Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
Tag: InfoSec Insider
Europe, North America
Top Six Security Bad Habits, and How to Break Them
by Infosec Contributor •
Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.
Europe, North America
Gamification of Ethical Hacking and Hacking Esports
by Joseph Carson •
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
Europe, North America
Ransomware Risk in Healthcare Endangers Patients
by Ryan Witt •
Ryan Witt, Proofpoint’s Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.
Europe, North America
Taming the Digital Asset Tsunami
by Rob N. Gurzeev •
Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.
Europe, North America
Cyber Risk Retainers: Not Another Insurance Policy
by Matt Dunn •
The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.
Europe, North America
Cybercriminals Expand Attack Radius and Ransomware Pain Points
by Threatpost •
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of “triple extortion” ransomware attacks.
Europe, North America
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
by Threatpost •
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
Europe, North America
Closing the Gap Between Application Security and Observability
by Threatpost •
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
Europe, North America, Vulnerabilities
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
by Tony Lauro •
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company’s attack surface and the “blast radius” of a potential attack.
Europe, North America
CANs Reinvent LANs for an All-Local World
by David Canellos •
A close look at a new type of network, known as a Cloud Area Network.
Europe, North America
Bad Actors Are Maximizing Remote Everything
by Aamir Lakhani •
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting ‘remote everything’.
Europe, North America
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
by Nate Warfield •
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security
vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents
most breaches.
Europe, North America, Vulnerabilities
The Uncertain Future of IT Automation
by Chris Hass •
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.
Europe, North America
6 Cyber-Defense Steps to Take Now to Protect Your Company
by Daniel Spicer •
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.
Europe, North America
The Harsh Truths of Cybersecurity in 2022, Part II
by Sonya Duffin •
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.
Europe, North America
3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I
by Sonya Duffin •
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.
Europe, North America, Vulnerabilities
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet
by John Hammond •
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.
Europe, North America, Vulnerabilities
Supply-Chain Security Is Not a Problem…It’s a Predicament
by Sounil Yu •
Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.
Europe, North America
The Account Takeover Cat-and-Mouse Game
by Jason Kent •
ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild.
Europe, North America, Vulnerabilities
New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense
by Kerry Matre •
Need a blueprint for architecting a formidable cyber-defense? Kerry Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
Europe, North America
Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox
by Troy Gill •
Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
Europe, North America, Vulnerabilities
The Internet’s Most Tempting Targets
by David “moose” Wolpoff •
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
Europe, North America, Vulnerabilities
The Log4j Vulnerability Puts Pressure on the Security World
by Saryu Nayyar •
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
Europe, North America, Vulnerabilities
Real Big Phish: Mobile Phishing & Managing User Fallibility
by Daniel Spicer •
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
Europe, North America, Vulnerabilities
Here’s REALLY How to Do Zero-Trust Security
by Joseph Carson •
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
Europe, North America
What the Rise in Cyber-Recon Means for Your Security Strategy
by Aamir Lakhani •
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
Europe, North America
Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud
by Jason Kent •
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
Europe, North America
Global Cyberattacks from Nation-State Actors Posing Greater Threats
by Casey Ellis •
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
Europe, North America
Time to Ditch Big-Brother Accounts for Network Scanning
by Yaron Kassner •
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
Europe, North America
Convergence Ahoy: Get Ready for Cloud-Based Ransomware
by Oliver Tavakoli •
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
Europe, North America
In 2022, Expect More Supply Chain Pain and Changing Security Roles
by Sounil Yu •
If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and throug…
Europe, North America
Next-Gen Maldocs & How to Solve the Human Vulnerability
by John Hammond •
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
Europe, North America
Not with a Bang but a Whisper: The Shift to Stealthy C2
by Nate Warfield •
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike’s arsenal.
Europe, North America
Are You Guilty of These 8 Network-Security Bad Practices?
by Tony Lauro •
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.
Europe, North America
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
by Jason Kent •
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.
Europe, North America
How Decryption of Network Traffic Can Improve Security
by Jeff Costlow •
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
Europe, North America
How to Defend Against Mobile App Impersonation
by David Stewart •
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.
Europe, North America
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches
by Saryu Nayyar •
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
Europe, North America
3 Top Tools for Defending Against Phishing Attacks
by Justin Jett •
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.