Russian Cyber Threat Defense – Now and Looking Forward
Despite the perceived breakneck pace of change since the start of the pandemic, many aspects of life remained the same. In 2017 a US Director of Intelligence paper explained how software supply chain attacks “circumvent traditional cyber defenses to compromise software to enable successful, rewarding, and stealthy methods to subvert large numbers of computers through a […]
Key Factors Underlying Third-Party Risk Management
The shift from office-based work to working from home that characterized 2020’s adaptation to COVID-19 lockdowns, has seen soaring digital risks stemming from mishandled third-party risk management. This at a time where reliance on third-party service providers is so pervasive that the Institute of Collaborative Working estimates that up to 80 percent of direct and […]
9 Elements Required for an Effective Third Party Risk Management Framework
The increasing reliance on third-party vendors has opened a set of risks that requires a new approach to implementing efficient Third-Party Risk Management (TPRM). Third-party vendors such as payment gateways, web plugins, email servers, and countless others typically work with multiple companies at a time. Consequently preventing the next supply-chain attack before the vendor’s exploit […]
9 Tips for Fighting Ransomware
Several recent high-profile ransomware attacks have caused organizations to take a closer look at their ability to deal with such an incident. The stakes could scarcely be higher, as ransomware attacks executed by human operators are targeted to bring down global production lines and deny access to business systems – while stealing and then encrypting […]
Defend Like an Attacker: 4 Required Approaches
Brig. General Ran ShahorCEO and Co-Founder, HolistiCyber Our CEO and Co-Founder, Brigadier General (Ret.) Ran Shahor (pictured on the left) was recently featured in Security Magazine relaying his extensive knowledge around nation-state attackers and how to defend against them. Despite the cliché “an attacker doesn’t care about your compliance” it is sadly still how aspects […]
Utilities and Cybersecurity: Keeping the Lights On – Both On and Offline
Utilities have a very unique challenge in the cyber arena. You are not only responsible for keeping up with the evolving threats that plague other organizations, but also keeping people’s lifelines open. Just look at what is happening in Texas right now. Thousands of people are without power and water in the middle of a […]
Google TAG team reports: Nation-State attacks can happen to anyone
Early last week Google’s Threat Analysis Group (TAG) posted a blog outlaying a nation-state attack targeting security researchers. Using social engineering and social media these threat actors were able to create “credibility” within the industry. They claimed false credit for vulnerabilities and interacted with researchers under the guise of wanting to “collaborate” with them on new […]
Cyber Threats in 2021: What to watch out for
December 2020 was a massive month in cybersecurity. Between SolarWinds, FireEye, and Microsoft, every cyber professional was on edge, and we can expect to see our fair share of notable attacks this year as well. So what can we do about it? Our nation-state grade cyber defense experts pulled their heads together to bring out […]
The 12 Days of Security
We are all familiar with the (verrrrrry long) holiday favorite 12 Days of Christmas. While security goes WELL beyond 12 days, we wanted to share 12 of our resources to help you in your cyber defense journey this holiday season. https://youtu.be/sdJq7sUPgP8 A Weekly Cyber Breakdown Every week our team uses an AI engine to pull […]
SolarWinds: Preventing and Hunting other MSP Attacks
The SolarWinds breach has again exposed the trusted supply chain as a favored method of cyber-attack. Nation-state level threat actors compromised its software updates in order to rollout backdoor access among its customer base. The network management and monitoring powerhouse has upwards of 300,000 customers across enterprise and government, so the potential fallout from this […]
