Cyber Security Awareness and Vulnerabilities Blog

Top 3 IT Strategies for Optimizing Productivity

Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their workday. Distractions in the form of meetings, urgent emails, and (worst case) system outages force even the most organized sysadmin to push tasks back and cause pileups in the future. Whether or not you’re using the same strategies to stay productive in IT as the ones highlighted below, learn how your peers avoid and overcome hurdles to keep focusing on high-impact tasks.
Data Security

Common Security Concerns and How to Reduce Your Risk

What common security risks/entry points are you most concerned about? In our 2023 Pen Testing Survey we asked what common security risks concerned respondents most. While phishing (70%) and ransomware (72%) were the top concerns, other options had a high enough percentage to warrant further discussion. These included: 
How Voice Biometrics Became a Real Game-Changer at a Large Financial Services Organization Computer with security shield VIDEO

How Voice Biometrics Became a Real Game-Changer at a Large Financial Services Organization

Voice biometrics, or voiceprint technology, has started gaining significant traction within the financial services industry. And for good reason. Passwords alone are no longer sufficient for protecting business-critical assets and applications. Instead, voiceprint technology instantly recognizes the voice patterns unique to each individual and can authenticate access securely. Industries like financial services are moving away from using passwords for account access and toward secure biometric authentication that is fast, convenient, secure, and cost effective.
Security lock breaking

How to Deal With Orphaned Accounts in Your Business

According to the 2019 Verizon Data Breach Investigations Report, 62 percent of all data breaches last year involved the use of stolen credentials, brute force, or phishing. Nearly half of these types of breaches were directly attributed to stolen credentials. Stolen credentials are not only a risk through active user accounts, but can be a significant risk through orphaned accounts.

Why is Multi Tenancy Important in a SIEM Solution?

All SIEMs are well known for their ability to monitor IT infrastructures for potential threats, escalating them to the appropriate party. Though these solutions share this core function in common, SIEMs differ widely in terms of features. It’s important to evaluate your own environment to determine what your priorities are. For certain organizations, particularly MSPs, multi tenancy is a key functionality.
Phishing hook

How Phishing Has Evolved and Three Ways to Prevent Attacks

The term “phishing” can be traced back to 1996, when it was used to reference a group of attackers that were imitating AOL employees using AOL messenger, asking people to verify their accounts or billing information. Many unsuspecting users fell prey to this scam purely due to their novelty. Though we would like to believe that we would never be fooled by such an attack these days, phishing remains as popular as ever. Though internet users may have become more discerning, attackers have also become more skilled in how they’re luring in more victims.

What is the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies.

The Basics of IGA ROI: How to Show Value in Identity Governance

Like most companies today, your business is likely facing increasing demands to support and protect more devices and systems that contain data critical to your business. You are spending increasing time and resources on manual, repetitive tasks for managing user accounts. And you are being squeezed by the business to do more with less.
What is?

What is the CMMC and How Can You Prepare for It?

Later this month, the U.S. Department of Defense (DoD) will release version 1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC will be a mandatory third-party certification for any DoD contractors and subcontractors, intended to help protect the government’s sensitive, unclassified data against cyber threats. How did the CMMC come together and what will it entail? Read on to find out other cyber threat mitigation standards, how they inspired the CMMC, and what to expect when the CMMC goes live.

Top Data Breaches of 2019: How You Can Minimize Your Risks

Your organization made the headlines! That’s great, right? Not if it’s because you had sensitive data breached. A data breach can wreak financial and logistical havoc for you, your customers, patients, employees, and others. More importantly, it can severely impact the reputation you’ve so carefully built up and nurtured over time with existing as well as potential customers.

Three Big Takeaways from the Gartner IAM Summit You Need to Know

They say what happens in Vegas stays there, right? Well, that may not always be the case. Especially when it comes to the Gartner Identity & Access Management Summit last December. In fact, we are pretty sure the more than 2,200 attendees will take back with them new identity and access management insights, strategies, and intelligence to address their biggest challenges in their own organizations.
Pen tester in hoodie

Three Challenges of Pen Testing

There is no arguing that a penetration test can be an invaluable exercise to evaluate the security of an IT infrastructure. Despite the necessity for these critical evaluations, many security teams struggle to maximize the effectiveness of pen tests in their organization. What are the top challenges that organizations are looking at today when facing an upcoming pen test? Read on to find out.
What is?

What Is IAM Security?

Identity and Access Management (IAM) security is an essential part of overall IT security that manages digital identities and user access to data, systems, and resources within an organization. IAM security includes the policies, programs, and technologies that reduce identity-related access risks within a business. IAM programs enable organizations to mitigate risks, improve compliance, and increase efficiencies across the enterprise.

