ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.



  1. Home
  2. ControlScan Blog

Cybersecurity-Related Financial Risk as a Board Imperative

October 16, 2020Published by

Over the last few years, organizational board members have taken an increasing interest in cybersecurity as a financial risk. If you think about it, this makes sense because securing your company’s data stops the bleed of shareholder value. The value of data is changing, so the level of protection you need to apply is changing. Companies are looking at these things to maintain their brand and viability.

  Read More   

Going Beyond Traditional Endpoint Security Protection

September 17, 2020Published by

This week was an exciting one for us here at ControlScan, because we officially announced the general availability of ControlScan MDR Essential. A new tier of our Managed Detection and Response (MDR) product suite, MDR Essential is aimed at cost-conscious small and mid-sized businesses (SMBs) and the channel partners that serve them.

  Read More   

How an Attacker Bypasses Network, Software and Physical Controls

September 8, 2020Published by

As we refine our remote work arrangements, our arsenal of communication devices—and our digital footprint—grows. Unfortunately, all these communication tools create additional IT vulnerabilities and make our businesses a more prominent target for cyber attackers to exploit. In this post I’ll share common ways in which an attacker bypasses network, software and physical controls in today’s extended workplace environment.

  Read More   

What Can COVID-19 Teach Us About Preventing a Security Pandemic?

May 1, 2020Published by

We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.

  Read More   

DoppelPaymer: Not Your Average Ransomware

March 9, 2020Published by

A ransomware variant, DoppelPaymer is showing some interesting new features that have morphed it into what we call “extortionware.” It is infecting systems and performing not only data encryption for ransom, but also exfiltrating data back to the attackers to be potentially released to the public if payment for the ransom is not made.

  Read More   

Don’t Wait Until Ransomware Has Your Business Locked Down

March 3, 2020Published by

In my daily scan of the security news headlines, I’ve been noticing that more and more frequently, companies hit by ransomware are paying up. A more recent example is the City of Cartersville, Georgia, which paid a whopping $380K to its attackers. But it doesn’t have to be this way! Read on for 3 ways to avoid a ransomware lock down.

  Read More   

Sophisticated Attackers Targeting Petroleum Marketers

February 17, 2020Published by

Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.

  Read More   

Yes, the October 2020 EMV Deadline for Fuel Pumps is a Definite

January 30, 2020Published by

It’s 2020, and that means the deadline for the Visa and Mastercard EMV liability shift for the petroleum market is now imminent. But before you say, “Well, I’ve heard that one before,” and go about your business as a fuel retailer, it’s important to understand that this deadline appears to be sticking.

  Read More   

        Featured        

The Georgia Information Security Industry is Thriving

January 20, 2020Published by

While many associate Georgia with innovation and expansion in the payments space—more than 70% of America’s payment transactions are processed by companies in Atlanta and around Georgia—the Georgia information security landscape is also a boon for the state’s economy. In its new industry report, “2020 State of Georgia’s Information Security and Cybersecurity Ecosystem,” the Technology Association of Georgia (TAG) lists more than 75 InfoSec products and services companies that call Georgia home. Together, these companies and others like them generate over $1.4 billion in annual revenue and employ more than 6,700 network and computer system engineers alone.

  Read More   

Tackling the Insider Threat of Disengaged Employees

January 2, 2020Published by

We’ve all worked with them, and at some point in our career, we may have even been one: A disengaged employee. Most companies and leadership teams concern themselves with unhappy employees for one basic reason, and that’s the costs of lost productivity. But have you ever thought about the cybersecurity threat posed by an actively disengaged employee?

  Read More   

Security Patching: How Fast is Fast Enough?

October 3, 2019Published by

October is National Cyber Security Awareness Month (#NCSAM), and one of the topics I like to bring up is security patching. Just about every IT leader will tell you that timely security patching is a priority for their organization. So why did our latest ControlScan research find that 43% of IT teams are taking more than a week to implement even the most critical of security patches?

  Read More   

        Featured        

Tales from the SOC: Surprise! You’ve Got Active Malware.

June 28, 2019Published by

Late in the day on a recent Friday, a new customer began installation of the ControlScan Managed Detection and Response (MDR) service to their end user systems. This customer is an SMB (small to mid-sized business) that relies on personal computers to keep their business running. Sound familiar?A few hours after the customer’s implementation was complete—at 12:05 a.m. Saturday to be exact—our MDR service blocked an attempted execution of malware that was present on one of their remote office computers.As it turns out, this active malware had been on the remote office machine since October 2018. With each user login, the malware was executing and performing data harvesting, as well as making attempts at lateral movement and propagation.

  Read More   

Next »



Back to Top