Cadre Blog

• Ransomware increased by almost 13% – a rise as big as the last five years combined (for a total of 25% this year)
• Supply chain was responsible for 62% of System Intrusion incidents this year
• 82% of breaches involved the human elements whether it...

For organizations that want to quickly scale to meet operational and/or customer needs, a cloud presence offers an abundance of opportunities. It seems almost unfair to compare and contrast cloud and on-premises infrastructure on the merits of...

Network firewall security dates back to the 1990s. If you’re like us, that makes you feel a little…well…old. At Cadre, we cut our security teeth in the network firewall business, but now we offer so much more to keep up with the changing threat...

For many people, with the new year comes goals, resolutions, and a general sense to ‘do better’ than the year before. In these instances, whether it’s reading more books or spending less time glued to our phones, each resolution has to start with a...

2021 has been quite the year with the latest Log4j vulnerability as the cherry on top. Our information security community has worked tirelessly to uphold the good, while often dealing with limited resources, staff, and sanity. The team at Cadre...

One of the great ironies of IT is that so many IT and security departments are built on two basic falsities: 

1. 1. The demands of the IT and security department are often greater than the funding allocated to execute them (ultimately a budget problem).

The high incidence of ransomware isn’t an issue swept under the rug these days. It’s glaringly obvious in international headlines and at board-level conversations. Yet, there still seems to be a gap in strategies and tools that organizations...

In part one of this blog, we reviewed the most common Security Awareness misconceptions, revealed the truths you need to know, and ways to expand your awareness efforts. If you haven’t already, be sure to read that first and come back for more...

There’s a conversation that has been playing on repeat about Security Awareness. It usually goes something like this…

Risk Assessor: “Do you have a Security Awareness Program?”

IT Director: “Yes, we run phishing tests regularly.”

Risk Assessor:...

Security Awareness is a critical tool in an organization's toolkit. Yet, it tends to be a lower budget priority than other technical controls. According to recent research, 98% of organizations have a Security Awareness program, but only 23% use a...

As the person responsible for cybersecurity risk, you knew it was time to identify and modify your organization’s overall security posture. So, you did what you had to—you made your plea, got the signoffs, and completed a security risk assessment. 

...

Alleviating cybersecurity risks comes in many shapes and sizes—and so do organizations. Large enterprises with deep pockets and full-fledged SOC teams adopt the latest technologies and processes to fight back against adversaries. But for mid-size...

News of companies getting hacked is omnipresent. The fear, uncertainty, and doubt as a result of these reports can make you want to give up. But don’t let that dissuade you—there’s still hope and it resides in an unusual fact: more than 99% of...

The Cadre team is excited to announce we will be hitting the road (and online) to safely connect with the information security community again! We hope you’ll meet up with us when we’re in your neck of the woods.

It’s undeniable—security training, whether on practices or products, is chock full of benefits. Buying cybersecurity training for yourself makes you a more competitive candidate and buying training for employees improves the security posture of the...

As a Check Point Platinum Elite training partner, the team at Cadre is always working behind the scenes to enhance our current training. As the only US Authorized Training Center to offer 6 months of extended lab access (for most classes), we are...

You’ve probably heard about it. Maybe you wrote it off as just another product on your cybersecurity bingo card? It is Extended Detection and Response (XDR)—cybersecurity’s “next big thing.”

The SolarWinds compromise continues to stun government agencies and enterprises across industries around the globe. While the origin and scope of the supply chain attack remain a baffling debate among security experts and practitioners, one thing is...

Operating on the edge with vigorous due diligenceMoving business processes, applications, and data to the cloud is inevitable as we expand operations and distribute workforces around the globe – yet this fundamental shift provides cybercriminals a...

On December 8th, 2020 security practitioners around the world received news from our friends at FireEye of a breach in which they “were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead...

You’re about to push the button on a big investment. You’ve done all the recommended planning and researching to ensure you’re making the right decision. You are even prepared to sign on the dotted line — and suddenly everything changes.  

The production industry has seen incredible changes over the last few centuries, and while emerging technologies such as the Internet of Things offer an abundance of previously unimaginable opportunities, they also present many challenges to...

Originally posted on the Ordr blog: https://resources.ordr.net/blog/closing-the-iot-security-gap-cadre-and-ordr

As a trusted advisor for cybersecurity, it’s important to be able to develop security strategies that match the challenges inherent in...

Security Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature...

The news these days is filled with stories of data breaches, hacks and (gasp) ransomware. And we’ve all heard the warning, right? “It’s not if you’ll get breached, but when.” Doesn’t sound too promising, huh? How do you know if you’re next? How do...

