5 Ways to be Sure You’re not Over- or Under-Solving for Security
Remember the story of Goldilocks breaking into the three bears’ cottage and wreaking havoc? Goldilocks was eager to eat the porridge left by the bears, so she tried the first bowl and soon realized it was too hot. The next bowl was too cold, but the third and final bowl was just the right temperature. It might seem strange to draw lessons about your business’ security practices from a ch...
Grab-n-Go Baldr Malware: A Stunning New Type of Malware
Author: Tim O'Connor A revolutionary new type of malware toolset is starting to show up in dark web hacking forums. The new malware architecture is being called “Grab-n-Go”. Until now, malware was designed to infect a computer, network or mobile device and stay resident collecting all of the information it can. The new grab-n-go malware does not wait around for a full virus scan nor does...
Why the Citrix Breach Happened and 6 Steps You Can Take to Protect Your Company
What happened? Citrix, an American software company, disclosed a security breach in which hackers potentially exposed customer data. On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that cyber criminals had gained access to the internal Citrix network. In many cases when dealing with these types of security breaches, one may never receive the full story. Us...
Did we miss China’s Quantum Sputnik?
Author: Tim O'Connor On October 4, 1957 the Sputnik 1 satellite woke up the world and launched (pun intended) the Sputnik crisis, a period of public fear and anxiety across the Western nations. Until Sputnik 1, the western world had an ingrained bias and view of Russia (USSR) as being technologically inferior. Once Sputnik 1 was launched, it started emitting a radio beacon that could be ...
Common Security Assessment Questions
Penetration tests and network vulnerability assessments are essential components to a company's information security playbook. Below are frequent questions we receive regarding vulnerability assessments and penetration tests and why they are important. Why should I run a vulnerability assessment or pen test on my network? It’s all about visibility into the unknown. Good patch management...
Security Awareness Training FAQs
Author: Tim O'Connor We receive a number of questions regarding security awareness training. Below are some common questions. What’s the best way to convince my management team to implement a security awareness program? A lunch and learn presentation on what security awareness is, why it is important and what outcomes can be predicted is an excellent and low cost way to ...
5 Things to keep in mind when Implementing a Security Awareness Program
Author: Tim O'Connor What are the 5 most important things to keep in mind when implementing a security awareness program? Adult Learning. A security awareness program is a waste of time and money if information is not retained and a positive culture change is not initiated. Content must be relevant to the audience. While some content may be mandated by a compliance standard (NIST/HIPAA e...
2019 Cyber Attack Trends
In 2018, threat actors consistently improved their cyber weapons, quickly adopted new methods and adapted their attacks to emerging technologies. Today’s threat trends increasingly point to more stealth-like cyber attacks with malware, ransomware, data breach, and cryptomining. The Cyber Attack Trends Analysis report includes: An in-depth look at today’s cyber attack trends Expert analys...
Malware-as-a-Service Empowers Cyber Attackers
Cyber crime is now democratized. In today’s cyber threat landscape, launching a cyber attack is no longer limited to technically savvy hackers. The underground marketplace has made it possible for anyone to become a threat actor. In the second volume of Check Point's 2019 Security Report, we go under the hood of cyber crime. See why Malware-as-a-service has increased, and how it has beco...
8 Steps to Prevent the Next Data Breach
Sensitive data is being exposed at an alarming rate due to unwanted data breaches. Is your business protected? Recently the Facebook data breach allowed hackers to gain access up to 50 million users, 3 billion users were exposed in the Yahoo! Data breach. The Equifax data breach in 2017 leaked people’s names, social security numbers, birth dates, address and even driver’s license numbers...
Cadre’s Security Awareness Services Meet Requirements for Major Compliance Standards
Cadre’s Security Awareness class, course design and consulting services are now able to meet requirements for all major compliance standards. Cadre’s cutting-edge security awareness offerings leverage fun adult-learning and neuroscience techniques to achieve the best retention of information as well as the most effective buy-in and security culture-changing results for clients. Instructo...
Benefits of Moving to the Cloud
Almost every organization has moved at least part of their operation to the cloud. You can’t browse the Internet or do email without a partial cloud presence. With so many of your competitors flocking to the cloud, you can’t afford to overlook the advantages of migrating more of your operation to the cloud. There are challenges, of course. You need to crunch the numbers, do your research...
