Threat Informed Defense (Part 1): Threat Simulation [A Webinar Recap]

by Tori Thurmond / April 18, 2024

Cyber threats pose significant risk to organizations worldwide, ranging from financial loss to reputational damage to operational disruptions. These ever-evolving threats can be intimidating, but with the right preparation, organizations can proactively mitigate risks and fortify their overall cybersecurity posture. One way to offensively protect your organization from the treat landscape is through threat simulation.   This week, our VP of Pen Testing, Jason Rowland, kicked off our three-part Threat…

9 Best Practices for Using AWS CloudTrail in 2024

by Hannah Grace Holladay / April 16, 2024

Every user action can and should be tracked. On cloud platforms like AWS, user actions and service events interact with the platform’s management interfaces, whether with the web console or the API, which allows most things that happen in your cloud environment to be logged.  The transparency provided by comprehensive logging is one of the cloud’s most consequential security and compliance benefits. Using logs allows you to record all processing…

Notes from the Field: CIS Control 16 – Application Software Security 

by Greg Halpin / April 3, 2024

Recently, I’ve been working with a small Software as a Services (SaaS) company, and it quickly became clear they didn't have much in place by way of security. They didn't have a documented policy. They didn't do code reviews. New code releases were deployed on the fly. They didn't do secure scans of code or the web application. They didn't have a web application firewall (WAF). The application database was…

The 3 Main Types of Security Policies in Cybersecurity

by KirkpatrickPrice / April 2, 2024

In 2020, security breaches cost businesses an average of $3.86 million, but the cost of individual incidents varied significantly. The main factor in the cost variance was cybersecurity policies and how well they were implemented. Cost mitigating factors include security best practices such as encryption and vulnerability testing, but board involvement in creating and enforcing security policies also had a substantial impact.  Organizational security starts at the top, with clearly…

Securing the Sunshine State: A Guide to the Cybersecurity Liability Bill and NIST CSF 2.0  

by Tori Thurmond / March 27, 2024

Did you know that 78% of publicly disclosed ransomware victims in Florida were local government entities, affecting cities, towns, counties, and school districts? With the ever-evolving cyber landscape, it can be difficult to stay ahead of threats even if you’re doing whatever you can to keep your organization secure. That’s why our Director of Advisory Services, Todd Atnip, hosted a webinar earlier this week diving into Florida’s proposed Cybersecurity Incident…