Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is critically important to have this level of understanding across large swaths of the workforce, from the senior level to operations teams.

Cybersecurity performance management is the process of evaluating your cybersecurity program's maturity based on top-level risks and the associated level of investment (people, processes and technology) needed to improve your security security to meet regulatory requirements and business outcomes. Security metrics improve decision making by helping risk management and security teams take a risk-based, outcome-driven approach to assessing and managing their organization's cybersecurity capabilities.

Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers, and he was concerned that the scanner came back with 0 results. After reviewing his set-up, I easily discovered the answer.

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data could include the following: The email is, unfortunately, somewhat lacking in detail – meaning that concerned customers may have to contact PlanetDrugsDirect via email or telephone to ask questions.

Learn how INETCO helped banks, credit unions and payment service providers improve customer experience, detect fraud faster and optimize transaction performance in 2019.

The Greek philosopher Aristotle once said, “The whole is greater than the sum of its parts.” When it comes to guaranteeing that every payment transaction completes as expected, this statement could not be more accurate. For retail banks, independent ATM deployers (IADs) and payment processors, transactions are the lifeblood of their businesses.

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization can measure and improve its data protection program. It also details ways in which a company can measure the maturity of the program.

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks.

Following the recent U.S. operation in Iraq which resulted in the killing of Iranian General Qassem Soleimani, Iran warned that it will retaliate. Although the international community and both involved countries have taken steps to deescalate the crisis, it is always prudent to stay alert and continually update your cybersecurity programs regardless of whether the opponent is a state actor or just a common cybercriminal.