With access to more resources than ever before, cybercriminals are rapidly scaling their operations, making every organization a potential target for a cyberattack. And, they are constantly shifting their tactics to exploit new vulnerabilities and slip past perimeter-based controls undetected. Meanwhile, the longer a threat goes undetected in a network environment, the greater the potential for damage through a security breach, data loss, or business downtime and disruption.

The recently discovered BlueKeep RDP vulnerability reminds us yet again (as if needed to be reminded) that monitoring RDP is not a luxury but an absolute necessity. Many organizations still expose RDP ports to the Internet, making it a prime target for attacks. But even when RDP is only available internally it can still pose a threat – especially for large networks.

Cybersecurity is finally reaching the shop floor in earnest thanks to new technology that works with—not against—the legacy equipment that runs most industrial control systems (ICS). That being said, industrial companies and organizations in sectors like manufacturing, energy, utilities, transportation and water treatment can be slow to adapt to the new cybersecurity tools at their disposal because they present a new way of operating in an industry that’s set in its ways.

Security professionals have many tools in their toolbox. Some are physical in nature. (WireShark, Mimikatz, endpoint detection and response systems and SIEMs come to mind.) Others not so much. (These assets include critical thinking faculties, the ability to analyze complex processes, a willingness—some call it a need—to dig in and find the root cause of an issue and a passion to learn and keep learning.) One such tool that’s often overlooked is, communication.

Too many small and medium-sized businesses (SMBs) are under the belief that purchasing “This One Product” or “This One Managed Service” will provide all the security their network requires. If this were true, large corporations with huge IT budgets would never have data breaches! Before you start buying expensive new technology to protect your office network, take some time to examine your internal infosec processes. Make sure you are covering the basics.

It may be possible to democratize security by making it more accessible to average companies through community resources. We have an idea or two, but we would appreciate your thoughts.

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. The Apple Watch feature at the heart of the problem is Apple’s Walkie-Talkie app which allows users to “push to talk” with other Apple Watch owners via a real-time voice message, rather than having to make a call or laboriously type a text message.

The New York State Legislature recently passed a bill that aims to protect New York residents, regardless of the location of the business. The law, known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to address unauthorized access of data. The bill expands the definition of “Breach of the security of the system” by adding the wording “access to” data. The original regulation contemplated the acquisition of data.

There are Red Sox, White Sox, and Fox in Socks. At the turn of the century, a new SOX entered our lexicon: The Sarbanes-Oxley Act of 2002. This financial regulation was a response to large corporate misdeeds at the time, most notably Enron misleading its board through poor accounting practices and insufficient financial oversight. The regulation seeks to ensure accurate and reliable financial reporting for public companies in the United States.

“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had a real subject matter expert who cared about the end goal: students educated in math.