Cadre Blog

A casino hacked through an aquarium heater* sounds like fiction—but this recent headline news was an all-too-real demonstration of the risk that Internet of Things (IOT) devices bring to organizations of all sizes. 

As cybercrime increases, it’s impossible for employees to keep up with every threat. It’s crucial for cybersecurity teams to work more efficiently with fewer resources. In this never-ending quest to stay ahead of threats, an increasing number of...

The Capital One breach exposed over 100 million customers’ sensitive information.In 2017, 147.9 million consumers were affected by the Equifax Breach.Over the past few years, data breaches have affected over 1 trillion user accounts and the...

All of these are common myths, but only one has dangerous misinformation. Can you figure it out?

1. George Washington chopped down a cherry tree. 
2. After you die, your fingernails continue to grow. 
3. You don’t have to worry about your small business...

Part 3 of a three-part series

Milan Patel has seen a thing or two. He can’t talk about some of it, which makes sense, given that he’s the former CTO of the FBI Cyber Division. While there, he organized and co-led the Joint Requirements Team, facilitated by the White House...

Part 1 of a three-part series

To paraphrase Zoolander, cloud-based technology is so hot right now. There are good reasons for that—cost, scalability, and convenience—but if you haven’t asked the right questions, you may face an unpleasant surprise later on. It sounds...

Small governments seem to be stuck between a rock and several hard places.

If you live in the U.S. and have ever noticed false charges on your credit card statement and had to call your bank to have your card canceled, chances are that you are the victim of skimming.  

New research from Michigan State and Johns Hopkins Universities show that failed internal information handling and negligence at healthcare providers’ offices accounts for more than half of personal health information (PHI) breaches.

Evil hackers and corporate spies have had the ability to record the loud tap-tap-tap of computer keyboards to decipher a log of keystrokes for years. The risk of losing your credentials to such a hack has been low because the attacker would have...

Micro-architectural attacks are arguably the most dangerous and difficult of all forms of systems compromise to detect. Micro-architectural attacks leverage flaws in the chip hardware design of computer components. These kinds of flaws are...

You might think your company doesn’t have much in common with the largest shipping company in the world, but if you’re a manufacturer, it’s increasingly likely that your business will be targeted via ransomware.

As the popularity of “smart homes” increases, new research continues to find concerns about the use of IoT (Internet of Things).

On April 15, 2019, a flame ignited Notre Dame Cathedral in Paris and many watched as roughly 500 firefighters struggled to contain the fire. The cause of the flame still remains unclear. According to a recent report, the security guard in charge...

You wouldn’t leave the doors to your business unlocked, would you? Of course you wouldn’t. In the same vein, companies go to great lengths – installing alarms and cameras and hiring security – to ensure their locations are physically secure. Yet...

Industries are transforming with the help of digital technologies and IT, and as competition increases across almost every industry, the pressure to digitally transform also intensifies. However, many companies start this process without thinking...

Author: Tim O'Connor

Impersonation, often called “spoofing” in information security lingo, is one of the most used and critical techniques in the toolboxes of both con artists and evil hackers. Evil hackers can impersonate people, equipment (such...

Author: Tim O'Connor

You may have heard of “Shadow IT”. Shadow IT is the term that describes when employees install their own hardware or software without the approval or even the knowledge of the people responsible for supporting, approving,...

Author: Tim O'Connor

Encouraging employees to improve their security hygiene can feel like an endless battle. Sometimes it feels like having modern medical knowledge and time-travelling back to plague-ridden middle ages. That is why it’s a...

Author: Tim O'Connor

New psychological studies could be a game changer.

Damage to reputation and brand name are often some of the most significant hits an organization takes when knowledge of a security breach becomes public. At last...

At Cadre, we like to say that security isn’t the reason your company succeeds, but it could be the reason it fails. There’s a lot at risk when a company fails to implement a thorough and successful security eco-system and some companies will...

Remember the story of Goldilocks breaking into the three bears’ cottage and wreaking havoc? Goldilocks was eager to eat the porridge left by the bears, so she tried the first bowl and soon realized it was too hot. The next bowl was too cold, but...

