dcsimg

When corporate communications look like a phish

Many organizations will spend significant sums of money on phishing training for employees. Taking the form of regular awareness training, or even simulated phishes to test employee awareness, this is a common practice at larger companies. However, even after training, a consistent baseline of employees will still click a malicious link from an unknown sender. Today, we’ll look at a … [Read more...]

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Making the case: How to get the board to invest in higher education cybersecurity

Security leaders in institutions of higher education face unique challenges, as they are charged with keeping data and the network secure, while also allowing for a culture of openness, sharing, and communication—all cornerstones of the academic community. And depending on the college or university, concerns such as tight budgets and staffing shortages can also make running a successful security … [Read more...]

Making the case: How to get the board to invest in government cybersecurity

Security leaders are no longer simply expected to design and implement a security strategy for their organization. As a key member of the business—and one that often sits in the C-suite—CISOs and security managers must demonstrate business acumen. In fact, Gartner estimates by 2020, 100 percent of large enterprise CISOs will be asked to report to their board of directors on cybersecurity and … [Read more...]

Enterprise incident response: getting ahead of the wave

Enterprise defenders have a tough job. In contrast to small businesses, large enterprise can have thousands of endpoints, legacy hardware from mergers and acquisitions, and legacy apps that are business critical and prevent timely patching. Add to that a deluge of indicators and metadata from the perimeter that may represent the early stages of a devastating attack—or may be nothing at all. So … [Read more...]

Vital infrastructure: Threats target financial institutions, fintech, and cryptocurrencies

With news of a malware attack on accounting firm Wolters Kluwer causing a “quiet panic” in the accounting world this week, our assertion that financial institutions—from banks to brokers—are part of the vital infrastructure of society has been solidified. According to its website, Wolters Kluwer provides software and services to all of the top 100 accounting firms in the United … [Read more...]

What to do when you discover a data breach?

Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which you already recognize as the one in use by the chief of the night shift. When you ask why you were … [Read more...]

Malware targeting industrial plants: a threat to physical security

We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider these other process-killing scenarios: Would ransomware bring a plant to a grinding halt? Could a botnet … [Read more...]

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical management apps pose a unique and more dangerous set of problems. Now add to vulnerabilities the issue … [Read more...]

Compromising vital infrastructure: water management

It’s probably unnecessary to explain why water management is considered part of our vital infrastructure, but it’s a wider field than you might expect—and almost every one of its components can be integral to our survival. We all need clean water to drink. As much as I like my coffee, I can’t make it with contaminated liquids. And the farmers that grow our coffee need water to irrigate … [Read more...]