How Often Should You Pentest? Penetration testing is important because it allows organizations to simulate real-world attacks on their systems and networks in order to identify vulnerabilities and weaknesses. By conducting these tests, companies can take proactive measures to protect against potential security threats. In a previous post, we looked at the difference between …
Airiam Field CISO and CIO Art Ocain discusses yesterday’s FAA outage in this short clip. In the video, he looks at how the situation illustrates the dangers of technical debt building up, complex legacy systems, poor documentation, improper backup management, and lack of cyber resiliency planning. Danger of Technical Debt In recent years, there …
The FAA Outage and the “Cyber Resiliency Gong” That Businesses Need to Hear Read More »
What Does Penetration Testing Do and Why Is It Important? Everyone says an organization should conduct a penetration test. But some companies don’t care about it. Some people are not sure how often to a conduct a penetration test. Let’s just step back and go over why should a company be serious about a …
Internal vs. External Penetration Testing Discussed Read More »
VMware is Frequent Attack Target Cybercriminals have been targeting VMware and vCenter more than ever, exploiting newly discovered vulnerabilities with ease. Without high availability redundancies in place to facilitate patching, organizations can be particularly exposed to serious cyber risks resulting from their inability to update or secure systems quickly enough. As such companies must …
Amended Safeguards Rule from FTC On December 9th, 2021, the Federal Trade Commission (FTC) amended the Safeguards Rule, the 1999 Gramm-Leach-Bliley Act, to put more meat on the bones of the previous rule. In this revision, the FTC has made the Safeguards Rule prescriptive by providing a list of actions and controls that are required …
Endpoint Protection Isn’t Enough There are hundreds of great security products on the market, each filling specific needs and having pros and cons. Endpoint detection and response (EDR) is no exception. EDR finds and kills the threat on the endpoint, your computer or server, but it is looking at a very narrow picture of the …