As a business professional, why should you care what your employees post on social media?

Even before COVID-19 caused the mass migration to a remote workforce, many successful hacks into organizations originated from an employee’s personal device...

New security concern: Malware that can copy all the physical keys on your keychain! 

Bugs have been wreaking havoc in humanity long before the rise of information technology, but the bugs we know today have hefty bounties, as companies tap the global community of ethical hackers to scour code for security vulnerabilities before...

Active directory is currently the most popular directory because it is proprietary to Microsoft operating systems, but its days may be numbered for many reasons. In this interview, Tim O'Connor, Manager of Knowledge Services at Cadre and an expert...

Cybercrime has skyrocketed during the pandemic, as untrained remote workers adapt to new environments and learn to do things that they’re not used to doing. 

“All kinds of figures come across my desk every day on how hacking, malware and exploits...

Businesses are eager to open their doors, many remote workers are ecstatic about it, but reopening will not be as simple as flipping a switch and returning to “business as usual”. A variety of social restrictions will continue to disrupt our...

Steve Stasiukonis’ company, Secure Network Technologies, does all kinds of pen testing. When we say all, we mean it—Secure Network has even successfully “shipped” a person in a FedEx box to demonstrate the vulnerabilities of a company being...

Steve Stasiukonis started doing pen testing professionally in 1997, when a former classmate of his confided that his company was struggling to identify network vulnerabilities. Steve had been employed in document management and information security...

We say it all the time in this industry: “People are the biggest security risk in your organization.” What is sometimes missed in that is a good understanding of why. Let me start by giving you a hint, it is not because your employees are...

Asaf Lerner’s work in the identity and access management (IAM) space has spanned 20 years and two countries. His first job was on the R&D side with a small Israeli startup called Aladdin. In that job and others, he designed many PKI and...

With the current economic and social uncertainty in today’s landscape and the rush to transition staff to remote workers, great opportunities arise for attackers to target businesses and employees for financial gain.

Jim Hebler has worked in cybersecurity for nearly 18 years. He started out covering technology as a journalist for two daily newspapers, The Detroit News and USA Today, then got into private sector communications. After that, he trained with HP...

During challenging times, we hope we have the right tools in place to see us through. A key piece for any business is having the right plans in place in case of a disaster. Unfortunately, many businesses find themselves at risk because:

• • The...

With the ongoing rush to transition staff to remote workers, great opportunities open for con artists and evil hackers to exploit the situation. We in IT and even IS often think that software controls such as VPNs, DLP and Cloud technologies will...

We are kicking off 2020 with our first Serve and Protect event in Cincinnati, OH on March 4th!  If you haven’t been to one, then you are missing out!

Urban Legend Becomes Real

Several years ago some reports came to information security experts from black hat chat sites (evil hacker online groups). The reports said that thieves were stealing high-profile mobile devices left in cars using Bluetooth...

While there's a heated debate about whether a new decade is actually beginning, the beginning of a new year is always a great time to look back, assess what has happened, and make predictions about the future. That's why we at Cadre conducted an...

Cybercrime cost the global economy as much as $600 billion in 2017,⁽¹⁾ so unless your business and all of your customers and employees have no interaction with the internet or modern networking technology, chances are you have hired or will hire a...

Recessions stink. Business contracts, companies pull back and attempt to shrink inventories, employees lose their jobs. As revenues decline, it’s harder to fund the key aspects of the business. But recessions also embody the creative destruction...

As more businesses transition their infrastructure to the cloud, understanding how to securely migrate to the cloud is imperative. After all, if companies don't adapt security architecture, they run the risk of substantial and costly downtime,...

Cadre’s manager of Knowledge Services, Tim O’Connor, was invited to an FBI Cyber Security briefing on the official Threat Profile for Iran. He gave us a download on everything he learned about what to look for and how to protect your company. 

Read...

Background

The RSA Charge 2019 took place in September at the Walt Disney World Swan and Dolphin Resort in Orlando, Florida. RSA, a company with a focus on encryption, encryption standards, and managing digital risk, was founded by Ron Rivest, Adi...

If your company is like most, you’ve grappled with the high cost of a Chief Information Security Officer (CISO) and/or a shortage of qualified candidates—either to serve as your CISO or to “fill in” any knowledge gaps in your technical staff.

A...

A casino hacked through an aquarium heater* sounds like fiction—but this recent headline news was an all-too-real demonstration of the risk that Internet of Things (IOT) devices bring to organizations of all sizes. 

However, take heart! There are...

