According to a study at the University of Maryland (Security Magazine) in 2022, a cyber attack occurs every 39 seconds. With the exponential growth of the threat landscape, cybersecurity cannot be a part-time job. It is certainly not a side hustle. Whether you are a global corporate giant or a local SMB, cybersecurity is not…

When the telephone was first marketed, many predicted it to be a failure as it was assumed that people wouldn’t want to give others a way to bypass their front door and invade the privacy of their home. Despite the plethora of time-saving appliances and gadgets introduced and acquired over the years; people still complain…

Despite the stormy weather, Cybertech TLV 2023 drew in cybersecurity experts and leaders from around the world, gathering in Tel Aviv to share ideas, present solutions, discuss current and future trends, and provide valuable insights into the challenges and opportunities facing the industry. What came as no surprise was the main issue of combating the…

We all neglect things we know we shouldn’t, like a yearly physical with a healthcare provider. When the time rolls around, you tell yourself you’ll make an appointment when you’re less busy, that you feel fine so there’s no need, or concoct another story that lets you put off what you know you shouldn’t. While…

The cloud has become a hot destination in recent years. It’s what helped launch the paradigm of digital transformation that has changed how business is conducted. It has changed the role of IT, pushing IT teams to evolve and develop new skill sets and strategies. The cloud has allowed companies to achieve greater scalability, agility,…

For a CEO, CISO, or a security professional, nothing instigates a wave of panic like receiving a dreaded message such as “Your files have been encrypted” with a link that reveals a ransom demand. However, sometimes what is most feared – the ransom demand – is not the financial punch that hurts the most. Often,…

Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

Background Earlier this month, Colonial Pipeline — the largest pipeline system for refined oil production in the U.S. — suffered a ransomware attack that resulted in the closure of one of the largest U.S. pipelines. As a result of the attack, the pipeline operator was forced to temporarily halt all pipeline operations resulting in massive…

Life is never dull for cybersecurity teams, but we’ve seen an increase in two types of threat vectors during the first half of 2021. Reports of the recent Codecov Bash Uploaded security breach is an example of a supply chain attack, while common vulnerabilities and exposures (CVE) have shown up in increased frequency at Apple,…

You’ve probably already heard about the Zerologon vulnerability (aka CVE-2020-1472) but in case you haven’t, here is what it is in a nutshell; and more importantly here are our insights on how to detect it. Zerologon is a critical vulnerability scored CVSS10.0 by Microsoft, essentially allowing an adversary to exploit the Netlogon Remote Protocol (MS-NRPC) aimed at…

Military strategy is about knowing where an opponent’s weak points are and how to take advantage of them. It is the same concept for cyberattacks. External threat actors don’t bide their time chipping away at strong defenses.  Instead, they exploit known vulnerabilities such as unpatched operating systems. A single unpatched OS can be the entry…

In our last Common Entry Points post, we discussed how ITaaS can be a major weak link, providing bad actors entry into an infrastructure. Another common but often overlooked entry point for attackers is a business’s virtual private network (VPN). Work from home and bring your own device (BYOD) policies have led to expanded attack…

Assessing the weak links in your company network is an important part of cybersecurity. The people that sit behind the computer keyboards make up some of the weakest links, as there are always a small minority of users that will click on just about anything embedded or attached in an email despite being warned about…

According to SonicWall’s 2022 Cyber Threat Report, nearly every category of cyberattack has increased in volume last year. The numbers point to an undeniable conclusion. SMB networks are under siege. In fact, let’s call it what it is. It’s a war out there. And while cyberattacks may not consist of traditional armies on the field…

As Bob Dylan so eloquently said in his classic song from the 1960s, “Times they are a-changin,” sixty years later they still are. Modern society has grown accustomed to change. It’s the pace of it that can cause you to catch your breath at times.  Just as the bulk of rock and country music is…

Different organizations and companies will define the stages within the lifecycle of a cyber security event a little differently. The National Institute of Standards and Technology (NIST) follows a four-step process of preparation, detection & analysis, containment, eradication & recovery, and post-incident activity. The International Organization for Standardization (ISO) quantifies the process with five stages: prepare, identify, assess, respond…