Author: Tim O'Connor

A revolutionary new type of malware toolset is starting to show up in dark web hacking forums. The new malware architecture is being called “Grab-n-Go”.

What happened?

Citrix, an American software company, disclosed a security breach in which hackers potentially exposed customer data. On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that cyber criminals had gained...

Author: Tim O'Connor

On October 4, 1957 the Sputnik 1 satellite woke up the world and launched (pun intended) the Sputnik crisis, a period of public fear and anxiety across the Western nations. Until Sputnik 1, the western world had an ingrained...

Penetration tests and network vulnerability assessments are essential components to a company's information security playbook.

Below are frequent questions we receive regarding vulnerability assessments and penetration tests and why they are...

Author: Tim O'Connor

We receive a number of questions regarding security awareness training. Below are some common questions. 

What’s the best way to convince my management team to implement a security awareness program?                

A lunch...

Author: Tim O'Connor

What are the 5 most important things to keep in mind when implementing a security awareness program?

1. Adult Learning. A security awareness program is a waste of time and money if information is not retained and a positive...

In 2018, threat actors consistently improved their cyber weapons, quickly adopted new methods and adapted their attacks to emerging technologies. Today’s threat trends increasingly point to more stealth-like cyber attacks with malware,...

Cyber crime is now democratized. In today’s cyber threat landscape, launching a cyber attack is no longer limited to technically savvy hackers. The underground marketplace has made it possible for anyone to become a threat actor. In the...

Sensitive data is being exposed at an alarming rate due to unwanted data breaches. Is your business protected? Recently the Facebook data breach allowed hackers to gain access up to 50 million users, 3 billion users were exposed in the Yahoo! Data

Cadre’s Security Awareness class, course design and consulting services are now able to meet requirements for all major compliance standards.

Cadre’s cutting-edge security awareness offerings leverage fun adult-learning and neuroscience...

Almost every organization has moved at least part of their operation to the cloud. You can’t browse the Internet or do email without a partial cloud presence. With so many of your competitors flocking to the cloud, you can’t afford to overlook...

IaaS is the first tier of a triad of outsourced cloud services. The top two are PaaS (platform as a service) and SaaS (software as a service). Each “…aaS” involves the customer’s doing less work and the cloud provider taking on more...

If you’re going to fly with the eagles in the cloud, you need to be grounded in the best cloud encryption practices. The majority of people know the value of data backup and security. Backup is your insurance against loss; security in the wilds...

Author: Tim O'Connor

This piece is honoring the hero, Alfred Newman.

Alfred Newman passed away yesterday at the age of 94. Mr. Newman was a key part of something extraordinary. He contributed to a tool more successful than the most powerful...

Moving data and other company solutions to the cloud can pay off in significant ways for businesses. Small and medium enterprises gain by no longer needing to shell out additional money for the costs of maintaining data servers and other...

Cleveland I-X Center in Cleveland, Ohio

Earn CPE credits and enjoy a great lineup of educational expert-led sessions. Click here to view the full agenda. 

This year the Summit has added two new places to visit.  The SUMMIT Chateau Café and the...

"Social engineering bypasses all technologies, including firewalls." -Kevin Mitnick

Social engineering is often regarded as the most effective and powerful skill used by black-hat hackers and, until recently, it is one of the least addressed...

Watch this video to determine if your Facebook Account has been compromised:

Three Rivers Information Security Symposium (TRISS) is hosting a symposium on October 19^th from 8:00 am till 4:30 pm at the Monroeville Convention Center –South Hall. 

This community conference is packed with presentations containing overviews of...

We are delighted to be a sponsor and presenter at the NKU Cybersecurity Symposium in Highland Heights, Kentucky. 

Stop by our booth at Northern Kentucky University in the James C. and Rachel M. Votruba Student Union. Register today and you can...

Join Cadre's Exclusive Security Event with our Technology Partners   

When: Thursday, September 27^th starting at 4 pm.

Location: MadTree Brewing - 3301 Madison Road, Cincinnati, OH 45209

Stop by our booth for the 32^nd Annual SIM Strategies Series. This year’s conference is being held at the Hilton Memphis and they will be providing breakfast, lunch and conference materials.  View the full conference agenda.

...

