dcsimg

Configure ‘Break Glass’ Emergency Access for Azure Active Directory

In cloud computing generally and in Microsoft Azure specifically, the shared responsibility model means that both Microsoft and you (the customer) have a role to play in ensuring service high availability. … [Read more...]

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his time as Vice President and Principal … [Read more...]

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named after the Greek god of fear. Phobos is … [Read more...]

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to remember 27 different passwords for … [Read more...]

Why Balancing Access Controls for Managed File Transfer Matters

If you're using secure file transfer tools, chances are you're security conscious. Maybe you're working in a highly-regulated industry, or perhaps you don't want your company on the front page of the newspaper for getting hacked. Whatever the case, if you're securing file transfers, that means you should lock down access to your secure file transfer tool as tightly as possible, right? Maybe not. … [Read more...]

Why Your Encryption is Only as Good as Your (Multi-Factor) Authentication

Username and password may be the de-facto means of authentication for many organizations, but they can easily be the weakest link in security controls. In this article, we’ll detail why Multi-Factor Authentication (MFA) should be paired with encryption for top-level security. … [Read more...]

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]

The many faces of omnichannel fraud

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential clients, anticipate their needs, and fully tailor their business strategies around making the user shopping … [Read more...]