What’s the difference between a data leak and a data breach? I think this is both a great question and an important distinction to understand in today’s climate, where instances of both are regularly making national headlines.Read More
I often hear from folks that in general, small and medium-sized businesses lack a strategy and proper controls, but the big guys have it covered. Well, it might surprise you to learn that 30% of large enterprises state they still lack an overall information security strategy – and we’re talking huge, $25+ billion companies. Overall, 44% of enterprises report they lack a fundamental strategy. I’ll tell you from experience that most companies overestimate their cyber readiness, which means that the real numbers are likely much, much higher than the reported ones.Read More
This blog is kicking off a series on a topic that many of you likely think about quite often: Why is it so hard to protect your organization’s information? This is a fair question, and one I’ve thought about often. To understand the answer, we’ll need to peel back a few layers and understand the root challenge.Read More
Our national Cybersecurity Practice engages in thousands of customer conversations each year, and a few themes consistently emerge as primary concerns. The information security industry is plagued with confusion, complexity, and challenge, to the point that 30% of enterprises worth over $25 billion report that they do not have an overall information security strategy—and that number is substantially worse for the typical organization. Keep in mind that this simply refers to an information security strategy. It does not factor in the ability to implement that strategy, or whether the strategy is comprehensive or effective. Worse, most organizations overestimate their cyber preparedness, and factors like the global workforce shortage, security start-up sprawl, and cloud confusion are stymieing the effective implementation of information security strategies.Read More
Last week, I wrote about the first five steps to creating a culture capable of effectively defending against modern threats. This week, I'll take you through the next five steps. Let’s dive right in.Read More
The best defense against modern cybersecurity threats is not based on technology at all. While there’s currently a great deal of focus on Artificial Intelligence (AI), good-ole human intelligence is the secret ingredient. To effectively prevent your organization from falling victim to cyber attacks, it’s essential that your employees develop strong cyber instincts. We constantly coach customers on the idea that the strongest firewall you can own is a resilient, human firewall. The statistics are staggering: spear phishing accounts for 95% of enterprise network attacks, according to the SANS Institute.Read More
VPNFilter Infects 500K Networking Devices + Growing
Over the course of the last several months, researchers have investigated an advanced persistent threat known as VPNFilter, which has already infected 500,000 devices across 50+ countries, specifically targeting home office networks (or places utilizing small office and home office devices) as well as network-access storage (NAS) devices. The threat is believed to be sponsored by or affiliated with a nation state, which generally leads to well-funded, well-executed persistent threats that are properly managed with a defined end-game.
Based on research recently released by Cisco Talos, the US Department of Justice is urging anyone who owns small office home office (SOHO) and NAS devices to reboot their devices immediately.
The VPNFilter malware operates via three unique stages, which are described below at a high level.