Every second, a phishing attack takes place. In fact, over 80% of cyber attacks are a result of stolen login credentials from attacks like phishing – mostly due to the relatively low cost and high success rate to execute these attacks. Unfortunately, this pattern will continue to grow as attackers become more sophisticated, utilizing tools […]
Read moreIf you immediately think of email when you think of phishing, you’re not alone. However, a new form of a text-based scam is making waves – highlighted by a seemingly legitimate text from the USPS which lets receivers know that their “package” arrived at the warehouse. To receive the package, it instructs users to click […]
Read moreEvery November, Critical Infrastructure Security and Resilience (CISR) Month focuses on educating the vital role critical infrastructure plays in the nation’s well being. Led by Cybersecurity and Infrastructure Security Agency (CISA), the conversation centers around why it’s important to strengthen critical infrastructure security and resilience. One of the critical infrastructures, energy and natural resources, is […]
Read moreIn today’s ever-evolving cyberthreat landscape, organizations face increasing challenges in securing their sensitive data and systems from sophisticated attacks like AI-strengthened phishing campaigns or impersonation attacks backed by spates of leaked PII . Even in today’s environments where new, ever larger, breaches make news every week, we’re continuing to see enterprises and employees across the […]
Read moreTo address and insulate themselves from the growing trend of cyber security breaches, more businesses are turning to insurance agencies for cyber insurance policies. While these policies have been around in some form since the late 1990s, the fast growing threat landscape and comparative youth of these policies means that rates and limits have fluctuated […]
Read moreThe Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation of identity access management (IAM) and cybersecurity guidance put forth by CISA to date, based […]
Read moreWhen it comes to cybersecurity, in an ideal world it’s important to balance planning for how to minimize risk in the event of an attack while ensuring minimal impact to users and the business. That’s the way it works if all goes according to plan (spoiler alert: it usually doesn’t!) Certainly nothing went according to […]
Read moreA recent announcement by Twitter has begun to rock the multi-factor authentication (MFA) boat, and the ripples have spread throughout the tech world. The company announced that starting on March 20, 2023, unless a user is subscribed to its Twitter Blue program (an $11/month subscription), they will lose access to SMS-based two-factor authentication (2FA). SMS […]
Read moreEnergy grids have long been a target of cyber criminals looking to disrupt critical infrastructures and attacks across this sector have become commonplace across the globe. The 2021 cyberattack in the U.S. on the Colonial Pipeline showed that password compromises can impact both IT and OT systems and that disruptions to these systems have far […]
Read moreThe PCI Security Standards Council (PCI SSC) published version 4.0 of the PCI Data Security Standard (DSS) at the end of March, kickstarting the transition from PCI DSS v3.2.1, which will be retired on March 31, 2024. Some new requirements may not take full effect until 2025, but that’s no reason to put them off. […]
Read more