Empower Your First Line of Defense – Training Employees in Cybersecurity
If your organization deals with sensitive information on a regular basis, you most likely have varying levels of digital security on your radar at all times. As cyber attacks become more sophisticated and frequent, it is essential for companies to prioritize cybersecurity training for their employees as a first line of defense. Research shows that […]
Ethical Hacking – The Unsung Hero of Cybersecurity
The word “hacking” has long had a negative connotation, generally being used in the context of security breaches involving people with malicious intent. For many, the term “ethical hacking” may seem like an oxymoron, but this benevolent and invaluable cybersecurity practice can save your company from serious threats to your data, privacy, and finances. Ethical […]
US Launches New National Cybersecurity Strategy
In 2018 the Department of Homeland Security released a 5-year strategy to provide a framework to execute their cybersecurity responsibilities. The goal was to improve national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure. On Thursday, March 2nd, the new plan for the National Cybersecurity Strategy was released, outlining […]
Addressing the Threat – Cybersecurity Staffing and Recruiting Challenges in 2023
It has been no secret that the Cybersecurity workforce is facing a significant talent shortage. Whether due to natural lack of interest, decrease in STEM curriculum, or impressions of being an unfavorable career experience from those previously and currently in the industry – companies face an ever dwindling pool of qualified candidates while cyber threats […]
OWASP Top 10
It might not have made Letterman’s list, but that doesn’t mean it’s not important! The OWASP Top 10 provides rankings for the most critical web app security risks. As their last update was in 2021, it remains to be seen if the evolving threat landscape will affect their rankings in the coming year, but for […]
Code, Compliance, and CISO’s. Shifts in the Cybersecurity Landscape Amid New NYDFS Regulation Changes.
On November 9, 2022 the NYDFS announced major revisions to their existing laws with regards to cybersecurity and reporting. Recent updates to their 2017 cybersecurity regulation for financial service companies are slated to take affect mid-Summer 2023. These changes present quite a few major compliance feats for entities doing business in New York to anticipate […]
What, How and Why of Web App Penetration Testing
As the digital world continues to rapidly expand, organizations must be increasingly aware of the potential risks associated with their web applications. One way to ensure your company’s security is through penetration testing. Penetration testing is a security measure that helps you identify and fix vulnerabilities or weaknesses in your web applications before malicious actors […]
2023 State Data Privacy Laws
2022 brought a flurry of legislative activity regarding state data privacy with very little effective action being taken. Looking toward the new year – 2023 is kicking off with five laws set to go in to effect in California, Colorado, Connecticut, Utah, and Virginia. As there is currently no federal privacy law from which to […]
The OWASP Top 10 has a new look for 2021
Since the Open Security Summit in 2017, the OWASP Top 10 has provided an established data-collection process. In 2021, the OWASP 10 has a new look. After several months of analyzing Common Weakness Enumeration (“CWE”) datasets in conjunction with re-categorizing software weaknesses and vulnerabilities, the updated roll-out is presenting a refurbished design and a more […]
New Federal Cyber Security Standards – Executive Order to Improve the Nation’s Cyber Security
On May 12, 2021, President Biden signed the Executive Order on Improving the Nation’s Cyber Security in efforts to protect the federal government’s networks. The Executive Order mandates new Federal Cyber Security Standards for both federal agencies and the software vendors that supply them. The Executive Order is in response to the recent uptick in destructive cyberattacks […]