Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2020

The perfect storm: How digital transformation is reshaping security and networking

Think back to the end of 2019. Enterprises were evolving IT infrastructure at a moderate pace to reduce costs, be more competitive, and improve their ability to adapt to an increasingly digitized world. Whether migrating workloads to the cloud, virtualizing network functions, diversifying mobility, or moving applications and services closer to the edge, digital transformation was steadily evolving the business landscape.

What is Third-Party Risk Management?

Creating and maintaining relationships with third parties brings about multiple risks. Whether your organization is large or small, it’s almost certain that you have business relationships with many third parties for specific types of operations. When operational data and confidential information are exchanged with third parties, that data and information are vulnerable to misuse and exploitation. This is where risk comes into the equation.

5 questions every higher-ed security leader should ask

In the day and age of COVID-19 we have witnessed a transformation of the way we work. If I were asked before March of 2020 how long it would take to make the progress in digital and security transformation that we as a society have made in the last 9 months, I would have guessed at least 5 years. The rate of adoption in the face of the pandemic has been unprecedented. Nowhere have the changes required to make remote working come on faster than with education.

What is unified endpoint management? UEM explained

The business world is undergoing its most dramatic shift yet with the adoption of digital assets and workforce decentralization representing a huge business opportunity. These changes have led to added endpoints, or devices connecting to the network, and is enabling this transformation. But managing the volumes of these diverse endpoints and geographic locations has grown in complexity.

Raising email security awareness through gamification

October was National Cyber Security Awareness Month which is an excellent opportunity to invest in a modern approach to email security awareness. Most companies and organizations conduct security awareness training annually, during onboarding, and after an adverse event. The effectiveness of periodic training varies greatly and depends on organizational culture and structure, leading to unexpected or undesired results.

Phishing awareness and phishing training explained

There is no more effective initial attack vector than phishing. With an ability to reach well-within your organization’s logical perimeter all the way down to an individual user’s Inbox with some form of malicious content, phishing has proven to be a challenge to organizations working to maintain a proper security stance. On top of this, phishing attacks have some pretty impressive accolades.

Stories from the SOC - Multi-layered defense detects Windows Trojan

Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organization's network, brand and customers if not remediated. With the everchanging nature of cyberattacks, organizations need a layered security strategy. They shouldn’t depend solely on a single layer of security to keep them protected.

Online purchase scams spike since the start of COVID-19, reports BBB

Scams occurring during online purchases have spiked since the start of the pandemic, as reported in new research conducted by the Better Business Bureau (BBB). Around 80.5% of consumers who reported this type of scam this year lost money, compared to 71.2% in 2015. Online purchasers scams have been among the three riskiest scams for the past three years but the situation has become significantly more severe in 2020.

The Netflix streaming model can obviate your employee's computer security

Someone you don’t know walks into your office and sits down at a computer. Maybe that computer is a corporate desktop assigned to a mid-level manager or to a member of your IT department. Maybe it’s a personally owned laptop used by a contractor. That unknown person plugs a USB dongle into that computer, installs some software (typing in the correct password, if requested), runs that software, and walks away. No problem, right?

Protecting remote endpoints

Although businesses have been tasked with addressing a number of remote assets associated with off-site resources such as a sales force that’s often mobile, the number of remote endpoints has grown exponentially. The laptops and mobile devices needed to facilitate working from home full-time for a large percentage of their workers given recent global events has exploded.

What is a virtual CISO?

Organization’s today host a wide range of information that, due to its external value to competitors, nation-states, or cybercriminals, needs to be properly protected. The role of a Chief Information Security Officer (CISO) is to establish and maintain the organizational strategy and execution to protect its sensitive and valuable information assets and surrounding technologies.

SecTor 2020, Canada's Biggest Cybersecurity Event: Day Two

Even though SecTor had to be entirely online this year due to our unusual international circumstances, there have been plenty of excellent talks from many experienced cybersecurity professionals. The talks took place over the course of two days, October 21st and 22nd. Last time I covered the talks I attended on day one. Interestingly enough, the talks all had to do with threat detection and analysis. Maybe that’s just what I’m fixated on these days.

What is a Cloud Access Security Broker? CASB explained

A common component of modern cybersecurity infrastructure, a cloud access security broker (CASB) is technology that provides monitoring and mitigates risks from employee use of cloud services. CASBs were initially developed to fill a gap in cloud security visibility left behind by traditional firewalls, next-generation firewalls, and early secure web gateways, which struggled to identify instances of the unapproved use of cloud services, otherwise known as shadow IT or rogue IT.

Best data security practices when offboarding employees

In times long gone, disgruntled former employees could only do so much damage to your company, and relatively little at all to your data security. In the fast-moving world of the 21st century, however, it’s a different story. Costly data breaches and devastating thefts have been undertaken in recent years by dissatisfied staff members released from their job duties.

What is network security? Network security technologies explained

The modern-day organization is under constant pressure to remain operational and profitable. Both of these pressures are put to the test by cybercriminals daily, who attempt to infiltrate, compromise, navigate, and ultimately act in a threatening manner that can have negative repercussions to productivity, ability to transact, customer privacy, brand reputation and bottom-line revenue.

SecTor 2020, Canada's biggest cybersecurity event: Day one

I live in Toronto, so I always try my best to get to SecTor, Canada’s most important cybersecurity event, every October. Most years, SecTor has taken place in the Metro Toronto Convention Centre. But because of the unusual circumstances affecting the world in 2020, this year the event took place online exclusively. SecTor organizers hope that conditions improve by October 2021 so they can resume hosting the event in-person.