Expert analysis
Email security is a human issue
Research suggests that email is the most common point of entry for malware, providing access in 94% of cases, so it’s unsurprising that phishing is the root cause of 32% of …
What contractors should start to consider with the DoD’s CMMC compliance standards
Q1 2021 has been a tumultuous period in our era of cyber espionage. The Center For Strategic & International Studies (CSIS), which has been tracking “significant cyber …
Dispelling four myths about automating PKI certificate lifecycle management
The public key infrastructure (PKI) underpins the most effective strategy for securing communications between machines, network and mobile devices, virtual servers, and the …
Is it OK to publish PoC exploits for vulnerabilities and patches?
In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof …
Defeating typosquatters: Staying ahead of phishing and digital fraud
It has become a mantra for businesses targeted by hackers to describe the incident as a “sophisticated cyber-attack”. Although true in some instances, the reality is that most …
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
Secure your cloud: Remove the human vulnerabilities
Training to increase employees’ security awareness and change risky behaviours among end users is important, particularly as the future workplace will be hybrid and many …
Use longitudinal learning to reduce risky user behavior
People ignore information that isn’t relevant to them, which is why IT and HR departments have been approaching security training incorrectly for years. Long-form, all-hands …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
Shedding light on the threat posed by shadow admins
Few organizations would purposefully hand a huge responsibility to a junior staff member before letting them fly solo on their own personal projects, but that’s effectively …
APIs in the insurance industry: Accessing a growing world of data
The insurance industry is vast and varied. It can be found in nearly every country in the world, with the earliest references dating back as early as 1750 BC. Modern …
What is threat modeling and why should you care?
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …