News, discussion and expertise on IT Security and the biggest security risks in today’s organizations. Focused on Microsoft Windows and Active Directory Infrastructures we look to address the prevention of security breaches, ensuring regulatory compliance and responding to IT Emergencies.

IT Security

Comments Off on UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

A few days ago, a news story broke saying that many of the UK’s political leaders have been publicly (and almost proudly) proclaiming their own particularly poor passwords habits on Twitter. MP Nadine Dorries admits she regularly shouts the question “What is my password?” across the office, and after her being criticised on Twitter, MP … Continued

Comments Off on Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

  Captain Picard (from Star Trek: The Next Generation) has been known to produce some pretty memorable quotes. One such quote comes from an episode where the Federation is fighting the Borg, with Captain Picard saying (in reference to where they must fight the Borg), “The line must be drawn here! This far, no further!” … Continued

Comments Off on What’s Least Privilege Really All About?

What’s Least Privilege Really All About?

What’s Least Privilege Really All About?

As we finish the upcoming whitepaper ‘Least Privilege and the Value of User Logon Management‘, we began thinking about how organizations may see the point of least privilege as being different things. We all know, at a minimum, the implementation of the principle includes setting up users with the least amount of privileges possible (after … Continued

Comments Off on External Attacks – It’s All About the Logon

External Attacks – It’s All About the Logon

External Attacks – It’s All About the Logon

It’s tough to come up with an effective counter-measure to external attacks when you can’t see your enemy. While there are plenty of stories in the news of how a certain company fell prey to a very specific attack, it’s hard to translate that into an actionable response. So, you walk through the “usual suspects” … Continued

Comments Off on Are You Just Waiting for a Compromise?

Are You Just Waiting for a Compromise?

Are You Just Waiting for a Compromise?

The modern IT organization is well aware that compromises (in the form of both external attacks and insider threats) are more an issue of when than if. You’ve put up some defensive security solutions – AV, endpoint protection, email scanning, etc. – all in an effort to minimize the threat potential. But, beyond that, what … Continued

Comments Off on Why a decline for data breach costs is still not good enough

Why a decline for data breach costs is still not good enough

Why a decline for data breach costs is still not good enough

According to a recent study by international security research company, the Ponemon Institute, the average total cost of a data breach has declined by 10% globally. While it is encouraging to learn that global costs of data breaches have decreased, the fact remains that hugely disruptive data breaches are still happening alarmingly frequently all over … Continued

Comments Off on The convenience of single sign-on services (SSO) without compromising security

The convenience of single sign-on services (SSO) without compromising security

The convenience of single sign-on services (SSO) without compromising security

From an end user’s perspective, single sign on is a great idea. You log into one platform, which gives you access to multiple applications, programs and sites, with no need to log into each one individually. It’s convenient, quick and hassle free. But as of recent news, it’s also been proved to be a big … Continued

Comments Off on Orange Is The New Hack: Lessons from yet another ransomware attack

Orange Is The New Hack: Lessons from yet another ransomware attack

Orange Is The New Hack: Lessons from yet another ransomware attack

Post-production company, Larson Studios, which is responsible for hit Netflix shows such as Orange Is The New Black, is the latest victim of ransomware. Those responsible stole 10 episodes from the upcoming season five of the jail drama hit series and threatened to release them online unless a ransom was paid. When these demands were … Continued

Comments Off on Changing your password regularly makes you less safe, apparently

Changing your password regularly makes you less safe, apparently

Changing your password regularly makes you less safe, apparently

Here’s an interesting view. According to Paul Edmonds, head of tech at the National Cyber Crime Unit, changing your password regularly makes you less safe. Not more. That’s a surprising opinion given we’re always being told to change our passwords regularly to keep attackers at bay. It’s the equivalent of changing the locks. If a … Continued

, Comments Off on Credential Theft in Education. Protect your Institution against a Data Breach.

Credential Theft in Education. Protect your Institution against a Data Breach.

Credential Theft in Education. Protect your Institution against a Data Breach.

Cyber security news site, Dark Reading, recently reported on the news that millions of stolen and fake email credentials from across 300 of the largest universities in the US were available to buy on the Dark Web. The stolen and fake student, faculty and alumni access credentials are being offered to buyers for anywhere from … Continued

Secured By miniOrange