Author: Tim O'Connor

Let me begin by saying I am not an expert on Iranian and Russian disinformation campaigns, although I have been researching them with great interest. What I do have is many years of experience in the information security...

Visit our booth this year at the Lexington Convention Center for the MBE conference. It is a full day conference with registration starting at 7:00 am followed by a continental breakfast. Please click to view the full conference agenda.

Pop on over to our booth at the Data Connector’s Tech-Security Strategies conference. This year’s conference is being held at The Westin in downtown Cincinnati.  Register today and you can earn CPE credits!  They will be providing breakfast,...

By: Phil Swaim

There is no doubt one of the greatest innovations in IT of the last 10 years has been the public cloud and virtualization. Being able to deploy resources for storage, computing, and communication with 0 capital expenditure, little...

In this webinar we discuss what GRC is, why you need a GRC Strategy Roadmap, and how you can leverage a Roadmap to guide you through the GRC implementation journey.

Wherever you are in that journey, the roadmap will allow you to establish...

Stop by our booth at the VMware User Group conference. This year’s conference is being held at the Indianapolis Convention Center in downtown Indianapolis. They will be providing breakfast, lunch and conference materials.  View the full...

Cadre Information Security is proud to be a sponsor and exhibitor at the Circle City Con in Indianapolis. 

Stop by our booth at the Circle City Con security conference. We are co-hosting this year with Symantec, the global leader in...

Cadre Information Security is proud to be a sponsor and exhibitor at the CircleCity Crossroads. 

This is the first year that CircleCityCon, Infragard, and ISSA have joined together to create this extraordinary event for Information Security...

Cadre Information Security is proud to be a sponsor and exhibitor at the Tech Pros at Penn State Dickinson Law. 

Visit our booth on Thursday or Friday, May 24^th and 25^th, at Penn State Dickinson Law.  The conference begins each day at 9 am. Click 

Author: Paul Griggs

SSL is a ubiquitous technology introduced in 1994.  The use of SSL, and it’s descendant, TLS, is first and foremost based on established trust.  A trusted authority validates a domain name as belonging to a particular entity. ...

Cadre Information Security is proud to be co-hosting an exclusive security event with SecurityScorecard.   

When: Friday, May 25th

Location: Cinemark Theatres, 6001 Canal Road, Valley View, OH 44125

Wondering who SecurityScorecard is?  Well come...

Cadre Information Security is proud to be co-hosting an exclusive security event with Fortinet and Gemalto.   

When: Friday, May 25th

Location: Envision Cinemas, 4780 Cornell Road, Blue Ash, OH 45241

Protecting your Galaxy from the Death Star is...

Q. Who knows more about your internet use then Facebook, Amazon or even your browser?

A. Your ISP and NOW they can collect and sell your internet usage information!

Q. How can you protect yourself?

A. Keep reading this blog!

Author: Tim O'Connor

Social Engineering is without question the most powerful and successful hacker skill of all time, but how can you become fluent enough in this skill to learn and defend...

Author: Tim O’Connor

I am a cyber security professional and when I tell some of my peers that I have several Amazon Echo smart speakers in my home and workshop they sometimes look at me like I just said Edward Snowden was my roommate or that I...

Luncheon – Louisville, KY  

Are you in compliance with regulatory requirements?  Join us on April 12^th at Ruth’s Chris Steakhouse at 11:30am to meet our GRC team.

Come take a break from your daily work assignments to hear more about Governance,...

Author: Paul Griggs

Many workers are familiar with the venerable HID access card.  You present the card to a badge reader and the door opens.  The badge itself, about the same size as a credit card, identifies the holder to the access control...

Author: Tim O'Connor

You have likely been hearing about the personal privacy leakage court cases involving data mining your Facebook account and maybe even its link to “spy vs. spy” stuff like Russian election influence. You might have even heard...

Ready for a nice cold beverage?  Join us on Thursday, March 1st at The District Tap to meet our local security team.   

Enjoy a great afternoon of networking with like-minded peers while sampling some food and beverages.  The goal is to introduce...

Cadre Information Security has expanded its partnership with RSA, a Dell Technologies Company, and a leader in the enterprise Risk Management and Governance, Risk and Compliance (GRC) market.