As cybercrime increases, it’s impossible for employees to keep up with every threat. It’s crucial for cybersecurity teams to work more efficiently with fewer resources. In this never-ending quest to stay ahead of threats, an increasing number of...

The Capital One breach exposed over 100 million customers’ sensitive information.In 2017, 147.9 million consumers were affected by the Equifax Breach.Over the past few years, data breaches have affected over 1 trillion user accounts and the...

All of these are common myths, but only one has dangerous misinformation. Can you figure it out?

1. George Washington chopped down a cherry tree. 
2. After you die, your fingernails continue to grow. 
3. You don’t have to worry about your small business...

Part 3 of a three-part series

Milan Patel, current chief client officer at BlueVoyant and former CTO of the FBI Cyber Division, keeps up with the latest in cybercrime and cybersecurity.  (If you missed his great tale of his first FBI vehicle—not to...

Milan Patel has seen a thing or two. He can’t talk about some of it, which makes sense, given that he’s the former CTO of the FBI Cyber Division. While there, he organized and co-led the Joint Requirements Team, facilitated by the White House...

Part 1 of a three-part series

Even if you weren’t interested in cybersecurity, Milan Patel is the kind of guy you hope you get seated next to at a dinner party so you can listen to his stories. Currently the Chief Client Officer at BlueVoyant, Milan...

To paraphrase Zoolander, cloud-based technology is so hot right now. There are good reasons for that—cost, scalability, and convenience—but if you haven’t asked the right questions, you may face an unpleasant surprise later on. It sounds dramatic,...

Small governments seem to be stuck between a rock and several hard places.

If you live in the U.S. and have ever noticed false charges on your credit card statement and had to call your bank to have your card canceled, chances are that you are the victim of skimming.  

New research from Michigan State and Johns Hopkins Universities show that failed internal information handling and negligence at healthcare providers’ offices accounts for more than half of personal health information (PHI) breaches.

Evil hackers and corporate spies have had the ability to record the loud tap-tap-tap of computer keyboards to decipher a log of keystrokes for years. The risk of losing your credentials to such a hack has been low because the attacker would have to...

Micro-architectural attacks are arguably the most dangerous and difficult of all forms of systems compromise to detect. Micro-architectural attacks leverage flaws in the chip hardware design of computer components. These kinds of flaws are largely...

You might think your company doesn’t have much in common with the largest shipping company in the world, but if you’re a manufacturer, it’s increasingly likely that your business will be targeted via ransomware.

As the popularity of “smart homes” increases, new research continues to find concerns about the use of IoT (Internet of Things).

On April 15, 2019, a flame ignited Notre Dame Cathedral in Paris and many watched as roughly 500 firefighters struggled to contain the fire. The cause of the flame still remains unclear. According to a recent report, the security guard in charge of...

You wouldn’t leave the doors to your business unlocked, would you? Of course you wouldn’t. In the same vein, companies go to great lengths – installing alarms and cameras and hiring security – to ensure their locations are physically secure. Yet too...

Industries are transforming with the help of digital technologies and IT, and as competition increases across almost every industry, the pressure to digitally transform also intensifies. However, many companies start this process without thinking...

Author: Tim O'Connor

Impersonation, often called “spoofing” in information security lingo, is one of the most used and critical techniques in the toolboxes of both con artists and evil hackers. Evil hackers can impersonate people, equipment (such as...

Author: Tim O'Connor

You may have heard of “Shadow IT”. Shadow IT is the term that describes when employees install their own hardware or software without the approval or even the knowledge of the people responsible for supporting, approving,...

Author: Tim O'Connor

Encouraging employees to improve their security hygiene can feel like an endless battle. Sometimes it feels like having modern medical knowledge and time-travelling back to plague-ridden middle ages. That is why it’s a welcome...

Author: Tim O'Connor

New psychological studies could be a game changer.

Damage to reputation and brand name are often some of the most significant hits an organization takes when knowledge of a security breach becomes public. At last peer-reviewed...

At Cadre, we like to say that security isn’t the reason your company succeeds, but it could be the reason it fails. There’s a lot at risk when a company fails to implement a thorough and successful security eco-system and some companies will never...

Remember the story of Goldilocks breaking into the three bears’ cottage and wreaking havoc? Goldilocks was eager to eat the porridge left by the bears, so she tried the first bowl and soon realized it was too hot. The next bowl was too cold, but the...

A revolutionary new type of malware toolset is starting to show up in dark web hacking forums. The new malware architecture is being called “Grab-n-Go”.

Until now, malware was designed to infect a computer, network or mobile device and stay resident...

What happened?

