Oct 10, 2019 10:26:15 AM

HORNE Cyber Recognized as one of the "Hot 150 Cybersecurity Companies to Watch in 2020"

We at HORNE Cyber are excited and very grateful to be recognized this week as one of the "Hot 150 Cybersecurity Companies to Watch in 2020" list, published by Cybercrime Magazine. Since 2015, our mission has been to help our clients achieve cyber-resiliency by providing industry-leading expertise and incomparable service. 

Topics: cybersecurity 500

Oct 4, 2019 6:30:00 AM

Cybersecurity Awareness Month Brief: Ransomware vs Everyone Else

This cybersecurity awareness month, we’re going to brief you on current hot topics in the cybersecurity space. This week, we’re talking ransomware. Chances are high that “ransomware” has been a common term tossed around your office over the last several months. The increase in enterprise ransomware attacks so far this year is enough to make any IT team or business leader nervous, to say the least.

Topics: ransomware, cybersecurity awareness month

Sep 24, 2019 6:15:00 AM

Ransomware’s Newest Victim: Local Governments and Municipalities

Let’s face it - for many organizations, a ransomware attack is their worst nightmare. The very idea of having the most important files on a single computer encrypted and held hostage is scary enough, much less every computer on your entire network. For many state and local government leaders, this fear rings loud and true. Daily headlines remind them exactly how possible it is for the threat of ransomware to become a reality.

Topics: ransomware

Jun 11, 2019 8:00:00 AM

Bipartisan Support for Increased Cybersecurity Focus

In a rarely glorified show of bipartisan support, the Senate recently introduced a bill to enhance Cybersecurity focus for public companies. U.S. Senators Jack Reed (D-RI), Susan Collins (R-ME), Mark Warner (D-VA), John Kennedy (R-LA), and Doug Jones (D-AL) introduced S. 592 on the Senate floor in March.

Topics: Cyber Regulations

May 14, 2019 9:00:00 AM

Attack Surface Ep. 6: Cyber Assurance Industry Updates (FFIEC, SOC, NIST)

In recent months, there have been several updates and improvements to various cyber assurance frameworks. Leighton Foster, Operations Manager, sat down with Megan Hudson and Brad Aldridge, Cyber Assurance Managers, to discuss the changes in their areas of expertise and how these improvements will benefit organizations. Their conversation includes information about the improved FFIEC reporting criteria, the newly released SOC for Supply Chain criteria, and how the NIST cybersecurity framework can be utilized to strengthen security around IoT devices. Grab a cup of coffee this morning and join the conversation.

Topics: Podcast

Apr 25, 2019 9:00:00 AM

Cybersecurity in the City: What You Need to Know

Last week, HORNE Cyber, in partnership with Willis Towers Watson Nashville, hosted a cybersecurity seminar at the Franklin Marriott Cool Springs in Franklin, Tennessee. This seminar featured a unique series of presentations given by renowned subject matter experts. Topics included offensive security testing (ft. a live hacking demo!), incident response planning, how company culture impacts cyber risk, and today’s threat landscape.

Topics: Executive Insights

Mar 12, 2019 8:30:00 AM

Attack Surface Ep. 5: What's Up with Ransomware and Cryptomining?

I was recently intrigued by the increased number of reported ransomware attacks on local governments. Since the start of the new year, cities such as Akron, Ohio and Sammamish, Washington have been temporarily crippled by ransomware. Often, attacks on “big fish” make the headlines… but what about the “little fish”? Why are we seeing an uptick in attacks on smaller entities? What kind of threat does ransomware pose to small businesses and local governments? For answers, I turned to my colleague and cybersecurity expert, Dr. Wesley McGrew, and asked, “What’s up with ransomware?”. This led to an interesting discussion around the evolving attack methods used by threat actors, specifically ransomware and cryptomining, and why smaller entities are their prime target.

