Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

DNS Security in Healthcare: The Gem in Your Cybersecurity Arsenal

The ransomware, malware and phishing attacks going on in the healthcare industry are quite alarming these days. The customers' data in the healthcare industry is more sensitive than in most industries, and this has proven to be a sweet spot for threat actors. Recent research by Infloblox reported that in 2022, there were over 546 major data breaches due to malicious activity. This follows a 4% increase over the 521 major data breaches reported by healthcare institutions in 2023.

SEC requires reporting cyberattacks within 4 days, but not everyone may like it.

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they are being "micromanaged" and - it is argued - could even assist attackers.

Tripwire Enterprise: Reimagining a Winning Product

How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security incident. Adding to this problem is that the reporting from each tool usually differs, making the creation of a uniform report a chore.

Enhanced Data Analysis with Synthetic Datasets

Large data can offer a massive affordable advantage for companies. Scientists, information analysts, marketing professionals, and advertisers rely upon receiving valuable insights from substantial pools of consumer information. When examined correctly, this information can provide valuable insight for organizations that understand how to use it. The regular procedure of gathering and arranging massive datasets can be taxing, as well as resource-intensive.

Understanding Machine Learning Attacks, Techniques, and Defenses

Machine learning (ML) is a subset of Artificial Intelligence (AI), which enables machines and software to automatically learn from historical data to generate accurate output without being programmed to do so. Many leading organizations today have incorporated machine learning into their daily processes for business intelligence. But the ability of machine learning can be altered by threat actors to be malicious, causing systems to malfunction, or to execute an attack.

CISO to BISO - What's your next role?

For the longest time within the cybersecurity industry, we have had Chief Information Security Officers (CISOs) whose role is to set the strategic direction for Information Security within an organisation. But what are the stepping stones to becoming a CISO? In the past, this has been a difficult question to answer, but typically the CISO is someone who moved up through the ranks in IT and developed additional knowledge and skills related to data protection, privacy and risk management.

What is SWIFT? 8 Things You Need to Know

In our increasingly digital world, global communications and financial interactions are nigh inescapable for anyone in any industry or walk of life. The infrastructure in place for international transactions is complex and layered, containing moving parts that work in tandem to make things like transferring money nearly seamless.

DSPM and CSPM: What are the Differences?

A few years back, data was constrained to the on-premise infrastructure. Data management, governance, and protection were fairly uncomplicated in this enclosed environment. The emergence of cloud computing and multi-cloud infrastructures has not only introduced more complexity in data management and governance, but it has also increased security risks significantly.

Three Reasons Why Business Security Starts with Employee Education

Human error is a major contributing factor to company data breaches. More than 340 million people may already have been affected by a data breach in the first four months of 2023. With cybercrime rates soaring around the world, it’s clearly an area where investment and expertise are required.

Tech support scammers trick victims into old-school offline money transfer

We're all familiar with tech support scams - where the unwary are tricked into granting remote access to their computers by fraudsters, in the belief that the "tech support person" will fix a non-existent "problem" (such as a "virus infection") or make a refund after claiming that there has been fraudulent activity detected on an account.

Using MFT to Solve Your Cloud Data Challenges: 5 Key Takeaways

As business operations evolve, the challenge of securely moving data within the cloud is one of elevated concern. Transferring sensitive information to it is another. Many are caught between what worked in on-prem technologies and what is needed in cloud-based architectures. Others have sidestepped the security challenges by implementing a Managed File Transfer (MFT) solution.

Reviewing Remote Work Security: Best Practices

Remote work has shifted the mindset away from the old style of employment, showing up to the office every day. However, it seems that more businesses are starting to grab back some of the traditional practice of showing up to the office. The timing is probably helping, as the northern hemisphere is starting to warm up, making the commute to an office slightly more enjoyable. However, as we move towards an in-office presence, it may make us more relaxed about some of the rules of remote working.

Computer System Security Requirements for IRS 1075: What You Need to Know

Any organization or agency that receives federal tax information (FTI) is now required to prove that their data protection policies meet IRS 1075 compliance standards. That means federal, state, county and local entities – as well as the contractors they employ – all fall within this scope.

