Some organizations suffer when multiple security vendors provide disparate tools and features. This impacts the organization's risk posture, increasing the likelihood threat actors find and exploit gaps in the organization's security approach. Managing multiple security solutions and providers becomes increasingly difficult as the organization grows. Combining those tools into a consolidated platform eliminates silos, unifies […]
Cybersecurity is one of the most in-demand and rewarding fields in the IT industry. As cyberthreats continue to evolve and pose challenges to individuals and businesses, cybersecurity professionals need to have a diverse set of skills to protect data, networks, and systems. We understand that each organization and security operations team will vary somewhat, and […]
If you’re aiming to improve your organization’s threat detection and incident response (TDIR) capabilities, I’m willing to bet you’re annoyed and frustrated by trying to navigate the managed cybersecurity market that’s rife with imprecise terminology and vendors willing to bend definitions to fit their solutions. As a result, you have an extremely difficult job in trying to find the right solutions, let alone pick the best one.
A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. Does your organization suffer from any of these?
Threats and threat actors continue to evolve and morph, creating advanced and even more dangerous tactics to mitigate. October is National Cybersecurity Awareness Month (NCSAM). NSCAM 2019 centers on the theme of Own IT. Secure IT. Protect IT., advocating a proactive approach to enhanced cybersecurity in the workplace and at home.
Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of course—SMB execs generally take security very seriously, but they don’t have the dollars to do enough about it—although it amounts to the same thing.
The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time.
This holiday season will be like no other with the continued use of remote work, greater online sales, third-party sourcing from across the globe, and employees taking much-needed time off. Cyber criminals will take advantage of these seasonal distractions to steal sensitive data, hold it for ransom, or use you as a stepping-stone to more lucrative victims.
Years ago, in a data security nightmare not so far away…I found out how quickly a brand could change from being a favorite of mine to becoming an entity I would never trust again.
In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.
A lot of data, an overwhelming amount actually, is available from hundreds of sources, but rarely is it observed. Having something and getting value from it are entirely different.
Businesses are always looking for ways to deliver increased value to clients while optimizing efficiency, and this year is no exception. Digital transformation, remote work, and economic uncertainty are just some of the challenges impacting organizations today. As you plan next year’s budget, it’s a good idea to assess current operational successes and opportunities to increase efficiency and effectiveness.
This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools.
For the past several months, there have been numerous stories about major retailers that have been breached by hackers. The result is that millions of credit cards have been stolen. In the case of Target, so far it is reported that 40 Million customer credit cards have been exposed, and 70 Million total records with personal information have been stolen.
In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.
The range of threats included trojans, worms, trojan downloaders and droppers, exploits and bots (backdoor trojans), among others. When untargeted (more common), the goal was profit via theft. When targeted, they were often driven by ideology.
The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist.
The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
The event, aimed at connecting the point-of-sale (POS) technology ecosystem, was extremely successful because it gave us the perfect platform to further connect with our existing partners—and to meet and interact with industry leaders.
Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked. “User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
Most merchants who have been validating their PCI compliance for a few years now probably know which SAQ type applies to them. In PCI 2.0, it has been fairly simple. And now we are facing PCI 3.0.
I have fond memories of playing a board game called Hungry Hungry Hippos in my younger days. Today’s medical practices mirror the chaos of the game. Each day seems more hectic than the previous...
This fundamental tradeoff between security, usability, and cost is critical. Yes, it is possible to have both security and usability, but at a cost, in terms of money, time and personnel. While making something both cost efficient and usable, or even making something secure and cost-efficient may not be very hard, it is however more difficult and time consuming to make something both secure and usable. This takes a lot of effort and thinking because security takes planning and resources.
Discover PCI DSS v4.0, the latest global standard for securing payment card data. Released March 31, 2022, it enhances security against evolving threats.
In this fourth article in the series, we continue to explore some of the basic ways that business of all sizes can keep their computer systems safer. We will discuss the topic of programs, ports and services.
Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?
?The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...
Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.
The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.
In computer terminology, a honeypot is a computer system set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of IT systems. Generally, a honeypot appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
It was great to be back in Chicago for ChannelCon 2022. Thank you to CompTIA for their successful event, with 1,000 attendees and vendor partners for the extensive formal and informal learning opportunities enabling us to recommend and reinvigorate after the last 24 months.
As the holidays swiftly approach, many of us are making lists and plans as part of the crescendo of year-end activity. We don’t want to forget anything important, but is ensuring safety from cybercrime at the top of your list?
Success starts with a well-planned strategic budget. Face the fear…now’s the time to plan for powerful yet practical cybersecurity.
It continues to be challenging being a Chief Information Security Officer (CISO) today – and this year promises no rest. As high-profile data breaches escalate, CISOs, CIOs, and other information security professionals believe their organizations are more likely than ever to fall victim to a data breach or cyber attack.
What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.
IT workers in general, but more so IT Security professionals, pride themselves on their technical skills. Keeping abreast of the latest threats and the newest tactics to demonstrate to management and peers that one is “worthy.”
One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the user was NOT a member of a specified group. Why? Well sometimes you have data that you know a given group of people will be accessing and for that activity you have no need of an audit trail. Let’s just say you know that members of the Engineering group will be accessing your Transmogrifier project folder and you do NOT need an audit trail for when they do. But this is very sensitive data and you DO need to know if anyone else looks at Transmogrifier.