Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
The Recent Breach at Meat Processor JBS SA Proves the Need for a Business Continuity and Disaster Recovery Plan The world’s largest meat processor by sales, Brazil-based JBS SA, is recovering from a ransomware attack that hit their IT networks, taking about one-fifth of U.S. beef and pork processing completely offline. The company was forced… Read more »
Greater Security Must be Applied to all Operational Technology Systems The Colonial Pipeline shutdown, caused by a ransomware attack, highlights the precarious position of many critical infrastructures. The effects of the pipeline cyber incident are widespread, as 45% of the U.S. East Coast relies on it for gasoline, diesel fuel and jet fuel. Several southern… Read more »
01.12.21Keep Your Organization Safe Around the Clock with a Cyber Security Operations Center from an MSSP Here’s a projection that’s hard to ignore: the cost of cybercrime is expected to exceed $8 billion by 2022. The reality of that amount of financial fallout from cyber attacks is staggering. Driving up the cost of cybercrime is… Read more »
12.16.20Assessing the Cost of Security Vulnerabilities During a Pandemic Year As everyone is aware, the pandemic of 2020 made conducting business, even at a basic level, challenging. Organizations were faced with managing their existing security vulnerabilities, in addition to adapting their information security to the “new normal”. In March, companies across the U.S. completed a… Read more »
The Complexities Created by Using JavaScript Object Notation to Transfer Data Among the web application vulnerability tests that we perform at DirectDefense is an application security assessment for CSRF. CSRF, or Cross-Site Request Forgery, is an attack that takes advantage of the predictability of requests and browsers’ automatic submission of session cookies to perform unintended… Read more »
03.19.20Free Cybersecurity to Combat Threats Posed by COVID-19 Don’t miss an event that could be putting your organization’s security at risk. During this time of heightened cybersecurity threats, we are offering a FREE 30-day trial of ThreatAdvisor. Built on the knowledge of security consultants and penetration testers with more than 50 years of experience in… Read more »
12.04.19Revisiting the Security Threats That Marked 2019 and How They Were Managed Wow, what a year it has been! Security attacks in 2019 were marked by a resurgence of Ransomware attacks, business email compromise (BEC) attacks, and the discovery of painful blind spots in existing security programs for our new, and in some cases older,… Read more »
12.13.18Assessing the Successes (and Failures) of Organizations’ Implementations of Security Orchestration and Automation Response Solutions As 2018 comes to a close, we must look at the information security and managed services trends already established this year, and those on deck for 2019. To get things going ahead of the new year, we thought we would… Read more »
04.11.18No, this blog post isn’t about the credit cards or identity theft. It’s about the tools that, as a security professional, you should keep stored in your “security wallet.” Like any tradecraft, security professionals should have a set of tools, in this case, applications, websites, and resources, that they keep on-hand. These items become your… Read more »
03.20.18A version of this blog is also posted on the MIST InfoSec Insider site: https://misti.com/infosec-insider-search. We’re surrounded by networks, many not our own. It’s next to impossible to run a business today without network interconnectivity. Even the smallest mom-and-pop shop has a website and hosting provider that connect to at least one computer holding client… Read more »
