Collaborate Disseminate
One year and a half following the start of the COVID-19 pandemic, we’re seeing most companies either maintaining their remote work policies or slowly moving to a hybrid model. In fact, an estimated 36.2 million Americans will be working remotely by 202… Continue reading Zero Trust: The Protection Model for the Post-Pandemic World
One year and a half following the start of the COVID-19 pandemic, we’re seeing most companies either maintaining their remote work policies or slowly moving to a hybrid model. In fact, an estimated 36.2 million Americans will be working remotely by 2025, which is nearly double pre-pandemic levels. Continue reading Zero Trust: The Protection Model for the Post-Pandemic World
In early May 2021, the President of the United States issued an executive order on cybersecurity, and though it will take some time for executive branch agencies to develop formal rules, the order itself includes a lot of what I consider to be best practice in cybersecurity, including the use of multi-factor authentication (MFA) and Zero Trust, mentioned by name. Continue reading The Countdown Has Started — The Move Toward Zero Trust and MFA
Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020. Thankfully, this latest attempt was not as impactful as those in the past. It was discovered early on and largely mitigated through several protections. Continue reading Trusting Locations Bites Us Yet Again
Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020. Thankfully, this latest… Continue reading Trusting Locations Bites Us Yet Again
On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vuln… Continue reading CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited
On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, after a FireEye blog shed light on security incidents involving compromises of Pulse Secure VPN appliances. The directive outlines the specific actions all US federal agencies should take to mitigate the vulnerability and maintain compliance. Continue reading CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited
Reflecting on the cybersecurity threat landscape in 2020, we can’t overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling co… Continue reading Observed Changes to the Threat Landscape in 2020
Reflecting on the cybersecurity threat landscape in 2020, we can’t overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to remote working practices and other environmental changes, cybercriminals ramped up their attacks. Continue reading Observed Changes to the Threat Landscape in 2020
"Working from home 2021" was the title of my talk at The Cyber Security Summit in January, and the strikethrough is important. After a massive shift away from common workspaces in response to the global pandemic, there is no more working remotely or working from home, there is just working. The axiom, "work is what you do, not where you go" has never before been so true. Continue reading Adapting Security to Work Anywhere