Insights

pseudonymization

Data Anonymization vs. Pseudonymization: Choosing the Right Approach

Data anonymization and pseudonymization are both important data privacy and security techniques for sensitive information, but they serve different purposes. The anonymization process irreversibly transforms data so that it is no longer possible to identify individuals directly or indirectly. Even when combined with other information, anonymized data cannot be linked

Read More »
microsegmentation

Microsegmentation: Reducing Attack Surface in Large Networks

Microsegmentation is an adaptive and proactive defense mechanism that protects a network by dividing it into smaller, isolated segments based on workloads or applications. In contrast with traditional segmentation, microsegmentation uses software-defined policies to control and monitor communication between workloads. Through this fine-grained control, enterprises can enforce security policies based

Read More »
autonomous threat hunting

Autonomous Threat Hunting: Leveraging AI to Predict and Prevent Attacks

Today, organizations face an uphill battle against sophisticated cybercriminals in a rapidly evolving cyber threat landscape. Traditional security measures cannot keep pace with advanced persistent threats (APTs) and ever-changing attack vectors. How Autonomous Threat Hunting Works Autonomous threat hunting powered by artificial intelligence (AI) has emerged as a game-changing solution,

Read More »
cloud workload protection

Cloud Workload Protection: Securing Multi-Cloud Environments

Many organizations use multi-cloud and hybrid cloud strategies, so data and applications are often dispersed across several platforms, each with unique vulnerabilities and security configurations. Threats like data breaches, malware and unauthorized access exploit gaps between platforms, leading to costly disruptions and data loss. Cloud Workload Protection (CWP) secures applications,

Read More »
managed detection response

The Role of Managed Detection Response in the Modern Threat Landscape

Cyber threats are evolving rapidly, far outpacing traditional security measures. One innovative solution is managed detection and response (MDR), which combines advanced threat detection technologies and expert human analysis and response. Organizations can use it to monitor their networks, endpoints and cloud environments for any signs of potential cyber threats

Read More »
pen testing

The Benefits of Pen Testing in Securing Digital Assets

In today’s digital landscape, organizations face an ever-increasing array of cyber threats. As companies expand their online presence and store vast amounts of sensitive data, the need for robust cybersecurity measures has never been greater. One of the most effective strategies for identifying and mitigating vulnerabilities is penetration testing (pen

Read More »
CVEs

Managing the Dramatic Increase in CVEs

Recently, there has been a marked increase in the number of common vulnerabilities and exposures (CVEs) reported, and the exploitation of older CVEs has also increased. The number of reported CVEs rose by about 30%, from 17,114 in 2023 to 22,254 in 2024, according to Qualys. And there has been

Read More »
intellectual property

The Role of Cybersecurity in Protecting Intellectual Property

Intellectual property (IP) is one of the most valuable assets in today’s digital economy. As companies increasingly shift their operations online, the risk of cyberattacks targeting IP grows. Effective cybersecurity measures are essential to prevent theft, unauthorized access and exploitation of these valuable assets. A Growing Threat to Intellectual Property

Read More »
security orchestration, automation and response

Security Orchestration, Automation and Response: Streamlining Incident Response

Cyber threats are evolving rapidly, far outpacing traditional security measures. Organizations face overwhelming alerts and incidents, making it difficult to manage and respond effectively. Security orchestration, automation and response (SOAR) platforms are emerging as a vital technology to streamline incident response, enhance security operations and mitigate risks in real-time. What

Read More »
SIEM

The Role of SIEM in Modern Cybersecurity

As a central component of modern cybersecurity strategies, a security information and event management (SIEM) system integrates and analyzes a wide range of data sources to assist an organization in identifying and responding to security incidents, enhancing compliance and improving security postures. To achieve these goals, a SIEM system uses

Read More »
Cybersecurity mesh architecture

Cybersecurity Mesh Architecture: A New Paradigm for Enterprise Security

Cybersecurity mesh architecture (CSMA) is a modern approach to security that provides a more flexible and scalable way to manage and enforce security policies across a distributed enterprise environment. Unlike traditional security architectures that rely on a centralized approach, CSMA decentralizes security controls, allowing them to be deployed closer to

