Your data could be on the dark web. The dark web is essentially a marketplace for cybercriminals. If your data has been compromised, the dark web is the place where it is traded. (more…)
CLOUD ENVIRONMENT: The Capital One incident is one of the largest data breaches of all time, involving 100 million credit card applications and 140,000 Social Security numbers; the bank’s stock price took an immediate hit as company executives and IT personnel began scrambling to implement the firm’s incident response plan. (more…)
In the past decade we have seen companies defined by how their leadership responded to a cybersecurity incident. The most prominent incident is a data breach, which is becoming a too common occurrence, involving billions of people. (more…)
By Erik Leach, CISSP, SCF
Imagine coming home and finding your house broken into and some of your belongings missing. As you totter from room to room, you would probably feel anger, frustrated, disturbed and a little overwhelmed. At a vulnerable moment such as that, it probably would not be the best time to engage in critical decision making that would most likely prove reactionary. This analogy can be applied to the instance of a data breach. (more…)
Two distinct vulnerabilities dubbed Meltdown and Spectre potentially affect almost every system1. In a world that is already saturated with cyberattacks and vulnerabilities, it is easy to succumb to cyber threat fatigue when discussing two new outbreaks. Even though there have been no confirmed reports of attacks that have taken advantage of these newly exposed vulnerabilities, they are highly concerning. That is because they involve the CPU, the fundamental building block of the internet, corporate networks and PCs. (more…)
By Steve Lawn, Senior Consultant
Staying ahead of security threats is no easy task. One threat that should definitely be on your radar is ransomware. From hospital heists to attacks on schools and other businesses, ransomware is costly and is projected to be one of the biggest threats in 2016. According to CNN, the FBI reported that it received 2,453 complaints about ransomware hold-ups last year, costing the victims more than $24 million dollars. And there’s little the FBI can do about it, and so victims pay. (more…)
By Todd Hacke
The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play?
While having a full incident response plan, a trained response team, and well-placed log repositories are optimal, in our experience many organizations are not well-prepared. (more…)
Author: Glenn A. Stout, Ph.D, PMP
Your organization just experienced a data security incident. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan. Who do you call? When should you call? What information needs to be reported? (more…)
The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber-attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are investing in a variety of technologies and techniques to mitigate these threats. Blocking, containing, obfuscating, authenticating, verifying, and filtering are all important control elements of network security. (more…)