IT environments in businesses are often volatile. The value of hardware might depreciate over time. There is constant evolution in the world of software. Existing configurations go through a variety of transitions. While some of these updates are permitted since they are part of the organization's regular patching cycle, others raise red flags because they appear out of nowhere.
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies.
As we approach the holiday season, we wanted to focus this month’s post on you (and your family). Bad guys don’t just wait until the holidays to start causing havoc, they also relentlessly target all of us all throughout the year. Judging by our perseverance, nothing is going to keep us from a good holiday deal, and attackers love to use this season to their advantage. Therefore, we must all keep a frosty demeanor (pun intended) to protect ourselves.
It would be nice to imagine that when cyber criminals look for their next target, they ignore the small- and medium-sized businesses (SMBs) that simply can’t afford an attack. Unfortunately, that’s not the case. In fact, 43% of cyber attacks are directed at SMBs. Today, a massive 80% of North American SMBs are at risk of a cyber attack.
Every single blog you read on cybersecurity has at least one mention of the Zero Trust approach to cybersecurity (even this one 😊). Alas, don’t consider that Zero Trust is yet another hyped word that will soon vanish into thin air. Zero Trust, originally dubbed more than a decade ago, came up as a necessity to defend systems, networks, data and people against the increasing sophistication of attackers that rendered implicit trust a vulnerability.
Many enterprises perceive cyber-attacks as malicious actions predominantly executed by external actors. Enterprises devote time and budgets investing in methods to bolster their security perimeters against external threat actors. However, it is equally important for these organizations to remember that many cyber-attacks, which cost millions in losses, originate through an internal compromise.
Technology has expanded the avenues bad actors use to steal identities and sensitive data. However, digital tools are also giving users innovative countermeasures to protect themselves. Here are seven tactics anyone can use to help prevent identity theft.
Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find themselves the target and victim of cyber- attacks as malicious actors look to harvest that information for their gains.
If the eyes are the window to the soul, then the Application Programming Interface (API) is the window to the software. After all, an API is a way for products to communicate with each other through a documented interface, just as the eye is a human interface, communicating with the outside world (but it’s not as well-documented as to meanings).
Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one healthcare entity in the United States, and are known to be targeting publicly-exposed Remote Desktop Servers.