Read More »
privileged access management

Privileged Access Management: Controlling the Keys to the Kingdom

Privileged access management (PAM) is a cybersecurity technique focusing on controlling access to critical systems and data within an organization. It aims to minimize the risk of data breaches and unauthorized access by managing privileged accounts – those with elevated permissions to access, modify or delete sensitive information. How Privileged

Read More »
honeypot

Deploying Honeypots and Honeytokens for Advanced Threat Intelligence

As cybersecurity evolves, organizations must continuously innovate to stay ahead of increasingly sophisticated threats. Despite their importance, traditional defensive measures such as firewalls, intrusion detection systems and antivirus software aren’t enough to protect computers and networks. Many security professionals use honeypots and honeytokens to detect and mitigate advanced threats. In

Read More »
cybersecurity in ESG

The Role of Cybersecurity in ESG Initiatives

The importance of cybersecurity in environmental, social and governance (ESG) initiatives is growing. As businesses integrate ESG factors into their strategies, robust cybersecurity measures are essential to protecting sensitive data, ensuring compliance and maintaining stakeholder trust. As industries undergo digital transformations, the need for cybersecurity strategies has increased to protect

Read More »
weaponized AI

Cybersecurity in the Age of Weaponized AI: Navigating the New Threat Landscape

The development of weaponized artificial intelligence (AI) represents a potent cybersecurity threat. With AI algorithms, adversaries can automate and improve phishing attacks, malware distribution and network intrusions with unprecedented speed and precision. In addition, AI-powered tools can adapt and evolve rapidly, outpacing traditional security measures and making detection and mitigation

Read More »
human centered design

Balancing Usability and Security With Human Centered Design

In the rapidly evolving digital landscape, designers and developers are increasingly concerned about balancing usability and security. Human-centered design (HCD) can help reconcile these seemingly conflicting priorities. In HCD, human needs and behaviors come first. Designers and developers create digital solutions that meet functional requirements and resonate with users emotionally

Read More »
endpoint security

Next-Generation Endpoint Security Technologies

Cyber threats are becoming more sophisticated and frequent in today’s cyber landscape, making next-generation endpoint security technologies essential. Traditional antivirus solutions are falling short in protecting against advanced malware, ransomware, zero-day attacks, advanced persistent threats (APTs) and other targeted attacks that exploit endpoint vulnerabilities. With next-generation technologies, such as endpoint

Read More »
SIEM

The Evolution of Security Information and Event Management (SIEM)

Security information and event management (SIEM) technologies provide a holistic view of an organization information security, combining security information management and security event management capabilities into one security management system. In recent years, the increasing complexity and sophistication of cyber threats have driven significant evolution and growth in SIEM systems.

Read More »
CMMC 2.0

Cybersecurity Maturity Model Certification 2.0

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to ensure that contractors handling sensitive information meet adequate cybersecurity standards. It aims to enhance the protection of controlled unclassified information (CUI) within the defense industrial base (DIB) supply chain. The first version

Read More »
identity hijacking

What You Need to Know About Identity Hijacking

Identity hijacking happens when hackers get unauthorized access to someone else’s identity information and use it to commit fraud. The hackers could steal usernames, passwords, social security numbers, credit card details or other sensitive information to impersonate the victim and commit fraud, steal data or access systems unauthorized. Recently, hackers

Read More »
technology transformation

Technology Transformation Drives Innovation

Many organizations are adopting cutting-edge technologies, such as cloud computing, artificial intelligence (AI) and data analytics, to drive innovation and remain competitive. This technological overhaul is reshaping how businesses operate, redefining industry standards and creating new opportunities for growth and differentiation. According to a survey of 750 C-level executives by

Read More »
organizational privacy

The State of Organizational Privacy

In recent years, there has been heightened awareness and concern regarding privacy and data protection, driven by high-profile data breaches and increasing connectivity. Organizations are under growing pressure to safeguard sensitive data due to legal obligations and the need to maintain trust with their stakeholders. To better understand the state

Read More »
Gen AI

Is a Ransomware Armageddon Inevitable?

