Author Archives: Terry Kurzynski

VULNERABILITY N+1

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the Top 40 […]

Simple Ways to Prevent Multi-Million Dollar Losses from BEC

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR In February of 2016, Fischer Advanced Composite Components (FACC), an Austrian aerospace parts maker servicing customers such as Airbus and Boing, fired its CEO of 17 years. The driving factor in the dismissal was the company’s reported income loss of 23.4 million euros during the encompassing fiscal […]

BEC Phishing is a Bigger Threat than Ransomware

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR Ransomware stole a lot of headlines in 2016 as organizations across the world fell victim to it. From hospitals to city transit systems, the infectious malware invaded enterprises, encrypting files and generally wreaking havoc. For most of those afflicted, ransomware translated into lost productivity and gallant efforts […]

11 Insights into Cyber Insurance and How It Concerns Your Business

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR There’s digital gold in your data storage units, computers, networks, and clouds. There is also a large portion of your reputational capital, liability of multiple kinds, and quite possibly the economic viability of your enterprise. With all this at stake, protection against IT incidents and accidents is […]

2016 PROVED A DARK YEAR FOR CYBER ATTACKS ON HEALTHCARE ORGANIZATIONS

The famous American criminal Willie Sutton was asked once why he robbed banks, to which he is reported to have answered, “Because that’s where the money is”. In similar fashion, cybercriminals such as a hacker group that calls itself “TheDarkOverLord” could be asked why they continued to breach a series of healthcare organizations throughout 2016. […]

RECOGNIZING THE THREAT FROM WITHIN

Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious threat.

SIX THINGS TECH START-UPS CAN DO TO IMPROVE THEIR SECURITY POSTURE

Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The Internet of Things (IOT) and Cloud Computing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comes increased security risks that many entrepreneurs, start-ups, and venture capitalists need to be aware of […]