Effectively acting as an invisible shield, the inner workings of IoT security are often taken for granted. However, we can focus and shine a light on the protocols and practices that provide the foundation of IoT security to help others see how these efficiently operate behind the scenes to protect complex networks of interconnected devices.We will consider everything from everyday smart home...

One of the most challenging aspects of working in cybersecurity can be the deceptively simple act of finding the best job that suits your skillset and best fits the employer's expectations. Whether it is an entry-level position, a lateral move, or a career advancement, there is more to finding a rewarding position than just relying on the heavily publicized skills shortage.Wouldn't it work to your...

There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but when one looks at the actual implementation, the data shows that there's still a long way to go.According to one recent report, only 21%...

Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is remarkably unpredictable compared to long-established insurance policies such as those for housing or health.Typically, when cybercrime – or, more...

Cybercrime is a major concern for individuals, businesses, and governments alike. As technology advances, so do the tactics and sophistication of those who seek to exploit it for nefarious purposes. Data shows that, on average, a cyber attack occurs every 39 seconds, affecting one in three Americans annually.Recognizing the human element behind these cyber threats is crucial in combating them...

The demand for robust security, transparency, and accountability is at an all-time high, and many businesses are relying on managed service providers (MSPs) to manage their IT infrastructure, ensure data security, or provide seamless operational support. Concurrently, MSPs must continuously innovate and differentiate their offerings to meet the growing needs of businesses.The wide range of MSPs...

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing businesses sector-wide, the importance of cyber hygiene cannot be overstated.Cyber threats are evolving and growing in sophistication with...

IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure...

In the second quarter of 2024, UK businesses faced cyber-attacks every 44 seconds, highlighting the persistent nature of cyber threats and the critical need for robust cybersecurity protocols. This frequency of attacks shines the spotlight on the ongoing challenge UK businesses face in protecting their digital assets. It also stresses the importance of implementing comprehensive security measures...

It has been only one year and nine months since OpenAI made ChatGPT available to the public, and it has already had a massive impact on our lives. While AI will undoubtedly reshape our world, the exact nature of this revolution is still unfolding. With little to no experience, security administrators can use ChatGPT to rapidly create Powershell scripts. Tools like Grammarly or Jarvis can turn...

What Is Authentication?Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems.There are several methods of authentication, including knowledge-based factors (something you know, like a password), possession-based factors (something you have...

NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...

An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs.The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States...

The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...

Social engineering is a dangerous weapon many cybercriminals use to achieve their nefarious goals. It leverages psychological manipulation to deceive individuals into divulging confidential or personal information. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering targets human vulnerabilities.Here are the most common types of social engineering...

Many people don’t realize that scams are complicated events orchestrated by scammers, which often include myriad persuasive techniques and take advantage of our individual characteristics and circumstances.While each scam varies in complexity, they typically progress through three broad stages, each influenced by factors that either heighten or diminish our vulnerability to becoming victims. Dove ...

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.Tyler examines the CIS...

According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news.However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent BEC heist just two days after being told about it.As Interpol describes, police were contacted...

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below...