Ransomware incidents reach an all-time high in 2023, and 2024 isn’t likely to be much better. As generative artificial intelligence (Gen AI) evolves, cybercriminals can execute advanced phishing attacks that are extremely difficult to identify. Most ransomware infections are caused by phishing attacks, so ransomware incidents will inevitably skyrocket as

Read More »

2024 Cybersecurity Predictions

In 2024 and beyond, cybersecurity will be impacted by forces reshaping the dynamics between attackers and defenders. Some of these forces are technological, such as AI and digital infrastructure, while others are political, such as state-sponsored cyberattacks and hacktivism. The following are four of the top cybersecurity trends to watch

Read More »
cybersecurity balancing act

The Cybersecurity Balancing Act

Today, organizations are continually threatened by cybercriminals seeking to exploit vulnerabilities for financial or political gain or simply for the thrill of disruption. Businesses of all sizes are becoming more concerned about cybersecurity as technological advances increase the sophistication of tactics employed by malicious actors. To protect their assets, maintain

Read More »
quantum computing

What Does Quantum Computing Mean for Cybersecurity?

In recent years, quantum computers have been extensively researched. These machines exploit quantum mechanical phenomena to solve mathematical problems that are difficult for conventional computers to solve. The construction of large quantum computers will make breaking many current public-key cryptosystems possible. As a result, the integrity and confidentiality of digital

Read More »
mitigate phishing

NSA Releases Guidelines to Mitigate Phishing

In partnership with several other U.S. agencies, the National Security Agency (NSA) recently issued new guidance on how to mitigate phishing attacks for IT departments. Phishing attacks use deceptive tactics to trick people into divulging sensitive information or deploying malware onto systems. Phishing usually involves fake emails, messages or websites

Read More »
CVSS 4.0

New CVSS Vulnerability Severity Scorecard

Earlier this month, the Forum of Incident Response and Security Teams (FIRST) released the latest generation of the Common Vulnerability Scoring System (CVSS), CVSS 4.0. Among the numerous changes made, the revised standard offers the following improvements: Finer granularity in base metrics for consumers Removal of downstream scoring ambiguity Simplification

Read More »
cybersecurity misconfigurations

Top 10 Cybersecurity Misconfigurations

Cybersecurity misconfigurations typically arise from incorrect settings, permissions or configurations within an organization’s IT infrastructure and security systems. One significant consequence of misconfigurations is a heightened vulnerability to cyberattacks. When systems and software are not correctly configured, they can expose sensitive data or create security gaps that malicious actors exploit,

Read More »
secure our world initiative

CISA’s New Secure Our World Initiative

Cybersecurity awareness month is held every October to raise awareness about cybersecurity and promote online safety. Since 2004, this campaign has been educating individuals, businesses and organizations about current threats and the best practices for safeguarding sensitive information. Government agencies, private companies and cybersecurity experts collaborate to provide resources, guidance

Read More »
CTEM program

Developing a Continuous Threat Exposure Management Program

There’s no way to protect your organization from every cybersecurity threat. However, a continuous threat exposure management (CTEM) program can help identify and prioritize your biggest concerns. A CTEM program is essential in today’s rapidly evolving cybersecurity landscape because it allows organizations to proactively identify, assess, and mitigate cybersecurity risks.

Read More »
threat intelligence playbook

Improving Your Organization’s Threat Intelligence Playbook

As the threat landscape evolves, timely access to credible intelligence is critical for your organization. According to 210 security and IT leaders, practitioners, administrators and compliance professionals surveyed by CyberRisk Alliance, early-warning attack feeds and actionable reporting are indispensable features in any threat intelligence playbook. Here are some key findings

Read More »
cloud security strategies

5 Cloud Security Strategies to Implement in Your Organization

Cloud security should be part of every organization’s cybersecurity plan, but many don’t know where to begin or what to prioritize. Cloud security protects the data, applications and resources stored in cloud environments from unauthorized access, breaches and data loss. In the age of cloud computing, businesses need effective security