What We Learned from the 2023 Pen Testing Report

Fortra’s Core Security recently released its 2023 Pen Testing Report, and there’s plenty to see. In this year’s report, IT decision-makers can learn what their peers are saying about why they pen test, how often they pen test, and whether or not they’re pen testing in-house, among other topics. Each year, Core Security collects and produces some of the industry’s most relevant data on the state of pen testing today.

Former contractor accused of remotely accessing town's water treatment facility

A federal grand jury has indicted a former employee of a contractor operating a California town's wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety. 53-year-old Rambler Gallor of Tracy, California, held a full-time position at a Massachusetts company that was contracted by the town of Discovery Bay to operate its water treatment plant.

An introduction to the benefits and risks of Packet Sniffing

With the evolution of technology, network activities have increased excessively. Many day-to-day tasks are intertwined with the internet to function. On one level of the infamous OSI model, the data exchanged between devices is broken down into smaller units and transmitted in the network in the form of packets. These packets contain information that is useful for investigators and network administrators for analysis and troubleshooting purposes.

The Value of Vulnerability Management

There’s nothing that makes you feel older than realizing how much of your life you have dedicated to a single topic. At what point do you consider yourself an expert? After more than 17 years in vulnerability management, I’m starting to come around to the idea that I might be an expert in the field. Although, the main reason I feel that way is because, at this point, I’ve seen pretty much everything.

What to Expect When Seeking Cybersecurity Insurance

Cybersecurity liability insurance has progressed dramatically since the first bona fide policies emerged in the late 1990s. Some of the greatest changes that have occurred in recent years include insurance companies no longer insuring against state-sponsored attacks or ransomware events. The insurers do not want to become part of a cyber-war.

How the NIS2 Directive Will Impact You

Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the directive was to develop a common level of cybersecurity across the Member States that could be applied to entities of critical national importance.

The Thin Line Between User Behavioral Analytics and Privacy Violation

Technology has supercharged marketing. The vast data at marketers' disposal provides unparalleled insight into what customers want, why they want it, and how they use products and services. Behavioral analytics benefits businesses and consumers; it allows companies to drive sales and increase conversion rates while providing customers services tailored to their wants and needs.

The Top 10 Highest Paying Jobs in Cybersecurity - Part 2

It’s no secret that we’re (still) in an international cyber talent crisis, and that skilled workers are in high demand. We conducted research into the top ten highest paying jobs in cybersecurity to find out just what kind of opportunities awaited those who entered the field. Here are the types of jobs companies are willing to pay (the most) for and what they entail for those looking to upskill, reskill, or make the transition into a cyber-focused career.

12 Essential Tips for Keeping Your Email Safe

Hey, did you get that sketchy email? You know, the one from that malicious hacker always trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh... A hypothetical scenario, but one that plays out every day in organizations across the globe. The truth is that it is a very real scenario that offers a good opportunity to dive deeper into the topic of email security.

Decryption tool for Akira ransomware available for free

There's good news for any business which has fallen victim to the Akira ransomware. Security researchers at anti-virus company Avast have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. The ransomware has been blamed for a number of high profile attacks - including ones against universities, financial institutions, and even a daycare centre for children.

PCI DSS 4.0 Requirements -Test Security Regularly and Support Information Security with Organizational Policies and Programs

The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full title of the Standard, but it is formally memorialized in Requirement 11 of the Standard, “Test Security of Systems and Networks Regularly.”

Phishing Trends and Tactics: Q1 of 2023

In the world of cybersecurity, there are a few constants, one of the big ones being the fact that news, innovation, and threats move fast and are constantly evolving. It is important for security professionals to stay in the loop about major developments in cybercriminal activity and the cybersecurity industry. Fortra’s PhishLabs offer resources to learn about a variety of cybersecurity-related topics, including a blog that regularly features cybersecurity news.

5 Things Everyone Needs to Know About GRC

Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred.

The Top 10 Highest Paying Jobs in Cybersecurity - Part 1

If you’re looking for job security, look no further: The cybersecurity sector can keep you gainfully employed for a very, very long time. There are an ever-growing number of ways in which someone with cybersecurity prowess can contribute, and as digital assets continue to develop and diversify, it’s safe to say they’ll always be kept on their toes.