The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. If your business handles data on EU residents then you must abide by the GDPR regulation.
The Information Commissioner’s Office (ICO) has released a checklist to help organizations prepare for the GDPR:read more
According to HIPAA, all covered entities and their business associates are required provide notification following a breach of unsecured protected health information. According to the report that lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights, the top two types of attacks are hacking at 32.6 percent and unauthorized access at 21.3 percent.read more
Prevention is possible with the right people, processes, and technology. Your security stack is swamping you in alerts, it’s time to think beyond today’s security approach and get out of the endless loop of chasing attackers. There is a better approach!
Find out more about how Cybriant works with Cylance.read more
Once you have made the decision regarding your SIEM purchase, a key challenge is the skilled use of your SIEM tool. If you do not have the knowledge or expertise to utilize a SIEM correctly, your SIEM may not work optimally. We’ve heard complaints about an organization’s SIEM when it may the way it was implemented or managed on a daily basis.read more
The numbers are in! The Identity Theft Resource Center (ITRC) has captured 116 total data breaches in January 2018 in the 2018 ITRC Breach Report. The numbers are down a very small amount from January 2017. Educational and Medical industry breaches are down. But, the number of data breaches in the Business, Government, and Financial Services industries have all increased.read more
The state of the cybersecurity union today is that all businesses – large or small – should assume the worst and prepare for cybersecurity attacks. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Workforces are expanding and using more connected devices, which makes it even more difficult to maintain a human defense firewall.read more
At Cybriant, we are big fans of Jim Collins’s book, Good to Great. This is a classic book for business leaders that describes how Mr. Collins and his team researched 1,435 established companies to find common traits of those businesses that made a leap from average to great results. The principles that are discussed in the book include lessons on eggs, flywheels, hedgehogs, and other essentials of business.
Let’s talk Hedgehogs…read more
First of all, you need to know your organization’s phish-prone percentage. We offer a phishing security test through KnowBe4. This free tool will test up to 100 users and will give you a PDF with your phish-prone percentage and charts to share with management.
Why? If you don’t do it yourself, the bad guys will.
As I read over the Kroll Global Fraud & Risk Report for 2017, the most common issue discussed is the threat that comes from within your organization. Current and ex-employees were the most frequently cited perpetrators of fraud, cyber, and security incidents over the past 12 months. Notwithstanding this finding, external parties were identified as active perpetrators as well.read more
The press can’t get enough of corporate data breaches. They delight in showcasing the latest horror story about a business that lost massive amounts of private records or millions in revenue to the latest hack. I would call that schadenfreude, but wait …you could be next.read more
“Those who patch, prevail.” – Unknown
While patching may be the most boring, thankless job in the IT department, it could be the one that prevents the most cyber attacks. Hackers use known vulnerabilities to launch attacks on businesses. Having your systems updated and patched may be the best first line of defense.read more
Take a few minutes and watch this video with George Crump, Lead Analyst from Storage Switzerland, and Lilac Schoenbeck, Senior Director of Portfolio Marketing from Carbonite. They discuss the differences between data backup and high availability and how they can work together to form a complete data protection strategy.read more
AlienVault recently conducted a survey of 233 IT professionals about how their roles have changed since the WannaCry and NotPetya cyberattacks in 2017. As you can imagine, these IT professionals are experiencing increased workloads:
Two-thirds (66%) are more up-to-date with patching than they were previously.
Half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats.
In addition, 58% carried out a review of their organization’s cybersecurity posture following the attacks.
The Deep Web contains an incredible amount of data – 7,500 terabytes, which, when compared with the surface web’s 19 terabytes, is almost unbelievable. Thanks to a sharp increase in cybercriminal activity in recent years, this shadowy portion of the internet encompasses as much as 550 times more public information than that of the surface web.read more
Sadly, the password 123456 has emerged as the most common password for the second year in a row. SplashData, a company that provides various password management utilities, compiles an annual list of common passwords by analyzing over five million user records leaked online in 2017.read more
To predict what will happen in 2018, let’s take a look at what happened in 2017. In the first six months of 2017 alone:
There were 918 data breaches which compromised 1.9 billion data records in the first six months of 2017, which is an increase of 164% compared to 2016.read more
The FBI has released a warning about a fraudulent email scam, just in time for the holidays. According to the release, “The emails claim to be from one of three shipping businesses and claim that a package intended for the email recipient cannot be delivered. The messages include a link that recipients are encouraged to open in order to get an invoice to pick up the package, however, the link connects to a site containing malware that can infect computers and steal the user’s account credentials, log into the accounts to obtain credit card information, additional personal information, and learn about a user’s shipping history for future cyber attacks.read more
Every device on the Internet is assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available.read more
As you know, security information and event management (SIEM) systems collect data from enterprise networks, applications, and logs from operating systems, databases, and other sources. Read more about why you need SIEM.
Dealing with critical incidents should be a top IT priority. Your organization should have a plan in place to resolve those issues once they’ve been detected. If you and your IT team are overwhelmed with the volume of events – you are not alone! How many incidents are normal? According to a recent report:
If your computer has been performing much slower than usual or think you have a bad modem, you may have been hacked. According to Comcast, utopia.net is part of a DNS hijacking attack. You should check all of your systems for malware, and then make sure your devices are getting their DNS servers set automatically from Comcast or manually.read more
As you may have heard, the Federal Government is requiring the removal of all Kaspersky software. Federal departments and agencies are required to identify any use or presence of Kaspersky products on their information systems and discontinue present and future use of the products by November 13 and remove the products by December 13. https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01read more
The costs of a security breach extend well beyond the immediate liabilities and remediation expenses:
29 percent of businesses that are breached lose revenue
23 percent of businesses lose new opportunities
22 percent of businesses lose existing customers
The threat landscape is as dangerous as ever. The following video from ESG provides insight into specifics into what types of attacks companies have experienced, those that are the most concerning moving forward, and the role machine learning plays in improving security posture.read more
According to a recent study, Google researchers identified 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. Using this dataset, they explored to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust.read more
MSSPs today offer extremely advanced tools and possess the expertise needed to run them. But, it’s understandable that your company may have some concerns about turning over any security-related functions to an outside provider.
An Enterprise Strategy Group survey reported that 57% of 340 surveyed IT and security professionals reported that they are currently using an MSSP in some capacity to protect their company. The reasons may include the fact that many internal security initiatives struggle to get adequate funding and teams often lack the skills, tools, and people to deploy security programs to their enterprise.