Author Archives: Terry Kurzynski
VULNERABILITY N+1
VULNERABILITY N+1. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists. That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).” The love of lists is rooted deeply in our culture. We loved the […]
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR It was 23 years ago that the first Nigerian phishing attacks appeared in the inboxes of users across the world. Known today as the Nigerian 419 scams, these emails of deceit were cleverly crafted around […]
Simple Ways to Prevent Multi-Million Dollar Losses from BEC
AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR In February of 2016, Fischer Advanced Composite Components (FACC), an Austrian aerospace parts maker servicing customers such as Airbus and Boing, fired its CEO of 17 years. The driving factor in the dismissal was the company’s reported income loss of 23.4 million euros during the encompassing fiscal […]
BEC Phishing is a Bigger Threat than Ransomware
BEC Phishing is a Bigger Threat than Ransomware. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR Ransomware stole a lot of headlines in 2016 as organizations across the world fell victim to it. From hospitals to city transit systems, the infectious malware invaded enterprises, encrypting files and generally wreaking havoc. For most of those afflicted, ransomware […]
11 Insights into Cyber Insurance and How It Concerns Your Business
AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR There’s digital gold in your data storage units, computers, networks, and clouds. There is also a large portion of your reputational capital, liability of multiple kinds, and quite possibly the economic viability of your enterprise. With all this at stake, protection against IT incidents and accidents is […]
2016 PROVED A DARK YEAR FOR CYBER ATTACKS ON HEALTHCARE ORGANIZATIONS
A DARK YEAR FOR CYBER ATTACKS ON HEALTHCARE ORGANIZATIONS. The famous American criminal Willie Sutton was asked once why he robbed banks, to which he is reported to have answered, “Because that’s where the money is”. In similar fashion, cyber criminals such as a hacker group that calls itself “TheDarkOverLord” could be asked why they […]
IoT DEVICES MAKE IDEAL SOLDIERS FOR CYBER CRIMINALS
We all remember gazing in wonder at the armies of elite empirical storm troopers as they collectively marched into battle to subdue the rebel forces in those early Star Wars movies. Many of us recall the machines spotlighted in the Terminator series which led the battle against the humans. Science fiction is good at conjuring […]
RECOGNIZING THE THREAT FROM WITHIN
Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious cyber […]
SIX THINGS TECH START-UPS CAN DO TO IMPROVE THEIR SECURITY POSTURE
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The Internet of Things (IOT) and Cloud Computing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comes increased security risks that many entrepreneurs, start-ups, and venture capitalists need to be aware of […]