As the cloud continues to gain momentum, companies worldwide are increasing their spending towards the IT sector. Traditional IT systems are declining as modern digital technologies like AI and virtual reality are proving to be strong business driving forces. Indeed, the IT sector is being dominated by emerging cloud infrastructure, AI, VR,...

Canada is in the final stages of enacting legislation that will require all companies to report data breaches to the federal government. The Canadian government first passed the legislation back in 2015 as part of the Digital Privacy Act. Due to the need for "related regulations outlining specific requirements," government officials gave industry...

New media, it would appear, now outpaces the old. More data is consumed and processed than at any time before in human history. But as we hasten into a world where the immediate is often favoured over the verified, the attention-grabbing over the considered, and the assumed over the researched in terms of how we both receive and disseminate...

If you've got an email account or social media profile, it's likely you've come across phishing of some kind before. In a sentence, phishing is the fraudulent attempt to steal personal information by social engineering: the act of criminal deception. Verizon's latest Data Breach Investigations Report notes that "social engineering remains worryingly...

In the United States, there is a basic rule of thumb that at some point after a block of metal undergoes a certain amount of manufacturing, it becomes a rifle. When approximately 80 percent of the manufacturing is complete, the metal is not a weapon; at 81 percent, it is. A weapon is dangerous; it is often regulated, and more often than not, it has...

Today, there are many factors that prevent businesses from effectively assessing and mitigating digital security risk. One contributor to The State of Security kicked off 2017 by discussing four of these causes. I won't spoil the article for you. I will say, however, that data access and asset control feature heavily in the post. That's only to be...

A Configuration Management Database (CMDB) is a repository that is an authoritative source of information of what assets are on the corporate network. At least, that’s what it’s supposed to be. However, in many of my recent discussions, the more common definition given for CMDB is “a struggle.” Does that sound familiar? If so, keep reading. If not,...

Since cloud technology first appeared on the scene, companies have been battling with the concept of cloud security. The reality is that the cloud presents you with three unique challenges from a security perspective. 1. You need to think differently It may sound obvious, but the cloud is different from a physical data centre. When IT departments...

Much of my time spent working is focused on performing technology assessments against some kind of baseline. Most of the time, these are specific government or industry standards like HIPAA, NIST, ISO and PCI. But when some of my clients reach out to me about evaluating their environment in light of these standards, it’s often done out of a feeling...

We all know that ransomware is a growing problem for businesses and home users alike, and that most of it is targeted against Windows users. And we're also familiar with warnings to avoid downloading Android apps from third-party marketplaces rather than officially-sanctioned ones such as the Google Play marketplace. But infosecurity is not a world...

Since 2004, merchant companies that handle branded credit cards have worked to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). These regulations, which consist of six fundamental control objectives and 12 core requirements, aim to protect payment card data for customers. They also help card issuers and banks limit...

Some digital threats are more serious than others but when it comes to unpatched software, nothing's worse than an exploit kit. These software packages come preprogrammed with the ability to exploit active security issues on vulnerable computers. If they find one such hole agape, they'll use their exploit code to download ransomware and other baddies...

Another year has gone by...but "123456" still remains the most common password employed by users to protect their web accounts. On 13 January, password manager and digital vault developer Keeper Security broke the somber news in a blog post: "Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads. Nearly 17 percent...

Scammers are using fake Amazon payment sites to steal money from customers lured in by unbeatable deals. Comparitech, a website which offers consumer advice on topics relating to technology and information security, recently investigated one such fraudster. The fake seller goes by the name Sc-Elegance. They have a reputation for selling expensive...

** UPDATED 2018 Blog Here: The Top 17 Information Security Conferences of 2018 ** 2017 is finally here. You know what that means: another information security conference season is upon us. We couldn't be more excited! Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security...

It's 2017, which means we're less than a year and a half out from the EU General Data Protection Regulation (GDPR) taking full effect. The European Commission has a lot to do in the meantime. One of its most pressing objectives is to adapt the current rules, which are enshrined in European Union's ePrivacy Directive, to the GDPR and thereby help...

Purple Teaming is gaining a lot of movement and popularity. Before delving deeper into some top tips for exercises, I thought I would re-iterate that “Purple Team” is essentially a buzzword for getting the most out of a pentest / red team exercise. There’s nothing complicated about it. Yes, it is a buzzword, but one that instantly helps everyone to...

There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn...

Researchers believe the BlackEnergy group launched malware attacks against the Ukrainian financial sector in the second half of 2016. ESET malware researcher Anton Cherepanov says the malware attacks started off with spear-phishing emails. Attached to the messages were Microsoft Excel documents containing malicious macros as an initial infection...

IT professionals are instrumental to strengthening an organization's digital security. They must fulfill a variety of duties to work towards that end. One of their most important responsibilities is helping their company detect and respond to data breaches. But there's a problem. Most information security personnel are overconfident in their...