Featured content

Cybersecurity is a day-to-day operation for many businesses, but it’s not a small task to stay on top of what’s been going on over the past year or so.

Thomas Redman, aka the Data Doc, hit the nail on the head when he said "Where there is data smoke, there is business fire." As data is now the most important asset of most organizations, data breaches, mishandling, or loss can and will cause significant disruption across many areas of operations. And to mitigate these risks, you’ll need to implement Data Lifecycle Management (DLM).

When most people think of the CIA, they picture suits and ties, espionage, and James Bond. But the CIA triad (which stands for confidentiality, integrity, and availability) protects organizations from a different type of danger. The CIA triad we’ll be discussing is a security model designed to guide an organization in establishing its security infrastructure. It consists of key principles and objectives for information security programs and strategy development.

Frustrated with the slow wifi speed in my hotel room — and irritated at the hard upsell to a “premium” tier speed — I took matters into my own hands and plugged my travel router directly into the hotel's unthrottled wired network. I didn’t actually expect this to work; surely an international hospitality chain would have some sort of basic network access control (NAC) in place. But my instantaneous speed upgrade suggested two things: 1) I was successful in my quest, and 2) this hotel group might need to work on network security.

Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid. The first use of ransomware dates back to 1989, when floppy disks were high-tech and the price of the ransom was a mere $189.

Companies today rely on dozens to hundreds of software-as-a-service (SaaS) applications for their workload, data, and processes. The lower costs, ease of use, scalability, and integration capabilities of SaaS apps offers an attractive alternative to on-premise solutions. But as with all cyber offerings, SaaS apps are susceptible to attacks and so the need for SaaS security posture management (SSPM) was born.

The passing of the Sarbanes-Oxley Act (SOX) in 2002 established rules to protect the public from fraudulent or predatory practices by corporations and other business entities. The act increased transparency in financial reporting by corporations, and established a system of internal corporate checks and balances.

Network administrators need to employ tools to protect their network and prevent malicious actors from gaining access. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are categories of tools commonly used for this purpose. It’s important to know the difference between them, which are best for certain types of organizations, and how to maximize their effectiveness.

DNS is known as one of the most fundamental and important protocols of the TCP\IP stack. We rely on DNS for the most basic online activities (like watching cat videos on Instagram).

It may seem counterintuitive to pay someone to tell you your shortcomings, but smart companies today are shelling out dollars and resources to do just that, in the form of red teaming. Red teaming is the practice of testing the security of an organization’s systems by emulating a malicious actor and hacking into secure systems or data. A red team can be an externally contracted group of penetration testers or a team within your own organization, designed to hack your system to prepare for a wide variety of cyberattacks and breach scenarios before they occur. If your organization has outstanding penetration testing tools and endpoint detection processes, for instance, red teams may try phishing or breaching physical access controls during a simulation.

Raise your hand if the question, “What are we doing to make sure we are not the next ransomware victim?” is all too familiar. If you’re a CISO, CIO, or IT director you’ve probably been asked that a lot lately by senior management. While it might be tempting to try out the latest one-trick-pony technical solution, truly protecting your organization and its data requires a broad, comprehensive approach. And there’s no better foundation for building a culture of protection than a good information security policy.

In an ever-changing cybersecurity environment, organizations must adapt their security tech stack in order to better secure themselves. As environments get more complicated, open XDR has emerged as an advanced detection and response tool companies should consider.