We’ve all become familiar with QR Codes, those square bar codes that seem to be everywhere. You scan them with your phone camera, and they take you directly to a website. With COVID came the need for less physical contact with things like restaurant menus, registration and contact information at conferences, and even online payments.
Quishing: What you need to know about it and how to prevent these attacks
Topics: Cybersecurity, Network Security, Information Security, Data Security, Data Protection, risk
Rolling the Dice on Cybersecurity: Lessons from the MGM Breach
You may have seen it in the news, but another major company has been a victim of a nasty ransomware attack that disrupted services and customers for over ten days. This time, the victim was MGM Resorts in Las Vegas.
What separates this major incident from others is that the hackers pulled the malicious attack off using one of the oldest tricks in the book: social engineering. So, what happened, and what can we learn from this?
Topics: Cybersecurity, Network Security, Data Breach, Data Security, security incident handling, risk, Ransomware, social engineering
6 Benefits of Conducting a Cybersecurity Risk Assessment
With so much of the world's business taking place online, cybersecurity threats have become increasingly prevalent. Cyberattacks cost companies millions of dollars a year, and not every business can recover from an incident like a data breach or ransomware hoax. A cybersecurity risk assessment evaluates how potential weaknesses could impact your organization.
Topics: Cybersecurity, Network Security, Risk Assessment
No, Your IT Team Shouldn’t Manage Your Cybersecurity
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.
Topics: Cybersecurity, Network Security, Information Security, Data Security, Data Ownership, Incident Response, cybersecurity plan
When in doubt, try "Password123" - How I guessed your password
During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.
Topics: Cybersecurity, Network Security, Data Protection, Personal Data Protection, Security Awareness Training, Passwords, Monitoring