Aug 23, 2016 10:30:00 AM

5 Cybersecurity Strategy Mistakes You Can’t Afford to Make

Read through your Twitter feed or turn on the news on any given day and one thing is evident: cyber attacks are happening in every industry and organization size. It is obvious that these attacks are increasing in number and sophistication, and we’re confident in stating that this trend will continue.

Topics: cybersecurity

Jul 26, 2016 10:30:00 AM

Any Bitcoins in Your Wallet?

It doesn’t matter who you are, your position, or the size of the company you work for, you never want receive that phone call saying that your company has been hit by a ransomware attack.  Most IT departments and staff do their very best to protect their network from attacks by regularly patching, installing firewalls and intrusion detection systems, segmenting their network, and performing vulnerability assessments, but the real truth is that an external threat is going to find its way inside your network in some form in the near future.

Jul 9, 2016 3:30:00 PM

5 Considerations for Protecting Your Employees, Customers and Data

With the rapid evolution of cloud based computing, many organizations face the fundamental question of whether or not they should employ third party solutions to facilitate convenience within their entity.  As technology advances, the outsourcing possibilities seem endless.  Everything from document collaboration, to payroll, data, and even entire applications and servers can now be managed off site, or in the cloud.

Topics: cybersecurity

Jul 9, 2016 3:30:00 PM

5 Considerations for Protecting Your Employees, Customers and Data

With the rapid evolution of cloud based computing, many organizations face the fundamental question of whether or not they should employ third party solutions to facilitate convenience within their entity.  As technology advances, the outsourcing possibilities seem endless.  Everything from document collaboration, to payroll, data, and even entire applications and servers can now be managed off site, or in the cloud.

Jul 6, 2016 1:00:00 PM

Security Measures for Hostile Network Environments

While hacking and information security themed conferences such as DEF CON and Black Hat USA have a reputation of having hostile network environments with a large number of sophisticated attackers, other industries’ conferences, coffee shops, and even airport hotels have just as much potential for being target-rich environments. It is possible, with a bit of planning and discipline, to maintain the connectivity you rely upon for your job with an awareness of the risks and threats involved. Check out our white paper The Practical Guide to Security at Conferences, which discusses operational security and communications security measures you can take when working remotely.

Topics: cybersecurity

Jun 7, 2016 11:00:00 AM

Key Considerations When Purchasing Cyber Insurance

From both current and prospective cyber insurance policy holders, we are frequently asked about what should be considered when purchasing a policy—what terms should be included, what are the important aspects and why. The answers to these questions are extremely complex, as cyber insurance is in its early infancy stages.

Topics: cybersecurity

May 10, 2016 10:00:00 AM

Buying Your Own Stolen Data

I’m becoming very used to reading about the latest “ransomware” attacks each morning when I catch up on information security news over my first cup of coffee. Malicious software (malware) authors seem to have found a successful way of making money, and unsafe, yet common, practices are enabling it. Office-wide sharing of data with security as an afterthought, and the absence of strong backup and recovery processes fuel the continued rise of ransomware. Trends point to an increase in healthcare data being held for ransom, though no one is completely safe from being targeted by ransomware.

Topics: ransomware

May 3, 2016 10:00:00 AM

Modern Cyberattacks: Tradecraft on Your Network

At the Armed Forces Communications and Electronics Association’s Defensive Cyber Operations Symposium on April 20th, DISA Director LTG Alan R. Lynn described a shift in attackers’ operations. Lynn stated that it’s become “snatch and grab” rather than following traditional intelligence techniques of using good tradecraft (the set of an attacker’s operational techniques and tools) to compromise, monitor, and accomplish the mission while avoiding detection.

Mar 29, 2016 10:00:00 AM

When Was Your Last Information Security Check Up?

Maintaining information security today is, in many ways, similar to maintaining your personal health. Yearly check-ups and health screenings could detect a potential problem. If a problem is detected, more invasive procedures are performed to get a definitive diagnosis before laying out a treatment plan. A similar process can be followed in cybersecurity. Traditionally, companies receive vulnerability scans which may or may not accurately detect a threat. Once a potential threat is detected, security professionals may conduct penetration testing to explore those threats to see if there is really anything there.