Citrix, an American software company, disclosed a security breach in which hackers potentially exposed customer data. On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that cyber criminals had gained...

Author: Tim O'Connor

On October 4, 1957 the Sputnik 1 satellite woke up the world and launched (pun intended) the Sputnik crisis, a period of public fear and anxiety across the Western nations. Until Sputnik 1, the western world had an ingrained...

Penetration tests and network vulnerability assessments are essential components to a company's information security playbook.

Below are frequent questions we receive regarding vulnerability assessments and penetration tests and why they are...

We receive a number of questions regarding security awareness training. Below are some common questions. What’s the best way to convince my management team to implement a security awareness program?                A lunch and learn presentation on...

What are the 5 most important things to keep in mind when implementing a security awareness program?1. Adult Learning. A security awareness program is a waste of time and money if information is not retained and a positive culture change is not...

In 2018, threat actors consistently improved their cyber weapons, quickly adopted new methods and adapted their attacks to emerging technologies. Today’s threat trends increasingly point to more stealth-like cyber attacks with malware, ransomware,...

Cyber crime is now democratized. In today’s cyber threat landscape, launching a cyber attack is no longer limited to technically savvy hackers. The underground marketplace has made it possible for anyone to become a threat actor. In the...

Sensitive data is being exposed at an alarming rate due to unwanted data breaches. Is your business protected? Recently the Facebook data breach allowed hackers to gain access up to 50 million users, 3 billion users were exposed in the Yahoo! Data  ...

Cadre’s Security Awareness class, course design and consulting services are now able to meet requirements for all major compliance standards.

Cadre’s cutting-edge security awareness offerings leverage fun adult-learning and neuroscience techniques...

Almost every organization has moved at least part of their operation to the cloud. You can’t browse the Internet or do email without a partial cloud presence. With so many of your competitors flocking to the cloud, you can’t afford to overlook the...

IaaS is the first tier of a triad of outsourced cloud services. The top two are PaaS (platform as a service) and SaaS (software as a service). Each “…aaS” involves the customer’s doing less work and the cloud provider taking on more responsibilities...

If you’re going to fly with the eagles in the cloud, you need to be grounded in the best cloud encryption practices. The majority of people know the value of data backup and security. Backup is your insurance against loss; security in the wilds of...

Author: Tim O'Connor

This piece is honoring the hero, Alfred Newman.

Alfred Newman passed away yesterday at the age of 94. Mr. Newman was a key part of something extraordinary. He contributed to a tool more successful than the most powerful...

Moving data and other company solutions to the cloud can pay off in significant ways for businesses. Small and medium enterprises gain by no longer needing to shell out additional money for the costs of maintaining data servers and other expensive...

Cleveland I-X Center in Cleveland, Ohio

Earn CPE credits and enjoy a great lineup of educational expert-led sessions. Click here to view the full agenda. 

This year the Summit has added two new places to visit.  The SUMMIT Chateau Café and the NASA...

"Social engineering bypasses all technologies, including firewalls." -Kevin MitnickSocial engineering is often regarded as the most effective and powerful skill used by black-hat hackers and, until recently, it is one of the least addressed...

Watch this video to determine if your Facebook Account has been compromised:

Three Rivers Information Security Symposium (TRISS) is hosting a symposium on October 19^th from 8:00 am till 4:30 pm at the Monroeville Convention Center –South Hall. 

This community conference is packed with presentations containing overviews of...

We are delighted to be a sponsor and presenter at the NKU Cybersecurity Symposium in Highland Heights, Kentucky. 

Stop by our booth at Northern Kentucky University in the James C. and Rachel M. Votruba Student Union. Register today and you can earn...

Join Cadre's Exclusive Security Event with our Technology Partners   

When: Thursday, September 27^th starting at 4 pm.

Location: MadTree Brewing - 3301 Madison Road, Cincinnati, OH 45209

Stop by our booth for the 32^nd Annual SIM Strategies Series. This year’s conference is being held at the Hilton Memphis and they will be providing breakfast, lunch and conference materials.  View the full conference agenda.

...

Author: Tim O'Connor

Let me begin by saying I am not an expert on Iranian and Russian disinformation campaigns, although I have been researching them with great interest. What I do have is many years of experience in the information security field...

Visit our booth this year at the Lexington Convention Center for the MBE conference. It is a full day conference with registration starting at 7:00 am followed by a continental breakfast. Please click to view the full conference agenda.

Pop on over to our booth at the Data Connector’s Tech-Security Strategies conference. This year’s conference is being held at The Westin in downtown Cincinnati.  Register today and you can earn CPE credits!  They will be providing breakfast, lunch...