ISDA

Back to Basics: IDSA Trends in 2022 are all about Preventable Cyber Incidents

IDSA report reveals that 96% of respondents think they could have prevented a breach by focusing on identity security  The Identity Defined Security Alliance (IDSA), a nonprofit that helps organizations reduce risk by providing education and best practices, just released a report on current trends in the state of identity management.  The research provides insight on how over 500 contemporary …

AD F

Active Directory is an Active Vulnerability 

Many organizations that use Active Directory (AD) are failing to bolster their security postures  Microsoft AD has been around for almost a quarter century, and while many organizations across industries use it, few have adapted to the demand for greater security postures.  Despite the fact that approximately 90% of the Global Fortune 1000 companies use AD, only about a quarter consider security …

The Biggest Takeaway from the 2022 Verizon DBIR

The annual Verizon Data Breach Investigations Report (DBIR) contains several useful security insights. Reflecting on another year where cybersecurity attacks have frequently starred in news headlines, the 2022 DBIR confirms a lot of what professionals already know: cyber attacks continue to increase in frequency, and organizations of all sizes need to bolster their defensive postures in order to stay safe.  …

username & password

Username & Password Pairs: Why Banning Just Passwords Isn’t Enough

Password blacklists are receiving considerable attention. It’s clear why: weak and compromised passwords are a factor in nearly all hacking-related cybersecurity breaches. Best practices from NIST require organizations to disallow the use of any common and compromised passwords. And several cyber security companies offer password blacklists for this purpose. But authentication requires a username and password combination, so shouldn’t we …

Corporate Account Takeover

Corporate Account Takeover: What It Is, and What To Do

Stealing corporate credentials has been a popular tactic among cybercriminals for many years now. Due to reused passwords, blurred boundaries between personal and professional accounts, and an expanded remote workforce, cyber vulnerabilities are everywhere.  What is Corporate Account Takeover?  A Corporate Account Takeover (CATO) is a kind of organization-specific identity theft where cybercriminals steal employee passwords to gain access to …

data breach

Data Breaches are a Cumulative Threat

Even if your company hasn’t been hacked or experienced a data breach in the last few years, now is not the time to relax about cybersecurity.  Data breaches at organizations of any size and in any industry can negatively impact the security of your company. They are interconnected events with cumulative effects. With each additional breach, regardless of whether your …

leetspeak

Should Your Business Prevent Leetspeak in Passwords?

All the cool kids are doing it. Using leetspeak to chat online. Using leetspeak in multiplayer games. Even using leetspeak in passwords. And you know when the cool kids do something, there’s got to be a reason, right? Or maybe not. What we do know is leetspeak is a fairly common way to create “complex” passwords. When businesses require password …

CISA

CISA: The Risk of MFA Without Improving Password Security

The recent CISA Alert AA22-074A describes how Russian state-sponsored cyber actors gained access to a US NGO using compromised credentials and a flaw in default MFA protocols. This alert may help cybersecurity professionals understand that MFA alone is insufficient and the importance of securing each authentication layer. What happened, exactly?As early as May 2021, the FBI observed Russian state-sponsored cyber …

password day

It’s W0rld P@ssw0rd D@y!

Let’s Ask An Expert. What Should We All Know About Passwords in 2022? It’s 2022 and even in the past year, the digital landscape has changed substantially.  With new cryptocurrencies, telehealth, and e-commerce changes popping up every minute around us, it can be a challenge for businesses to know how to keep up.  So, we’ve taken the opportunity to ask …

school

Tackling Cybersecurity Vulnerabilities in School Systems  

Not Kidding Around While chalkboards have long seemed artifacts from classrooms of the past, you might be surprised just how dramatically classrooms have changed just within the last ten years. Tablets and Chromebooks have replaced many textbooks and paper hand-in systems, plagiarism and cheating are detected in new ways, and sometimes, the classroom is no longer a physical space–e-learning and …