Five backup lessons learned from the UnitedHealth ransomware attack

The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation.  Over the past few months, there have be… Continue reading Five backup lessons learned from the UnitedHealth ransomware attack

The changing face of identity security

It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold of privileg… Continue reading The changing face of identity security

4 reasons why veterans thrive as cybersecurity professionals

Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity comp… Continue reading 4 reasons why veterans thrive as cybersecurity professionals

Apple’s 45-day certificate proposal: A call to action

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a vote among Certification Authority… Continue reading Apple’s 45-day certificate proposal: A call to action

Consumer privacy risks of data aggregation: What should organizations do?

In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTub… Continue reading Consumer privacy risks of data aggregation: What should organizations do?

Open-source software: A first attempt at organization after CRA

The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized … Continue reading Open-source software: A first attempt at organization after CRA

IoT needs more respect for its consumers, creations, and itself

Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device and … Continue reading IoT needs more respect for its consumers, creations, and itself

Risk hunting: A proactive approach to cyber threats

Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn…. Continue reading Risk hunting: A proactive approach to cyber threats

A good cyber leader prioritizes the greater good

In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into this; we have to get ourselve… Continue reading A good cyber leader prioritizes the greater good

Achieving peak cyber resilience

Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two mont… Continue reading Achieving peak cyber resilience