Why Should Nation-State Grade Attacks Be The Focal Point of Your Cybersecurity Strategy?
Anatomy of a nation-state grade attack The 2020 Solar Winds attack, believed to have been launched by Russia’s Cozy Bear (AKA APT29), a Russian hacker group reputedly associated with Russian agencies such as FSB and/or SVR, was a nation-state grade attack. It stealthily “trojanized” an update of SolarWinds’ Orion, an infrastructure monitoring and management software […]
Recent Nation-State Grade Attacks Are a Wake-Up Call for Many Organizations to Improve Cyber Defenses
The Awakening and What’s Behind President Joe Biden’s Executive Order on Cybersecurity There has never been a more opportune time to implement a pro-active cyber-defense strategy against Nation-State grade level threats for both the public and the private sectors in the US. The recent wave of cyber-offenses on government entities, utilities, and businesses have finally […]
What are the keys to a successful cybersecurity strategy? Our CEO Ran Shahor Explains All
According to Ran Shahor, CEO and co-founder of HolistiCyber, a successful cybersecurity strategy should start with a detailed plan. This should place your business requirements, budget, and security posture at the forefront of any other decisions you make to keep your company assets and data secured. How do you build your strategy? Well, for starters, […]
Russian Cyber Threat Defense – Now and Looking Forward
Despite the perceived breakneck pace of change since the start of the pandemic, many aspects of life remained the same. In 2017 a US Director of Intelligence paper explained how software supply chain attacks “circumvent traditional cyber defenses to compromise software to enable successful, rewarding, and stealthy methods to subvert large numbers of computers through a […]
Key Factors Underlying Third-Party Risk Management
The shift from office-based work to working from home that characterized 2020’s adaptation to COVID-19 lockdowns, has seen soaring digital risks stemming from mishandled third-party risk management. This at a time where reliance on third-party service providers is so pervasive that the Institute of Collaborative Working estimates that up to 80 percent of direct and […]
9 Elements Required for an Effective Third Party Risk Management Framework
The increasing reliance on third-party vendors has opened a set of risks that requires a new approach to implementing efficient Third-Party Risk Management (TPRM). Third-party vendors such as payment gateways, web plugins, email servers, and countless others typically work with multiple companies at a time. Consequently preventing the next supply-chain attack before the vendor’s exploit […]
9 Tips for Fighting Ransomware
Several recent high-profile ransomware attacks have caused organizations to take a closer look at their ability to deal with such an incident in advance, and fighting ransomware if an instance occurs. The stakes could scarcely be higher, as ransomware attacks executed by human operators are targeted to bring down global production lines and deny access […]
Defend Like an Attacker: 4 Required Approaches
Brig. General Ran ShahorCEO and Co-Founder, HolistiCyber Our CEO and Co-Founder, Brigadier General (Ret.) Ran Shahor (pictured on the left) was recently featured in Security Magazine relaying his extensive knowledge around nation-state cyber attackers and how to defend against them. Despite the cliché “an attacker doesn’t care about your compliance” it is sadly still how […]
Utilities and Cybersecurity: Keeping the Lights On – Both On and Offline
Utilities have a very unique challenge in the cyber arena. You are not only responsible for keeping up with the evolving threats that plague other organizations, but also keeping people’s lifelines open. Just look at what is happening in Texas right now. Thousands of people are without power and water in the middle of a […]
Google TAG team reports: Nation-State attacks can happen to anyone
Early last week Google’s Threat Analysis Group (TAG) posted a blog outlaying a nation-state attack targeting security researchers. Using social engineering and social media these threat actors were able to create “credibility” within the industry. They claimed false credit for vulnerabilities and interacted with researchers under the guise of wanting to “collaborate” with them on new […]
