Breach Risk Minimization for Under-Resourced Teams
CISOs that have enough budget and enough people on their teams have always been about as rare as hen’s teeth, but a confluence of challenges in today’s environment has made resource constraints even more painful for information security teams. Three particularly acute pain points for today’s CISOs include: Explosion of ... Read More
Top 9 Vulnerabilities With No Assigned CVE Number
The acronym CVE has become synonymous with vulnerability. And perhaps rightly so – it’s a convenient, unique identifier that makes it easy for people to exchange information about the vulnerability, and the state of that vulnerability within an organization. Unfortunately, the CVE system can be very misleading because, while it ... Read More
6 Factors to Consider in Evaluating CVE Importance
You just finished reviewing the latest report from your vulnerability scanner and surprise, surprise, way more vulnerabilities reported than your vulnerability management program can hope to mitigate. As always. So what’s an enterprising infosec professional to do? Prioritizing based on CVSS Scores is the most common approach, one that your ... Read More
Exploited in the Wild, It Took Microsoft 734 Days to Patch this Vulnerability
On August 5, 2018, a malware sample, now known as Glueball (CVE-2020-1464), targeting Microsoft Windows was uploaded to VirusTotal. Upon investigating the issue, the sample was forwarded to Microsoft for further investigation. In January, 2019, VirusTotal published a blog post about the issue, wrapping up by stating that, “Microsoft has ... Read More
Two CISOs Pay $400k for Security, Yet One Spends 10x More. How?
New survey data shows that the majority (55%) of cybersecurity budgets are allocated towards reactive, rather than proactive, tools. Ask any infosec professional and they’ll tell you that a solid infosec strategy requires both reactive and proactive strategies, but could shifting this spend in the other direction result in organizations ... Read More
6 Keys to Ensuring Remote Employee Security
There are some amazingly high profile architectural landmarks that we meant to be temporary in nature. Believe it or not, famous structures such as The London Eye, the original Ferris Wheel, the San Francisco Palace of Fine Arts, and even the iconic Eiffel Tower, were all temporary structures that lived ... Read More
Making Infosec Jobs Easier: Threat Hunting
This is post 6 in our series on making infosec jobs easier and covers threat hunting. You can read the previous 5 posts at one of the links below. Improve overall security posture Assess and report on breach risk Keep systems patched How to adjust to changes in the IT ... Read More
Making Infosec Jobs Easier: Adjusting to Changes in the IT Landscape
This is post 4 in our series on making infosec jobs easier and covers how cybersecurity teams can adjust to changes in IT landscape. The first post covered improving overall security posture. The second post discussed assessing and reporting on breach risk. The third post was all about keeping systems ... Read More
David vs Goliath: Are 16,000 Banks Insecure?
In April 2019, a tiny credit union in Greenville, Pennsylvania, Bessemer System Federal Credit Union, filed a lawsuit against Fiserv, a 24,000 employee financial services behemoth, for breach of contract. After more than a year of delays, a Federal judge ruled that the court would hear some of Bessemer’s claims ... Read More
Making Infosec Jobs Easier: Assessing and Reporting Breach Risk
This is post 2 in our series on making infosec jobs easier. The first post (here) covered the job of improving overall security posture. Assessing and reporting on enterprise breach risk is an important part of the CISO’s role. This holds true whether you just joined the company and you’re ... Read More
