Resources

Blog

Understanding SOX Requirements for IT and Cybersecurity Auditors

The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s.Its primary aim is to enhance corporate transparency and accountability, ensuring...
Blog

Why Security Configuration Management (SCM) Matters

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing.In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which...
Blog

Defending Against Ransom DDoS Attacks

DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail.This evolutionary milestone stems from what's called Ransom DDoS ...
Blog

Preventing Breaches Using Indicators of Compromise

The story of cybersecurity involves bad actors and security professionals constantly trying to thwart each other, often using newer and more advanced measures in an attempt to outdo each other. In recent years, especially, cybercriminals have evolved to include sophisticated technology and advanced tactics in their attacks. With the increasing popularity of tools and practices like artificial...
Blog

Glimmer Of Good News On The Ransomware Front As Encryption Rates Plummet

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day. The 114-page Microsoft Digital Defense Report (MMDR) looks at...
Blog

The Importance of Layered Cybersecurity Solutions

The threat of cyberattacks is at an all-time high. In fact, research shows that worldwide cybercrime costs are anticipated to reach $10.5 trillion annually by 2025. Cybercriminals threaten all, as 43% of cyberattacks target small enterprises. The rise of these threats underscores the importance of a robust cyber defense strategy, and one key way to do that is through layered cybersecurity...
Blog

Five Challenges of National Information Assurance and How to Overcome Them

The National Information Assurance (NIA) Policy is a framework for offering organizations a foundation for information security management. It was designed and developed to aid organizations with the necessary steps to ensure information security, from assessing and classifying risk to choosing and implementing controls for mitigation.The NIA policy provides businesses with guidelines to support...
Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Blog

The Role of the NIST CSF in Cyber Resilience

Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place. The NIST Cybersecurity...
Blog

Are Your Containers Secure? Answer These 5 Questions and Find Out

What Is Container Security?Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of container images, securing the runtime environment, and managing vulnerabilities in...
Blog

Major Database Security Threats and How to Prevent Them

Human nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at high risk. From misconfiguration to credential theft, these repositories of sensitive information can be preyed upon by even the most nascent...
Blog

Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience

Privacy and convenience have always been at odds, especially regarding digital onboarding or online sign-ups. For modern organizations, striking a balance between the two has become increasingly important. At the same time, a recent report said 53% of customers suggest that they would give up their interaction with a brand if it took longer than two minutes, while as many as 87% expect basic...
Blog

The Relation Between Breaches and Stock Price Drops

When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall health and investor confidence—would plummet after a breach, but is this really the case?Do Stock Prices Fall After Data...
Blog

The Latest Email Scams: Key Trends to Look Out For

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid.It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and...
Blog

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture.However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF. This process can...
Blog

The Role of Zero Trust Architecture in Enhancing SSO Security

Securing virtual identities and entry points has become a critical priority as cyber threats grow more sophisticated. A Single Sign-On (SSO) system offers ease and allows multi-functionality with a single set of identity verification, but they are enticing targets for cyber attackers. Organizations need Zero Trust Architecture to alleviate this risk. Zero Trust Architecture (ZTA) is a protection...
Blog

This Senate Bill Could Improve Voting Machine Security

The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as "death threats against county clerks, polling-place violence, and AI-fueled disinformation," the protection of voting machine security is still a pressing concern.Securing electronic voting infrastructure...
Blog

SOX Compliance in the Age of Cyber Threats

Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which those organizations can only achieve through robust cybersecurity measures. As such, an effective...
Blog

Let's Dance: Securing Access with PIM and PAM to Prevent Breaches

I know when to log outKnow when to log inGet things done In the spirit of David Bowie, let's explore how to navigate the labyrinth of privileged access management without getting "Under Pressure."No one wants to mistype a common command, copy their proprietary data to a public location, or delete their operating system. Having multiple accounts—one for regular activities and specific privileged...
Blog

The Power of Tripwire Enterprise SCM Policies

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast, this article deals more with “how can we fully leverage this capability” technically instead of “why” we use them...