Friday, October 9, 2015

How NOT to be a Victim of Social Engineering [Cyveillance]

Here's a great infographic from Cyveillance about "How NOT to be a Victim of Social Engineering. To read the entire blog post please take a look here. Well done, Cyveillance.

Thursday, October 8, 2015

New Amazon Application Security Services

Okay, the cloud is dangerous and everyone should stop using it before it rains down your data upon all those it wasn't intended for, right? We'll, not really. There are times when keeping data in house is an ideal solution, but there are other times when pushing data to the cloud is completely viable approach. This is all about knowing your security risk appetite and understanding the data that's being hosted in the cloud and the security of the cloud provider. With this being said, Amazon has taken great strides in helping ease the "security of the provider" concern. Take a look at the following two products that Amazon recently released recently:

These two services assist greatly with running any type of web application off Amazon's AWS service. Many startups and lower income businesses are using Amazon to run their applications, as well as many very large companies, but for those without the revenues to purchase these services elsewhere Amazon has really created a secure ecosystem to keep clients from outgrowing their services from a security standpoint. This is a huge step forward for them and I'm personally very excited about seeing where they're going in the future. 

Wednesday, October 7, 2015

Building a cybersecurity culture in the workplace

We all know that attackers are coming after your users, this shouldn't be a surprise. We need to find better ways to have security awareness sink into their minds, because they're the first line of defense. They are the weakest links in your networks and systems. If they're not trained you're at even more of a risk of data breaches. It's really that simple. Also, all groups shouldn't be trained the same and having the dedicated training per group (administrators, marketing, finance, etc) will assist with getting a focused education and assist with better protection of your users.

Here's an article I collaborated with the good folks at Tripwire regarding some other cybersecurity culture training tips for the workplace.

Friday, October 2, 2015

Comparing MDM Solutions (IMO)

Here's my thoughts on how to compare mobile device management (MDM) when looking to purchase a system to manage your mobile devices. As the mobile market grows so does the risk of your data and internal networks being compromised on these devices. Here's a few criteria on how to make an educated decision on which MDM is right for your organization:

Who let the data out?! Time for effective egress filtering!

We've seen way to many organizations have data breaches due to not having proper egress filtering configured. Many places are still only worried about what's making it's way into the network and aren't concerned about what's leaving the network. This could be the difference between an attacker making it into your network and an attacker leaving with your data. If they aren't able to get data out, there's no data loss and this limits the risk of the compromise.

Security Metrics Crowdsourced Blog

If you're building a security dashboard with metrics for executives, or anyone for that matter, take a look at this blog assembled by Tripwire regarding "Top 10 Tips for Building an Effective Security Dashboard". Tip #6 is especially interesting ;)

Cyber Security Awareness Month #CyberAwareTips

October has been deemed "Cyber Security Awareness Month" by many major security companies and it's something, that if used correctly, could be of great assistance to those that might not be as cyber-savvy. I've been posting a few tips to Twitter with the hashtag #CyberAwareTips, along with many others. Let's see how much traffic we can generate with this hashtag and get the word out this month.