Protecting and Responding to Ransomware Attacks – A Best Practice
Let’s start with the basics: ransomware, a malicious software, poses a significant threat to organizations by encrypting their data and demanding payment for its restoration. This type of attack disrupts business operations and presents management with a dilemma: to pay
The Indigo Bookstore Ransom Cyber Attack – Lessons Learned
The recent attack on the Indigo Bookstore left many cyber security analysts scratching their heads. How did attackers seize control of systems through ransomware, and how was a zero-day exploit used? It's not just a matter of understanding what happened
Organizations Struggle Implementing Compliance Requirements Including NIST & Zero Trust Mandates
Over the last year, we’ve seen a literally flood of government legislation and formal guidance concerning cybersecurity best practices. New mandates have been coming or to the cyber community fast and furious, and government agencies and their contractors have had
Ransomware and Business Email Compromise (BEC) Account for 70% of Breaches
Ransomware and business email compromises (BEC) topped the list of the types of attacks on organizations in the past year, making up 70% of the total number, according to the 2022 Unit 42 Incident Response Report from Unit 42 by
How to Implement an Effective Vulnerability Management Program
We’ve written considerably on Vulnerability Management, Vulnerability Assessments and Patching because they are so critical to preventing attacks. I’ve provided links to several of the most read blog posts we have written on the subject. In this blog post, we’ll
The Fundamental Elements of Cyber Hygiene
Cyber Hygiene or IT hygiene involves best practices related to cybersecurity to protect your network and infrastructure from threats. It serves as the basic foundation for a proactive, systematic, and comprehensive approach to data protection. Taking the time to create
How to Prepare Your Organization for an ISO 27001 Security Audit
Preparing for An ISO 27001 Internal Security Audit By Jordan MacAvoy ISO 27001 is the only standard that sets out the specifications for an information security management system (ISMS). Achieving ISO 27001 certification is no small feat and inspires confidence in an
Over 90% of all Cyber-Attacks Involve Phishing – Tips to Stop Phishing Attacks
Phishing Accounts for Over 90% of Cyber-Attacks – Learn How to Stop Them Among the billions of e-mails transmitted each day around the world, a significant and growing portion consists of e-mail attacks aimed at breaching an organization’s defenses to conduct
The CIS 20 Organizational Controls – Controls 17-20 Explained
Controls 17-20 — CIS 20 Part Three – The “Organizational” Controls As we suggested in the first two blog posts of our CIS 20 blog post series, the first steps in your cybersecurity approach require developing and implementing technical tools to
The CIS 20 Foundational – Beyond the Basics
Beyond the Basics — CIS 20 Part Two – Controls 7-16 All organizations need a roadmap for their cybersecurity defense. Piecemeal or fragmented defense strategies, in response to the latest cyberthreat, leave gaps for attacker exploitation. The Center for Internet Security