How IaaS (Infrastructure as a service) can cut down your IT spend
IaaS is the first tier of a triad of outsourced cloud services. The top two are PaaS (platform as a service) and SaaS (software as a service). Each “…aaS” involves the customer’s doing less work and the cloud provider taking on more responsibilities for the organization’s IT load. As the first level of cloud services, IaaS is a resource that provides the servers and storage and the nece...
Encryption Methods in the Cloud
If you’re going to fly with the eagles in the cloud, you need to be grounded in the best cloud encryption practices. The majority of people know the value of data backup and security. Backup is your insurance against loss; security in the wilds of the cloud is all about encryption. Is your personally identifying and proprietary data in the cloud protected by the best encryption practices...
Honoring the Code Talker, Alfred Newman
Author: Tim O'Connor This piece is honoring the hero, Alfred Newman. Alfred Newman passed away yesterday at the age of 94. Mr. Newman was a key part of something extraordinary. He contributed to a tool more successful than the most powerful encryption systems of his time and so well designed that even great geniuses like Alan Turing could not assuage it. Mr. Newman was a Navajo Code Talk...
Three Wrong Assumptions Business Owners Have About Cloud Security
Moving data and other company solutions to the cloud can pay off in significant ways for businesses. Small and medium enterprises gain by no longer needing to shell out additional money for the costs of maintaining data servers and other expensive software on their premises. Companies that have the most to gain hesitate to make that move because of misconceptions they harbor about the se...
Join us Today at the Information Security Summit in Cleveland
Cleveland I-X Center in Cleveland, Ohio Earn CPE credits and enjoy a great lineup of educational expert-led sessions. Click here to view the full agenda. This year the Summit has added two new places to visit. The SUMMIT Chateau Café and the NASA Demo Place. If you like nostalgia, then the NASA display will be available for all attendees. Grab a cup of the Chateau’s specialty coffe...
Creating an Effective Security Awareness Program
"Social engineering bypasses all technologies, including firewalls." -Kevin Mitnick Social engineering is often regarded as the most effective and powerful skill used by black-hat hackers and, until recently, it is one of the least addressed cybersecurity issues. Studies show that 70% of US employees lack basic security and privacy skills ...
How to know if your Facebook Account has been Breached
Watch this video to determine if your Facebook Account has been compromised:
Join us at Three Rivers Information Security Symposium in Pittsburgh
Three Rivers Information Security Symposium (TRISS) is hosting a symposium on October 19th from 8:00 am till 4:30 pm at the Monroeville Convention Center –South Hall. This community conference is packed with presentations containing overviews of cybersecurity risks, securing the cloud, pen test guide for hacking, insider threats and many more. Visit our booth and we will enter you into ...
NKU Cybersecurity Symposium
We are delighted to be a sponsor and presenter at the NKU Cybersecurity Symposium in Highland Heights, Kentucky. Stop by our booth at Northern Kentucky University in the James C. and Rachel M. Votruba Student Union. Register today and you can earn CPE credits. They will be providing breakfast, lunch and conference materials. View the full conference agenda! If you are interested in Cr...
Serve & Protect Cincinnati Style
Join Cadre's Exclusive Security Event with our Technology Partners When: Thursday, September 27th starting at 4 pm. Location: MadTree Brewing - 3301 Madison Road, Cincinnati, OH 45209 Join us for Cadre’s Serve & Protect mini tech summit. Enjoy a great afternoon of networking with local professionals and business owners while sampling some food and beverages. Are you facing any securit...
Join us in Memphis, Tennessee at the SIM Strategy Series for Executives
Stop by our booth for the 32nd Annual SIM Strategies Series. This year’s conference is being held at the Hilton Memphis and they will be providing breakfast, lunch and conference materials. View the full conference agenda. The keynote speakers this year are Scott Augenbaum, cybersecurity expert who worked as a Special Agent with the FBI and Mark Nutsch, a Green Beret Commander in the US...
If you think Iranian and Russian disinformation memes are designed to change people’s minds and opinions, you might already be deceived!
