To x.509 or not to x.509. That is the Question.

Public Key Infrastructure (PKI) and the x.509 Certificate.

While it might seem fairly visible in today's world why authentication measures should meet this standard, there is some expense to incorporate the practice. Alternatively, most private sector businesses still use single-factor (User, password) or non x.509 (Web of Trust a.k.a WoT) dual-factor authentication. 

Protecting Critical Infrastructure

Be Online Aware! October is National Cybersecurity Awareness Month.

Protecting Critical Infrastructure

Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications, and power along with other networks and systems. A disruption to this system, some of which may be connected to the internet, can have significant and catastrophic consequences for our nation. Securing our nation’s critical infrastructure is therefore our shared responsibility. The Department of Homeland Security (DHS: Critical Infrastructure Security) offers several resources for the public to use in being proactive towards our security.

Click here for tips on protecting Critical Infrastructure.

Social Engineering: The Easiest Way to Hack?

Be Online Aware! October is National Cybersecurity Awareness Month.

Social Engineering: The Easiest Way to Hack?

It has often been said that the easiest hack in IT security is the Social hack. Why? People are creatures of habit and, with insufficient training and a bit of prodding, are far easier to “con” than a firewall or IDS.

Webster’s defines Social Engineering as “an act of psychological manipulation of a human” and "any act that influences a person to take an action that may or may not be in their best interests."

Click here to learn more about Social Engineering.

Inspiring the Next Generation of Cybersecurity Professionals

Be Online Aware! October is National Cybersecurity Awareness Month.

Inspiring the Next Generation of Cybersecurity Professionals

In this day and age, technology seems to permeate evermore into not only our own lives, but our children’s as well. The general consensus towards the rapid integration of technology seems to be positive in most cases, and allows for the simplification and expedition of day-to-day tasks. As general computer knowledge and overall use continues to climb, our children are getting more facetime with technology than ever before. Fortunately for the iPad playing pre-teens, this baseline familiarity with technology will handily transfer to their future professional careers, albeit unbeknownst to them.

Click here for ways to inspire youth towards a promising career in Cybersecurity.

Make Your Home a Haven with Online Safety

Be Online Aware! October is National Cybersecurity Awareness Month.

Make Your Home a Haven with Online Safety

Every day, parents and caregivers teach kids basic safety practices ‒ like looking both ways before crossing the street and holding an adult’s hand in a crowded place. Easy-to-learn life lessons for online safety and privacy begin with parents leading the way. Learning good cybersecurity practices can also help set a strong foundation for a career in the industry. With family members using the internet to engage in social media, adjust the home thermostat or shop for the latest connected toy, it is vital to make certain that the entire household ‒ including children – learn to use the internet safely and responsibly and that networks and mobile devices are secure.

Click here to read more about basic cybersecurity essentials the entire family can deploy to protect their homes against cyber threats.

 

Keep Updating Your Computer & Phone OS!

Major OS design flaw could have serious ramifications

Keep Updating Your Computer & Phone OS!

A serious flaw in the design of almost every CPU and/or operating system will result in cybersecurity-required updates, or patches, being published for Microsoft, Apple, and Linux operating systems.

One of our cybersecurity engineers noticed a flurry of Linux and Windows emergency kernel patches being published that are enabling and implementing KPTI (Kernel Page Table Isolation) protections (or barriers). Enabling KPTI for all operating systems will likely impact the computer's performance, in some cases running 30% slower.

[ Jan 4, 2018 Update: This exploit was discovered by Google back in the early summer of 2017. The exploits are known as "Meltdown" and "Spectre" — two methods of exploiting a security vulnerability found in Intel, AMD, and ARM processors that, between them, threaten almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. ]

Why is there a need to do this now?

Smart money seems to be that a variation of a known cyber attack, called rowhammer, has been found in the wild. This attack is likely a hypervisor exploit ... meaning the Big Brandsin the virtualization world (Amazon S3, Google Computer Engine, Microsoft Azure) could be at risk of a process in one Virtual Machine (VM) gaining access to data in another VM.

Click here to read more about this cybersecurity issue.

 

Non-Compliance can cost WAY MORE than Compliance?

Employee uses False Claims Act to sue Employer over DFARS/NIST Compliance

Non-Compliance can cost WAY MORE than Compliance?

 Department of Defense Contractors have struggled to meet the DFARS 252.204-7012 ("DFARS-7012") regulation, partularly with compliance on the referenced NIST SP 800-171 ("NIST-171") security controls. 

scale moneyNow, an employee has successfully brought suit against his employer using the False Claims Act (FCA) for falsely claiming compliance on DFARS-7012/NIST-171. There hasn't been a judgement lodged against the company yet and it could still rule in the company's favor. However, other DoD contractors should take note of the details of this case so far.

2019 Smartphone Cyber Threats

CSO article discusses threats you should take seriously

2019 Smartphone Cyber Threats

Hundreds of millions of people use smartphones on a daily, if not hourly basis. It likely contains your most important personal and financial information. It is a critical 'weak link' in your life from a cyber threat perspective.

CSO Magazine has just published an article discussing the six top mobile phone cyber threats and we agree you should keep these in mind. 

Click here for tips on protecting your smart phone.

Cybersecurity Awareness and Training

Be Online Aware! October is National Cybersecurity Awareness Month.

Cybersecurity Awareness and Training

Your employees are arguably your largest attack vector. Therefore, one of the absolute best things you can do to improve your organization’s security posture is to provide employees with effective security awareness training.

Click here for ways to provide effective Security Awareness & Training.

How to Launch a Career in Cybersecurity

Be Online Aware! October is National Cybersecurity Awareness Month.

How to Launch a Career in Cybersecurity

Cybersecurity is a high-growth industry with a serious shortage of available talent. According to the U.S. Department of Commerce there are currently over 300,000 open cybersecurity positions across the United States and experts expect the labor shortage to continue. Because of this, rather than making hiring decisions based on experience, organizations tend to hire based on potential. Organizations evaluate a candidate’s potential to learn the technical skills based on a range of skills and traits such as problem solving and critical thinking, opening up the doors to a wider range of candidates.

Click this link for tips on pursuing a career in Cybersecurity.

How Secure is Your Password?

Be Online Aware! October is National Cybersecurity Awareness Month.

How Secure is Your Password?

If you had 10 security professionals in a room and asked them to create the most secure password, you’d probably walk out with 11 different answers. However, all security professionals will agree that a strong, secure password is your first line of defense from the ever increasing barrage of information breaches and malicious users.

Click here for tips on creating a more secure online experience.