Understanding NIST CSF to assess your organization's Ransomware readiness

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a rece...

SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository

Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...

Ransomware Response: To Pay or Not to pay

Recently, I was speaking with a CISO friend of mine and he mentioned that his company suffered a breach. I asked if it was a ransomware attack, and sadly, that was the case. Malware had infected nearly every connected computer. Clearly there was a breakdown in protective controls, but Ill get to...