Read More »
Unified Extensible Firmware Interface

What You Need to Know About Unified Extensible Firmware Interface

Unified Extensible Firmware Interface (UEFI) is a modern replacement for BIOS (Basic Input/Output System), which has been used to boot computers and initialize hardware for decades. UEFI has several advantages over BIOS, including better security, faster boot times and more flexibility. UEFI is modular and extensible. It has several layers,

Read More »
cybersecurity team

Is Your Rookie Team Ready for a Cybersecurity Crisis

Does your company have a new cybersecurity team? If your organization has a security incident, how will the team react? With the ever-evolving threat landscape, it’s challenging for rookie security teams to proactively respond to a security crisis. Fortunately, there are several steps you can take to ensure your team

Read More »
red zone threat intelligence

What You Need to Know About Red Zone Threat Intelligence

Many organizations are adopting a more comprehensive “red zone” approach regarding risk mitigation. According to FortiGuard Labs, the red zone includes the vulnerabilities attackers target in an organization. While security teams tend to focus on endpoint vulnerabilities, FortiGuard found that less than 1% of vulnerabilities in an organization were located

Read More »
CSaaS

Cybersecurity: Don’t Go It Alone

Cyberthreats are complex and ever-changing, which makes managing cybersecurity tough on your own. One affordable and practical solution is cybersecurity as a service (CSaaS). But what are the benefits of CSaaS, and how can your organization leverage it to improve their cybersecurity posture? Six CSaaS Benefits for Organizations Whether organizations

Read More »
LockBit

Cybersecurity Advisory: LockBit Ransomware

First detected in 2019, LockBit has evolved into the most prolific ransomware-as-a-service in the world. LockBit is typically spread through phishing emails, malicious attachments or software vulnerabilities. And it is so dangerous that the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, Multi-State Information Sharing and Analysis Center, and cybersecurity authorities

Read More »
IT and OT Cybersecurity

The Intersection of IT and OT Cybersecurity

New cybersecurity challenges are emerging as information technology (IT) and operational technology (OT) intersect, making it more challenging for organizations to safeguard their data, networks and physical infrastructure. IT and OT cybersecurity intersect in several ways due to the increasing convergence of IT and OT systems. Traditionally, IT and OT

Read More »
risk-based approach to cybersecurity

Benefits of a Risk-Based Approach to Cybersecurity

Cyber threats multiply daily and pose serious financial, legal and reputational challenges to organizations. To combat these threats, organizations can improve their security posture through a maturity-based or risk-based approach to cybersecurity. With a maturity-based approach, organizations aim to build standardized capabilities and controls across the board. With a risk-based approach,

Read More »
DevOps

Shifting to the Left: Making the DevOps Process More Transparent

New software and applications are hitting the market at incredible speed. Yet launching products quickly often means sacrificing quality and security. More organizations are addressing this problem through a “shift left” approach, which involves testing software as early as possible during development. The shift left approach means prioritizing transparency and

Read More »
making cybersecurity a unified effort

Making Cybersecurity a Unified Effort

As a cybersecurity professional, you know that defending your organization against a myriad of external and internal threats can seem like a never-ending war. You need to be aggressive and outthink your opponent on the cyber battlefield. While these traits are excellent for preventing cyber incidents, they are not always

Read More »
women in cybersecurity

Report: The State of Inclusion of Women in Cybersecurity

Women continue to be underrepresented in cybersecurity roles, which can have serious consequences for those interested in pursuing careers in this field and the industry as a whole. A recent State of Inclusion of Women in Cybersecurity report by Women in CyberSecurity (WiCyS) and diversity, equity, and inclusion (DEI) firm

Read More »
cloud infrastructure

Think Your Cloud Infrastructure is Secure? Think Again.

Complex cloud environments can lead to some surprising and unexpected security blind spots. Attackers are exploiting these blind spots to gain access to sensitive data on your cloud infrastructure. According to CrowdStrike’s latest Global Threat Report, cloud cyberattacks surged 95% in 2022, and the number of cases involving attackers targeting

Read More »
cybersecurity poverty line

The Cybersecurity Poverty Line

With the proliferation of cyberattacks, the cybersecurity talent gap and hybrid work environments, the divide between security haves and have-nots has grown. This divide is the cybersecurity poverty line first identified by security expert Wendy Nather. Organizations below the cybersecurity poverty line aren’t investing enough in cybersecurity to adequately protect

Read More »
cybersecurity is not optional

Cybersecurity is Not Optional

Cybersecurity is not optional. Every organization needs cybersecurity regardless of size, industry or location. More companies are going digital, which means information security isn’t an option. It’s imperative for growth and survival. The 2022 Cost of a Data Breach report found that a data breach cost a U.S. company an

Read More »
cybersecurity hierarchy of needs

The Cybersecurity Hierarchy of Needs

In the middle of the 20th century, psychologist Abraham Maslow developed a hierarchy of human needs model in which basic needs, like food and water, must be met before higher needs, like self-esteem and self-actualization, can be explored. Maslow employed a pyramid to display this hierarchy. Maslow’s hierarchy of needs

Read More »
healthcare IoT devices

Top Risks Posed by Healthcare IoT Devices

Healthcare Internet of Things (IoT) devices provide various benefits, including automated alerts, remote monitoring, early diagnosis, lowered healthcare costs and quick access to patient information. However, IoT devices also present numerous security challenges for the healthcare industry. According to Cynerio’s State of Healthcare IoT Device Security 2022 report, more than

Read More »
cybersecurity resilience

The Importance of Cybersecurity Resilience

Cybersecurity resilience has become a top priority according to Cisco’s latest annual Security Outcomes Report, with a staggering 96% of executives citing it as highly important. Nearly two-thirds of organizations suffered a security event that resulted in adverse impacts, such as communications outages, supply chain disruption or reputational harm. The

Read More »
2023 cybersecurity forecast

2023 Cybersecurity Forecast

As 2022 draws to a close, security pros are considering what challenges and opportunities the new year will bring. It’s never easy to make predictions in the dynamic, fast-changing field of cybersecurity, but there are several important developments that seem likely in 2023. The Attack Surface Will Expand In the

Read More »
new cybersecurity regulations

New Cyber Regulations are Coming…Is Your Board Ready?

A phalanx of new cybersecurity regulations are marching over the horizon with important implications for board members and senior management. In addition to new incident reporting requirements, executive oversight and engagement are other key areas of regulatory focus, particularly for the Securities and Exchange Commission (SEC). New Rules, New Responsibilities

Read More »

The Rise in State-Sponsored Cyberattacks

The recently published 2022 Microsoft Digital Defense Report revealed a sharp rise in state-sponsored cyberattacks, partially driven by Russia’s ongoing war in Ukraine. This increase marks the acceleration of an existing trend toward more frequent and brazen attacks linked to nation states. Impact of the War in Ukraine Attacks against

Read More »
patch these vulnerabilities

Patch These Vulnerabilities Now!

With all the recent attention paid to zero-day attacks, there’s a tendency to overlook the ongoing exploit of known vulnerabilities that simply haven’t been patched. Vulnerability management is a critical component of any cybersecurity program. In concept, it seems simple: scan your system for vulnerabilities, then apply patches. In practice,

Read More »
see yourself in cyber

See Yourself in Cyber

This October marks the nation’s 19th cybersecurity awareness month. This year’s theme, See Yourself in Cyber, puts the focus squarely on people. In both our private and professional lives, we all have a role to play in protecting ourselves, our communities and our country from cybercrime. Personal Cyber Hygiene While

Read More »

Recession-Proof Your Cybersecurity Operations

Amid concern about an impending global recession, many organizations are seeking to reduce their operating costs. Cybersecurity programs may be a tempting target, but blanket cuts to cyber defenses can have devasting consequences. All businesses are potential cybercrime targets; those that are unprepared may suffer heavy financial or reputational losses,

Read More »
four stages of cybersecurity

The Four Stages of Cybersecurity

Cybersecurity is a complex endeavor that requires a deep understanding of your organizational environment and its unique risk profile. You can’t just purchase and deploy a suite of security tools, then assume you’re protected. Cybersecurity programs should be designed using a risk-based approach, which can be implemented in four stages:

Read More »
cybersecurity regulations

New Cybersecurity Regulations on the Horizon

The United States has historically relied on the private sector to protect itself from cyber threats. However, the recent spike in major ransomware and supply chain attacks has prompted the government to step in with a series of new cybersecurity regulations. A New Regulatory Environment Included among the impending regulations

Read More »
security cameras

The Problem With Private Security Cameras

Private security cameras have become a common sight in American neighborhoods. Amazon’s Ring cameras have proven particularly popular, though many home security companies and IoT device makers offer similar products. Many consumers purchase these cameras to secure their property and provide peace of mind. However, the effectiveness of these devices

Read More »
cookie consent

Cookies 101

The internet is saturated with cookie permissions popups, nagging you for consent on nearly every website. Half of Americans always accept all cookies, likely without understanding what they are agreeing to. Some cookies are essential for using a particular website, but many others are not and may have privacy or

Read More »
ZuoRAT

What You Need to Know About ZuoRAT Malware

Security researchers recently identified sophisticated malware that’s been infecting small office and home office (SOHO) routers across North America and Europe. This malware, dubbed ZuoRAT, appears to be a modified variant of the Mirai botnet malware. However, unlike Mirai, which used compromised devices to conduct massive distributed denial-of-service (DDoS) attacks,

Read More »
cyberattack

The Why of Cyberattacks

When an organization suffers a cyberattack, there’s a race during the aftermath to attribute the cause. The root cause is often identified as a vulnerability that wasn’t patched or a compromised password, but simply deducing “how” an attacked occurred misses the bigger picture of “why” it occurred. Security breaches often

Read More »
GDPR

GDPR: Four Years Later

At its inception in May 2018, the European Union’s General Data Protection Regulation (GDPR) triggered a transformation of the information privacy compliance landscape. The comprehensive legislation mandates that private organizations obtain consent before collecting personal data and delete collected data upon request, among numerous other requirements. The GDPR has wide-reaching

Read More »
health data

Electronic Health Data is Vulnerable Post Roe v. Wade

The possible overturn of the Supreme Court’s landmark Roe v. Wade decision would have far-reaching implications for the country, including in the data privacy realm. There’s deep concern that, if abortion is outlawed, private health data may be wielded by states as evidence in prosecutions. Private Health Data or Admissible

Read More »
digital footprint

How to Reduce Your Digital Footprint

The global pandemic has accelerated a long-term trend toward living more and more of our lives online. Working, schooling, shopping, socializing and many other daily activities that used to conducted principally offline have now migrated to the digital realm. One consequence of this shift has been the proliferation of personal

Read More »
helping your board understand cybersecurity

Helping Your Board Understand Cybersecurity

Cyberattacks have become a serious risk to organizations that no responsible board member can ignore. In fact, a 2021 survey of risk decision makers ranked cyberattacks as the number one threat to companies, beating out the pandemic, supply chain disruptions and economic recession. An overwhelming majority of board directors recognize

Read More »
MFA prompt bombing

What You Need to Know About MFA Prompt Bombing

In the never-ending cybersecurity arms race, hackers are opening a new front against multi-factor authentication (MFA). A technique called MFA prompt bombing is being used to trick victims into bypassing MFA defenses. Let’s look at how this attack works and what you can do to protect yourself. MFA Protection Recently,

Read More »
third parties

The Security Risks of Third Parties

With the maturation of cloud computing technologies and efficient data transfer via APIs, digital supply chains have become increasingly complex and indispensable. However, the scalability and flexibility afforded by third parties also come with hidden risks. As demonstrated by several major cyberattacks, such as the SolarWinds and Kaseya supply chain

Read More »
cybersecurity efficacy

How to Gauge Cybersecurity Efficacy

Organizations continue to pour money into their cybersecurity programs, with annual spending predicted to reach nearly half a trillion dollars by 2025. Prioritizing security is a necessary response to the growing financial risks associated with a breach, but are these investments actually making companies safer? The only way to know

Read More »
StateRAMP

What You Need to Know About StateRAMP

Following the trail blazed by the successful FedRAMP program, the State Risk and Authorization Management Program (StateRAMP) aims to bring standardized, streamlined cybersecurity assessments to the states. Arizona recently announced a year-long pilot of StateRAMP to test and refine the program, and momentum seems to be building toward wider adoption

Read More »
cybersecurity infrastructure

How Strong is Your Cybersecurity Infrastructure?

