer seasons, this is the beginning of a very busy time for a lot of people and organizations. The problem is, it's a busy time for hackers as well. The CIA/Wikileaks revelations have vendors scrambling to patch products. This time of year brings a high volume of identity theft via stolen W2s and other tax records. Let's face it, there is no "off season" for bad actors.
Mar 13, 2017
THE WORLD OF COMPLIANCE At the official start of summertime 2016 in Britain we are starting to consume the labour of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear the horrible details), enough to say I watch each step like a hawk to ensure a batch does not become tainted.
Mar 13, 2017
THE GOOD, THE BAD AND THE UGLY I was at the Red Hat Summit in Boston at the end of June. We had a lot of activity at our exhibitor stand, and a lot of discussions being passed on to me by our sales team I continued to have the same conversation again and again over the three days. This seems to be the year people have finished bedding down Puppet in their server/VM infrastructure, and are looking for ways to fill gaps where Puppet isn’t so useful. Like problems with OS security.
Feb 27, 2017
Penetration testing versus vulnerability scanning. It all sounds the same or does the same thing, doesn’t it? Mistakenly, these terms are often used interchangeably even though there are some fundamental differences. Here we will distinguish the two and help you see what value each could bring to your business.
Feb 20, 2017
Are you guilty of any of these mistakes in your pen-tests? Maybe you've never done these before and now you'll forever remember these as things to avoid when running any future penetration tests. 1. Improperly disposed network gear It’s surprising how often there are still configurations on network gear after disposal. This is putting your company at risk beyond their lifespan. 2. Devices with easily guessed SNMP community strings Easily guessable SNMP community strings hive bad actors the ability to manipulate networks at the most fundamental level.
Feb 6, 2017
If testing your antivirus program or other applications sounds silly, then consider this your wake-up call. Just because you’ve bought something to protect your services, doesn’t mean it’s a surefire way to protect your data. System applications, embedded applications, games and more are not invincible either. It’s safe to assume that the protection services you have in place have loopholes that bad actors know about and are just one step away from obtaining data.
Feb 1, 2017
Day after day we hear stories of companies being breached because of vulnerabilities in their systems. While some of these vulnerabilities may be new, the majority of breaches are caused by vulnerabilities that have had a patch available for weeks, months, even years but are left unpatched. If you know that there are vulnerabilities on your network, why wouldn’t you patch them immediately? Simply put, there are too many vulnerabilities and not enough time. So the question becomes not “how can I patch all of my vulnerabilities” but “how can I know which vulnerabilities to patch first?”
Jan 30, 2017
2016 really made a name for cyber-security. Now let’s make 2017 the year of executing strong cybersecurity plans. In order to fight the war online, you first need to understand what it is you are actually fighting. You hear the buzzwords such as “cybersecurity,” “pen-testing” and “IoT” – but do you know the full scope of what they really mean?
Jan 25, 2017
Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike. Here are 6 things to know about ransomware: