Apr 7, 2020 6:00:00 AM

5 Tips for Securing a Remote Workforce

As the COVID-19 pandemic continues, a new global remote workforce has emerged in an effort to help flatten the curve. As organizations make this necessary transition, changes to infrastructure to support remote workers may create unprecedented risks and vulnerabilities.

Topics: remote workforce

Jan 31, 2020 9:30:00 AM

All Things Secured: January Newsletter

Threat Runner Releases New Ryuk Ransomware Simulation "HORNE Cyber recently announced a major update to Threat Runner.Specifically, the team of reverse-engineering practitioners and software developers responsible for Threat Runner has added a Ryuk variant, the same ransomware that affected the New Orleans government in December and is an increasing cyber threat. Ryuk has heavily targeted governments and municipalities, as well as private organizations. This variant is considered to be of high severity and is expected to see more attacks in the coming days and weeks." Read the full release, here.

Topics: All Things Secured

Jan 13, 2020 6:15:00 AM

CISA Releases Insights on Increased Geopolitical Tensions and Threats

With heightened tensions and vowed threats of “revenge” from Iran, the CISA released insights into the potential for cyber and physical attacks against the United States. In a previous blog, Director of Cyber Operations, Dr. Wesley McGrew, discussed the potential for Iranian retaliation in the form of denial and disruption cyberattacks. However, the purpose of this post is to summarize the CISA’s insights around potential targets, best practices, and protective actions.

Topics: Industrial Control Systems, National Security

Jan 9, 2020 6:15:00 AM

The Case for Advanced Penetration Testing: Zero-Day Vulnerabilities in Symantec ICSP

Advanced Penetration Testing and Enhanced Red Teaming If you asked me what HORNE Cyber wants to be known for, I would quickly reply with “incomparable penetration testing.” From its conception, HORNE Cyber has placed heavy emphasis on the methodology used by its cyber operations specialists in penetration testing and red teaming engagements. Why do we feel penetration testing is so important? In our experience, we have found penetration testing and red teaming to be one of the most valuable investments an organization can make related to its cybersecurity efforts. However, there is no current standard when it comes to penetration testing services offered within the industry.   In fact, most penetration testing is simply a scan for publicly known vulnerabilities that may or may not be actionable on your network. While a good baseline, this approach often doesn’t improve your overall security posture. We are on a mission to create the gold standard through our advanced penetration testing and enhanced red teaming methodology by taking the approach of today's attackers. 

Topics: advanced penetration testing, Executive Insights

Jan 2, 2020 8:00:00 AM

Cybersecurity and the Power of Belief

How Rethinking Your Public, Private, and Core Beliefs Can Improve Your Cybersecurity Posture “Belief” Defined It should come as no surprise to us that belief drives everything we do as humans. In honor of the New Year and resolutions, I’d like to bring a little philosophy to the table and show you how it can improve your organization’s cybersecurity posture. Michael Novak, a renowned philosopher, journalist, and diplomat, proposed that people in reality have three layers of belief that drives what they do and how they act.

Topics: Executive Insights

Dec 10, 2019 6:30:00 AM

Cyber 2020: The Year of Situational Awareness

Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.

Topics: cybersecurity, ransomware, the cloud

Nov 27, 2019 6:00:00 AM

12 Tips for Safe Online Shopping this Holiday Sale Season

As the Holiday Season presents itself once again, consumers take to smartphones, tablets, and laptops to research and buy gifts for family, friends, and loved ones. Online shopping proves to be a convenient alternative for consumers in our hurried societies; however, ecommerce also presents increased risk of financial fraud and identity theft.

Topics: online shopping

Nov 15, 2019 6:30:00 AM

Friday Brief: The End is Near, Windows 7 End of Support

This year, Microsoft announced End of Support for Windows 7 will begin on January 14, 2020. As we approach the new year, organizations still running Windows 7 should – if you haven’t already – prepare to transition to Windows 10. What does End of Support mean, exactly? End of Support has occurred for previous versions of Windows over the years. Simply put, if your organization continues to use Windows 7 after January 14, 2020, Microsoft will no longer provide technical support, software updates, or security updates. This will *not* cause your machines still running Windows 7 to quit working; however, these machines *will* “become more vulnerable to security risks.