The number of data breaches last year set a new record, marking a 68% increase compared to 2020. Cybersecurity Is your organization’s security infrastructure ready to withstand a cyberattack? Here are some steps you can take to bolster your defenses before they are put to the test. Build Resiliency Experiencing

Read More »
crypto

Crypto and Cyber: What Investors Need to Know

Cryptocurrency values exploded last year, growing to exceed $3 trillion globally. Now, with the sharp collapse in prices over the past two months, you may be wondering whether it’s the perfect time to buy in low. However, if you decide to take the plunge into the world of crypto investing,

Read More »
FISMA

Is FISMA Reform in the Cards?

In the wake of several major cyberattacks launched over the past year, and the ongoing scramble to protect networks from recently discovered log4j vulnerabilities, the U.S. Congress sees an opportunity to modernize the Federal Information Security Management Act (FISMA). Although FISMA reforms were omitted from the National Defense Authorization Act

Read More »
security policies

Developing Actionable Security Policies and Procedures

Many organizations approach security documentation as a tedious exercise to check a compliance box rather than a critical component of a security program. Despite the massive migration to remote work during the pandemic, only 40% of small businesses have bothered to implement remote work security policies. But a cybersecurity team

Read More »
HCD

Incorporating Human Centered Design

Human centered design (HCD) is a problem-solving methodology that starts and ends with users. Instead of basing design decisions on profit, efficiency or aesthetic goals, this approach is rooted in human empathy. Each facet of the design process tightly orbits around the user’s perspective and experience—their needs, limitations, habits and

Read More »
top cybersecurity incidents of 2021

The Top Cybersecurity Incidents of 2021

As the year draws to a close, we’re reviewing several of the top 2021 cybersecurity incidents and the impact they’ve had on the cyber threat landscape. Microsoft Exchange In early March, Microsoft revealed that security flaws in its Microsoft Exchange Server email software were being widely exploited. Hafnium, a state-sponsored

Read More »
strategic planning

Charting a Course for 2022

Strategic planning is hard. Strategic planning during a worldwide pandemic, even harder. Organizations must contend with ongoing disruptions to the global supply chain, managing remote and hybrid workforces and simply keeping their employees from jumping ship. Now, rising inflation and the emergence of another concerning coronavirus variant may portend more

Read More »
ransomware attacks

Tis the Season for Ransomware Attacks

As we plan for the holidays, people are coordinating events with family and friends, checking off items on their gift lists and wrapping up year-end projects before taking some time off. In a warning issued last week, CISA and the FBI want us to add another item to our holiday

Read More »
cybersecurity partner

What to Look for in a Cybersecurity Partner

2021 has been a banner year for cybersecurity awareness. Large-scale attacks, such as the SolarWinds and Colonial Pipeline attacks, have dominated the headlines, and the number of data breaches reported in 2021 already exceeds last year’s total. Global spending on cybersecurity is predicted to reach $150 billion by the year’s

Read More »
fake job ads

Fraudsters Stealing Identities With Fake Job Ads

The labor market is experiencing major upheaval in response to the pandemic and corresponding rise in remote work. Employees are quitting jobs in record numbers, including 2.9 million in the month of August alone, and many workers laid off during the pandemic are still looking to re-enter the workforce. Scammers

Read More »
weakest cybersecurity link

The Weakest Cybersecurity Link

A central component of every cybersecurity program is vulnerability management—identifying weaknesses in the organization’s security posture and implementing controls to address them. Unpatched operating systems, poorly configured firewall rules and unencrypted databases are all chinks in an organization’s cyber armor, but the most critical cybersecurity vulnerability is people. Whether it’s