Topics: ransomware, Attack Surface, Podcast

Feb 7, 2019 6:30:00 AM

How to know if you need Digital Forensics

For many, the thought of being a part of a digital forensics examination can be stressful and intimidating. But determining if you or your organization needs to initiate a digital forensics exam can be equally difficult. While some situations will naturally lend themselves towards a digital forensics exam, there are some instances where the answer may not be so clear. For the purposes of this article, a digital forensics exam includes any examination of digital devices that could be involved with a legal matter at some point in time. Let’s walk through a few examples...

Topics: digital forensics

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Topics: Executive Insights

Jan 8, 2019 11:06:27 AM

Attack Surface Episode 3: Reverse Engineering Ransomware

In our latest episode of Attack Surface, I sit down with Director of Cyber Operations, Wesley McGrew, to discuss reverse engineering ransomware. McGrew discusses the benefits of reverse engineering in advanced penetration testing, digital forensics, and incident response. As he noted in a previous blog post, reverse engineering can answer the following questions for an organization in the wake of an attack:

Topics: Reverse Engineering, Podcast

Jan 3, 2019 9:30:00 AM

Our 5 Most Read Blogs of 2018

As we transition into the new year, we look back at 2018… from previewing DEF CON and Black Hat USA talks to cryptocurrency mining and blockchain, our readers, clients, friends, and teammates gave us a space to discuss the latest in cybersecurity. For this, we thank you!

Topics: ransomware, black hat USA, SOC for Cybersecurity, Executive Insights, DEF CON

Dec 12, 2018 9:00:00 AM

Attack Surface Ep. 2: Predictions for 2019 Cybersecurity Trends

If you're curious about the changes in the threat landscape, organizational roles, and industry business models in the coming year - this episode was made for you. As 2018 comes to a close, our team of security experts has been reflecting on and looking at recent industry trends. Many of said trends are predicted to remain or become even more prevalent in 2019, including increased physical hacking and changing organizational roles.

Topics: Podcast

Oct 31, 2018 9:30:00 AM

Cybersecurity Lessons from WWII Propaganda

In honor of National Cybersecurity Awareness Month, let's look at how principles from World War II propaganda can teach us valuable lessons in the way we treat cybersecurity today.

Topics: Executive Insights

Oct 17, 2018 8:56:00 AM

Six Considerations for Purchasing Cyber Insurance

In our most recent blog, Brad Pierce discussed what a cyber insurance policy is not. It is not a savior in the wake of a data breach. It is not a replacement for proactive, resilient security measures. What it is, however, is a component of an effective incident response strategy. In this post, I would like to take the time to discuss considerations organizations should take when purchasing a cyber insurance policy.

Topics: Cyber Insurance

Oct 15, 2018 9:00:00 AM

Attack Surface Ep. 1: Three Strategic Investments for Your IT Shop

Join HORNE Cyber’s marketing director, Ashley Madison, as she sits down with Mike Skinner and Brad Aldridge to discuss “Three Strategic Investments for Your IT Shop” on Episode 1 of Attack Surface: The Cybersecurity Podcast for the Want-To-Know Organization.

Topics: Executive Insights, Podcast

Oct 3, 2018 8:55:29 AM

What Cyber Insurance Is Not

The topic of cybersecurity insurance seems to be on the radar of most organizations I speak with. There are a lot of questions around how much coverage is needed and what exclusions one should be on the lookout for when purchasing a policy. I usually try to use this as an opportunity to talk about what a cyber insurance policy is not, and I’ll get to that later.

Topics: Cyber Insurance

Sep 25, 2018 9:30:00 AM

Developing an Incident Response Strategy: Preparing for the "What Ifs"

When we think about the impact of an unexpected event, it can often leave us with varying emotions. In many cases, those emotions are not pleasant… such as panic and stress, feeling vulnerable or lacking control over the world around us. All too often we see clients experience these feelings during the wake of and after a cybersecurity incident. Cybersecurity incidents are always considered the “what ifs”, too often not measured as a strategic threat. An unexpected cybersecurity incident promises negative impact and can sometimes be catastrophic to an organization. So, what can you do? How can your organization be more resilient? How can you better prepare, and experience calm in a time of crisis?