Topics: Software End of Support

Oct 10, 2019 10:26:15 AM

HORNE Cyber Recognized as one of the "Hot 150 Cybersecurity Companies to Watch in 2020"

We at HORNE Cyber are excited and very grateful to be recognized this week as one of the "Hot 150 Cybersecurity Companies to Watch in 2020" list, published by Cybercrime Magazine. Since 2015, our mission has been to help our clients achieve cyber-resiliency by providing industry-leading expertise and incomparable service. 

Topics: cybersecurity 500

Oct 4, 2019 6:30:00 AM

Cybersecurity Awareness Month Brief: Ransomware vs Everyone Else

This cybersecurity awareness month, we’re going to brief you on current hot topics in the cybersecurity space. This week, we’re talking ransomware. Chances are high that “ransomware” has been a common term tossed around your office over the last several months. The increase in enterprise ransomware attacks so far this year is enough to make any IT team or business leader nervous, to say the least.

Topics: ransomware, cybersecurity awareness month

Sep 24, 2019 6:15:00 AM

Ransomware’s Newest Victim: Local Governments and Municipalities

Let’s face it - for many organizations, a ransomware attack is their worst nightmare. The very idea of having the most important files on a single computer encrypted and held hostage is scary enough, much less every computer on your entire network. For many state and local government leaders, this fear rings loud and true. Daily headlines remind them exactly how possible it is for the threat of ransomware to become a reality.

Topics: ransomware

Jun 11, 2019 8:00:00 AM

Bipartisan Support for Increased Cybersecurity Focus

In a rarely glorified show of bipartisan support, the Senate recently introduced a bill to enhance Cybersecurity focus for public companies. U.S. Senators Jack Reed (D-RI), Susan Collins (R-ME), Mark Warner (D-VA), John Kennedy (R-LA), and Doug Jones (D-AL) introduced S. 592 on the Senate floor in March.

Topics: Cyber Regulations

May 14, 2019 9:00:00 AM

Attack Surface Ep. 6: Cyber Assurance Industry Updates (FFIEC, SOC, NIST)

In recent months, there have been several updates and improvements to various cyber assurance frameworks. Leighton Foster, Operations Manager, sat down with Megan Hudson and Brad Aldridge, Cyber Assurance Managers, to discuss the changes in their areas of expertise and how these improvements will benefit organizations. Their conversation includes information about the improved FFIEC reporting criteria, the newly released SOC for Supply Chain criteria, and how the NIST cybersecurity framework can be utilized to strengthen security around IoT devices. Grab a cup of coffee this morning and join the conversation.

Topics: Podcast

Apr 25, 2019 9:00:00 AM

Cybersecurity in the City: What You Need to Know

Last week, HORNE Cyber, in partnership with Willis Towers Watson Nashville, hosted a cybersecurity seminar at the Franklin Marriott Cool Springs in Franklin, Tennessee. This seminar featured a unique series of presentations given by renowned subject matter experts. Topics included offensive security testing (ft. a live hacking demo!), incident response planning, how company culture impacts cyber risk, and today’s threat landscape.

Topics: Executive Insights

Mar 12, 2019 8:30:00 AM

Attack Surface Ep. 5: What's Up with Ransomware and Cryptomining?

I was recently intrigued by the increased number of reported ransomware attacks on local governments. Since the start of the new year, cities such as Akron, Ohio and Sammamish, Washington have been temporarily crippled by ransomware. Often, attacks on “big fish” make the headlines… but what about the “little fish”? Why are we seeing an uptick in attacks on smaller entities? What kind of threat does ransomware pose to small businesses and local governments? For answers, I turned to my colleague and cybersecurity expert, Dr. Wesley McGrew, and asked, “What’s up with ransomware?”. This led to an interesting discussion around the evolving attack methods used by threat actors, specifically ransomware and cryptomining, and why smaller entities are their prime target.

