The breaches of both MGM and Caesars were not high tech; they were pure social engineering attacks. That means that you can harden your company and your information likely for very little money. While this is early in the game, there are some easy lessons to learn here. Here are some key takeaways from the…
NIST has released a draft version of the next update to the core standard behind CMMC. If you do work for the US, Canadian or Australian defense departments or are a vendor to one of these organizations or if you are a vendor to a large US corporation, this standard and these changes are important…
800-171 is the government’s chosen cybersecurity standard for protecting controlled unclassified information (CUI) and is the standard is required by a number of government departments and by private industry as a matter of contract for protecting sensitive unclassified information. Learn more about this new version of the standard here.
Many companies allow, encourage and/or require employees to use personally owned devices. While it seems that, at least in the short term, this is a money saving and morale boosting move, in the long term, it may be an existential threat to the company. In this post we are going to use one company who…
Are you managing your technical debt? Do you even understand what technical debt is? Does your management and Board (if there is one) understand that unaddressed technical debt is like a bottle of nitroglycerin just waiting to be jarred in the wrong way. And we just saw a massive example (as in their technical debt…
MFA Fatigue is a relatively new attack method and is a way to try and get around MFA security. Learn what it is and how to protect yourself and your company against it, here. Audio Video
External attack surface management tools (EASM) allow anyone to get a sense of your security prep without your permission or even your knowledge. Who uses EASM tools? Your competitors against you, your customers to decide if they want to do business with you, members of the public, your insurance carrier to decide if they want…
For those of you who are DoD contractors (and even if you are not), here is one thing that you can do that will improve your security program and, if you are a DoD contractor, will add 20 or more points to your NIST SP 800-171 SPRS Score. Audio Video
Many of us use password managers and some of us use multi-factor authentication apps and, in many cases, that app lives on your phone. But what happens if your phone breaks, gets dropped in the toilet or run over by your car? What do you do then? I learned some things today and have some…
Log4j is a bug in a software library used by millions of programs that seems to defy being fixed. Even though the developers have patched it 4 times in the matter of a week or two, the bugs keep coming. And now we are finding derivatives of the original bug in other pieces of unrelated…
