Online attacks engineered to target people—not machines, are the leading vector for cyber-attacks. Generally, computer systems will always respond in a predictable manner: the port is either open or closed, the site or resource is either available or it is not, the credentials used are either valid or invalid. Binary options are housed and run on a computing platform known for predictability and precision. Computers...
Read More
Cyber attackers primarily fall under two categories: Those that pose threats to your business from the outside of your organization, and Those that present risks from the inside. Anyone with physical or remote access to your organization’s assets can expose you to cyber risk. For example: Insiders Trusted employees accidentally misplacing information Careless employees remiss of policies and procedures Disgruntled employees or ex-employees’ intent on damaging your...
Read More
Cyber-attacks keep hitting the headlines and a lot of effort goes into preventing and dealing with the consequences when they happen. Understanding the motivation behind attacks can help organizations understand more about the risks they face so that they can tackle them. Third-party fraud is fueled by identity theft, and breached data gives criminals the information they need to take over someone’s identity. Criminal gangs are...
Read More
Organizations are trying to deploy every possible security solution and appliance they can afford in order to stay ahead of the latest evolving cyber threats. While these new solutions and appliances provide protection, they also increase the complexity of your security design and infrastructure. InfoSec departments are struggling to understand how to include these new solutions and appliances while maintaining their compliance. Additionally, as I mentioned...
Read More
It continues to amaze me how so many companies still use the 25+ year old process of manual and error prone assessments. These companies rely on someone with a few pages of questions addressing a handful of security controls or policies, walking around to the different departments to hold meetings to figure out how they stack up against NIST, HIPAA, PCI, FFIEC, ISO or...
Read More
We all have the experience of purchasing cybersecurity appliances from time to time. When we do this, it’s imperative that we do so considering the overall design of the infrastructure. As I mentioned in a previous blog, it is very easy to overbuy appliances and create unnecessary risk exposure, not to mention wasting precious budget resources. The second, and equally important, factor to consider when buying...
Read More
Security hardware vendors spend a lot of time, energy and resources developing great and powerful technology to help us defend our companies against cyber attacks. Unfortunately, there are situations where they may be indirectly creating vulnerabilities that expose our networks to attacks. Here is a situation I experienced a few years ago that may be similar to what we have all gone through. Most of us...
Read More
Why are Fortune 500 companies continuing to fall victim to cyber attacks? This question has been a head-scratcher for many chief information security officers (CISOs) and other information security staff. What is causing these attacks when all of their security controls and appliances are in place? Sometimes it’s hard to believe that minor negligence can cause a severe compromise. Being in the InfoSec industry for over...
Read More