Topics: ransomware, Attack Surface, Podcast

Feb 7, 2019 6:30:00 AM

How to know if you need Digital Forensics

For many, the thought of being a part of a digital forensics examination can be stressful and intimidating. But determining if you or your organization needs to initiate a digital forensics exam can be equally difficult. While some situations will naturally lend themselves towards a digital forensics exam, there are some instances where the answer may not be so clear. For the purposes of this article, a digital forensics exam includes any examination of digital devices that could be involved with a legal matter at some point in time. Let’s walk through a few examples...

Topics: digital forensics

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Topics: Executive Insights

Jan 8, 2019 11:06:27 AM

Attack Surface Episode 3: Reverse Engineering Ransomware

In our latest episode of Attack Surface, I sit down with Director of Cyber Operations, Wesley McGrew, to discuss reverse engineering ransomware. McGrew discusses the benefits of reverse engineering in advanced penetration testing, digital forensics, and incident response. As he noted in a previous blog post, reverse engineering can answer the following questions for an organization in the wake of an attack:

Topics: Reverse Engineering, Podcast

Jan 3, 2019 9:30:00 AM

Our 5 Most Read Blogs of 2018

As we transition into the new year, we look back at 2018… from previewing DEF CON and Black Hat USA talks to cryptocurrency mining and blockchain, our readers, clients, friends, and teammates gave us a space to discuss the latest in cybersecurity. For this, we thank you!

Topics: ransomware, black hat USA, SOC for Cybersecurity, Executive Insights, DEF CON

Dec 12, 2018 9:00:00 AM

Attack Surface Ep. 2: Predictions for 2019 Cybersecurity Trends

If you're curious about the changes in the threat landscape, organizational roles, and industry business models in the coming year - this episode was made for you. As 2018 comes to a close, our team of security experts has been reflecting on and looking at recent industry trends. Many of said trends are predicted to remain or become even more prevalent in 2019, including increased physical hacking and changing organizational roles.

Topics: Podcast

Oct 31, 2018 9:30:00 AM

Cybersecurity Lessons from WWII Propaganda

In honor of National Cybersecurity Awareness Month, let's look at how principles from World War II propaganda can teach us valuable lessons in the way we treat cybersecurity today.

Topics: Executive Insights

Oct 17, 2018 8:56:00 AM

Six Considerations for Purchasing Cyber Insurance

In our most recent blog, Brad Pierce discussed what a cyber insurance policy is not. It is not a savior in the wake of a data breach. It is not a replacement for proactive, resilient security measures. What it is, however, is a component of an effective incident response strategy. In this post, I would like to take the time to discuss considerations organizations should take when purchasing a cyber insurance policy.

Topics: Cyber Insurance

Oct 15, 2018 9:00:00 AM

Attack Surface Ep. 1: Three Strategic Investments for Your IT Shop

Join HORNE Cyber’s marketing director, Ashley Madison, as she sits down with Mike Skinner and Brad Aldridge to discuss “Three Strategic Investments for Your IT Shop” on Episode 1 of Attack Surface: The Cybersecurity Podcast for the Want-To-Know Organization.

Topics: Executive Insights, Podcast

Oct 3, 2018 8:55:29 AM

What Cyber Insurance Is Not

The topic of cybersecurity insurance seems to be on the radar of most organizations I speak with. There are a lot of questions around how much coverage is needed and what exclusions one should be on the lookout for when purchasing a policy. I usually try to use this as an opportunity to talk about what a cyber insurance policy is not, and I’ll get to that later.

Topics: Cyber Insurance

Sep 25, 2018 9:30:00 AM

Developing an Incident Response Strategy: Preparing for the "What Ifs"

When we think about the impact of an unexpected event, it can often leave us with varying emotions. In many cases, those emotions are not pleasant… such as panic and stress, feeling vulnerable or lacking control over the world around us. All too often we see clients experience these feelings during the wake of and after a cybersecurity incident. Cybersecurity incidents are always considered the “what ifs”, too often not measured as a strategic threat. An unexpected cybersecurity incident promises negative impact and can sometimes be catastrophic to an organization. So, what can you do? How can your organization be more resilient? How can you better prepare, and experience calm in a time of crisis?

Topics: incident response