Mar 13, 2018 9:09:30 AM

High Expectations for Service, With Reverse Engineering

A cornerstone of a cybersecurity firm is in their “reverse engineering” capability. It is a necessary part of responding to breaches, keeping up with the state-of-the-art in threats, and enhances the coverage of penetration testing and red-team engagements. While it separates leaders from followers in the industry, very few business stakeholders have had the opportunity to learn what “reverse engineering” means, how it can be a measure of a security service provider’s capability, and how such services can directly benefit an organization.

Topics: digital forensics, Penetration Testing, data security, cybersecurity, information security, ransomware, advanced penetration testing, incident response, Malware, Executive Insights

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough. Attack emulation is a critical security layer that not only focuses on known vulnerabilities but also shows what a real attacker could do to your organization. If you are serious about finding your organization’s security weaknesses and resolving them, you’re likely going to need help from a third-party.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Jul 18, 2017 10:34:00 AM

Cybersecurity and Construction: Can a Breach Happen to Me?

As a contractor, if you think that cyber attacks “will never happen to me”, it’s time to reconsider your stance. Construction companies are an attractive target for a wide variety of cyber criminals, and the attackers are becoming more active and aggressive. Despite what you read in the news, hacking is not limited to political scandals and major retailers. It’s no longer a question of “if” you will be breached—the question is “when?”.

Topics: cybersecurity, Construction

Apr 13, 2017 10:08:00 AM

Don’t Let Cybersecurity Wag the Dog

When “the tail is wagging the dog”, you know that something has gone wrong. Priorities are not straight, and a part of the system does not understand its role. Providers of offense-oriented security services, such as penetration testing and red team engagements (which I’ve described in previous articles), often make draconian recommendations that, in pursuit of least effort, wind up impacting your ability to do business. When you get these recommendations, you should ask yourself: Is this vendor acting like a partner in my business, or are they content with it being inhibited as a result of their recommendations?

Topics: data security, cybersecurity

Mar 23, 2017 10:03:00 AM

Cyber Security for the Road Warrior

In my previous columns, I’ve been describing the benefits of having offense-oriented testing performed on your company’s network. This time around, I want to give some advice for the road warriors among you. Many of you have to travel for work, and present an attractive target to cyber criminals that want to steal trade secrets, customer information, or even infect your system in a way that puts your network at risk when you return to the office. You can, however, work on the road in a much more secure way, armed with some basic precautions and awareness.

Topics: cybersecurity

Jan 16, 2017 10:00:00 AM

Being a Compliant Victim of Cybercrime

When I discuss cybersecurity with business leaders, the most common misconception I see involves the role of security compliance. In my last column, I described the reality of cybercrime, a wild frontier of advanced attackers that can critically damage your business with impunity. In this dangerous environment, it’s important to realize that compliance alone will not protect you.

Topics: cybersecurity

Jan 5, 2017 10:07:00 AM

Why 2017 Could Be the Year of Cyber-Espionage

In this digital age where most businesses are focusing on the disrupt or be disrupted ethos, it seems that most are ignoring an even bigger trend that will affect their organization. In 2016, cybersecurity or the lack thereof played a significant role. The fact that even presidential campaigns were affected by hacking scandals and data leaks illustrates how the question is no longer if you will be breached, but when.

Topics: cybersecurity, cyber espionage

Dec 22, 2016 10:00:00 AM

What Can the C-Suite Learn from the Latest Companies to Suffer Data Breaches?

2016 is ending with another round of major data breaches with online companies such as PayAsUGym, Lynda, and Yahoo.

Topics: cybersecurity, cyber risk

Dec 8, 2016 10:00:00 AM

What Should You Learn From Your Penetration Test?

Having a true advanced penetration test performed on your organization’s infrastructure is one of the fastest ways to gain valuable insight on the state of your security posture. It provides quick situational awareness around where your weaknesses are and *should* provide you with a roadmap on how to approach remediation. In working with clients, one thing we are realzing is that many of our clients believe they have been getting an "advanced penetration test" for years, when in fact they have not. Below are a few hints on how to know if you are truly getting a penetration test worth value to your organization. 

Topics: Penetration Testing, cybersecurity, advanced penetration testing

Nov 10, 2016 10:30:00 AM

Staying Ahead of the Threat

Forrester Research released a report recently which predicted that our President-elect Donald Trump will face a major cyber crisis within the first 100 days of being president. Who knows if that will come to fruition but one thing is for sure, with the major DDoS attacks recently and the cyber attacks surrounding our election, we are a major target. By we – I mean me, you, American businesses, and America as a whole.

Topics: cybersecurity, cybersecurity operations center, the threat

Sep 14, 2016 10:00:00 AM

Size Doesn’t Matter to Cyber Criminals: 5 Tips for Securing Small to Mid-Sized Organizations

Data or access to another organization’s data is what makes a target attractive, not the size of the organization. We hear it over and over – “why would a hacker target me? I don’t have any valuable data, plus my organization is small compared to X, Y, Z.” We are seeing more and more smaller organizations being attacked for a few reasons:

Topics: cybersecurity

Aug 23, 2016 10:30:00 AM

5 Cybersecurity Strategy Mistakes You Can’t Afford to Make

Read through your Twitter feed or turn on the news on any given day and one thing is evident: cyber attacks are happening in every industry and organization size. It is obvious that these attacks are increasing in number and sophistication, and we’re confident in stating that this trend will continue.

Topics: cybersecurity

Jul 9, 2016 3:30:00 PM

5 Considerations for Protecting Your Employees, Customers and Data

With the rapid evolution of cloud based computing, many organizations face the fundamental question of whether or not they should employ third party solutions to facilitate convenience within their entity.  As technology advances, the outsourcing possibilities seem endless.  Everything from document collaboration, to payroll, data, and even entire applications and servers can now be managed off site, or in the cloud.

Topics: cybersecurity

Jul 6, 2016 1:00:00 PM

Security Measures for Hostile Network Environments

While hacking and information security themed conferences such as DEF CON and Black Hat USA have a reputation of having hostile network environments with a large number of sophisticated attackers, other industries’ conferences, coffee shops, and even airport hotels have just as much potential for being target-rich environments. It is possible, with a bit of planning and discipline, to maintain the connectivity you rely upon for your job with an awareness of the risks and threats involved. Check out our white paper The Practical Guide to Security at Conferences, which discusses operational security and communications security measures you can take when working remotely.

Topics: cybersecurity

Jun 7, 2016 11:00:00 AM

Key Considerations When Purchasing Cyber Insurance

From both current and prospective cyber insurance policy holders, we are frequently asked about what should be considered when purchasing a policy—what terms should be included, what are the important aspects and why. The answers to these questions are extremely complex, as cyber insurance is in its early infancy stages.

Topics: cybersecurity

Mar 29, 2016 10:00:00 AM

When Was Your Last Information Security Check Up?

Maintaining information security today is, in many ways, similar to maintaining your personal health. Yearly check-ups and health screenings could detect a potential problem. If a problem is detected, more invasive procedures are performed to get a definitive diagnosis before laying out a treatment plan. A similar process can be followed in cybersecurity. Traditionally, companies receive vulnerability scans which may or may not accurately detect a threat. Once a potential threat is detected, security professionals may conduct penetration testing to explore those threats to see if there is really anything there.

Topics: cybersecurity