Author: Tim O'Connor Let me begin by saying I am not an expert on Iranian and Russian disinformation campaigns, although I have been researching them with great interest. What I do have is many years of experience in the information security field and am a practicing stage and parlor mentalist. You may be wondering, what does mentalism have to do with disinformation campaigns? Well, I’m ...
Cadre is proud to be a sponsor at the 14th Annual Lexington Bluegrass Area Minority Business Expo in Lexington
Visit our booth this year at the Lexington Convention Center for the MBE conference. It is a full day conference with registration starting at 7:00 am followed by a continental breakfast. Please click to view the full conference agenda. Can you take a guess of what percentage of US employees lack baseline security and privacy awareness skills and knowledge? A recent survey found that it...
Join us at the Data Connector’s Tech - Security Strategies conference
Pop on over to our booth at the Data Connector’s Tech-Security Strategies conference. This year’s conference is being held at The Westin in downtown Cincinnati. Register today and you can earn CPE credits! They will be providing breakfast, lunch and conference materials. View the full conference agenda. This conference is packed with breakout sessions containing overviews of current...
Talk About Cloud First or Get There Last
By: Phil Swaim There is no doubt one of the greatest innovations in IT of the last 10 years has been the public cloud and virtualization. Being able to deploy resources for storage, computing, and communication with 0 capital expenditure, little risk of failure, little expert technical knowledge required (especially true for SaaS offerings), and a near 0 barrier to entry has provided sta...
GRC Roadmap Webinar
In this webinar we discuss what GRC is, why you need a GRC Strategy Roadmap, and how you can leverage a Roadmap to guide you through the GRC implementation journey. Wherever you are in that journey, the roadmap will allow you to establish priorities, determine resourcing, monitor project milestones, communicate status to senior management and modify strategy as your business requirements...
Visit us at the VMUG in Indianapolis
Stop by our booth at the VMware User Group conference. This year’s conference is being held at the Indianapolis Convention Center in downtown Indianapolis. They will be providing breakfast, lunch and conference materials. View the full conference agenda! This conference is packed with breakout sessions containing overviews of current cyber-security issues such as cloud security, secur...
Circle City Con - Indianapolis
Cadre Information Security is proud to be a sponsor and exhibitor at the Circle City Con in Indianapolis. Stop by our booth at the Circle City Con security conference. We are co-hosting this year with Symantec, the global leader in next-generation cyber security. Circle City Con will be at The Westin in downtown Indianapolis from June 1st through June 3rd. View the full conference age...
CircleCity Crossroads - Indianapolis
Cadre Information Security is proud to be a sponsor and exhibitor at the CircleCity Crossroads. This is the first year that CircleCityCon, Infragard, and ISSA have joined together to create this extraordinary event for Information Security professionals. Join us at The Westin in downtown Indianapolis on Thursday, May 31st at 7:30 am as Stephen Moore, VP & Chief Security Strategist of ...
Visit us at Tech Pros 2018 in Pittsburgh PA
Cadre Information Security is proud to be a sponsor and exhibitor at the Tech Pros at Penn State Dickinson Law. Visit our booth on Thursday or Friday, May 24th and 25th, at Penn State Dickinson Law. The conference begins each day at 9 am. Click here to get the full agenda. Enjoy two full days of expert-led sessions from national keynote speakers, including Michael Kubit, Vice Presiden...
Internal use of SSL/TLS: Risks, Challenges, and Opportunities for Further Consideration
Author: Paul Griggs SSL is a ubiquitous technology introduced in 1994. The use of SSL, and it’s descendant, TLS, is first and foremost based on established trust. A trusted authority validates a domain name as belonging to a particular entity. This trusted authority issues a Certificate to the entity, which is then used to “prove” ownership to any user of the domain. But this model br...
Do You Worry About Who Is Accessing Your Data?
Cadre Information Security is proud to be co-hosting an exclusive security event with SecurityScorecard. When: Friday, May 25th Location: Cinemark Theatres, 6001 Canal Road, Valley View, OH 44125 Wondering who SecurityScorecard is? Well come meet Cadre's latest partner. They have a cutting-edge ecosystem risk management platform that enables security professionals to continuously mo...
Be a Jedi by Protecting Your Galaxy!
