Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
07.26.21Newsflash: Most networks utilized for Supervisory Control and Data Acquisition (SCADA) were not designed to be secure. Yes, you read that correctly. Kind of a scary thought, especially when your municipal water utility is reliant on this network to ensure the availability and safety of the drinking water supply! This is why the management company… Read more »
Mobile devices are often one of the most overlooked assets from a security perspective. Many people are under the false assumption that mobile devices “can’t get viruses”, “aren’t important”, or that they can ignore mobile updates, when in fact, these devices often store more critical data than people realize, yet statistically are barely more secure… Read more »
07.01.21Tighten Cybersecurity Controls Before the Next Ransomware Attack Comes to You Food production is highly regulated by the Federal Food & Drug Administration (FDA) and U.S. Department of Agriculture (USDA) to ensure food safety. However, the computer systems that are used to accomplish and maintain food safety processes don’t fall under the purview of those… Read more »
06.17.21Mobile apps have become the preferred choice for today’s consumers, with app usage taking up 90% of all mobile uptime – more than the entire browser-based internet as a whole – and it’s easy to see why. Mobile apps provide a better user experience compared to mobile browsers and desktops thanks to the ease-of-use, speed… Read more »
The Recent Breach at Meat Processor JBS SA Proves the Need for a Business Continuity and Disaster Recovery Plan The world’s largest meat processor by sales, Brazil-based JBS SA, is recovering from a ransomware attack that hit their IT networks, taking about one-fifth of U.S. beef and pork processing completely offline. The company was forced… Read more »
05.18.21How a recent DirectDefense physical penetration test for a national hotel chain demonstrated how thousands of credit card numbers could be stolen in 4 simple steps. PCI compliance is required for any company that accept credit or debit cards, or EBTs, and security requirements are based on the number of transactions a business performs each… Read more »
Greater Security Must be Applied to all Operational Technology Systems The Colonial Pipeline shutdown, caused by a ransomware attack, highlights the precarious position of many critical infrastructures. The effects of the pipeline cyber incident are widespread, as 45% of the U.S. East Coast relies on it for gasoline, diesel fuel and jet fuel. Several southern… Read more »
05.11.21How DirectDefense leveraged the pandemic to exploit remote access security for a large corporate network through an email phishing campaign While most of the world was busy adapting to the Work from Anywhere #WFA movement that the pandemic suddenly brought on, a certain segment of the population saw a unique opportunity to get into an… Read more »
05.10.21Tips for Writing Safe but Still Helpful OOO Email Messages. The spirit of the out-of-office autoresponder has never been about email security. Instead, it has traditionally been about providing helpful contact information in the event that a coworker or a customer in need of assistance emails you while you’re away. Simple. But it’s 2021, and… Read more »
04.29.21How a recent DirectDefense application security assessment revealed a common vulnerability. A large financial corporation recently called on us to perform a comprehensive security assessment of their client-facing application. Among other findings, the engagement revealed just how easy it would be for someone with ill-intent to exploit the application via access controls that were not… Read more »