Topics: incident response

Jul 25, 2018 9:30:00 AM

Cybersecurity & Blockchain: What You Need To Know

If you have turned on the TV or been on the internet then most likely you have heard the term "Blockchain". As one of the hottest buzzwords in the tech industry today, it promises to open new ways of doing business and allows strangers to trust each other. In fact, blockchains are already doing these things and will only continue to increase in prominence and importance.

Topics: blockchain

Jul 17, 2018 9:30:00 AM

Speaking in Vegas: DEF CON 26 & Black Hat USA 2018

Shot by Wesley McGrew in Las Vegas in 2017 The most important gathering of hackers and security professionals each year is held in the dry heat of Las Vegas’ summer. It started in 1992 with DEF CON, and has grown into a week-long series of concurrent and complementary conferences, meetings, parties, and events where information security researchers share their latest findings, practitioners network, and IT staff attend to learn about protecting their own companies’ networks. The original conference of the set, DEF CON, remains cash-only at the door—no ID required—allowing both security professionals and the hacking underground to meet with no pretense to break bread and exchange ideas. More than a little actual hacking goes on, as well.

Topics: black hat USA, DEF CON

Apr 18, 2018 9:30:00 AM

Coping with Ransomware Fatigue

Ransomware attacks have increased in number and financial impact significantly. According to the FBI, the cost of ransomware attacks in the past few years has reached into billions of dollars, with the total impact doubling each year. Ransomware attacks can be the result of widespread malicious software, like the high-profile "WannaCry" attacks, or the end-goal of very targeted attacks launched against your organization by threat actors that have compromised your servers or users' workstations.

Topics: ransomware

Mar 13, 2018 9:09:30 AM

High Expectations for Service, With Reverse Engineering

A cornerstone of a cybersecurity firm is in their “reverse engineering” capability. It is a necessary part of responding to breaches, keeping up with the state-of-the-art in threats, and enhances the coverage of penetration testing and red-team engagements. While it separates leaders from followers in the industry, very few business stakeholders have had the opportunity to learn what “reverse engineering” means, how it can be a measure of a security service provider’s capability, and how such services can directly benefit an organization.

Topics: digital forensics, Penetration Testing, data security, cybersecurity, information security, ransomware, advanced penetration testing, incident response, Malware, Executive Insights

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough. Attack emulation is a critical security layer that not only focuses on known vulnerabilities but also shows what a real attacker could do to your organization. If you are serious about finding your organization’s security weaknesses and resolving them, you’re likely going to need help from a third-party.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Oct 3, 2017 10:26:00 AM

The Cybersecurity Industry: Ignorance is Bliss

As I’ve pointed out before, the greatest threat to cyber security that organizations face today is the cybersecurity industry itself. I’ve long noticed that every business advisory firm in the country is now offering “penetration testing”, even as a critical industry talent shortage points to that not being possible. All you have to do now is buy a $2000 license for a vulnerability scanning tool, send an employee to a two-week training, and BOOM you have a “penetration tester.” 

Topics: Executive Insights, Good Enough Cybersecurity

Jul 18, 2017 10:34:00 AM

Cybersecurity and Construction: Can a Breach Happen to Me?

As a contractor, if you think that cyber attacks “will never happen to me”, it’s time to reconsider your stance. Construction companies are an attractive target for a wide variety of cyber criminals, and the attackers are becoming more active and aggressive. Despite what you read in the news, hacking is not limited to political scandals and major retailers. It’s no longer a question of “if” you will be breached—the question is “when?”.

Topics: cybersecurity, Construction

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it. It’s also important to understand the level of effort it takes from your team to mitigate and remediate threats and vulnerabilities so that you can begin to evaluate if you need to make a decision such as realignment of staff or finding a 3rd party partnership.

Topics: Executive Insights