Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network trusts them as well as the computer that they are...

Over the years, I have become wary of the term “best practice” when it is applied to technology and cybersecurity. The term “best practice” is supposed to mean that what is being described aligns...

Networks rely on encryption to ensure that data is kept private and cannot be changed while at rest or in transit. In most cases this encryption utilizes certificates, and these certificates in turn...

The worst fears of security experts became a reality recently when threat actors maliciously hid malware inside legitimate updates of SolarWinds network monitoring software. When the malware...

When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for compliance with the provisions of the Act. Within each of...

When we start working with financial institutions, we often find that there is a lot of confusion around how cybersecurity inherent risk and residual risk should be defined. The assessments seem to...

Asset Management is one of the foundations of a sound Information Security Program, but it is also often neglected in the rush to replace or decommission systems. Every IT Manager has been through...

We recently have seen an increase in “typosquatting” activity targeting financial institutions. Typosquatting is when someone registers a domain with a name that is very similar to the legitimate...

A group of US security agencies has once again designated September as “National Insider Threat Awareness Month” (NITAM). While insider threats are always a concern, the agencies point out that...

After helping many financial institutions complete their Cybersecurity Assessment Toolkit (“CAT”), we have found that there are a small number of CAT statements that commonly get institutions...