organizational risks

Balancing trust and safety: Lessons from the CrowdStrike incident

Posted on by Admin
Balancing trust and safety: Lessons from the CrowdStrike incident

On July 19, CrowdStrike, one of the largest endpoint security providers, issued an update to Windows servers globally that caused them to enter a “crash loop,” resulting in the infamous Blue Screen of Death (BSOD). CrowdStrike explained the issue was caused by a “defect found in a single content update for Windows hosts.” The downstream impact of this bug resulted in one of the largest and broadest outages in history. When situations like this occur,…

Read More

The bad actor’s best friend: Dormant service accounts

Posted on by Admin
The bad actor’s best friend: Dormant service accounts

Dormant accounts, also known as inactive accounts, are accounts that haven’t been used or updated in at least 90 days. This extended period of inactivity gives them their “dormant” classification.  Since these accounts are not being actively used, it’s common for application owners not to know they exist. The lack of knowledge can be attributed to the fact that these accounts aren’t being accessed or updated, meaning they don’t appear in system logs or trigger…

Read More

The new normal: How to embrace a cultural approach to zero trust

Posted on by Admin
The new normal: How to embrace a cultural approach to zero trust

Today’s bad actors are increasingly ruthless and hostile. With the threat landscape ever evolving, combating increasingly sophisticated attacks necessitates a shift in focus from tools to culture. As social engineering schemes and AI-driven threats ramp up, it becomes increasingly evident that a modern, successful cyber defense requires a comprehensive, holistic approach — one that accounts for technology principles alongside human awareness and behavior.   Cyber resilience can no longer be achieved by implementing new security…

Read More

Embrace the data sprawl, securely

Posted on by Admin
Embrace the data sprawl, securely

Data is the lifeblood of every enterprise, so why does the task of managing and securing rapidly expanding volumes and types of data and new, modern threats continue to be a formidable challenge for most organizations? According to the Identity Theft Resource Center (ITRC), 2023 set a new record for data breaches, with data compromises jumping 78% over 2022. Malicious actors obviously see the value of data — but without visibility and controls into where…

Read More

Optimizing data resiliency strategies to improve business continuity

Posted on by Admin
Optimizing data resiliency strategies to improve business continuity

Organizations may overlook implementing a proper data protection strategy program because there is a misconception that SaaS providers can recover data when a problem occurs; however, organizations are responsible for backing up and restoring their own data. Because data resiliency and security remain real and present concerns for all companies leveraging cloud services, proactive cyber risk management strategies that use backup analytics to maintain business continuity are crucial. The need for timely recovery Organizations need…

Read More

A CISO's perspective on the modern cybersecurity landscape

Posted on by Admin
A CISO's perspective on the modern cybersecurity landscape

Many businesses still believe there is such a thing as 100% security, despite every cybersecurity expert affirming the opposite. Because companies push for and demand 100% security, the organization ultimately settles for a false sense of it so their people can function. Such a mindset is not only wrong but incredibly dangerous. Business leaders must recognize that breaches are imminent, and a robust approach to cybersecurity involves detecting and responding quickly and effectively to incidents….

Read More

22% of cybersecurity professionals have ignored an alert

Posted on by Admin
22% of cybersecurity professionals have ignored an alert

Security leaders’ cybersecurity preparedness was analyzed in a recent report by Coro. According to the survey, 73% of SME security professionals have missed, ignored or failed to act on critical security alerts, with respondents noting a lack of staff and a lack of time as the top two reasons.   The report found the following concerns among cybersecurity professionals:  35% of respondents admitted to having missed a security alert at work.  31% turned down the sensitivity…

Read More

To pay or not to pay? Negotiating in the age of ransomware

Posted on by Admin
To pay or not to pay? Negotiating in the age of ransomware

In 2023, more than 2,200 networks across United States hospitals, schools and government organizations, as well as thousands of private businesses, were breached by cybercriminals. With another record-breaking year for ransomware and data extortion in the rearview mirror, organizations of all sizes are preparing for when they’ll need to make their big payout in 2024. But what if paying the ransom wasn’t the only way out?  There’s often room to negotiate with threat actors or,…

Read More

Misconfigurations drive 80% of security exposures

Posted on by Admin
Misconfigurations drive 80% of security exposures

A report from XM Cyber analyzes more than 40 million exposures in order to provide a thorough understanding of the current exposure landscape. The report found that 80% of exposures are caused by identity and credential misconfigurations. Out of these exposures, one-third of them put critical assets at risk of a breach. According to the report, a majority of the exposure is within an organization’s active directory, a critical component for connecting users to network…

Read More
1 2 3