Passwords are becoming a dying breed. In a recent article from Microsoft, they announced that they are putting aside their decades-old practice of forcing users to sign in with a…
Browsing CategoryRisk Management
A Journey in Organizational Resilience: Training and Testing
We are far from a breach-free world. After all, even cybercriminals have shown their own form of resilience. For example, after a short hiatus, the ransomware group REvil came back…
What Happens to Information After a Data Breach?
We’ve grown accustomed to it by now — a few million accounts broken into here, another hundred million there. After a company data breach, what happens to all the data?…
When Is an Attack not an Attack? The Story of Red Team Versus Blue Team
Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of ‘red team’ has its origin in wargaming. The red…
How to Report Scam Calls and Phishing Attacks
With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are…
What Is the True Cost of a Health Care Data Breach?
The health care industry has remained the top data breach target for eleven years in a row. Highly sensitive and personally identifiable information (PII) held by health care systems is…
CISA Names 3 ‘Exceptionally Dangerous’ Behaviors to Avoid
In terms of database security, any bad practice is dangerous. Still, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently deemed some behavior as “exceptionally risky.” Are your teams engaged…
A Journey in Organizational Resiliency: Governance
From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with…
Cybersecurity Awareness: How Much Data Can An Attacker Get From an Employee ID?
Cyber awareness may seem fairly obvious, but it’s not always. For example, you would never post a photo of your driver’s license on Facebook, right? How about your company ID…
The Case for Cybersecurity Education for Engineers
Engineering and cybersecurity are two distinct disciplines, each demanding its own rigorous education and training. But should there be crossover? Should engineers or engineering students invest in cybersecurity education as…