In my 11 years of helping customers pen test their network, oftentimes I have seen that companies choose to test only the bare minimum. I understand that companies have a need to satisfy some compliance like PCI or reassure customers and security budgets can be tight. However, why not get more value out of your pen test?
Topics: Penetration Testing, Threat Management
My team regularly assists clients in battling with users trying to access non-business related sites or remote locations that may have been deemed not work appropriate. Before we blame the end-user for not respecting the rules our organizations have set, we must remember that not all end users are aware of the risks involved when they visit these nefarious locations. On top of that, not everyone is able to utilize only business related information for the full 8 hours of the workday! But there are plenty of clean websites that usually aren’t blocked that are known clean sites and can get your mind off work for some time. We need to continue to block sites that are known bad despite the battle it may take.
Topics: Information Security, Threat Management
Topics: Information Security, Threat Management
The cyber kill chain concept is based on the military kill chain, which uses a three-stage process that covers target identification, defending against the attack and wiping out the target. Lockheed Martin started using the "kill chain" to refer to information security. It applies these same steps to cyber attackers who attempt to break into its computer network and corrupt or steal data. While the analogy may not always be a perfect one when you compare the cyber kill chain to the original military one, this concept gives you the opportunity to break a cyber attack into easily comprehensible stages.
Topics: Information Security, Threat Management
Organizations that fall under the purview of HIPAA have to respond quickly to a cyber attack. The Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) issued a step-by-step guide to aid organizations. As a covered entity, your organization must have a contingency plan and incident procedures in the event of a security breach.
Topics: Information Security, Incident Response, Threat Management, Healthcare, HIPAA
Release Date (01-03-18) CVE-2017-5753 & CVE-2017-5715
Topics: Ethical Hacking, Threat Management, Threat Advisory
With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.
Topics: Managed Detection & Response, Information Security, Threat Management, Healthcare, HIPAA
Know Your Enemy
Topics: Managed Detection & Response, Information Security, Threat Hunting, Threat Management
Cybersecurity breaches reached unprecedented levels in 2017. Few were spared as businesses and government entities alike -- including Equifax, the British National Health Service and even the U.S. National Security Agency, as well as dozens of others -- were hit with data breaches. While frequent targets like the financial sector and retail industries experienced their fair share of attacks, the healthcare sector is now the primary target of hackers, accounting for 25 percent of all data breaches. Understanding why this is happening and the consequences of it will help you improve your company's cybersecurity defenses and mitigate future threats.
Topics: Managed Detection & Response, Information Security, Threat Management, Healthcare, HIPAA
Topics: Ethical Hacking, Information Security, Threat Management
