Ransomware is alive and well…and coming to a device near you. Why? It’s plain and simple, we make it profitable. As long as we are willing to pay up, the cycle will continue. A lot of organizations, big and small, public and private, are paying ransoms to get back access to their own information. Cyber-insurance […]
Category: Information Security
The Surge Is On
There’s been a surge of Business Email Compromise (BEC) and Account Takeover (ATO) incidents of recent and it doesn’t matter the industry or the size of the organization, big or small, you are a target. In fact, if you are a small business, you may be even more at risk and the results may be […]
Small Business is a Big Ransomware Target
More than 70% of ransomware attacks target small business, with an average time of infection to encryption within three (3) minutes. Most data breaches and ransomware outbreaks happen because of two problem areas: 1) The perpetrators take advantage of known vulnerabilities from outdated, unpatched and unmonitored operating systems/applications; 2) The typical end-user is given too much […]
Principle of Least Privilege
In a nutshell, the Principle of Least Privilege means limiting access to whom and for what is necessary to perform one’s duties. The concept of restricting access to data, information, applications, operating systems, servers, network equipment, etc.. is nothing new. In fact, the concept has been around for decades and ignored for just about as […]
No Ransom, No Cry
The recent WannaCry (WannaCrypt) malware attack further shows how many organizations are still unprepared to prevent, respond and recover from such attacks. This malware and a lot of other viruses typically take advantage of a well-known exploits, most of which have a fixes/updates to mitigate these issues. Case in point, MS17-010. This security update had been out almost […]
Protecting Your Organization’s Reputation – Part 3
Welcome to Part 3, of the multi-part series on “Protecting Your Organization’s Reputation”, where we’ll be focusing on the area of Data Loss and Leakage Prevention. As discussed in the previous installment, sender verification, anti-spoofing and messaging signing (digital signature) technologies/controls are a great first step, but that still doesn’t protect from malware and other […]
Protecting Your Organization’s Reputation – Part 2
We’ve all heard of the increases in e-mail phishing/scamming/spoofing. Typical phishing or spear phishing scams usually include a malicious URL or attachment, that attempts to install malware or to gather more information (credit card, bank account, etc…), while whaling is a pure social engineering hack. If your organization falls victim to these exploits, it can […]
Protecting Your Organization’s Reputation – Part 1
Organizations can get a bad reputation from a variety of externally initiated and/or internally created issues, such as: poor customer service, spamming/spoofing, CEO/CFO spear phishing scams, leakage of customer personal/financial/health information, environmental dumping, financial malfeasance, and the list goes on. For many of these issues we can mitigate the probability and impact and/or provide corrective actions. […]