Enterprise Network Security Blog from ISDecisions
Cybersecurity advice for Higher Education
Information security continues to challenge both large and small institutions alike. According to EDUCAUSE, a nonprofit association of IT leaders in higher education, information security remains the #1 issue in 2018 for the third year in a row. Perhaps this is not a surprise when you learn the education sector has the highest rate of ransomware … Continued
Taking a Proactive Approach to Avoid Data Breaches
It seems like IT’s general approach to any kind of attack – which includes data breaches – is a reactive one. Think about it, in every kind of attack-related scenario – whether an external attack, an insider threat, malware…
Does Meeting Compliance Include File Servers?
Those of you reading this are likely working in industries with compliance mandates around protecting specific data types from misuse. And, like most businesses today, you’re probably using some kind of industry-specific set of applications that host that data –…
Why is the Education Sector a Target for Cyberattack?
Year over year, the same industry verticals seem to remain at the top of just about every analyst briefing, industry report, and infographic that are about security, threats, and attacks. Commonly, you repeatedly see Retail, Finance, Healthcare, and Education. But why?…
Active Directory User Login History – Audit all Successful and Failed Logon Attempts
The ability to collect, manage and analyze logs of login events has always been a good source of troubleshooting and diagnostic information. Logons are the one common activity across nearly all attack patterns. They provide one of the clearest indicators of compromise to help protect company data and thwart attacks. The need to provide a … Continued
UK politician password-sharing — maybe the security industry has been giving out the wrong advice?
A few days ago, a news story broke saying that many of the UK’s political leaders have been publicly (and almost proudly) proclaiming their own particularly poor passwords habits on Twitter. MP Nadine Dorries admits she regularly shouts the question “What is my password?” across the office, and after her being criticised on Twitter, MP … Continued
Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?
Captain Picard (from Star Trek: The Next Generation) has been known to produce some pretty memorable quotes. One such quote comes from an episode where the Federation is fighting the Borg, with Captain Picard saying (in reference to where…
What’s Least Privilege Really All About?
As we finish the upcoming whitepaper ‘Least Privilege and the Value of User Logon Management‘, we began thinking about how organizations may see the point of least privilege as being different things. We all know, at a minimum, the implementation…
External Attacks – It’s All About the Logon
It’s tough to come up with an effective counter-measure to external attacks when you can’t see your enemy. While there are plenty of stories in the news of how a certain company fell prey to a very specific attack, it’s…
Are You Just Waiting for a Compromise?
The modern IT organization is well aware that compromises (in the form of both external attacks and insider threats) are more an issue of when than if. You’ve put up some defensive security solutions – AV, endpoint protection, email scanning, etc. – all in an effort to minimize the threat potential. But, beyond that, what … Continued
Why a decline for data breach costs is still not good enough
According to a recent study by international security research company, the Ponemon Institute, the average total cost of a data breach has declined by 10% globally. While it is encouraging to learn that global costs of data breaches have decreased, the fact remains that hugely disruptive data breaches are still happening alarmingly frequently all over … Continued
The convenience of single sign-on services (SSO) without compromising security
From an end user’s perspective, single sign on is a great idea. You log into one platform, which gives you access to multiple applications, programs and sites, with no need to log into each one individually. It’s convenient, quick and…
Lessons from the NHS: A bitter pill to swallow
The WannaCry cyber-attack, which took place earlier this month, has made headlines all over the world over in recent weeks. Already documented as the biggest ransomware attack in history, the hackers shut down IT systems worldwide, with a staggering 75,000…
Orange Is The New Hack: Lessons from yet another ransomware attack
Post-production company, Larson Studios, which is responsible for hit Netflix shows such as Orange Is The New Black, is the latest victim of ransomware. Those responsible stole 10 episodes from the upcoming season five of the jail drama hit series…
Changing your password regularly makes you less safe, apparently
Here’s an interesting view. According to Paul Edmonds, head of tech at the National Cyber Crime Unit, changing your password regularly makes you less safe. Not more. That’s a surprising opinion given we’re always being told to change our passwords regularly to keep attackers at bay. It’s the equivalent of changing the locks. If a … Continued