The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Start by documenting what is in place now and what objections the organization is trying to reach. The stakeholders should come from multiple departments within the organization. For example, you will need buy-in from:

No one is a stranger to the notion of security. We protect our homes and physical assets with locks and cameras and are vigilant when we encounter abnormal behavior. But for some reason, the data entrusted to us is not always given the same type of protection. That data has become a prime target for cybercriminals which is manifested in the form of ransomware attacks, which are increasingly prevalent.

Today’s cybersecurity threats are so fast and sophisticated that they can disrupt IT functions for hours, days, and even months. For example, the ransomware attack prevents users from accessing their systems or files unless they pay a ransom to notorious extortionists. Under such circumstances, having an effective incident management program is always necessary.

The past several years have been marked by numerous high-profile data breaches that seem to be happening with increasing frequency and scope. Given the unprecedented participation in digital platforms and the unparalleled amount of personal data that today’s tech companies store, government regulation and oversight felt inevitable.

The holiday season revolves largely around traditions like festive lights, Christmas trees, family dinners, holiday cards and Secret Santa gift exchanges. Even if you don't like all of these traditions, you will probably agree that none is as bad as one of the newest phenomena that characterizes this time of year: holiday cyber scams.

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems.

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS.

The nights are drawing in and the world outside has been painted with autumnal colours once again. The year is ending and, as such, it is a time for reflection before the inevitable glance towards the white light of the future breaking upon the horizon. Flowery prose aside, we've just had our latest Quarterly Business Update (QBU). We’ve had a pretty good year. We’ve grown, innovated, added to our services and taken on more clients than ever.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well what an amazing choice this week, it has been hard to choose. But this first one, one that appear just before I started writing this blog entry has to make it as the top story. It is so bizarre and a real first!

Wood Ranch Medical has announced it will be permanently closing its doors as a direct result of a ransomware attack. The devastating attack occurred at Wood Ranch Medical in Simi Valley, CA, which recently announced that the practice will permanently close on December 17, 2019. It is another example of how cyber attacks and specifically Ransomware can bring a business to its knees.