It’s no question that in cybersecurity, defense is the best defense. In the constantly changing threat landscape, the tie often goes to the attacker, and businesses are forced to act like turtles putting up shells of security to ward off threats.
The new European Union (EU) Regulation 2016/679 GDPR (General Data Protection Regulation) have gone into effect May 25, 2018. This will have a far-reaching effect and identify many possible repercussions for any organization collecting, processing, and/or storing any EU citizen’s information. Your company need not be located in any of the EU countries; rather if your company collects any EU citizen’s information, your company must adhere to and be complaint to the new regulation.
Today we all communicate constantly over the internet. Some people say we spend too much time on our mobile devices and we do not interact enough with the world and with the people around us. However, that is a discussion for another time. In this blog post we want to discuss how we keep our internet communications secure from eavesdropping.
Hacking seemed like an arcane art, only mastered by those willing to spend years pouring over dusty tomes of x86 assembly language manuals and protocol RFCs. It did not occur to us that many of the vulnerabilities could be exploited by anyone with basic web development coding skills and the willingness to spend a few hours on research. One of these mysterious incantations was the dreaded “SQL Injection” attack. What exactly could one do with a SQL Injection attack, anyway? No one was quite sure, but since our software was going into a secure military installation, we were pretty sure that the perimeter defenses would prevent anyone from harming it.
The CIS Critical Controls were developed as a framework to not only ensure the successful realization of basic cybersecurity hygiene, but to lead to the planning and implementation of a robust security protocol. To build any cybersecurity protection schemata, it is necessary to know the extent of what it is you are protecting.
It is often easy to take the “that could never happen to me” mentality. We’ve all heard the story of someone’s uncle who was catfished out of his life savings by someone from another country whom he never met, but is the love of his life. While the need for human connection may not be every individual’s weak point, everyone has at least one. In the business environment, humans are invariably the weak link in the security chain. Cybercriminals are particularly adept at manipulating the human element to extort money, intellectual property, and resources.
The Internet of Medical Things (IoMT) is one of the most revolutionary developments in healthcare today. It empowers physicians to monitor patients remotely by providing the patient with network-enabled devices. These devices can track a wide variety of processes, from medication compliance to blood glucose level. Recalls of IoMT devices include pacemakers, infant heart rate monitors, insulin delivery systems, drug infusion pumps, and more. The time is now to focus on IoMT cybersecurity.
At the small to midsize business level, cyberattacks aren't merely annoying — they can spell certain doom for those already struggling to get by. Hence the need for robust security protocol. That's exactly what the Center for Internet Security provides with its Top 20 list of Critical Security Controls. While these controls have been in the making for well over a decade, they've recently gained greater prominence at the federal and state level — and among private entities. In this blog we offer an in-depth overview of this critical security tool, as well as suggestions for implementation.
Ransomware's sister threats are a different form of cyber crime called cyber blackmail or cyber extortion. Blackmail doesn't necessarily involve sophisticated technology. But ransomware and cyber extortion typically do. While these two types of malware share common themes, they also differ in key respects. What's the difference between ransomware and extortionware? And what can you do to prevent your company from becoming a victim of cyber crime?
A cyber threat map, also known as a cyber attack map, is a real-time map of the computer security attacks that are going on at any given time. One of the most famous was released by the company Norse and went so viral, even among non-hackers, that it got its own story in Newsweek in 2015.
Warfare is no longer about dumping thousands of men in a field and shooting at each other. Today, non-governmental forces are packing explosives onto commercially available drones and flying them over crowded areas. This past August, a dissident organization called Soldiers in T-Shirts attempted to assassinate Venezuelan President Nicolás Maduro using a drone. While this attempt was unsuccessful, it marked the first time -- but almost certainly not the last -- that a paramilitary organization tried to assassinate a sitting head of state with a drone.
Hacking humans with nanotechnology may sound like a concept from a futuristic science fiction novel or movie, but the truth is, it's not that far off and it could be the next big cyberthreat. If you thought data breaches involving your social security number or credit card information were scary, imagine the ramifications nanotechnology hacking.
It happens across industries, from refrigerator repair to software sales. You get good enough at your job, you get promoted to management and then become an executive. The field of information security is no exception. What skills do you need to be an effective CISO and what is the Certified CISO program? This blog covers these topics.
This blog features an interview of Alpine Security’s CEO, Christian Espinosa, on medical device security by Caroline Cornell, originally posted at classaction.com. Medical devices have largely been neglected from a cybersecurity perspective. Many of these devices run legacy operating systems, are full of vulnerabilities, and were not intended to be connected to hospital networks.
Penetration testing, also known as ethical hacking, is one of the hottest jobs in tech today. What other career lets you pretend you're in The Matrix, working your way into systems like a top-level hacker, all without breaking any laws. Oh, and you're getting paid for it.With a real-world penetration testing job, though, you're not just playing at hacking into systems. You actually are hacking into systems, and your employer's very existence may depend on your ability to do it.
You've probably seen leetspeak, also known as 1337 or “l33t,” somewhere on the Internet or in a movie about computer hacking. It's essentially regular English, but with more hacker slang and with certain letters changed to numbers. In this blog, we cover the history of leetspeak and how it applies to you.
Penetration testing, also known as pen testing, is an ethical hacking tactic that helps companies protect themselves. Penetration testers try to break into clients' digital systems to find weaknesses before a black hat hacker does. This is a growing field as companies seek to prevent the high profile data breaches that have happened in recent years. The top penetration testing certifications can help you get into this field.
Penetration testing has been around since human beings first began trying to understand their enemies' thought processes. Ancient armies all over the world conducted mock battles and games to figure out how other armies might undermine their strategies or get around their forces. This continued for centuries upon centuries until, inevitably, the tech world got in on the act.
Hacked medical devices could be the next big security nightmare. There are currently between 10 and 15 connected devices per hospital bed in the United States, many of which are vulnerable to attack.
Organizational leaders must understand that comprehensive, risk-based decisions are vital to balancing the force multiplying effects of information systems with the risk of those systems being inherently vulnerable to exploitation. If you want to prevent or reduce the likelihood of an attack, you have to risk management strategy: how your organization will frame, assess, respond to and monitor risk over time.