HORNE Cyber

Recent Posts

Jun 23, 2017 7:05:00 AM

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys.  The stories of significant cyber breaches are in the headlines every day.  Board members and CEOs are growing more and more concerned about cyber risk management in their organization.  But most don’t realize that each of the three breaches listed above were linked to 3rd party service providers and business associates.

Topics: SOC for Cybersecurity, Cyber Assurance Insights

Jun 22, 2017 10:02:00 AM

Breaking Bank: Episode 3

Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure.

Topics: Cyber Assurance Insights

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it.

Jun 1, 2017 10:03:00 AM

Breaking Bank: Episode 2

Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected.

Topics: Cyber Assurance Insights

May 17, 2017 10:31:00 AM

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security.  The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security.  In the past, organizations relied on various consultants, internal resources, and sometimes just plan luck, in identifying and mitigating cyber risks.

Topics: Cyber Assurance Insights, Cyber SOC

May 11, 2017 10:00:00 AM

Breaking Bank: Episode 1

I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar concepts without actually understanding how it impacts my clients specifically. For this reason, today I don’t want to spout off a bunch of information (as accurate as it may be) and tell you to go make sense of it, I would instead like to tell you a story. So sit back, relax, and enjoy the movie (cue Disney Castle scene)…

Topics: cybersecurity, Cyber Assurance Insights

May 4, 2017 10:00:00 AM

SOC for Cybersecurity: What Does this Mean for Your Business?

The American Institute of Certified Public Accountants (AICPA) finalized the guidance for Systems and Organization Controls (SOC) for Cybersecurity reporting this week.  This guidance gives organizations guidelines on how to create and document their cybersecurity risk management program, as well as provides standards for public accounting firms to report on such programs.  In other words, this provides clear guidance for CPAs to provide assurance on cybersecurity.

Apr 6, 2017 10:02:00 AM

SSAE 18 and Your Company's SOC 1 Audit

For the purposes of this article, we’ll be entirely focused on SOC 1. Look for future blogs related to the impact of SSAE 18 on your SOC 2 and 3 reports.

Mar 30, 2017 10:05:00 AM

Audit Risk in Penetration Tests: What You Should Know

Cyber risk is prevalent in almost every business today. Any business which has a web page, keeps information online, or uses the cloud is at risk for a cyber breach. It’s very interesting to me that these risks are so significant and widespread, but are rarely considered in an audit or internal audit engagement.

Topics: advanced penetration testing

Mar 23, 2017 10:03:00 AM

Cyber Security for the Road Warrior

In my previous columns, I’ve been describing the benefits of having offense-oriented testing performed on your company’s network. This time around, I want to give some advice for the road warriors among you.

Topics: cybersecurity

Mar 2, 2017 10:00:00 AM

How Much Should You be Spending on Cybersecurity?

We often hear clients and prospective clients asking “how much should I be spending on cybersecurity?” That is a very complex question and one that is not easily answered without first having an understanding of what is meant by cybersecurity. There are many different versions of cybersecurity being pushed in the market and there is no "one size fits all" solution despite what your vendor may tell you.

Topics: IT Budget

Feb 23, 2017 10:05:00 AM

Their Breach is Your Breach

When you’re catching up on the news, it’s become all too common to see stories about new breaches that have occurred, resulting in the theft of customers’ personal and financial information from businesses of all sectors.  

Jan 19, 2017 10:00:00 AM

Vendor Management: Ignore at Your Own Risk

In this busy, ever changing business world, management has so many things to worry about that some key business responsibilities often get overlooked.  One key area that is front and center on a daily basis, but is often ignored by businesses of all sizes is the topic of vendor management.

Dec 8, 2016 10:00:00 AM

What Should You Learn From Your Penetration Test?

Having a true advanced penetration test performed on your organization’s infrastructure is one of the fastest ways to gain valuable insight on the state of your security posture. It provides quick situational awareness around where your weaknesses are and *should* provide you with a roadmap on how to approach remediation.

Topics: cybersecurity

Oct 18, 2016 10:01:00 AM

Where is Your Data? Why Performing a Data Inventory is Integral for Companies in this Digital Age

There’s no denying that the days of printed documents are a distant speck in the rearview. Industries are becoming much more reliant on automated systems and processes versus the manual ledgers and manila files of yesteryear.

Sep 28, 2016 10:00:00 AM

Strengthening Your Cyber Resilience: Six Questions to Ask Yourself

As a former network administrator and IT Manager, I’ve spent most of my IT career defending networks from the bad guys along with keeping the daily IT ship afloat. Take that and add a couple projects and helpdesk tickets and you’ve got yourself a never ending to-do list. It’s not an easy job to say the least, and sometimes you can’t help but wonder if you and your team have the all bases covered on the security front.

Topics: cybersecurity

Sep 14, 2016 10:00:00 AM

Size Doesn’t Matter to Cyber Criminals: 5 Tips for Securing Small to Mid-Sized Organizations

Data or access to another organization’s data is what makes a target attractive, not the size of the organization. We hear it over and over – “why would a hacker target me? I don’t have any valuable data, plus my organization is small compared to X, Y, Z.” We are seeing more and more smaller organizations being attacked for a few reasons:

Topics: cybersecurity

Aug 23, 2016 10:30:00 AM

5 Cybersecurity Strategy Mistakes You Can’t Afford to Make

Read through your Twitter feed or turn on the news on any given day and one thing is evident: cyber attacks are happening in every industry and organization size. It is obvious that these attacks are increasing in number and sophistication, and we’re confident in stating that this trend will continue.

Topics: cybersecurity

Jun 28, 2016 10:30:00 AM

4 Tips for Password Management

With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the founder of the most popular social network’s accounts can be hacked, we (as a society) have somehow missed the boat on proper password management. Not only is password management a problem for celebrities, but password hacks are becoming a problem for many enterprise organizations such as Citrix (and countless others).

Topics: cybersecurity, Password management

Jun 15, 2016 10:30:00 AM

Key Takeaways From the FFIEC Joint Statement on Cybersecurity

This past week the FFIEC issued a statement advising financial institutions to actively manage the risks associated with interbank messaging and wholesale payment networks. The FFIEC warned financial institutions to assess their risk and to determine the presence of risk management practices and controls. The FFIEC urged institutions to request specific security control recommendations from their payment system provider.

Topics: cybersecurity

Jun 7, 2016 11:00:00 AM

Key Considerations When Purchasing Cyber Insurance

From both current and prospective cyber insurance policy holders, we are frequently asked about what should be considered when purchasing a policy—what terms should be included, what are the important aspects and why. The answers to these questions are extremely complex, as cyber insurance is in its early infancy stages.

Topics: cybersecurity

Apr 28, 2016 10:00:00 AM

10 Takeaways from the 2016 DBIR

Even if you’ve never read Verizon’s Data Breach Investigations Report (DBIR), you’ve been exposed to it. Among the proposals, marketing materials, and whitepapers generated by the information security industry, it’s the most cited source of statistical data and trends related to organizations’ loss of data due to security incidents.

Mar 15, 2016 10:00:00 AM

Securing a Mobile Workforce

Last month, our Executive Partner, Joey Havens, announced a new mobile document sharing platform for our organization. With a mantra of fearless unrivaled flexibility, we allow our employees to be more flexible with their work schedules which usually means more mobile as well.

Sep 10, 2015 3:30:00 PM

What to Do When the Worst Happens

I’m sure you’ve heard the saying, “Hope for the best, but expect the worst.” I’d like to offer the IT incident response version, “Hope for the best, but plan for the worst.”