What is Credential Stuffing?

What is Credential Stuffing?

Credential stuffing has been in the news because it is a method of attempting to take over accounts of a company by using the databases of known breaches to ‘stuff’ thousands or millions of known credentials into an automated bot and attempting to see if they can get...
NIST CSF – Part 3 – Detect

NIST CSF – Part 3 – Detect

The NIST Cyber Security Framework (NIST CSF) is the result of a February 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity” and 10 months of collaborative discussions with more than 3,000 security professionals. It comprises a risk-based...
Why you should frustrate your pen testers

Why you should frustrate your pen testers

The third or fourth step in any breach (depending on who you talk to) is that an attacker must ‘gain authority’. Think of it like a bank; if the criminal breaks into the vestibule they have little or nothing to steal, they have to get from the vestibule to the main...
How Expensive is Effective Cybersecurity?

How Expensive is Effective Cybersecurity?

There is almost no limit to how much you could spend on cybersecurity solutions, and with Gartner estimating global spend on security is equal to about 1.5% of worldwide revenue – does that mean that effective cybersecurity has to be expensive?  And what is...
Can tools help you automate cybersecurity?

Can tools help you automate cybersecurity?

One challenge that has been faced by many DevOps teams is the challenge of managing large enterprise environments in a secure and predictable manner. Imagine a situation where there are hundreds or thousands of servers and trying to make certain each one meets a...
4 common cyber issues that spawned a $60 million class-action lawsuit

4 common cyber issues that spawned a $60 million class-action lawsuit

A class action suit is in progress after an estimated 200,000 people had personal data exposed by a hacked server at Casino Rama in Ontario.  The breach was made public back in November 2016 when the hacker was able to obtain credentials, access at least two of the...