Topics: cybersecurity

Mar 22, 2016 10:00:00 AM

Inside a Hacker’s Mind

The old adage says, “it takes one to know one,” and we believe that is absolutely true when it comes to fighting cyber threats. Originally, hacker was a positive term for a person who enjoyed exploring the nuances of computers and stretching their capabilities. HORNE Cyber’s team of elite hackers use their expertise of the inner workings of computers, networks and software for the good of our clients, to uncover vulnerabilities and make IT environments more secure.  We spent time this week interviewing our Director of Cyber Operations Wesley McGrew to give you an inside view of a hacker. 

Mar 15, 2016 10:00:00 AM

Securing a Mobile Workforce

Last month, our Executive Partner, Joey Havens, announced a new mobile document sharing platform for our organization. With a mantra of fearless unrivaled flexibility, we allow our employees to be more flexible with their work schedules which usually means more mobile as well. This new tool is also vital for our team members traveling on a daily basis. It will allow for greater productivity for mobile employees and allow us to provide our services more efficiently. 

Topics: securing your data, mobility

Mar 8, 2016 10:00:00 AM

Securely Integrating the Internet of Things

Last week, members of the security industry gathered for the annual RSA Conference to discuss the latest topics in information security, from the Apple vs. FBI encryption debate to the latest innovations in security software. Perhaps one of the hottest topics at RSA this year surrounded the risks posed by devices that make up the ‘Internet of Things.’ From automated manufacturing processes to industrial control systems, all the way down to the appliances in an office breakroom, IoT technologies are changing the way businesses are operating, making systems more efficient, and allowing for greater productivity among organizations. However, with the enormous benefits of IoT come enormous security risks. 

Topics: Internet of Things

Mar 1, 2016 10:00:00 AM

Build Better Legal Cases with Access to Digital Evidence

Attorneys are always looking for new forms of evidence for both criminal and civil matters. With the recent advances in digital forensic capabilities, many legal cases are incorporating digital evidence that, if properly (and legally) uncovered and examined, can be leveraged to help a case. I encourage organizations and attorneys to become more familiar with digital forensics to better understand how it can be leveraged in your future cases.

Topics: digital forensics

Feb 24, 2016 10:30:00 AM

8 Cybersecurity Risks Executives Need to Know

No organization is immune to the threat of security breaches. With cybercrime activity increasing rapidly across the globe, every organization needs to address the potential risks to better protect its systems and sensitive data. It is a complex challenge, however, because organizations must vigilantly monitor and minimize the risks on many fronts and provide protection from cyber criminals, technology innovation, human error, and even natural disasters.

Feb 16, 2016 10:00:00 AM

Vulnerability Scans and Pen Tests: What’s the Difference? Part 3

The Internet of Things Raises Risks Imagine if all of the multi-function printer units in your organization sent an electronic copy of every document that is scanned, copied, or printed to a remote attacker. It happens. Now imagine if someone could tap the microphones in all of your office’s conferencing equipment. It also happens – without your knowledge.

Topics: Vulnerability Scans vs Pen Tests

Feb 9, 2016 10:00:00 AM

Vulnerability Scans and Pen Tests: What’s the Difference? Part 2

As I mentioned in my previous post, there is much confusion in the cybersecurity market around vulnerability scans and penetration tests. The words are not interchangeable. They are very different in the complexity and depth of vulnerabilities that they test, in the talent required to execute them, and in the report that will ultimately be delivered.

Topics: Vulnerability Scans vs Pen Tests

Feb 2, 2016 11:00:00 AM

Vulnerability Scans and Pen Tests: What’s the Difference? Part 1

When safeguarding an organization against the threat of cybercrime, it’s important to regularly test how well your current security measures are performing. I recommend that organizations apply a regular schedule of the right tests to help them identify, prioritize and repair vulnerabilities that may threaten their security.  

Topics: Vulnerability Scans vs Pen Tests

Sep 10, 2015 3:30:00 PM

What to Do When the Worst Happens

I’m sure you’ve heard the saying, “Hope for the best, but expect the worst.” I’d like to offer the IT incident response version, “Hope for the best, but plan for the worst.” Unfortunately, examples of the worst are all around us: patient data stolen from healthcare organizations, customer data stolen from large corporations, social security numbers stolen from the federal government, and even client details stolen from an adultery website. Hackers aren’t just looking for information they can sell; they want embarrassing data, corporate strategy, product research or other sensitive data. Any company using the internet is at risk.

Topics: Strategic IT Advisory, incident response