How to Implement The Principle of Least Privilege in The Cloud

The principle of least privilege (PoLP) stipulates that users should be granted the least privileges they need to carry out their role, and is arguably one of the most important principals of data security. PoLP helps to minimize the attack surface – limiting the amount of damage that can be caused were an attacker to gain access to a set of credentials. Likewise, PoLP helps to protect … [Read more...]

What Are Amazon S3 Buckets?

Launched in the United States in 2006, Amazon Simple Storage Service (S3) is a public cloud storage platform that is highly scalable, fast, reliable, and inexpensive. The platform boasts 99.999999999% durability and between 99.95% to 99.99% availability. What Are Amazon S3 Buckets? Amazon S3 buckets are a part of Amazon Web Services (AWS) and come with a user interface that enables users to store … [Read more...]

What Are Phishing Attacks and How do They Happen?

Phishing is a social engineering technique commonly employed by cyber-criminals to trick unsuspecting victims into downloading a malicious application or visiting a malicious website. Phishing attacks are typically carried out via email, although other mediums can be used, hence Vishing (Voice Phishing), and Smishing (SMS Phishing). In most cases, the goal of phishing is to obtain sensitive … [Read more...]

What is ISO 27001 Compliance? A Complete Guide

What is ISO 27001? The International Organization for Standardization (ISO) consists of representatives from various national standards organizations. With the exception of acronyms, they develop and publish international standards for pretty much everything. ISO 27001 is the international standard for information security management systems (ISMS). Who does ISO 27001 apply to? One might assume … [Read more...]

5 Ways to Keep Your Active Directory Clean

Malicious actors will often seek to leverage stale Active Directory objects in order to execute an attack. In order to keep your Active Directory clean and secure, it is crucially important that you know exactly who has access to what, how access was granted, and what they are doing with it. Having a clean AD will help to streamline the process of granting and revoking access permissions. It will … [Read more...]

What is Emotet Malware and How Do You Defend Against it?

Emotet is a form of banking malware that was first discovered in 2014. Like many other forms of malware, its main objective is to extract sensitive information from the victim’s computer. However, unlike other forms of malware, Emotet is able to evade most anti-virus products. Hewlett-Packard reported a 1200% increase in the number of attacks using the Emotet Trojan, supporting a surge in … [Read more...]

What Is Active Directory and How Does It Work?

Active Directory (AD) is a directory service that runs on Microsoft Windows Server. The main function of AD is to enable administrators to manage permissions and control access to network resources. In AD, data is stored as objects, which include users, groups, applications and devices, and these objects are categorized according to their name and attributes. Domain Services (AD DS) are a core … [Read more...]

Why Complexity is the Biggest Enemy of Data Security

One thing about us IT folk is that we have a tendency to over-complicate everything. However, when it comes to data security, there isn’t much we can do about it. IT environments are not only growing in size, but they are becoming increasingly more complex, distributed and dynamic. Most modern IT environments consists of a large number of different users, applications and devices; with data … [Read more...]

What is the Cyber Kill Chain? Examples and how it Works

The Cyber Kill Chain was developed by Lockheed Martin as a framework to help organizations understand the process of cyber attacks. If you understand every point in the chain of events of a cyber-attack you can focus your efforts on breaking that chain and mitigating the damages. Many organizations have taken their own approach to defining the correct Cyber Kill Chain, with varying degrees of … [Read more...]

How Much Will a Data Breach Cost You and Can You Reduce It?

According to recent Trends in Cybersecurity Breach Disclosures report, the average cost of a data breach for a publicly traded company is $116 million. However, it’s worth bearing in mind that this figure will be skewed by the largest cases. The report is based on 639 cyber-security breaches that took place since 2011, and includes some of the largest breaches we’ve seen to date, which … [Read more...]