Read More »
hacktivism

The Resurgence of Hacktivism

After a period of decline, hacktivism is emerging again as a serious threat. This month, videogame streaming service Twitch was the victim of a massive breach that exposed creator payout reports and Twitch’s entire source code among other proprietary information. The 125GB data breach follows directly on the heels of

Read More »
diverse cyber workforce

Cultivating a Diverse Cyber Workforce

As any hiring manager looking to expand their security team can attest, there’s a dire shortage of cybersecurity professionals in today’s labor market. In the United States alone, there are nearly half a million unfilled job openings in the field. However, part of the problem is that organizations are limiting

Read More »
credential hijacking

Bad Actors Trade Malware for Credential Hijacking

The cyber threat landscape is undergoing an important shift as attackers choose stealthy credential-based attacks over malware. An annual threat report published by CrowdStrike last month revealed that 68% of threat detections from the past three months were malware free. The use of compromised credentials and existing system tools, rather

Read More »
cybersecurity myths

Debunking Cybersecurity Myths

Cybersecurity is a complex field that’s constantly changing to keep up with new technologies. These conditions make it fertile ground for misinformation that can lead to poor security practices. It’s National Cybersecurity Awareness Month, so it’s the perfect time to dispel a few common cybersecurity myths. Myth: Cyberattacks Always Come

Read More »
FedRAMP

A FedRAMP Progress Report

The Federal Risk and Authorization Management Program (FedRAMP) was launched in 2011 to drive forward the U.S. Government’s Cloud-First strategy. FedRAMP eliminated duplicative security assessment efforts by establishing a common accreditation for cloud service providers (CSPs). Once a cloud service offering (CSO) is FedRAMP-certified, any federal agency is permitted to

Read More »
healthcare

A Healthcare Security Checkup

As the healthcare sector continues to fight on the frontlines against the COVID-19 global pandemic, it faces the added challenge of warding off a steady rise in cyberattacks. Attacks against the American healthcare system increased by 55% in 2020, with more than a third of healthcare organizations globally suffering ransomware

Read More »
cybersecurity initiatives

The White House’s New Cybersecurity Initiatives

Two weeks ago, President Biden held a cybersecurity summit at the White House, where a raft of public and private initiatives were announced to improve the nation’s cybersecurity posture. CEOs of major technology companies, including Alphabet, Amazon, Apple and Microsoft, as well as banks, insurers and educational institutes were in

Read More »
CISA bad practices

CISA’s Bad Practices

The Cybersecurity and Infrastructure Security Agency (CISA) recently adopted a new tactic to improve the nation’s cyber defenses: rather than focus on what organizations should be doing to protect themselves, CISA’s new catalog of bad practices puts the spotlight on the worst security practices. The list currently contains three entries:

Read More »
c-suite

What the C-Suite Needs to Understand About Cybersecurity

Cybersecurity is the responsibility of everyone in an organization, but some positions have more responsibility than others. The C-suite has a unique role in establishing and maintaining the organization’s security culture. Employees align their behavior to signals from leadership, for instance, when determining if security protocols should be sidestepped to

Read More »
zero trust architecture

Is Zero Trust the Future?

In response to the recent onslaught of headline-grabbing security breaches, such as the attacks on SolarWinds and the Colonial Pipeline, the U.S. federal government is taking decisive steps toward a zero trust future. In May, the Biden Administration issued a cybersecurity executive order that, among other provisions, mandates that all

Read More »
privacy program

Is Your Privacy Program Enough?

According to the UN Conference on Trade and Development (UNCTAD), more than three-quarters of countries worldwide have or are working towards data protection and privacy legislation. Navigating these numerous and sometimes contradictory regulations present considerable challenges to organizations. In addition, enforcement actions for non-compliance come with severe monetary penalties and

Read More »
cyber hygiene

Are You Practicing Proper Cyber Hygiene?

Practicing good cyber hygiene means proactively maintaining the health and security of an information system by establishing routine processes to defend against cyber threats and attacks. It makes data less vulnerable to the risks present in the threat landscape and even helps to prevent information and data from being misplaced. Proper

Read More »

Learn more about our diverse set of technology services for the federal and commercial markets.