To paraphrase David Ben-Gurion, the first Prime Minister of Israel: "The most dangerous enemy to ... security is the intellectual inertia of those who are responsible for security." I'm reminded of that particular statement now, as we stand on the edge of a world driven sideways by the specter of disease and economic hardship. We must also face the impact these pressures have had on the overall ability to protect and defend the cybersecurity of business and government data and information.
Cymulate 101: What is Breach and Attack Simulation? One of our site visitors asked a pretty popular question recently: “What, exactly, is Breach and Attack Simulation (BAS)?” Let’s dive in and have a look at this form of security control testing. So, what are "security controls?” Simply put, a security control is anything that limits the ability of a threat actor to accomplish their goal, or otherwise stop even a legitimate user from doing something they shouldn’t. Security controls can.
Benefits of Working Remotely As the Novel Coronavirus (COVID-19) has entire countries declaring national emergencies and recommending social distancing; more companies than ever are unexpectedly finding that they must allow employees to work remotely in order to limit the speed of the virus spreading throughout our communities. Remote work has a great number of benefits - especially during a crisis of this nature - but also comes with significant cybersecurity drawbacks that should be.
The coronavirus outbreak has caused a global panic and taken its toll on a number of major industries. We’ll examine the impact it has left on the travel industry, supply chain and manufacturing, and on the world economy. Coronavirus Creating Worldwide Panic and Business Opportunities for Hackers Amid the recent coronavirus epidemic creating pandemonium worldwide, hackers have been exploiting the deadly outbreak to their advantage – disguising information about the virus in the form of.
Compliance, Time to Catch Up Laws are great. Wearing a seatbelt, for instance, is a great law. It ensures you don't get killed. So why was it only introduced decades after the world got on the road? That's because it takes time for the government to catch up with evolving situations (like the dangers involved in automobile collisions); and boy is the Cybercriminal market evolving at an alarming pace - with US cities paying as much as $600,000 for a single ransomware payout in 2019. That said,.
Ransomware Attacks Disrupting United States Pipeline Operations The United States Cybersecurity and Infrastructure Security Agency (CISA) recently released a bulletin describing a ransomware attack on a US natural gas pipeline operator; highlighting how even well-regulated and normally well-secured industries can fall victim to cyber attack if security controls are not regularly tested and refined both individually and while working in tandem. While a ransomware attack of this nature isn’t.
Not All Security Automation is Born Equal With the growth in complexity of business environments and the dynamic nature of the threat landscape security teams are turning to automated security testing in order for their testing to be more frequent, thorough and simpler to perform. But automation is not a synonym for simplicity. When the autopilot was introduced in modern airplanes pilots weren’t exempt from getting trained on the functions the autopilot controlled. The same for pen testing..
If anything is certain in cybersecurity, it's the fact that email is still the #1 advanced threat vector and more than 90% of targeted attacks start with email. Someone, somewhere in your organization is going to click on something malicious. Here's how to prevent that kind of event from leading to a full-blown breach. Reduce the Email Attack Surface Configuring email gateways and other email protection solutions correctly is the first step toward reducing the email attack surface. Settings.
One common misconception I hear from IT security teams is that simulating a specific threat, say the Dridex Trojan, is more ‘real’ than simulating a proprietary (dubbed “Dummy”) version of the Trojan that mimics the underlying attack method that is so critical to that very Trojan’s success. Simulating Cyber Attacks Case in point, one strain of the Dridex Trojan was found to hide its code in a Microsoft spreadsheet. To protect against that specific strain of Dridex, simulating the attack’s.
Notoriously difficult to detect, fileless malware uses system tools and in-memory execution techniques to do its damage. With fileless malware, adversaries don't have to create or install special tools to bypass defenses, conduct reconnaissance, deliver payloads, or execute malicious activity. Overall, fileless malware attacks increased 265% in 2019. Fileless attacks have traditionally abused Windows OS tools or processes, but in December 2019, a filelesswas detected. They contain malicious.
Read More >
Subscribe to Our Blog
Stay up to date with the latest cybersecurity news and tips