2021 has been quite the year with the latest Log4j vulnerability as the cherry on top. Our information security community has worked tirelessly to uphold the good, while often dealing with limited resources, staff, and sanity. The team at Cadre...
One of the great ironies of IT is that so many IT and security departments are built on two basic falsities:
-
- The demands of the IT and security department are often greater than the funding allocated to execute them (ultimately a budget problem).
You’ve probably heard about it. Maybe you wrote it off as just another product on your cybersecurity bingo card? It is Extended Detection and Response (XDR)—cybersecurity’s “next big thing.”
Cybercrime has skyrocketed during the pandemic, as untrained remote workers adapt to new environments and learn to do things that they’re not used to doing.
“All kinds of figures come across my desk every day on how hacking, malware and exploits...
Businesses are eager to open their doors, many remote workers are ecstatic about it, but reopening will not be as simple as flipping a switch and returning to “business as usual”. A variety of social restrictions will continue to disrupt our...
Steve Stasiukonis’ company, Secure Network Technologies, does all kinds of pen testing. When we say all, we mean it—Secure Network has even successfully “shipped” a person in a FedEx box to demonstrate the vulnerabilities of a company being...
Steve Stasiukonis started doing pen testing professionally in 1997, when a former classmate of his confided that his company was struggling to identify network vulnerabilities. Steve had been employed in document management and information security...
With the ongoing rush to transition staff to remote workers, great opportunities open for con artists and evil hackers to exploit the situation. We in IT and even IS often think that software controls such as VPNs, DLP and Cloud technologies will...
While there's a heated debate about whether a new decade is actually beginning, the beginning of a new year is always a great time to look back, assess what has happened, and make predictions about the future. That's why we at Cadre conducted an...
As more businesses transition their infrastructure to the cloud, understanding how to securely migrate to the cloud is imperative. After all, if companies don't adapt security architecture, they run the risk of substantial and costly downtime,...
If your company is like most, you’ve grappled with the high cost of a Chief Information Security Officer (CISO) and/or a shortage of qualified candidates—either to serve as your CISO or to “fill in” any knowledge gaps in your technical staff.
A...
As cybercrime increases, it’s impossible for employees to keep up with every threat. It’s crucial for cybersecurity teams to work more efficiently with fewer resources. In this never-ending quest to stay ahead of threats, an increasing number of...
Part 3 of a three-part series
Milan Patel, current chief client officer at BlueVoyant and former CTO of the FBI Cyber Division, keeps up with the latest in cybercrime and cybersecurity. (If you missed his great tale of his first FBI vehicle—not to...
Milan Patel has seen a thing or two. He can’t talk about some of it, which makes sense, given that he’s the former CTO of the FBI Cyber Division. While there, he organized and co-led the Joint Requirements Team, facilitated by the White House...
Part 1 of a three-part series
Even if you weren’t interested in cybersecurity, Milan Patel is the kind of guy you hope you get seated next to at a dinner party so you can listen to his stories. Currently the Chief Client Officer at BlueVoyant, Milan...
To paraphrase Zoolander, cloud-based technology is so hot right now. There are good reasons for that—cost, scalability, and convenience—but if you haven’t asked the right questions, you may face an unpleasant surprise later on. It sounds dramatic,...
If you live in the U.S. and have ever noticed false charges on your credit card statement and had to call your bank to have your card canceled, chances are that you are the victim of skimming.
New research from Michigan State and Johns Hopkins Universities show that failed internal information handling and negligence at healthcare providers’ offices accounts for more than half of personal health information (PHI) breaches.
Evil hackers and corporate spies have had the ability to record the loud tap-tap-tap of computer keyboards to decipher a log of keystrokes for years. The risk of losing your credentials to such a hack has been low because the attacker would have to...
Micro-architectural attacks are arguably the most dangerous and difficult of all forms of systems compromise to detect. Micro-architectural attacks leverage flaws in the chip hardware design of computer components. These kinds of flaws are largely...
You might think your company doesn’t have much in common with the largest shipping company in the world, but if you’re a manufacturer, it’s increasingly likely that your business will be targeted via ransomware.
As the popularity of “smart homes” increases, new research continues to find concerns about the use of IoT (Internet of Things).
On April 15, 2019, a flame ignited Notre Dame Cathedral in Paris and many watched as roughly 500 firefighters struggled to contain the fire. The cause of the flame still remains unclear. According to a recent report, the security guard in charge of...
You wouldn’t leave the doors to your business unlocked, would you? Of course you wouldn’t. In the same vein, companies go to great lengths – installing alarms and cameras and hiring security – to ensure their locations are physically secure. Yet too...
Industries are transforming with the help of digital technologies and IT, and as competition increases across almost every industry, the pressure to digitally transform also intensifies. However, many companies start this process without thinking...
Author: Tim O'Connor
You may have heard of “Shadow IT”. Shadow IT is the term that describes when employees install their own hardware or software without the approval or even the knowledge of the people responsible for supporting, approving,...
Author: Tim O'Connor
New psychological studies could be a game changer.
