Defeating Ransomware

Well, it seems the bad guys have won another one with the recent 75 bitcoin ransom payout to unlock the Colonial Pipeline. And despite early indications with the shutdown that other methods would be taken to restore service, it seems that sometimes crime does actually pay. This beg the question of if there are best practices, we should be implementing to take stronger steps towards prevention?

BLOG May 31

How Can Security Assessments Help Your Business

Security should not be a taboo subject for the average business owner, especially when it comes to your information assets. Given that we most live in a knowledge-based economy and every organization relies to some degree on the IT infrastructure, it stands to reason that even a small breach could have catastrophic consequences. So, what should the average business do to protect itself?

BLOG May 24

Software Solution Provider Security Assessments Revisited

Software solution providers have pervasive and stringent access control requirements, but all too often legacy applications haven’t been keeping up with the latest security best practices and this is now opening new vulnerabilities that may be exploited by industrious cyber criminals.

BLOG May 10

The Role Of Security Assessments In Your Red Team Strategy

The “battle” for the security of your digital assets is an ongoing effort to stay ahead of cyber criminals, hackers and assorted bad actors. The concepts of “battle” or “military incursion” also give rise to adopting techniques across industry boundaries. Specifically, the concept of war-gaming the security infrastructure through Red Teams.

BLOG May 03

Payment Solutions Security Assessments Revisited

Retail commerce is the backbone of our economy so it should come as no surprise that cyberthreats are often directed to payment systems and payment solution providers. This brings us to a discussion on the PCI Standard which is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud so assessing compliance and potential vulnerabilities has become a defacto requirement.

BLOG Apr 26

Compliance Isn't A Dirty Word

If you are old enough to remember George Carlin’s comedy sketch on the 7 words you can’t say on TV, then you are probably scratching your head at how far we have come on what is considered a dirty word and what is now commonly accepted. If you are a CISO then there are probably a few other words you would like to add to that list with “compliance” being at the top.

BLOG Apr 05

5 Considerations To Improve Your Cyber Security Risk Managment

Every Chief Information Security Officer (CISO) as well at IT Security professional understands that job one is cyber security risk mitigation. No one individual or even entire pool of company resources can ever guarantee complete protection from cyber-attacks so the best you can strive for is an idealized version risk mitigation. But that starts requires starting with an understanding of the current and ever-changing risks matched to the current and ever-improving security best practices for secure software development life cycles.

BLOG Feb 22

The Top Mobile App Security Issues in 2020 And How To Avoid Them In 2021

The latest mobile statistics shouldn’t be surprising but they are with over 130 billion app downloads in 2020 alone; the mind still reels at the magnitude. It seems that with the shelter in place requirements imposed by the pandemic in 2020, the population moved to mobile apps to fill in the time.

BLOG Feb 15

What Is A Security Assessment And How Does It Work

Most IT security professionals implicitly understand the concept of a security assessment, but some still misunderstand the nuances of effectively assessing and remediating issues across their entire on-premise and cloud-based infrastructure. Sometimes it helps to take a step back and review the basics in order to ensure nothing is left to chance. What you will need is the right tools to accomplish the task of seeing below the surface of the code, and no, you won’t need a high-powered microscope to complete your assessments.

BLOG Feb 01

How To Stay Proactive With Your Application Security Assessments In 2021

Applications are the heart of employee and user productivity. There are now literally billions of applications each with a specific function and value. Unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to your critical IT infrastructure and information assets. So, it stands to reason that proactive application security assessments will help ensure your 2021 goes breach-free.

BLOG Jan 11