How Top Targeted Industries are Using RSA Archer to Stop Cyber Fraud - Part 1: Banks

Posted by Lia Konieczny on Nov 29, 2016 5:00:57 PM


If you were a bank robber, you would target the largest bank around in order to secure the biggest prize possible in exchange for the risk associated with committing the crime, right? The same is true for cyber criminals. They specifically target organizations within industries that provide the most return for their crime. These unseen criminals, though they are not stealing physical cash, are stealing your personal information that can grant them access to more than just what is in your bank account. The prime targeted industries are those that house customer information in some form or another, examples would be banks, healthcare providers, and retailers, among others. Thankfully, our everyday institutions are fortifying their security against these cyber thieves by employing software solutions such as RSA Archer to aid in the prevention of theft of customer data and fraud from ever occurring in the first place by tracking threat behavior and analyzing patterns of risk.

Read More

Topics: eGRC, RSA ARcher

Give Thanks for Cybersecurity

Posted by Lia Konieczny on Nov 23, 2016 3:38:47 PM


Thanksgiving Day is almost here and with it, our focus turns to our family, friends, food, and most importantly, football. As we celebrate one of our country’s most cherished traditions, we give thanks to health, wealth, good company, and of course, turkeys. However, this holiday season, we should recognize our nation’s involvement in cybersecurity and how much we’ve grown with it! Whether it be booking your flight home online, posting a picture of your Thanksgiving feast to Instagram or Facebook, streaming the big game, or FaceTiming your relatives that can’t be there in person, being online is a huge part of this and every day. I’d like to take a moment to share with you some news within our industry that we should be thankful for this year.

Read More

Topics: Security, cybersecurity

The Million-Dollar Insider Threat: Exposed

Posted by Adam Byars on Nov 21, 2016 10:09:08 AM


The threat posed by someone inside an organization is often overlooked and poses the highest risk. A survey from SANS found nearly a third of organizations have no capability to prevent or mitigate an insider attack or incident, while over a third estimated the potential loss from an insider threat to be over $1 million, before including the immeasurable damage to brand and reputation. Overall, the survey identified there is a positive trend of organizations starting to recognize the risks posed by insider threats but organizations are struggling to deal with them.


Read More

Topics: Insider Threat, Risk, Exposed

Tricks, Treats, and Tips: What to Really Be Afraid of this Halloween

Posted by Lia Konieczny on Oct 26, 2016 1:42:33 PM


As most of you know, October heralds a variety of festive autumn events such as the epic return of the pumpkin spice everything, Halloween, and the beautiful transition of fall foliage. October also happens to be National Cyber Security Awareness Month, which provides us an opportunity to shed light on every day dangers that we face in our vastly connected world. In addition to things that go bump in the night and the occasional monster in our closet, we face constant threat to our online security in both our corporate and home atmospheres. Below are some tips (not tricks, we promise!), that we hope, will help make accessing the internet a little less frightening.

Read More

Topics: cybersecurity

Taking Steps Toward DFARS Compliance: Multi-Factor Authentication

Posted by Michael Bailie on Oct 25, 2016 10:37:22 AM

Blog 10_25-5.jpg

As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The intention of the directive is to ensure the safeguards implemented to protect CDI are consistent across nonfederal information systems as they relate to work contracted by the US government.

Read More

Topics: DFARS, cybersecurity

Part Four: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 24, 2016 9:51:43 AM

James Series 4.pngAs part of an ongoing series on using privileged account management solutions to meet DFARS requirements, CyberSheath’s security consultants have explored technical controls in great detail, providing readers with real world applications that make a meaningful impact. This week CyberSheath continues to explore NIST control 800-171, “separate the duties of individuals to reduce the risk of malevolent activity without collusion”.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study

Posted by Adam Byars on Oct 18, 2016 9:35:28 AM


Read More

Topics: CyberArk, cybersecurity

How to Hack a Locked Windows or Mac OS X machine: Simple Vulnerability Exposed

Posted by Adam Byars on Oct 13, 2016 12:46:22 PM


Hacking into a locked Windows or Mac computer should not be this simple, and yet it is. A security design flaw was recently exposed that shows a PC or Mac that is logged in but locked can have the login credentials stolen. The hack takes an average of 13 seconds and the credentials can then be used to compromise all other accounts sharing those credentials. Here’s how it works and what it means for your enterprise.

Read More

Topics: Security

Part Three: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 12, 2016 1:16:32 PM


CyberSheath’s security consultants and implementation engineers have previously written about utilizing privileged account management solutions to meet DFARS requirements, and this week James Creamer continues to explore DFARS control requirements in detail.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part Two: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Sep 26, 2016 10:23:49 AM


Last week CyberSheath began a new series, “In-Depth Look at PAM Controls for DFARS Requirements”, dedicated to providing a detailed analysis on how privileged account management solutions play an important role for organizations in meeting DFARS requirements.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM