Resources

30-ransomware-prevention-tips-bw
Blog
Blog

30 Ransomware Prevention Tips

By Tripwire Guest Authors on Tue, 04/11/2023
Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data . Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious actors employ ransomware to extort money (at least...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Guide
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Compliance
PCI DSS
Pylon and cables
Blog
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks , in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by the Government Accountability Office (GAO)...
Compliance
NIST
Industrial Control Systems
Healthcare Supply Chain Attacks Raise Cyber Security Alarm
Blog
Blog

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

Wed, 01/11/2023
The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are frequently impacting smaller companies. These numbers point...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
How to deal with cyberattacks this holiday season
Blog
Blog

How to deal with cyberattacks this holiday season

By Tripwire Guest Authors on Thu, 12/15/2022
The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Getting started with Zero Trust: What you need to consider
Blog
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency...
Cybersecurity
Compliance
NIST
Security Configuration Management
Privacy Updates in Q2 2022: Major Developments Across the Globe
Blog
Blog

Privacy Updates in Q3 2022: Major Developments Across the Globe

By Tripwire Guest Authors on Fri, 11/04/2022
The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the international community saw marked progress as well...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable
Blog
Blog

New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable

By Tripwire Guest Authors on Tue, 10/25/2022
If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive information that’s appealing to bad actors — and...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018 . The National Institute of...
Compliance
NIST
Industrial Control Systems
Place your budgets on the right cybersecurity for your business
Blog
Blog

Place your budgets on the right cybersecurity for your business

By Chris Hudson on Thu, 10/20/2022
As budgets start to tighten for countless businesses concerned about the potential financial winter that many are predicting, security teams across the world are reviewing where best to place their investment to ensure they get the best “bang for their buck”. With that in mind, now might be time to explore some key areas where I see organisations spending wisely to deliver great results on a...
Incident Detection & Investigation
Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Compliance

By David Bruce on Wed, 10/19/2022
What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In addition to managing changes to their...
Compliance
PCI DSS
File Integrity & Change Monitoring
Guide
Guide

Zero Trust and the Seven Tenets

Whether you are new to information security, or you’re a long-time practitioner, it seems that “zero trust” is the latest initiative at the top of everyone’s priority list. Special Publication 800-207, created by the National Institute of Standards and Technology (NIST) offers guidance for instituting a zero trust architecture. The document outlines the basic tenets that form the foundation of...
Incident Detection & Investigation
Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS
Blog
Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

By Tripwire Guest Authors on Wed, 08/31/2022
The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in 2022, it’s not surprising that businesses are...
Compliance
PCI DSS
A 5 Step Checklist for Complying with PCI DSS 4.0
Blog
Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

By Tripwire Guest Authors on Mon, 08/15/2022
In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements . Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online payments. At the same time, cybercriminals have...
Compliance
PCI DSS
Product Video
Product Video

AAA: Getting Roadside Assistance from Tripwire

Mon, 08/15/2022
Tim Masey, Director of Enterprise Information Security at AAA, shared his company’s PCI journey: beginning with a small implementation of Tripwire, then running into roadblocks by Management for the expansion of products, and eventually moving forward with the implementation of Tripwire’s policy driven dashboards, rules and tasks for over 500 servers.
Compliance
PCI DSS
Guide
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Compliance
PCI DSS
SOX
Guide
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Compliance
PCI DSS
Guide
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Compliance
PCI DSS