Archive for the ‘General’ Category

When discussing information security trends in the event of a recession, the problem is that we are heading into uncharted waters. The number of annual data breaches have been constantly rising since 2005. We are also seeing an increase in the number of data breaches following the housing market crash of 2008, which is what we would expect, as cyber-criminals never let a crisis go to waste. Given the increase … Read more

Let’s face it, 2020 hasn’t got off to a great start. The coronavirus pandemic, which has so far infected more than 550,000 people globally, has forced Governments across the globe to effectively shut down large parts of their economies, with citizens in many countries being required to stay at home. The travel industry has been badly damaged due to the travel restrictions, and we’ve already seen a historic surge in … Read more

The spread of Coronavirus and the associated illness, COVID-19, has had a drastic effect on people’s lives all over the world. In particular, COVID-19 is changing the way enterprises are operating, forcing many employees to work from home in a bid to practice social distancing and limit the spread of the disease. The full effects of the pandemic to businesses and the general public are yet to be fully realized. … Read more

According to a recent survey, 74% of breaches involved access to a privileged account, and yet many organizations are still failing to take the steps necessary to prevent the abuse of privileged credentials. Ensuring that privileged accounts are secure requires Identity and Access Management (IAM) – a term used to describe the process of managing digital identities and controlling what assets those identities are allowed access to. IAM consists of … Read more

According to a recent survey by Syncsort, there are inconsistencies relating to how confident companies are about the strength of their cyber-security posture, and how well they actually fare when it comes to protecting their systems and data. 85% of the respondents expressed confidence in their ability to stave off cyber-security threats, while 41% admitted to suffering a security breach. Additionally, 20% of respondent said they didn’t know if they … Read more

The Lightweight Directory Access Protocol (LDAP) is an industry-standard application protocol used by Windows Server Active Directory (AD) to maintain directory services. Client devices and applications authenticate with AD using LDAP ‘bind’ operations. LDAP simple binds send user credentials over the network in cleartext. I.e. there is no encryption of the username and password. While AD supports simple binds, it is not a recommended approach. Applications that use LDAP simple … Read more

Password and account lockout policies in Active Directory needn’t be all or nothing. In this article, I’ll explain how to set password and account lockout policies for specific groups of users and some best practices you should follow in the process. Active Directory Account Policies Active Directory (AD) domains are configured by default with password and account lockout policies that apply to all user accounts in the domain. Each domain … Read more

A few questions we get asked on a regular basis are “how do we compare with Varonis?” and “is Lepide an alternative to Varonis?” To answer this question, I’ve created this blog and, whilst I’ve tried to be as unbiased as I can, clearly, I have a favorite. It’s also important to know this blog is in many places anecdotal, created from information obtained either from direct customer feedback or … Read more

1) UIDAI (Unique Identification Authority of India) Date Disclosed: January 3, 2018 Records Breached: 1.1 billion Details: Using a service promoted on WhatsApp, hackers were able to access personal data belonging to Indian citizens by entering a 12-digit unique identity number – assigned to all residents based on their biometric and demographic data. 2) Exactis (Florida-Based Marketing Firm) Date Disclosed: June 26, 2018 Records Breached: 340 million Details: A database … Read more

You may think that information security and cybersecurity are the same thing, and I wouldn’t blame you as there is a lot of crossover. However, there are some key differences between the two that differentiate the terms. Many believe that cybersecurity and information security are completely inseparable, and one will not work without the other. Whilst this isn’t completely true, I recommend ensuring that your information security and cybersecurity strategies … Read more