Upcoming Webinar       The Complete Guide to Ransomware [Updated for 2022]       26th May, 2PM EDT      Register Now
Archive for the ‘Data Security’ Category

Despite the fact that increasingly more organizations are utilizing cloud-based services for their business operations as opposed to installing and maintaining their own infrastructure, on-premise Microsoft Active Directory (AD) still serves as the backbone for many organizations’ IT environments. 90% of the Global Fortune 1000 companies still use Active Directory as their primary authentication and authorization mechanism. This is not because large companies necessarily prefer to maintain their own infrastructure, … Read more

Access to Office365 is controlled by a User Principal Name (UPN) and a password. These credentials give regular users access to Office 365 services, including Exchange, SharePoint, OneDrive, Teams, and more. User credentials can be set via Azure Active Directory, or an on-premise Active Directory Domain Controller, if you are using a hybrid setup. Either way, were an attacker to gain access to one of your user accounts, even if … Read more

In this episode of our popular podcast series CISO Talks, we met up with Reuven Aronashvili, the founder and CEO of CYE – experts in organizational cyber-security and risk assessments. Before that, Reuven worked at one of the co-founders of the Israel Defense Forces “Red Team” unit, helping to spot and address cybersecurity vulnerabilities presented by attackers. Reuven has seen a lot in his career, and many of the specific … Read more

The Zero Trust security principle is centered around the presumption that everything and everyone within your IT environment is potentially malicious, hence the phrase “never trust, always verify!”. The Zero Trust model runs counter to the traditional moat-castle approach, which presumes that the “bad guys” are on the outside, and the goal is to prevent them from getting in. The Zero Trust security principle is centered around the presumption that … Read more

Over the last decade, the topic of cybersecurity has become increasingly more relevant. After all, in 2020, we saw a total of 37 billion records compromised, a 141% increase compared to 2019. In response to the rising number of data breaches, Governments across the globe have been introducing stringent data privacy laws, which come with hefty fines for non-compliance. This has contributed to the rising costs associated with data breaches. … Read more

It is no secret that the majority of cyber-security incidents are, in some way or another, caused by negligent or malicious employees. In the context of developing a training program to minimize the likelihood of insider threats, we are only really interested in threats that are the consequence of employee negligence. After all, you can’t really train an employee to not act maliciously. Below are some examples of the types … Read more

Detecting insider threats can be tricky, especially as many of the indicators of an insider threat can be easily mistaken as normal user behavior. However, once you fully understand what an insider threat is, and you know the common methods and techniques that insiders might use to exploit your security, you’ll be able to identify the indicators far more easily. Insider Threat Motivations To understand what an insider threat looks … Read more

The purpose of a Security Information and Event Management (SIEM) solution is to aggregate and correlate event data from a wide range of devices, servers, peripherals, and applications, across your entire IT infrastructure, including any cloud platforms you use. SIEM solutions will help to detect anomalous network activity and identify trends that might be indicative of a security threat. What is a SIEM Solution? A SIEM solution will provide a … Read more

The PrintNightmare vulnerability enables attackers to execute remote code on our devices, and thus take control over them. It’s not entirely clear when the vulnerability was first discovered, although most literature on the subject states that it was discovered around June 2021, by the US Cybersecurity Infrastructure Security Agency. What is the PrintNightmare Vulnerability? The vulnerability exists on all devices running Windows 7 or higher. It resides in the Windows … Read more

As Governments across the globe introduce new and/or improved data privacy regulations, organizations must ensure that they have the necessary tools in place to demonstrate their compliance efforts to the relevant supervisory authorities. Due to various reasons, such as the increased adoption of cloud services and the increase in the number of employees working remotely, IT environments have become increasingly more distributed, which has led to a change in the … Read more