Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2019

3 Tips for Enterprise Patch Management

A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft; my tablet needing a reboot after its latest firmware update; and my server screaming for me to put “yum” into action to install the latest patches available from Red Hat – all before 10:00 am in the morning!

Malware: Three Industry Problems and How to Solve Them

In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As a result, the methods employed are growing in sophistication and creativity, including using internet memes to compromise systems.

Regulatory Fines, Prison Time Render "Check Box" Security Indefensible

In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn’t include the cost of the security upgrades required to bring its IT system up to date.

Web Hosting Security Best Practices

If you’ve been online recently, you may have read the news about hackers demanding a ransom from Dublin’s tram system. Visitors to the Luas website were greeted by the hackers’ message threatening to publish the stolen information unless they were paid one Bitcoin (approximately 3,300 Euros or US $3,800). While the message itself appeared to be harmless, the fact is that the hackers could just as easily have used the domain to spread malware or phishing attempts.

DevOps Survival Guide for Security Professionals

Achieving DevOps security is as much a cultural effort as it is a technical one, and quality gates present the perfect opportunity to bridge the gap. Because they function within the bounds of regular DevOps processes, tools that bake security into the CI/CD pipeline by way of quality gates are more likely to win DevOps teams over.

Federal Cybersecurity Posture "Untenable," According to OMB Risk Report

When he issued Executive Order 13800 (EO 13800) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, President Trump’s goal was to highlight that security and public accountability of government officials are foundational pillars while emphasizing the importance of reducing cybersecurity risks to the Nation.

The Imperative to Address Security Concerns of the Rapidly Evolving Internet of Things

The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internet. This includes everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital worked, as sensors are not costly and wireless access is now ubiquitous.

Cybersecurity Is Every Leader's Job

Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry sectors, the titles associated with these roles may vary greatly from CEO to Managing Director to Owner-Operator and beyond, but they share common traits.

What You Need to Know About Secure Mobile Messaging in Healthcare

With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags.

How Cybercriminals Are Getting Initial Access into Your System

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code onto the system and make sure it can be executed further on.

60% of Organizations Suffered a Container Security Incident in 2018, Finds Study

Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning how they could advance their DevOps evolution going forward.

5 Cybersecurity Steps You Should Already Be Taking

There’s nothing more impactful than a proactive cybersecurity strategy. What’s your preferred scenario: the one where you’re reeling from a lethal data breach with thousands of customer profiles compromised, or, the one where your team identified and diffused a problem before it had time to wreak havoc?