Cadre Information Security is proud to be co-hosting an exclusive security event with Fortinet and Gemalto. When: Friday, May 25th Location: Envision Cinemas, 4780 Cornell Road, Blue Ash, OH 45241 Protecting your Galaxy from the Death Star is hard enough, so let Fortinet help you secure your galaxy by having the right protection in place to determine if your network runs smoothly or i...
Your ISP Potentially Knows EVERYTHING that you do through your Internet Connection
Q. Who knows more about your internet use then Facebook, Amazon or even your browser? A. Your ISP and NOW they can collect and sell your internet usage information! Q. How can you protect yourself? A. Keep reading this blog! Quietly last March, Senate Joint Resolution 34 repealed US broadband privacy regulations that had been in place through the FCC. What does this mean? It means that...
How to Legally Practice Social Engineering
Date: 03-APR-2018 Category: Security Awareness Author: Tim O'Connor Social Engineering is without question the most powerful and successful hacker skill of all time, but how can you become fluent enough in this skill to learn and defend against it if the practice is illegal? If you want to learn a skill to protect yourself, your employees or your customers, you must be able practice that...
Should we Fear the Amazon Echo or Other Smart Speakers in our Home?
Author: Tim O’Connor I am a cyber security professional and when I tell some of my peers that I have several Amazon Echo smart speakers in my home and workshop they sometimes look at me like I just said Edward Snowden was my roommate or that I just beamed in from the alternate universe where Spock has a beard. They immediately tell me that these smart speakers send recordings of my voice...
Cadre Information Security is Hosting a Governance, Risk and Compliance Roadmap Strategy Workshop at Ruth’s Chris Steakhouse.
Luncheon – Louisville, KY Are you in compliance with regulatory requirements? Join us on April 12th at Ruth’s Chris Steakhouse at 11:30am to meet our GRC team. Come take a break from your daily work assignments to hear more about Governance, Risk and Compliance. We have professionals David Ponder and Bryan Johnson from Cential and they will be discussing the benefits of having a Gover...
HID Proximity Access Cards: Unsafe at Any Speed!
Author: Paul Griggs Many workers are familiar with the venerable HID access card. You present the card to a badge reader and the door opens. The badge itself, about the same size as a credit card, identifies the holder to the access control system that controls door access. But are these badges secure? In the physical lock industry, there is a concept known as a “restricted keyway." ...
Don't Lose Face with your Friends over Facebook
Author: Tim O'Connor You have likely been hearing about the personal privacy leakage court cases involving data mining your Facebook account and maybe even its link to “spy vs. spy” stuff like Russian election influence. You might have even heard about the fact that not only was your personal information possibly mined but also the data of your unsuspecting friends. One thing that I have...
Cadre Information Security is hosting a Happy Hour at The District Tap in Indianapolis
Ready for a nice cold beverage? Join us on Thursday, March 1st at The District Tap to meet our local security team. Enjoy a great afternoon of networking with like-minded peers while sampling some food and beverages. The goal is to introduce you to some new technology partners to help you with any security challenges you are currently facing. No sales presentations! Just food, drin...
Cadre to Offer RSA Archer Solutions
Cadre Information Security has expanded its partnership with RSA, a Dell Technologies Company, and a leader in the enterprise Risk Management and Governance, Risk and Compliance (GRC) market. Cadre is broadening its strategic role with RSA, by optimizing client demand for a superior risk management platform that will evolve as their client’s business progresses. The Cadre and RSA partne...
Cadre's Digital Training Classroom
Cadre’s new upgraded classroom brings better than state-of-the-art security training for students at ANY LOCATION to our already advanced training solutions. Students can now attend all of Cadre’s course offerings remotely without the expense of travel to our downtown Cincinnati classroom. Remote students are not second class attendees like other ‘webinar’ type remote training offerings ...
Benefits of a Virtual Chief Information Security Officer Service (vCISO)
By now you are probably aware of the advantages of using a virtual computer (VM) and how that compares with utilizing and operating a physical one. A Virtual Chief Information Security Officer (vCISO), similar to a virtual machine, is a new service Cadre is offering that is filling a need for many organizations. This service offers great flexibility and several use-cases. For example, a ...
