Category Archives for "Blog"

Blog articles about the latest technology, threats, attack techniques, and vulnerabilities.

What is Your Domain Worth?

Let me ask you a simple question: what is your website worth to your organization? I’ll assume that your answer is: a great deal. So here’s my second question: what are you doing to protect it? And I am not talking about protecting it from usual defacement from hackers or infestation with viruses/malware. I am talking about having someone take control of your the domain name associated with your website, thus having complete control of all of the traffic going to your domain (including web, email, etc).

  • April 28, 2017
  • Blog

Healthcare is Facing a New Threat

IoT Devices Getting Bricked

A recent report from Bleeping Computers indicates there is a new strain of malware that is targeting unsecured devices that are part of the Internet of Things (IoT). The malware, called BrickBot, is targeting devices that run the BusyBox Linux embedded operating system. To accomplish its mission, BrickBot utilizes a brute force attack against open Telnet ports and then erases the operating system (a process also known as “bricking”).

  • April 12, 2017
  • Blog

Managing The Risk of Change

Imagine how much easier our lives and jobs would be if the world stood still for a little while. If we could push pause, and make our organizations and the related IT networks and systems stay the same, no new regulations, acquisitions, vulnerabilities, or threats. If only we could just keep things the same so we could catch our breath for a few moments and fix some of the things that are already on our to-do list. Unfortunately, this pause button doesn’t exist yet and we are forced to live with the old adage: the only constant is change.

  • March 31, 2017
  • Blog

Prioritizing Your Issues

In today’s world, IT and security leaders are faced with an ever changing and growing list of issues and projects that need their time and attention. In these fields, we are faced with an ever growing list of issues that need attention: audit findings, security assessments, vulnerability scans, threat intelligence feeds, etc. There is an endless supply of problems that all seem to need immediate attention. Because of this, the one question we consistently hear from clients is: how do we prioritize our work?

  • March 24, 2017
  • Blog

Risk Modeling Basics

Google the word “risk” and the first result is the noun with the definition “a situation involving exposure to danger.” Seems pretty straight forward and to the point, doesn’t it?

  • March 17, 2017
  • Blog

Like It or Not, Healthcare Is a Digital Business

An undisclosed computer problem forced United Airlines to ground all domestic flights on Sunday. The halt lasted only an hour, but that was long enough to produce an avalanche of delays and customer complaints across the country. A similar incident last October disrupted United flights worldwide. A month before that, British Airways resorted to issuing hand-written boarding passes after its passenger check-in systems failed. A buggy router caused Southwest Airlines to cancel 2,300 flights at the height of last year’s vacation season.

  • January 27, 2017
  • Blog

Developing a Focused Defense to Cybersecurity Threats in Healthcare

He who defends everything defends nothing. – Frederick the Great

Every organization faces the same challenge regarding cybersecurity: how to best use a limited pool of resources to defend against unlimited threats. Take your pick of potential foes, from professional criminals and hostile nations to disgruntled insiders. In healthcare, these threats go beyond the IT department and even the bottom line. They can have a direct impact on human lives.

  • January 25, 2017
  • Blog

Systemic vs Component Cyber Risk in Healthcare: Which Should You Be More Worried About?

In finance, systemic risk often refers to the collapse of the entire financial system or market. In other applications, it refers to the risk associated with an entire system (e.g., human body, factory) or system of systems (e.g., air traffic control).

In the world of cybersecurity, we are faced with the fact that the Internet is really one large system of systems (or a network of networks really), which means issues in any one area or organization have the potential of rippling out to many others.

We have seen this played out countless times through the spreading of Internet viruses and worms, and even issues with the core services like DNS (Domain Name Service, which translates a computer’s IP address into a human friendly form: =

  • January 20, 2017
  • Blog
1 2 3 11