March 25, 2020 •
Today’s news cycle is all about the impact that coronavirus/COVID-19 has been having within the world’s economy and health and welfare of most all individuals. I am sure you are prepared to handle the loss of a server or recover lost data, but what about your staff? Does your business continuity planning include the loss of people as part of your operational resources? If not, it should!
Coronavirus • Risk Management
March 23, 2020 •
While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.
Encryption • PCI Compliance
March 18, 2020 •
With an immense amount of FUD (fear, uncertainty, doubt) circulating regarding coronavirus/COVID-19, cybercriminals are playing on those emotions and have already begun to alter their attack methods, patterns and content. We have received multiple reports from our customers, along with threat identification in our SOC, of attackers using coronavirus-related messaging in their phishing attempts for email compromise and malware/ransomware infection.
Coronavirus • Security Awareness
March 12, 2020 •
After leaving the March 2-5 conference, I ate lunch at an open seating restaurant at the airport. Over lunch I educated two people on the latest Intelligence on credit card security and fraud, armed with new stats and insights I’d picked up at the MAC Level Up conference. This was proof positive that MAC delivers as it relates to educational content and relevance. In this post, I will share my biggest takeaways from the conference.
March 10, 2020 •
The more we think about data privacy, the more we realize how complex it truly is. From both the technical and the legal side, there are new capabilities that are exciting and offer an incredible capacity for use cases we haven’t even considered. Some of the topics discussed at the RSA 2020 Conference that are worthy of consideration focus on these new and emerging services, and how they must be viewed through the lens of personal privacy.
Encryption • Privacy
March 9, 2020 •
A ransomware variant, DoppelPaymer is showing some interesting new features that have morphed it into what we call “extortionware.” It is infecting systems and performing not only data encryption for ransom, but also exfiltrating data back to the attackers to be potentially released to the public if payment for the ransom is not made.
Active Monitoring • Ransomware
March 3, 2020 •
In my daily scan of the security news headlines, I’ve been noticing that more and more frequently, companies hit by ransomware are paying up. A more recent example is the City of Cartersville, Georgia, which paid a whopping $380K to its attackers. But it doesn’t have to be this way! Read on for 3 ways to avoid a ransomware lock down.
MDR • Ransomware
February 17, 2020 •
Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.
Active Monitoring • MDR • Network Security • Point of Sale
January 30, 2020 •
It’s 2020, and that means the deadline for the Visa and Mastercard EMV liability shift for the petroleum market is now imminent. But before you say, “Well, I’ve heard that one before,” and go about your business as a fuel retailer, it’s important to understand that this deadline appears to be sticking.
January 20, 2020 •
While many associate Georgia with innovation and expansion in the payments space—more than 70% of America’s payment transactions are processed by companies in Atlanta and around Georgia—the Georgia information security landscape is also a boon for the state’s economy. In its new industry report, “2020 State of Georgia’s Information Security and Cybersecurity Ecosystem,” the Technology Association of Georgia (TAG) lists more than 75 InfoSec products and services companies that call Georgia home. Together, these companies and others like them generate over $1.4 billion in annual revenue and employ more than 6,700 network and computer system engineers alone.
January 2, 2020 •
We’ve all worked with them, and at some point in our career, we may have even been one: A disengaged employee. Most companies and leadership teams concern themselves with unhappy employees for one basic reason, and that’s the costs of lost productivity. But have you ever thought about the cybersecurity threat posed by an actively disengaged employee?
Access Control • Endpoint Security