Cadre is broadening its strategic role with RSA, by...

Cadre’s new upgraded classroom brings better than state-of-the-art security training for students at ANY LOCATION to our already advanced training solutions.

Students can now attend all of Cadre’s course offerings remotely without the expense of...

By now you are probably aware of the advantages of using a virtual computer (VM) and how that compares with utilizing and operating a physical one.

A Virtual Chief Information Security Officer (vCISO), similar to a virtual machine, is a new...

A policeman sees a drunk man searching for something under a streetlight and asks what the drunk has lost. He says he lost his keys and they both look under the streetlight together. After a few minutes the policeman asks if he is sure he lost...

When it comes to managing IT for your business, you can never have too much help.  That's why Cadre is now offering Managed Security Services. 

Maintaining and upgrading a security system requires a defined, comprehensive process for updating...

Keeping abreast of your network and infrastructure can be a daunting task. Vulnerabilities are much more than a nuisance, they leave your company open to attacks that can lead to serious consequences. Patching vulnerabilities, monitoring email...

GRC stands for Governance, Risk and Compliance.

The Open Compliance and Ethics Group (OCEG) has published one of the most comprehensive GRC definitions. In its GRC Capability Model, Red Book, 2.0, the OCEG defines GRC as a system of people,...

Cadre Information Security is proud to be co-hosting an exclusive security event with SentinelOne.   

When: Friday, November 3rd starting at 10:30am 

Location: Cobb Theatre, 7514 Bales Street, Liberty Township, OH 45069

SentinelOne’s security...

Cadre Information Security is proud to be a sponsor and exhibitor at the Security Summit in Cleveland, Ohio. 

Cadre Information Security is proud to be a sponsor and exhibitor at the Data Connectors in Nashville. 

Cadre Information Security is proud to be a sponsor and exhibitor at the SecureWorld Cincinnati.

October is National CyberSecurity Awareness Month (NCSAM)! 

There's been a massive number of cyberattacks...

If you work in any sort of IT/cyber security role, you know it’s imperative to be concerned with hacking. It’s scary out there, especially with increasing reports of organized cyber-criminals going after any sized company, not just the bigger...

Malware is a portmanteau of "malicious" and "software". As the name implies, malware is created solely to harm and inconvenience people by corrupting devices and/or data. 

A value-added reseller (VAR) is a company that takes an existing product and adds extra features and/or services to it. This is typically in order to sell an integrated product to end users as a turnkey solution. Value-added resellers can do just...

These last several weeks have brought up a lot of interesting discussions around passwords and password management, both personally and in the enterprise. 

As a Chief Information Security Officer (CISO) or Information Security manager, you have to make decisions on how to best mitigate and handle risks for your business.  

Not all leaks are the result of malice.

When it comes to security, most IT departments focus primarily on network and application security.

By now, we've all read news stories about vulnerabilities in various software and are familiar with the importance of preventing unwanted network...

What is multi-factor authentication?

Multi-Factor Authentication (MFA) is a method used to grant access to a computer or application. Of course the access is only granted after the user has provided a username and two types of authentication...

Security assessments should be a part of any company’s security program. At a high level, they measure a company’s security posture against industry best practices, compliance requirements and industry frameworks.  It takes into consideration...

Encoding, hashing, and encrypting are common concepts applied and discussed when trying to secure data.  Many vendors claim to use strong encryption methods and standards, but it is necessary for a security team to assess whether it really is...

Does alignment of business, organizational and technical goals seem impossible to you? 

Not to us. 

Since 1996, Cadre has been the single source for security guidance, enabling...

Encrypted traffic is becoming increasingly prevalent on corporate networks.  

Part 1 (No Firewall Module)

Instructions for setup are in the link above. You must install two firewalls and configure VRRP on both of them to act as a cluster.  The first part of this exercise is pure VRRP with no firewall module...

No one is immune from data breaches. We’ve witnessed department stores, hospitals, insurance companies, media giants, dating websites, the federal government and so many others in the news almost daily with yet another breach.

This dominated the...

Very few people were talking about network security when Cadre was formed back in late 1991. By most accounts, the first firewall was invented a year later, circa 1992, to the credit of multiple inventors. In the world of security technology,...