The risk of a data breach with significant financial consequences and damage to brand equity is the fear of most large publicly traded companies. But many smaller businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded and well...

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...

You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) has a twitter account that shares...

One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I...

Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component of this is trying to get as far as you can without alerting the defenders to what you’re doing....

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...

What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an...

Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by criminal and hostile state actors. The hard truth is that it is difficult to...

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event which...

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS...

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020. As relayed in the judgement, a Canadian insurance company...

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice,...

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions. In the case of one environment I went to, for...

With the 2010s now over, the infosec industry is now fully invested in 2020 and beyond. The 2020s will no doubt present their fair share of challenging digital security threats. But they will also enable security professionals to discuss shared difficulties at conferences and summits. To help promote these collaborative events, we at The State of...

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support service could not help. They advised my friend to report this incident to the police. The money transfers were...

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it's no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization...

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...