June 2020

Human Fallibility: A Threat that Flows Through Your Entire Downline

Earlier this year Dark Reading published a six part series, “Cybersecurity and the Human Element: We’re All Fallible,” in which the authors examined common mistakes of end users as well as the potential repercussions of human error. All signs supported their claim that we are indeed all fallible. Human beings are vulnerable to exploitation, but security practitioners know this. Thus, it's not really human beings that are the problem. The greater threat is that when attackers are successful through this vector, malware can infiltrate the network and hide out completely...

Share Post
What’s Missing in Third-Party Risk Assessments

What’s Missing in Third-Party Risk Assessments

Assessments are important. You’d be hard pressed to find any cybersecurity professional who would argue they aren’t needed, but the problem with third-party risk assessments is that they are far from comprehensive. Understanding the hygiene and potential vulnerabilities of an organization is incredibly important. But it doesn’t reveal the full picture.  Point-in-time assessment of an organization is not enough because it doesn’t offer an exhaustive understanding of the risks. There are dynamic--and often undetected--problems specific to malware delivered by extremely sophisticated and versatile threat actors. These actors have the ability to...

Share Post

Ransomware Gangs Continue to Shame Victims

Everyone has something to hide. The beauty of that truth for hackers is that even if they don’t know their target’s dirty little secrets, they know that no one wants their secrets exposed. The mere threat of being publicly shamed may be enough to make some victims pay. Businesses, though, don’t have personal secrets. They have customer data and intellectual property, which they are responsible for protecting.  So when the malicious actors operating the Maze Ransomware launched “Maze News” in November, they may have seen a spike in the number of...

Share Post

An Apple A Day Won’t Keep Malware Away

When researchers at Independent Security Evaluators published its 2016 report, Hacking Hospitals, the idea that vulnerabilities in medical devices could result in patient harm seemed like a serving of FUD (fear, uncertainty and doubt). Four years later, as we debate how and whether to return to life as we knew it before quarantine, there is irrefutable evidence that the health care sector is highly vulnerable to attack.  From daily news stories to scholarly articles, security experts continue to warn of the cyber threats the health care sector is facing, yet they...

Share Post