Damage to reputation and brand name are often some of the most significant hits an organization takes when knowledge of a security breach becomes public. At last peer-reviewed...
At Cadre, we like to say that security isn’t the reason your company succeeds, but it could be the reason it fails. There’s a lot at risk when a company fails to implement a thorough and successful security eco-system and some companies will never...
Remember the story of Goldilocks breaking into the three bears’ cottage and wreaking havoc? Goldilocks was eager to eat the porridge left by the bears, so she tried the first bowl and soon realized it was too hot. The next bowl was too cold, but the...
What happened?
Citrix, an American software company, disclosed a security breach in which hackers potentially exposed customer data. On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that cyber criminals had gained...
Author: Tim O'Connor
On October 4, 1957 the Sputnik 1 satellite woke up the world and launched (pun intended) the Sputnik crisis, a period of public fear and anxiety across the Western nations. Until Sputnik 1, the western world had an ingrained...
Penetration tests and network vulnerability assessments are essential components to a company's information security playbook.
Below are frequent questions we receive regarding vulnerability assessments and penetration tests and why they are...
Cyber crime is now democratized. In today’s cyber threat landscape, launching a cyber attack is no longer limited to technically savvy hackers. The underground marketplace has made it possible for anyone to become a threat actor. In the...
Sensitive data is being exposed at an alarming rate due to unwanted data breaches. Is your business protected? Recently the Facebook data breach allowed hackers to gain access up to 50 million users, 3 billion users were exposed in the Yahoo! Data
Almost every organization has moved at least part of their operation to the cloud. You can’t browse the Internet or do email without a partial cloud presence. With so many of your competitors flocking to the cloud, you can’t afford to overlook the...
IaaS is the first tier of a triad of outsourced cloud services. The top two are PaaS (platform as a service) and SaaS (software as a service). Each “…aaS” involves the customer’s doing less work and the cloud provider taking on more responsibilities...
If you’re going to fly with the eagles in the cloud, you need to be grounded in the best cloud encryption practices. The majority of people know the value of data backup and security. Backup is your insurance against loss; security in the wilds of...
Moving data and other company solutions to the cloud can pay off in significant ways for businesses. Small and medium enterprises gain by no longer needing to shell out additional money for the costs of maintaining data servers and other expensive...
Author: Tim O'Connor
Let me begin by saying I am not an expert on Iranian and Russian disinformation campaigns, although I have been researching them with great interest. What I do have is many years of experience in the information security field...
By: Phil Swaim
There is no doubt one of the greatest innovations in IT of the last 10 years has been the public cloud and virtualization. Being able to deploy resources for storage, computing, and communication with 0 capital expenditure, little...
SSL is a ubiquitous technology introduced in 1994. The use of SSL, and it’s descendant, TLS, is first and foremost based on established trust. A trusted authority validates a domain name as belonging to a particular entity. This trusted authority...
Q. Who knows more about your internet use then Facebook, Amazon or even your browser?
A. Your ISP and NOW they can collect and sell your internet usage information!
Q. How can you protect yourself?
A. Keep reading this blog!
Quietly last March,...
Many workers are familiar with the venerable HID access card. You present the card to a badge reader and the door opens. The badge itself, about the same size as a credit card, identifies the holder to the access control system that controls door...
If you work in any sort of IT/cyber security role, you know it’s imperative to be concerned with hacking. It’s scary out there, especially with increasing reports of organized cyber-criminals going after any sized company, not just the bigger...
Malware is a portmanteau of "malicious" and "software". As the name implies, malware is created solely to harm and inconvenience people by corrupting devices and/or data.
These last several weeks have brought up a lot of interesting discussions around passwords and password management, both personally and in the enterprise.
As a Chief Information Security Officer (CISO) or Information Security manager, you have to make decisions on how to best mitigate and handle risks for your business.
Not all leaks are the result of malice.
In 2006, America On-Line (AOL) negligently published 20 million web queries from over 650,000 of its users. This simple accident resulted in an incalculable amount of brand damage to AOL, and it could have...When it comes to security, most IT departments focus primarily on network and application security.
By now, we've all read news stories about vulnerabilities in various software and are familiar with the importance of preventing unwanted network...
What is multi-factor authentication?Multi-Factor Authentication (MFA) is a method used to grant access to a computer or application. Of course the access is only granted after the user has provided a username and two types of authentication methods,...
Encoding, hashing, and encrypting are common concepts applied and discussed when trying to secure data. Many vendors claim to use strong encryption methods and standards, but it is necessary for a security team to assess whether it really is...
Does alignment of business, organizational and technical goals seem impossible to you?
Not to us.
Since 1996, Cadre has been the single source for security guidance, enabling...
Part 1 (No Firewall Module)
Instructions for setup are in the link above. You must install two firewalls and configure VRRP on both of them to act as a cluster. The first part of this exercise is pure VRRP with no firewall module running.
No one is immune from data breaches. We’ve witnessed department stores, hospitals, insurance companies, media giants, dating websites, the federal government and so many others in the news almost daily with yet another breach.
This dominated the...