February 17, 2020 •
Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.
Active Monitoring • MDR • Network Security • Point of Sale
October 3, 2019 •
October is National Cyber Security Awareness Month (#NCSAM), and one of the topics I like to bring up is security patching. Just about every IT leader will tell you that timely security patching is a priority for their organization. So why did our latest ControlScan research find that 43% of IT teams are taking more than a week to implement even the most critical of security patches?
Active Monitoring • MDR • Network Security
April 25, 2019 •
When cybersecurity coverage gets slim—whether it’s due to a lack of internal expertise or technology capabilities, or both—key business functions tend to go on what I call “autopilot.” Firewalls run using outdated configurations, legitimate security threats go unnoticed, and everyone is just hoping today isn’t the day an employee clicks a bad link and unleashes a crippling malware attack. Learn about the three business functions that should never be put on cybersecurity autopilot, and how to proactively address your organization’s expertise and manpower challenges.
Endpoint Security • MDR • Network Security
August 13, 2018 •
I’ve found myself in this conversation a few times recently, about what determines that a device on the network is “unapproved.” The fact is, the only unapproved devices on your network are those that defeated your security measures to get on it. If you build the network correctly, then you have lists of monitored and unmonitored devices, but not unapproved.The issue at hand is how to identify and account for your monitored and unmonitored devices. With that accomplished, it’s much easier to spot an anomaly that could lead to a breach.
December 12, 2017 •
Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.
Compliance • Network Security • Vulnerability Management
June 5, 2017 •
As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?
Cloud Security • Network Security • Security Assessments
April 19, 2017 •
FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.
Encryption • Network Security
January 13, 2017 •
It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.
Network Security • Risk Management • Security Assessments
November 15, 2016 •
Third party relationships make your life easier in a multitude of ways, from streamlining processes, to providing additional human resources, to ensuring operational efficiency. Unfortunately, these relationships also introduce increased business risk related to data security and compliance.If one or more of your third party vendors doesn’t maintain a strong security posture and is consequently compromised, your business could very well end up sharing the burden of recovery. Read this ControlScan blog post for three steps you can take to lessen your business’s third party risk.
Internet of Things • Network Security • PCI Compliance
October 7, 2016 •
One of the easiest ways you can protect business accounts from unauthorized use is to incorporate multi-factor authentication, or MFA. But how do you use it in a way that has a meaningful impact on your organization’s security risk reduction efforts?
Access Control • Network Security • Vulnerability Management
September 30, 2016 •
Cybersecurity Unknowns: It’s not the “who” but the “what.” When you stop and think about your business’s IT security, do you often wonder who the unnamed faces are behind the relentless barrage of cyber attacks out there? Everyone has an opinion: “Government target—must be a nation-state” or “Little guy—must be a disgruntled ex-employee.” Our assumptions, […]
Firewalls • Network Security
September 22, 2016 •
Congratulations! Your organization has implemented a SIEM platform for network security monitoring. However, don’t expect it to consume logs and machine data from your environment and effortlessly spit out actionable alarms. In other words, experienced human involvement is necessary to truly realize your SIEM’s benefits.
Cloud Security • Network Security
July 12, 2016 •
Event log monitoring—or keeping an eye on your system logs for security and compliance purposes—can be a challenge. Here at ControlScan we see businesses and their IT teams struggling with its implementation and/or maintenance just about every day.
Internet of Things • Network Security • Point of Sale
June 13, 2016 •
Network Security • Vulnerability Management
What’s Your Data Security Approach? Growth and change is inherent to any healthy organization, but that positive change can have a negative impact on the security of your organization’s data. Have you considered what it really takes for your organization to be secure? If not, it’s probably time to ask some hard questions, the first […]
June 6, 2016 •
Have you been told your organization needs to comply with certain information privacy and/or security standards, such as PCI, HIPAA, etc.? If so, you may find yourself quickly overwhelmed with all the requirements for bringing people, processes and technology into “compliance.” Yes, compliance can suck.
Firewalls • Network Security • Security Awareness