Blog

Regardless of your organization’s security posture, a NIST cyber risk assessment can add immense value to your business. The National Institute of Standards and Technology, or more commonly known as NIST, is a non-regulatory federal agency that develops standards for a plethora of commonly relied on services and products.

Security awareness increasing, but numbers show employees are still not listening

Wondering what to expect as you go through your first SOC 2 Audit?  This post covers each step of the process.  At every step, keep in mind that the entire goal of the SOC 2 audit is to measure how well your organization handles its business processes, users, data (proprietary, customer, etc.). A SOC 2 security audit can help your company demonstrate it has applied the best control mechanism to assure security, availability, processing integrity, confidentiality, and privacy of client data. This then generates trust and confidence from inquiring vendors and prospective customers.

It is no secret that many protests have erupted after the death last month of George Floyd. However, a lesser-known fact is that a significant amount of online protesting has also emerged. This blog aims to focus on how protestors and various social organizations are using hacking as a vehicle to accomplish their objectives. The term ‘hacktivist” is used to describe cyber threat actors who are politically motivated.

Whether or not companies want to admit it, every company is in the cybersecurity industry. This even applies to organizations like manufacturing who are not historically associated with technology. Unfortunately, in the age of digital transformation, many companies believe that simply allocating a couple of bucks to purchase “state of the art” security tools is enough to fend off threat actors. In an analysis conducted by the well respected FireEye Mandiant Security Validation team, it was uncovered that 53% of successful intrusions remain undetected despite having several security products. The research indicates that the majority of organizations need an overhaul of their cybersecurity strategy. In a previous article, we examined how the saturated vendor market has encouraged organizations to hastily purchase tools without really considering their organization’s specific need and thus, giving them a false sense of security. However, this blog seeks to expose why high ticketed solutions are unable to effectively detect and prevent the growing number of cyber-attacks.

In a global survey commissioned by Barracuda, a prominent security company, 46% of global businesses have encountered at least one cyber scare since adopting a remote workforce as a result of the stay at home orders from COVID-19. While the security scares vary in severity, they all present a diverse range of new risks, threats, and challenges for organizations. These elements are only expected to increase as cybercriminals seize the situation to make a profit or nation-states try to gather intel.

This past week the US National Surveillance Agency (NSA) joined up with Australian Signals Directorate (ASD) to issue an information packet on how to detect and mitigate web shell malware. Web shell malware is a type of malicious code that executes arbitrary instructions on a targeted web server. It is becoming such a large growing cybersecurity problem that government agencies like the NSA and ASD released a 17-page guidance on how to approach it.

A much-echoed rule in cybersecurity is that anything connected to the internet has the potential to be hacked. Despite office printers not looking like standard computers, they are no exception to this rule and still vulnerable to hacking. Last year a Russian hacker group infiltrated several organizations through unsecured printers. This resulted in silent spying and exfiltrating of company print jobs.