Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Access control is one of the most essential cybersecurity practices. Meticulous management of user access rights helps to secure sensitive data and reduces the chance of a successful attack. However, choosing an access control model relevant to your organization can be tricky. This article discusses use cases for mandatory access control (MAC) and discretionary access control (DAC) models. We also show the difference between DAC and MAC to help you choose one over the other.

Where there is money, there are cybercriminals trying to take it. This is especially true for credit unions, which deal with both financial information and the personal identifying information (PII) of every member and connected institution. They are a digital vault of data and dollars and threat actors are all too ready to crack the safe.

Imagine your finance team receives an urgent email that appears to be from a trusted supplier, notifying them of an unexpected change in bank account details for an upcoming payment. The email looks professional, is detailed, and contains all the expected business formalities. Without hesitation, the team processes the payment to the new account. Days later, the actual supplier contacts you about the overdue invoice.

This article investigates why Microsoft 365 is insufficient for email security in today’s digital landscape. Email security is a critical concern for businesses of all sizes. While Microsoft 365 offers a comprehensive suite of tools for productivity and collaboration, relying solely on it for email security might not be sufficient. Here’s why.

Celebrate 10 years of BSides Knoxville, featuring discussions of AI in security, historical hacking, and holistic protection, fostering a dynamic cybersecurity community.

Across today’s interconnected business landscape, organizations are increasing their reliance on third-party vendors and service providers to streamline operations, reduce costs, and access specialized services and expertise. This increased dependency on third parties introduces significant organizational risks, including data privacy violations, operational disruptions, reputational damage, supply chain attacks, and devastating data breaches.

With third-data breaches and their subsequent financial impacts on the rise, Third-Party Risk Management is becoming a non-negotiable inclusion in an organization’s cybersecurity strategy. For those new to this risk management area, this post outlines a high-level framework for applying TPRM principles to a third-party risk context. Learn how UpGuard streamlines Vendor Risk Management >

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it. Social engineering, especially as enabled by email, text messages, the web and phone calls, is involved in the vast majority of cybersecurity attacks. No other root initial access hacking method comes close.