Security

3 Basic Zero Trust Blog Image

26 May: The 3 Basic Principles of a Zero Trust Strategy

Despite efforts within the cyber security industry to oversimplify the concept, Zero Trust should be thought of as a strategy and framework, as opposed to a problem addressable simply by implementing technology. Technology plays an important role in providing technical security controls such as strong authentication, least privilege, and impeded lateral movement, etc. which contributes to achieving a Zero Trust model. The combination of a strategically curated eco-system of technical controls and processes requires executive buy-in and organizational support to succeed.

Duo Blog Image 051821

18 May: Finally! Zero-Trust Security That Users Actually Like to Use

Everyone agrees that the best way to combat rising cybersecurity attacks is by implementing better security, but users will circumvent the defenses if it’s too cumbersome.
It’s a well-known fact that passwords are the Achilles’ heel of security. According to the 2019 Verizon Data Breach Investigation Report, more than 80% of data breaches result from an attacker logging into a customer’s applications using stolen passwords—often initiated by an email phishing attack.

Pipeline Rasomware Blog

12 May: FBI and CISA Issue DarkSide Ransomware Alert

Dubbed “one of the most disruptive digital ransom schemes reported” by Reuters, the ransomware attack on Friday shut down an entire pipeline network, which is the source of nearly half of the U.S. East Coast’s fuel supply. As of Tuesday, the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have put out a joint advisory about the attack. The culprit has been identified as DarkSide, a malware operator that runs Ransomware-as-a-Service (RaaS). You can read the full alert here.

Managing Cybersecurity Threats

28 Apr: Managing Threats Through Cybersecurity Expertise

Whether we like it or not, the way we work and where we work has fundamentally influenced our collective perspective. The pandemic forced organizations to quickly update and implement business resiliency plans or scramble to develop and execute plans to support remote work and education potentially mortgaging data security in the process. The pandemic continues to force organizations to revisit long-standing beliefs and attitudes about and toward remote work and education.  As a result, while most knowledge or service-based organizations learned that they are more productive than ever, they are also very vulnerable because traditional approaches to securing remote devices and access to sensitive data simply did not travel well. The cybersecurity industry responded quickly and, in many cases, was well-positioned to support a transition to remote work. The industry foresaw an increased need to secure and manage remote devices as well as access to sensitive data from those devices, but the pandemic expedited and magnified the use case.