This article was originally published on Enterprise Management 360 on March 31, 2020.Penetration testing is the Marmite of cybersecurity: you either love it or you hate it. Taking a neutral stance on the matter, it’s easy to see both sides. On one hand, pen testing provides indisputable evidence of vulnerabilities for organisations to action. Pen testers are also often able to identify even the...

Across the world, companies like Google, Microsoft, Amazon, Twitter, and yes, Fortra, have asked their employees to work from home in response to the Coronavirus (Covid-19) pandemic. As employees move from on-premises offices to their homes, businesses will be faced with the challenge of managing and securing both company-owned and employee-owned devices as they access company resources from...

Accepting credit card payments is an everyday task all small business owners and merchants must perform when conducting transactions. However, if you handle consumers’ credit card information, there are inherent data security risks to manage and mitigate.Security holes in your payment processing system can result in stolen client information or identity theft, and you’ll have to pay your bank a...

It seems many cybercriminals have begun to set their sights on Managed Service Providers (MSPs). In fact, 80% of MSPs say their organization has been targeted by ransomware.Not unlike the rest of us, cyber attackers want to work smarter, not harder. If they are able to successfully infiltrate one MSP’s network, they can potentially gain access to all of their clients’ systems as well. The more...

The tester’s aim when performing a website or system test is to ensure that the product being tested is protected as much as possible. Application security testing is typically performed to secure these networks and systems. To perform this type of test, it is necessary to consider which attacks are most likely to occur. One of the most common types of attacks is SQL injection (SQLi). These are...

On one level, cybersecurity is all about electronics – securing machines, networks and so forth. But, even the most technologically advanced cyber attacks are driven by human motivation.Humans motivate cyberattacks, and humans also, often unknowingly, facilitate cyberattacks. People are essential to mounting a defence as well – as much as automated tools are a powerful barrier.It’s no surprise,...

At the ripe old age of 30, ransomware could be considered antique in the malware world. This particular type of malicious software has been around since 1989, when the first version was created by the “Father of Ransomware”, Joseph L. Popp. Disseminated via mailed floppy disks, the program demanded a hefty ransom of $189 to free victims’ data.A lot has changed since then and ransomware has matured...

Cybersecurity threats are growing in size and prevalence – and the nature of cybersecurity is continuously shifting. In particular, operational technology (OT) such as industrial control systems – e.g. SCADA – are newly at risk. In this article we discuss why OT is so vulnerable, what vulnerabilities you should watch out for and what your company can do to protect against OT threats.Why...

We live in an online world in which more and more people rely on services provided over the internet. Being able to access so much through a smartphone has certainly ushered in a great deal of convenience. No more trips to the bank to deposit paychecks and no more weekends stuck behind a shopping cart—today, with a few clicks, we can transfer money and order much-needed supplies online from Amazon...

As of January 14, 2020, Microsoft will discontinue Windows 7 support as planned for the operating systems’ End of Life (EOL). To some organizations, this operating system (OS) might seem like a distant memory. However, nearly 30% of the world’s computers – or more than 400 million - still run Windows 7 and are only now contemplating migration to Windows 10. Millions of users will be depending on...

This past year was a big year for data breaches, new privacy laws and cracking down on existing regulations. British Airways faces a £183m fine after hackers stole credit card details from nearly 400,000 customers. Many other big names were hit too. Facebook. Equifax. Twitter. Marriott. Google. They’ve all been hacked. The reason? Sometimes it was due to outdated security systems and other times...

Testing for behavior vs versionThe primary requirement for a Vulnerability Assessment solution is accurate testing. Ease of use and clear reports are important, but if accuracy isn’t there then little else matters. Poor accuracy in Vulnerability Assessment produces two kinds of testing error. Overlooking a vulnerability (a false negative) leaves a security flaw you don’t know about. Reporting a...

Why Vulnerability Management got a bad rapThe number of servers, desktops, laptops, phones and personal devices accessing network data is constantly growing. The number of applications in use grows nearly exponentially. And as known vulnerabilities grew in number, IT managers found that traditional vulnerability management tools could easily find more problems than could be fixed with their...

Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control.As with any on-going security practice, there are countless ways you can botch VM. Often the devil is in the details as well as the...

A lack of network visibility opens the door to IT disruptions, downtime, and security threats. Here’s what you can do to guard against dangerous network blind spots.

What is Cyber Hygiene? Cyber Hygiene. While the term might evoke thoughts of disinfecting your computer keyboard, that’s not quite what it means. Cyber hygiene is generally defined as the steps that computer/device users take to maintain system health and data security. These steps involve widely accepted cyber security recommendations and risk mitigation measures that are modern, but not...