Top 2019 SIEM Content in Review: Five Key Takeaways

With cyber attacks continuing to increase, it seems like most security teams are having to learn how to do more, and do it faster. Security Information and Event Management (SIEM) solutions help to efficiently identify and escalate critical security events, enabling a swift and effective response. SIEM use remained a popular security tool in 2019, and shows every sign of remaining prevalent for years to come.
Security Tips

Four Cyber Threats in 2019 and How to Manage Them in 2020

What’s the best way to get a leg up on cybersecurity in 2020? Learning from the biggest problems of the past year can show emerging patterns and trends that can help shape your security strategy, ensuring that you know what to watch for and prioritize. Read on to learn how to deal with four major cyber threats of the past year that will continue to evolve and plague organizations into 2020 and beyond.
Fingers types with digital security icons

Taking Command: A Three Step Approach to Surviving Today’s Cyber Domain

Over just a few decades, science fiction has become reality with the advent of cyberspace.  Organizations can instantly communicate across the globe, completing work faster than ever thanks to these innovations. And though cybersecurity quickly became one of the most rapidly growing fields, cyber threats continue to improve right alongside these digital advancements.
5 Security Tips

How to Tackle the Top Five Healthcare Information Security Challenges

Healthcare information security is one of the leading priorities in the healthcare sector today—and for good reason. Healthcare organizations are primary targets for attacks with the amount of sensitive data they protect. A recent study published in the Annals of Internal Medicine found that 70 percent of breaches targeted demographic or financial information rather than medical information only.
5 Security Tips

Five Major Reasons Healthcare Organizations Need Identity Governance

Healthcare organizations today face extraordinary challenges in a dynamic, complex landscape. During the last two decades, the healthcare industry has seen increasing regulations, an acceleration of technology and workforce growth, acquisitions and consolidation, and the pressure to increase operational efficiencies and decrease overall costs, while meeting growing patient demands. The pressures to comply with regulations, coupled with pressures to compete with other healthcare organizations, also make for a challenging environment.
Shield with keyhole

When Should You Replace Your Free SIEM Tools?

Free Security Information and Event Management (SIEM) solutions have significant benefits, providing visibility into security environments and enabling proactive vulnerability management for many small and mid-sized organizations. However, these tools often come with limitations that will lead security teams to consider commercial options. How do you know when it’s time to upgrade?
Identity & Access Management

Three Reasons Micro-Certifications Are Essential in Identity Governance

Access certification is one of the most important types of reviews within organizations today. An access certification, also called an attestation, occurs when a manager reviews a user’s access and validates that the user still requires—or no longer requires—access to an application, system, or platform. If access is considered unnecessary, then it should be removed.
Core Impact Tiered Pricing

Three Action Items to Consider After Completing a Pen Test

In order to complete a successful penetration test, a great deal of time is often spent in the planning stage. Time should also be invested into the post-test process.

How Commercial Pen Testing Tools Can Make Your In-House Testing Program More Effective and Efficient

Penetration testing is an undeniably effective way to improve an organization’s security, allowing cybersecurity professionals to safely validate the exploitability of security weaknesses, before a malicious attacker does. Though threat actors are more persistent than ever, the good news is that more and more organizations have recognized this and want to begin their own penetration testing program in-house. With the advent of increasingly more sophisticated penetration tools, organizations can build and grow their own successful penetration testing program.

Three Benefits of In-House Penetration Testing Capabilities

There are daily reminders seen in the news, or heard second hand, of hackers stealing or exposing data. Having just one pen test often exposes security weaknesses that are not adequately protected with compensating controls,  Which will help with  setting priorities and mitigating the associated risk. This begs the question, how could you improve your cyber security posture if you had a pen testing capabilities in-house?
IT Security

You Can’t Protect What You Can’t See: Improving Cybersecurity with Monitoring Solutions

When a data breach hits the headlines, questions often arise for those not familiar with cybersecurity. How did the organization not realize what was going on? Why did they ignore all the warning signs? Those more familiar with just how massive IT infrastructures can be understand that the issue is not a matter of ignoring warning signs, it’s an inability to see them at all. Security monitoring solutions like a SIEM can provide valuable insights and prioritize alerts, distinguishing between those that could lead to thwarting a devastating breach, and those that are harmless incidents.
Digital gears

Keeping Up with the Bots: How the Rise of RPA Impacts IGA

Robotic Process Automation (RPA) is a type of automation technology currently transforming the way businesses operate. RPA software robots manipulate and communicate with business systems and applications to streamline processes and reduce the burden on employees. RPA can automate tasks, including claims processing and call center support to data management, IT services, and invoice processing, and everything in between. Opportunities for automation exist virtually everywhere throughout the business, enabling greater organizational performance and efficiency.