Image Zero trust is a security approach which replaces the traditional network edge.  Since network resources can be anywhere – on-premises, in the cloud, or a hybrid of both – zero trust is built towards an identity-centric approach.  This places people and resources at the heart of the security architecture. What is a zero-trust...

Image The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty...

Image UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts. 200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks. Scammers paid a...

Image It would be nice to imagine that when cyber criminals look for their next target, they ignore the small- and medium-sized businesses (SMBs) that simply can’t afford an attack. Unfortunately, that’s not the case. In fact, 43% of cyber attacks are directed at SMBs. Today, a massive 80% of North American SMBs are at risk of a...

Image As we approach the holiday season, we wanted to focus this month’s post on you (and your family). Bad guys don’t just wait until the holidays to start causing havoc, they also relentlessly target all of us all throughout the year. Judging by our perseverance, nothing is going to keep us from a good holiday deal, and attackers...

Image Tripwire's September 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 20 issues such as user-after-free, insufficient policy enforcement, out-of-bounds...

Image Every single blog you read on cybersecurity has at least one mention of the Zero Trust approach to cybersecurity (even this one 😊). Alas, don’t consider that Zero Trust is yet another hyped word that will soon vanish into thin air. Zero Trust, originally dubbed more than a decade ago, came up as a necessity to defend systems,...

Image Technology has expanded the avenues bad actors use to steal identities and sensitive data. However, digital tools are also giving users innovative countermeasures to protect themselves. Here are seven tactics anyone can use to help prevent identity theft. 1. Leverage Multifactor Authentication Strong passwords have always...

Image Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find...

Image Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one...

Image Every security framework recommends that an organization has a cybersecurity training program for all employees, but few give much guidance about what the program should contain.  What do you train them on?  What actually works?  Other than checking a box on the compliance forms, are these programs useful? Why Have a...

Image Do you know what “fangxiao” means in simplified Chinese? Before you Google it, let me tell you that it stands for “imitate” and this is exactly what Fangxiao phishing campaign actors try to do – imitate and exploit the reputation of international, trusted brands by promising financial or physical incentives to trick victims into...

Image In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry...

Image PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and...

Image Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of...

Image The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving...

Image Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA)...

Image Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized?  The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing...

Image Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by...

Image As the healthcare industry becomes more digitally inclined, there’s a need for systems to be put in place to avoid breaches in the security of data records. Most healthcare organizations are already embracing the DevOps (Development and Operations) model, but unfortunately, security seems to be neglected, resulting in data...