Security Awareness Evaluation - Don't Fall for the "Streetlight Effect!"
A policeman sees a drunk man searching for something under a streetlight and asks what the drunk has lost. He says he lost his keys and they both look under the streetlight together. After a few minutes the policeman asks if he is sure he lost them here, and the drunk replies, no, and that he lost them in the park. The policeman asks why he is searching here, and the drunk replies, "This...
Cadre Now Offers Managed Services
When it comes to managing IT for your business, you can never have too much help. That's why Cadre is now offering Managed Security Services. Maintaining and upgrading a security system requires a defined, comprehensive process for updating and implementing that is both repeatable and measurable. Having worked in thousands of environments, Cadre has developed strategies that simplify t...
Monitor the Security State of your Internal Network with Virtual Network Vulnerability Scanning
Keeping abreast of your network and infrastructure can be a daunting task. Vulnerabilities are much more than a nuisance, they leave your company open to attacks that can lead to serious consequences. Patching vulnerabilities, monitoring email attachments, and keeping antivirus controls up to date are just some of the on-going requirements for keeping organizational data secure. Cadre ca...
What is GRC?
GRC stands for Governance, Risk and Compliance. The Open Compliance and Ethics Group (OCEG) has published one of the most comprehensive GRC definitions. In its GRC Capability Model, Red Book, 2.0, the OCEG defines GRC as a system of people, processes, and technology that enables an organization to: Understand and prioritize stakeholder expectations. Set business objectives that are congr...
Good vs. Evil: Dealing with today's cyber threats
Cadre Information Security is proud to be co-hosting an exclusive security event with SentinelOne. When: Friday, November 3rd starting at 10:30am Location: Cobb Theatre, 7514 Bales Street, Liberty Township, OH 45069 SentinelOne’s security experts will be on hand to discuss why the endpoint is now the focus for security professionals and the trends that have led up to the need for a s...
InfoSec Summit SSW-2017 Cleveland Ohio
Cadre Information Security is proud to be a sponsor and exhibitor at the Security Summit in Cleveland, Ohio. Visit our booth #40 on Thursday or Friday, November 2nd and 3rd, at the Cleveland I-X Center. The conference begins each day at 7 am. Click here to get the full agenda. Earn CPE credits and enjoy a full week of expert-led sessions from national keynote speakers, including Wanda...
Data Connectors - Nashville
Cadre Information Security is proud to be a sponsor and exhibitor at the Data Connectors in Nashville. Stop by our booth at the Data Connector’s Tech-Security Strategies conference. This year’s conference is being held at Doubletree by Hilton in downtown Nashville. Register today and you can earn CPE credits. Data Connector's will be providing breakfast, lunch and conference materials...
SecureWorld Cincinnati
Cadre Information Security is proud to be a sponsor and exhibitor at the SecureWorld Cincinnati. Join us October 24th for the 3rd annual SecureWorld Cincinnati cybersecurity conference. You can earn 6-12 CPE credits, network with peers and attend breakout sessions. See the full agenda! Hear from keynotes including Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute, and William...
Building CyberSecurity Awareness
October is National CyberSecurity Awareness Month (NCSAM)! This campaign was created as an effort to ensure Americans have the resources and information they need to be safe and more secure online. There's been a massive number of cyberattacks that have occurred recently, and we wanted to share some helpful posts this month to help you outsmart the hackers. Our trusted partners at Gig...
How to Encourage Your Team to use Stronger Passwords
If you work in any sort of IT/cyber security role, you know it’s imperative to be concerned with hacking. It’s scary out there, especially with increasing reports of organized cyber-criminals going after any sized company, not just the bigger players. As important as it is to create strong firewalls and defend against external threats, one of a company’s biggest vulnerabilities can come ...
What is Malware?
Malware is a portmanteau of "malicious" and "software". As the name implies, malware is created solely to harm and inconvenience people by corrupting devices and/or data. Malware runs the gamut of "black hat" software developers wanting a laugh for the wrong reasons to criminal organizations and the intelligence community who want to access their targets' devices and networks to get the...
What is a value-added reseller?
A value-added reseller (VAR) is a company that takes an existing product and adds extra features and/or services to it. This is typically in order to sell an integrated product to end users as a turnkey solution. Value-added resellers can do just as the name implies- add value- by providing complimentary services, additional hardware, extended warranties and support, and other bundles th...
