8 Things to Help Make This Year’s Penetration Testing a Success
8 Things to Help Make This Year’s Penetration Testing a Success – From a macro point of view, 2017 was a rough year when it comes to cyber security. As spring turned into summer last year, we watched the WannaCry and NotPetya malware viruses implement global infestation, creating lost productivity that negatively affected both quarterly earnings and stock prices, (more…)
VULNERABILITY N+1
As Americans, we love lists. That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).” The love of lists is rooted deeply in our culture. We loved the Top 40 countdown for generations when it came to the hottest songs on the radio. Every New Year’s Eve we (more…)
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations
AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR
It was 23 years ago that the first Nigerian phishing attacks appeared in the inboxes of users across the world. Known today as the Nigerian 419 scams, these emails of deceit were (more…)
Simple Ways to Prevent Multi-Million Dollar Losses from BEC
In February of 2016, Fischer Advanced Composite Components (FACC), an Austrian aerospace parts maker servicing customers such as Airbus and Boeing, fired its CEO of 17 years. The driving factor in the dismissal was the company’s reported income loss of 23.4 million euros during the encompassing fiscal year. As a comparison, the company had reported a loss of 4.5 million euros (more…)
EMPLOYEE SOCIAL MEDIA ACCOUNTS MAKING YOUR NETWORK VULNERABLE?
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your (more…)
Proven Ways to Combat Ransomware
Proven Ways to Combat Ransomware. Ransomware stole a lot of headlines in 2016 and rightfully so. Every type of organization was afflicted by its intrusion this past year, even healthcare. With revenues of over $18 million dollars in 2015, it’s a safe bet that Ransomware isn’t going anywhere in 2017. That’s because it is highly profitable and thanks to the new prepackaged multi-level (more…)
RECOGNIZING THE THREAT FROM WITHIN
Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and (more…)
REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a (more…)
INCIDENT RESPONSE: KNOWING YOUR OBLIGATIONS IN THE EVENT OF A SECURITY BREACH
Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan (IRP). Who do (more…)
HOW TO CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE
CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE.
Attackers have figured out how to crack even what you and I think are the toughest passwords. HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being (more…)