10 Most Common SOC 2 Gaps

by Sarah Harvey / June 13, 2023

In 2019, State Farm notified policyholders of a cybersecurity attack in the form of credential stuffing, a tactic often used by hackers that relies on a lack of password maintenance. State Farm took proper measures to reset passwords and notify affected parties of the attack, but what if State Farm employees were properly implementing multi-factor authentication practices from the start? Would this attack have even happened? How could State Farm…

Lessons Learned from the Imperva Data Breach

by Sarah Harvey / December 15, 2022

In August 2019, a third-party bug bounty discovered a data breach that exposed email addresses, hashed and salted passwords, API keys, and TLS keys for a subset of Imperva’s, a leading provider of Internet firewall services, cloud WAF users. This proves that no matter the vendor, you must perform your due diligence to ensure your own security won’t be at risk by working with a certain vendor – even if…

Lessons Learned from Capital One’s Incident Response Plan

by Sarah Harvey / December 15, 2022

There were many missteps that led to the Capital One breach, but what’s the one thing that went as planned? From our perspective, Capital One’s incident response plan seemed to function as intended. Incident response is incredibly important following a breach – that’s why having a plan and team in place is required by so many information security frameworks. The data proves the importance of incident response plans as well.…

Testing Physical Security Measures Through Penetration Testing

by Sarah Harvey / December 15, 2022

When you think about how penetration testing is performed, do you think about testing physical security measures? While many people believe security breaches only happen on the technical side of an organization, they can also start in your physical environment. You may find it surprising to know that some of the most advanced security attacks originate from an area as simple as a garbage can. Items such as: Bank statements…

What Should You Really Be Penetration Testing?

by Sarah Harvey / February 20, 2023

What is Penetration Testing? Pen testing is a valuable investment for any organization – it’s a critical line of defense used to protect and secure your sensitive assets from malicious outsiders. But for organizations that have never undergone pen testing, or for those who have never even heard of penetration testing before, it’s understandable why you would have questions like: What is pen testing? What parts of my organization should…