Understanding Password Manager’s Risks and Rewards
These last several weeks have brought up a lot of interesting discussions around passwords and password management, both personally and in the enterprise. This was spurred largely by the news that a Google Project 0 Researcher found many major vulnerabilities in the code of LastPass plugins for Chrome and Firefox, two of the most used web-browsers. When any software is found to have ser...
When a Technology Becomes a Security Control
As a Chief Information Security Officer (CISO) or Information Security manager, you have to make decisions on how to best mitigate and handle risks for your business. As with any proverbial cat, there are many ways to skin it. However, technology becomes a great friend to many a security program with promises of providing compliance with regulations and standards, stopping zero-day vul...
Small Vulnerabilities Can Lead To Catastrophic Results [Part 2]
Not all leaks are the result of malice. In 2006, America On-Line (AOL) negligently published 20 million web queries from over 650,000 of its users. This simple accident resulted in an incalculable amount of brand damage to AOL, and it could have been prevented if AOL had in place a DLP policy that protected sensitive data from being transmitted to their web servers. Often, a data loss ev...
Small Vulnerabilities can lead to Catastrophic Results [part 1]
When it comes to security, most IT departments focus primarily on network and application security. By now, we've all read news stories about vulnerabilities in various software and are familiar with the importance of preventing unwanted network traffic to important network resources. The importance of best practices in the realms of data loss prevention (DLP), media control, and physica...
It’s Not Fear Factor, it’s Multi-Factor
What is multi-factor authentication? Multi-Factor Authentication (MFA) is a method used to grant access to a computer or application. Of course the access is only granted after the user has provided a username and two types of authentication methods, i.e., a passcode or in the case of biometrics, a fingerprint. For this to be successful the user must retrieve information from at least tw...
5 Major Benefits of Security Assessments
Security assessments should be a part of any company’s security program. At a high level, they measure a company’s security posture against industry best practices, compliance requirements and industry frameworks. It takes into consideration factors such as open ports, patch management, anti-virus updates, encryption strength, and password policies. Guidelines and standards for security...
Encoding, Hashing, and Encryption: What’s the difference?
Encoding, hashing, and encrypting are common concepts applied and discussed when trying to secure data. Many vendors claim to use strong encryption methods and standards, but it is necessary for a security team to assess whether it really is appropriate. Let’s take a look at the differences between and proper usage of encoding, hashing, and encryption. Encoding To encode something is to...
Your Single Source for Security Guidance
Your network is important to you and it's critically important to us. Does alignment of business, organizational and technical goals seem impossible to you? Not to us. Since 1996, Cadre has been the single source for security guidance, enabling firms to focus on increasing value, efficiency, and productivity. Our team of experienced strategists can help identify the security solutions ...
Inspecting Encrypted Network Traffic
Encrypted traffic is becoming increasingly prevalent on corporate networks. By some estimates, over half of the traffic on the Internet will be encrypted by the end of 2015.This poses a problem to organizations who value the security and integrity of their intellectual property and how their employees use the Internet. Because of limitations of many of today’s network devices, this tra...
Taking Over Master Membership and Securing VRRP
Topology: Part 1 (No Firewall Module) Instructions for setup are in the link above. You must install two firewalls and configure VRRP on both of them to act as a cluster. The first part of this exercise is pure VRRP with no firewall module running. When configured properly, you should have interfaces in Master on one device and interfaces in Backup on the other device. Once the Loki m...
Breach Mitigation: Will It Take a Village?
No one is immune from data breaches. We’ve witnessed department stores, hospitals, insurance companies, media giants, dating websites, the federal government and so many others in the news almost daily with yet another breach. This dominated the news in 2014 and in 2015. Breaches have increased. In fact, we’ve almost become numb to the news reports of yet another data breach or, worse ...
Cadre's Story
Very few people were talking about network security when Cadre was formed back in late 1991. By most accounts, the first firewall was invented a year later, circa 1992, to the credit of multiple inventors. In the world of security technology, over two decades of experience makes Cadre a true pioneer in the business. Cadre was formed from a team of software developers that began to branch...
