3 min read
Most ransomware gangs gain their foothold in an organization by taking advantage of at least one vulnerability. The vulnerability may be on a user workstation after the criminal has gained initial access through a phishing campaign, or it may be on...
Read More
2 min read
When the Dodd-Frank Act was passed in 2010, it included Section 1033. This section required the Consumer Financial Protection Bureau (CFPB) to create...
2 min read
I have a lot of passion for my role as a Virtual Chief Information Security Officer (vCISO) for financial institutions, and I am always happy to tell...
2 min read
In late August, the FFIEC announced that they would sunset the Cybersecurity Assessment Tool (the “CAT”) on August 31, 2025. It had been apparent for...
2 min read
When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on...
2 min read
In December 2023 the US Justice Department announced that they had disrupted operations of ALPHV/Blackcat, a ransomware group that was responsible...
2 min read
There have been multiple consent orders issued recently which have made it clear that regulators are starting to enforce new third-party risk...
3 min read
Every institution should have an internal penetration test performed annually. The goal of the penetration test is for the tester to try to gain...
2 min read
We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14...
