Resources

Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies...
Blog

How to achieve and maintain data compliance in 2023

The Compliance Landscape Only those hiding from the news, prospects, and customers can miss the data security and privacy challenges that are occurring. More businesses are relying on data analytics (garnered from data collection) for more and improved service and product offerings. More individuals want data privacy and security. More nations...
Blog

Cybersecurity Is Necessary for Mission-Critical Energy Grids

Today’s energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift in the energy industry. The Industrial Internet of Things (IIoT) is...
Blog

The Role of Data Hygiene in the Security of the Energy Industry

We create massive amounts of data daily, from the exercise stats compiled by our wearable devices to smart meters used at our homes to reduce expense consumption to maintenance statistics of critical systems in industrial settings. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be...
Blog

Tripwire Patch Priority Index for January 2023

Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe...
Blog

How to Advance ICS Cybersecurity: Implement Continuous Monitoring

Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS)...
Blog

Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank

UK banking group TSB is calling on social networks and dating apps to better protect their users from fake profiles, following an alarming spike in romance fraud. Examining data from December 2020 - January 2022, TSB determined that romance fraud almost doubled compared to pre-pandemic levels, with a record increase in losses of 91% - averaging £6...
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood....
Blog

​​Key Insights From the Guide to Cybersecurity Trends and Predictions for 2022-23

The cybersecurity landscape has become something of a battle royale: companies and cyber criminals are continually trying to outsmart one another in an effort to be the last one standing. Thankfully, many businesses are seeking a proactive approach, aiming to avoid the proverbial egg on their face when it comes to cybersecurity breaches. Learning...
Blog

Network Security Threats and Defenses: A 2023 Guide

What Is Network Security? Network security is a broad field, encompassing various processes, policies, rules, standards, frameworks, software, and hardware solutions. Its primary goal is to protect a network and its data from various threats, including intrusions and breaches. A network security program typically utilizes a combination of access...
Blog

Data Privacy Day: Understanding the Risks of Social Media

For most people, January 28th is the 28th day of the year. For me, January 28th is more commonly known as “the day before my wife’s birthday.” For those who pay attention to history, they may know it as the day of Charlemagne’s death, Edward VI’s ascension to the throne, the founding of Northwestern University, the birth of the US Coast Guard, the...
Blog

ShinyHunters suspect extradited to United States from Morocco, could face 116 years in jail if convicted

A 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison. Sebastien Raoult, a French national, was arrested at Rabat international airport in Morocco on May 31 2022, while trying to take a flight to...
Blog

The Intersection of Artificial Intelligence and Environmental, Social, and Governance Concerns

The release of ChatGPT last November transformed public awareness, perception, and discourse about Artificial Intelligence (AI). Prior to the release, AI has long existed in now familiar technologies, devices, and processes. Perhaps one of the most common uses of AI is the Google search engine. Search engines rely on AI to scan the internet to...
Blog

The prevalence of RCE exploits and what you should know about RCEs

Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat...
Blog

3 Learnings from the DoDIIS Conference

The annual Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference took place on December 12 – 15 in San Antonio, Texas. If you are unfamiliar with the DoDIIS, it is presented by the Defense Intelligence Agency (DIA), and it brings together experts from multiple governmental, academic, and industry organizations to...
Blog

AI-generated phishing attacks are becoming more convincing

It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how...
Blog

The Heightened Importance of Cybersecurity in Mobile App Development

Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that...
Blog

C-Suite Security: How IT Teams Improve Security Culture

Every person in an organisation has the potential to enhance security. Physical office barriers were removed during the pandemic, exposing companies to countless vulnerabilities as attack avenues have multiplied. However, this does not mean that all was lost. What it signals is the importance of promoting a culture of security across the entire...
Blog

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are...
Blog

Is a Shift Left Approach Hurting Software and Supply Chain Security?

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software...