Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift. Attackers...

The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2. “A perfect storm” As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly emerging technologies,...

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an...

Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has been a prime target for threat actors to gain unauthorized access to sensitive data...

Winter is coming In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS) to Platform as a...

What Is Secure Access Control? Secure access control, part of the broader field of user management, is a key concept in the realm of information security, particularly in the business environment. It refers to the process of selectively restricting and allowing access to a place or resource. In the context of information technology, it is a vital...

The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner, the market for public cloud services is expected to surpass 700 billion USD by the end of 2024. The growth of cloud technologies presents a wealth of new opportunities for IT teams...

A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial services are fairly obvious –...

Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE), we...

There are countless tools and technologies available to help an organization stay on top of its IT assets, and a configuration management database (CMDB) is an extremely useful one. The database keeps track of relevant information regarding various hardware and software components and the relationships between them. It allows IT teams to have an...

Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping network topologies, and...

Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters security will necessarily put...

A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations, and...

On August 10th, the Pentagon introduced "Task Force Lima," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for...

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience.  Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about...

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of the...