Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As businesses and organizations scale and grow, their network infrastructure can also grow increasingly large and complex. Using a flat network structure (all devices connected on one server) makes it easier for cybercriminals to roam freely and unimpeded in the system in the event of a successful cyber attack. Implementing network segmentation best practices can limit the scope of an attack, prevent malware from spreading, and disrupt lateral movements across your IT ecosystem.

In recent years, there has been increasing amounts of ransomware attacks on colleges and universities due to poor cybersecurity practices, a higher likelihood of ransom payment, and the value of information involved. The entire education sector performs poorly as a whole compared to other sectors when it comes to data security, and hackers are quickly taking notice.

The internet of things (IoT) is a system of interconnected computers, devices, digital machines, and objects, all marked with unique identifiers (UIDs) and enabled to transfer and share data over a network. It was first coined by Kevin Ashton in 1999 when he envisioned a future where things communicated with each other, apart from human interaction With the evolution of web-enabled smart homes and smart devices in nearly every corner of life, IoT attack surfaces begin to emerge.

Often regarded as the Californian version of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) aim’s to increase consumer rights by giving California residents greater control over the use of their personal data. The CCPA heavily regulates the use of any data that could potentially link to the identity of a consumer or household, either directly or indirectly.

Two-factor authentication (2FA) is a type of multi-factor authentication (MFA). Both authentication solutions provide additional account security by requiring additional factors of authentication. To understand how exactly 2FA and MFA differ, it’s firstly important to understand the concepts of authentication and factors of authentication.

Shadow IT includes any unsanctioned apps or hardware used by employees that fall outside of those managed by the IT department (sanctioned apps). Shadow IT is often used as a workaround to functionality or usability gaps created by an organization’s known IT resources. Large organizations have multiple departments with widely differing information technology (IT) needs.

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to protect the personal data of all New York residents. This act broadens the data privacy and protection standards stipulated in the Gramm-Leach-Bliley Act (GLBA) and the New York Department of Financial Services (NYDFS). What makes this particular data protection law unique is its inclusion of biometric information, usernames, and passwords in the category of personal information.

While cybersecurity is deeply rooted in the tech and digital space, you might be surprised to find that many cybersecurity jobs don’t require coding or programming skills. Cybersecurity professionals can find careers with both technical and non-technical backgrounds. To succeed in the field of cybersecurity, it’s far more important to be analytical, solutions-driven, and well-versed with technology.

Authenticity and non-repudiation are two core concepts in information security regarding the legitimacy and integrity of data transmission. Because we transmit data every day, it's important to verify the sender's origin (authentication) and ensure that during transmission, the data was not intercepted or altered in any way (integrity).

As the internet grows, so does the sophistication and capabilities of cyber attacks. Cybercriminals constantly develop new ways to exploit even the most complex networks and servers. One of the newer types of attacks caused major headlines in 2020 and continues to be a force to be reckoned with for even the largest companies and organizations. It's called a double extortion ransomware attack. Becoming a victim of these vicious attacks can lead to devastating consequences.