Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.”  In football, as in life and IT Security, starting with the basics is the most important step you can ta

In its Vision 2030 development plan, Saudi Arabia included a National Transformation Program whose purpose is to diversify the Kingdom’s income away from the oil industry. One of the core tenets of that program is to enable the growth of the private sector by developing the digital economy. Specifically, Saudi Arabia set out its intention to increase the con

The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the security industry that locks are only good at keeping honest people honest. This is perhaps truer than ever in the era o

COVID-19 forced organizations all over the world to transition their employees to a work-from-home policy. That change came at a time when organizations’ connected infrastructure is more complex than ever. Such complexity doesn’t just extend across IT environments, either. Indeed, machines and production processes are also becoming increasingly complex as or

Jen Burns, lead cybersecurity engineer at MITRE, walks us through the MITRE ATT&CK© Framework and discusses some important changes brought by a July 2020 update. She then highlights what the security community can expect to see in a couple of upcoming updates before sharing how individuals can get involved with the MITRE ATT&CKFramework going forward

Tripwire’s July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle.Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks’ B

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring tone, and

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had already made investments in how and where we wanted to work in our p

More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam.Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site’s internal support team. Those tools a

It goes without saying that innovations and trends in technology have a direct impact on digital security. Just look at what happened with COVID-19. As organizations switched their workforces to remote connectivity, many security teams shifted their attention to deploying enterprise-wide VPNs and partnering with employees to harden their home networks/device

The COVID-19 pandemic has created a huge list of challenges for businesses. One that is potentially going unnoticed or under-reported is cybersecurity. Specifically, as lockdown ends and as individuals return to offices and places of work, it may be the case that something malicious is already waiting for them on their devices.Here we take a look at the cybe

“Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company’s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience?” – The CMMI Institut

The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either. According to market estimate

A Security Analyst, A Lead Developer, And A Cloud IT Admin Walk Into A Bar…Stop me if you’ve heard this one before.When we talk to users about the ways that they handle roles and responsibilities associated with keeping their Cloud accounts secure, we get a multitude of answers. There’s often a wide range of people and teams from various parts of the b

What the heck has happened on Twitter?Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers.What did the messages say?Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye Wes