Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2021

What is an Enumeration Attack? How they Work + Prevention Tips

An enumeration attack is when cybercriminals use brute-force methods to check if certain data exists on a web server database. For simple enumeration attacks, this data could include usernames and passwords. More sophisticated attacks could uncover hostnames, SNMP, and DNS details, and even confirm poor network setting configurations. Every web application module that communicates with a user database could potentially become an enumeration attack vector if left unsecured.

What is the CCPA? Definition and Compliance Guidelines for 2021

The California Consumer Privacy Act of 2018 (CCPA) gives Californian consumers greater transparency into how their personal data is being handled. Under the CCPA, California residents have a right to: California's landmark move to greater privacy laws mirrors the consumer data protection posture outlined in the GDPR and Canada's propositions in Bill C-11. Guidance for complying with the CCPA is outlined through CCPA regulations.

What is a Security Operations Center (SOC)?

A security operations center (SOC) is a centralized facility that unifies an organization’s security monitoring across all IT infrastructure. SOCs function as a hub for information security personnel and the processes and technology needed to detect, monitor, and remediate cyber threats through real-time data analysis.

The 6 Biggest Cyber Threats for Financial Services in 2021

According to VMware, the first half of 2020 saw a 238% increase in cyberattacks targeting financial institutions. And according to IBM and the Ponemon Institute, the average cost of a data breach in the financial sector in 2021 is $5.72 million. Based on these statistics, if you're in the financial services sector, there's a very high chance that you'll eventually fall victim to a very costly cyberattack.

Meeting ISO Third-Party Risk Management Requirements in 2021

ISO 27001 is the most popular internationally recognized standard for managing information security. Its creation was a joint effort between the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC) - this is why the framework is also referred to as ISO/IEC 27001. ISO 27001 can also be implemented into a Third-Party Risk Management program.

Vendor Management Best Practices

Establishing positive vendor relationships is crucial to running a successful business. Nonetheless, vendor management has several moving parts, and you have a lot of things to keep track of. This includes who your third parties are, the services they offer, which internal policies apply to them, and what sensitive data they have access to. Without a strong foundation of vendor management best practices, vendor risks could manifest into failures that could affect business continuity.

What is a Keylogger? How they Work and How to Stop Attacks

A keylogger is a type of spyware that monitors and records user keystrokes. They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes. They can read data copied to the clipboard and take screenshots of the user's screen - on PCs, Macs, iPhones, and Android devices. Keyloggers are not always the sole threat in cyberattacks.

What is Endpoint Detection and Response (EDR)?

It can take just minutes, if not seconds, for an advanced threat to compromise a company's endpoint devices (laptops, mobile devices, and the like). Legacy security tools that were once adored and worshipped by many no longer cut it. These tools require manual triage and responses that are not only too slow for fast-moving and increasingly sophisticated cyber threats, but they also generate a huge volume of indicators that burden the already overstretched cyber security teams.

Top 12 Cybersecurity Regulations for Financial Services

The proliferation of cyberattacks targeting the financial sector has forced the establishment of several mandatory cybersecurity regulations. Though often considered an unnecessary burden on security teams, regulatory compliance is one of the most effective strategies for keeping financial services accountable for their security posture. Cybersecurity regulations must be malleable to remain relevant in a rapidly evolving threat landscape.