dcsimg

Least Privilege Uncovered

Organizations around the world are challenged by an ever-growing cyber threat landscape and are experiencing serious cyber fatigue. Their employees are dealing with constant information overload about cyber attacks, ransomware, identity theft and phishing scams. Employees are exposed to risky behavior For years, employees across all departments in most organizations have habitually practiced risky … [Read more...]

Back to the Basics: Service Account Management 101

Service accounts don’t have to be a nightmare. Get in control now.  Service accounts are typically used in operating systems to execute applications or run programs, either in the context of system accounts (high privileged accounts without any password) or a specific user account, usually created manually or during software installation.  On Unix and Linux they are often known as init or inetd, … [Read more...]

5 Spooky Privilege Security Mistakes that Will Haunt Your Organization

It’s a dark and stormy night. Suddenly your system locks up. Then you get a message, demanding online payment to release your sensitive data back to you. Unfortunately, this isn’t a Halloween prank. Ransomware is on the rise and organizations of all types are falling victim. Your risk of cyber-attack exponentially increases if you’ve made any of the mistakes below. The good news is that all these … [Read more...]

(SSH) Keys to Unix Security

Root accounts are the keys to powerful IT systems, the backbone of your entire infrastructure. They use privileged credentials to control shell access, file transfers, or batch jobs that communicate with other computers or apps, often accessed remotely, with local configuration. They can be the trickiest of all types of privileged accounts to secure, particularly if they are based on Unix or … [Read more...]

Ostriches, Zero Day Exploits, and the Elusive CyberSec Expert: Why SMBs Should Implement Cloud-Based PAM

Small and medium-sized businesses (SMBs) face a cyber security trifecta. Cyber criminals are increasingly targeting the most vulnerable businesses (not just the biggest fish). Sophisticated attackers quickly take advantage of newly revealed vulnerabilities. And, cyber security professionals are in short supply. Maybe SMBs aren’t aware that they can use the same types of security systems as larger … [Read more...]

Incident Response: Are You Breach-Ready?

It’s no longer rare to see cyber-attacks in the daily news. From ransomware to data breaches to DDoS (Distributed Denial of Service) attacks, the incident is usually attributed to either cyber criminals or nation states, and almost always comes from beyond our own country’s borders and laws. Because of this, we worry about clicking on a web page or opening an attachment in an email, never … [Read more...]

Back to the Basics: The problem with forcing regular password expiry

For many people and organizations around the world a single password is sometimes the only security control protecting their sensitive information, access to email and even their bank account. The traditional password best practice was to create a long, complex password that only you would know, and it protected one or two accounts; you likely used it to sign into Active Directory or email … [Read more...]

Privileged Account Management and Identity Access Management: Same Family, Different Strengths

From a cyber criminal’s point of view, obtaining privileged account information has the highest ROI of any attack strategy. A malicious actor with privileged account passwords in hand could infiltrate key databases and access highly sensitive data. To obtain this information, attackers use increasingly sophisticated tools and social engineering techniques which are extremely difficult for even the … [Read more...]

The EU GDPR is now in effect. What has happened so far?

Finally, the time has come. May 25th 2018 is now in the past, and the EU GDPR has come into effect after a two-year transition period. The earth is still rotating, the internet still kind of works. So what has happened, and have any lessons been learned yet? EU GDPR and Data Privacy Email SPAM MONTH Well firstly, we all lived through “spam month” as EU GDPR and Privacy updates poured into our … [Read more...]

The EU GDPR is now in effect. What has happened so far?

Finally, the time has come. May 25th 2018 is now in the past, and the EU GDPR has come into effect after a two-year transition period. The earth is still rotating, the internet still kind of works. So what has happened, and have any lessons been learned yet? EU GDPR and Data Privacy Email SPAM MONTH Well firstly, we all lived through “spam month” as EU GDPR and Privacy updates poured into our … [Read more...]