Author: Lynn Strand

22 Jan Top 10 Security Blunders Your Employees Make That Open You Up to a Data Breach

As a security professional, I frequently find myself cringing at dozens of little things that employees do every day. I say things like: “Don’t click on that,” or “Your Adobe Flash is way out of date and full of serious security issues.” When an employee makes a security slip-up, they can instantly set your entire organization up for a painful and...

Read More

20 Jan Why SIEM is Not Enough for User Behavior Analytics

Many who are new to user behavior analytics (UBA) struggle initially to understand the difference between their SIEM (security information and event management) system and UBA. The question often arises “If I have SIEM, do I really need UBA?” The answer is a resounding yes, you need both, and here’s why. SIEM tools can collect massive amounts of data from the...

Read More

17 Jan Data Breaches May Expose Family and Friends of Victim Too

A while back I posted about the Vtech data breach. That stolen data included information not just about the account owner, but family members as well—including personal data and pictures of children. Since then, I’ve been paying a lot of attention to other data breaches that affect friends and family of the victim. One of those incidents was the U.S. Office...

Read More

14 Jan Learning From the Healthcare Industry

I just read a report I had previously seen, as you probably had, that 81% of the hospitals and health care insurance companies in the United States experienced a significant data breach during the last two years. That’s a staggering statistic. For the uninformed, here’s a quick recap. It’s estimated that one in 10 U.S. residents were affected by a recent medical...

Read More

12 Jan Misconfigured Database Compromises Voter Data

I was surprised to learn recently that the personal data for 191 million U.S. voters had been compromised. The data, which no doubt included my personal information, included the names, addresses, birth dates, party affiliations, phone numbers, and email addresses of voters in all 50 states. It’s still early in the investigation and details are sketchy, but apparently the database—which should...

Read More

06 Jan Multipronged Attack – Coming From Every Direction

Many cyber assaults are multipronged, especially the larger ones. One of our customers recently experienced an attack that dramatically illustrated this, highlighting the sophistication of the enemy and how we need multiple defenses, all working together. It started with a Fortscale alert about a suspicious service account. The account was normally cyclical, operating precisely every 12 hours. But then the account...

Read More

29 Dec Insider Threats – It’s Not Just Your Employees & Partners

When we talk about “Insider Threats”, one typically envisions threats from rogue employees, or criminally minded contractors or business partners that are authorized to access company data. While that is true, the term “Insider Threat” encompasses much more than your employees or employee-like users. It’s also used in a much broader sense to mean any threat or attack (from within...

Read More

23 Dec IoT Security Raises the Stakes

If, a few years ago, an IT security team told management that the company should be on the lookout for employees (or even just visitors) with malicious watches that could steal their passwords, they would surely have been scoffed at. But today, the Internet of Things (IoT) is here to stay, and very few of these internet-connected gadgets have any...

Read More

22 Dec Target Breach Damages Still Climbing After 2 Years

This week marks the 2 year anniversary of the massive 2013 Target data breach. A lot has been done to recover from one of the largest breaches in history, but no matter how noble the company’s remediation efforts are, Target will be forever associated with the huge security incident and its lasting repercussions. Here we are twenty four months later...

Read More

17 Dec Trump Hotel – A Year Long Data Breach

In yet another significant cybersecurity incident, the Trump Hotel chain recently disclosed a data breach that compromised many of their customers’ personal and financial information. Hotels in Canada and the USA, including Hawaii were affected. Investigators found that the company’s networks and payment systems were infected with sophisticated malware that was collecting financial data – including payment card account numbers, expiration...

Read More