IT Security Guru

This week’s question: What does automation mean for IT security teams? What automation primarily means is that teams now have the chance to scale their tasks to meet the needs of the business. Nowadays, given that vulnerabilities are discovered on a daily basis, organisations need tools that can keep track of these weaknesses as these are made public and patches become available. The great strategic advantage of using an automation tool for vulnerability management is the frequency at which it allows IT...

Cybersecurity Horror Stories Don’t Have to Keep You Up at Night

by Douglas Fitzroy-Ferguson

October 29, 2019

Companies need to beware of both external cyberattacks and insider threats. Like a classic horror film, both threats come with their own elements of mystery, suspense and fear. Fortunately, it is possible to defend each type of attack vector using a similar cybersecurity strategy for each. More on that later. First, let’s set the scene of the current security landscape.

What Chocolate Peanut Butter Cups Can Teach Us About Phishing

by Sabrina Taylor-Taylor

October 29, 2019

With Halloween fast approaching, it’s a great time to discuss some of our favourite things in life: the creation of chocolate peanut butter cups and what these can teach us about phishing. Hard to imagine a time when before the “age of the cup” because there are many that never got to know the delicious glory that accompanies the unification of chocolate and peanut butter. Prior to that time, people walked around in total ignorance...

Is the Office Dead?

by Douglas Fitzroy-Ferguson

October 24, 2019

By Stuart Sharp, VP of solution engineering at OneLogin According to predictions from the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020. Many organisations have been preparing for this eventuality for many years, as can be seen from the increased uptake of ‘working from home policies’. This is no surprise considering the advancements in technology and the growing expectation of flexible working hours from the modern...

Anatomy of an Advanced Persistent Threat

by Sabrina Taylor-Taylor

November 1, 2019

Anatomy of an Advanced Persistent Threat

By Tarik Saleh, Senior Security Engineer at DomainTools Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and the attacks tend to be highly targeted, resourceful, and risk tolerant. The typical APT involves several phases: Infiltration/Initial compromise: This...

BlackBerry Launches BlackBerry Advanced Technology Development Labs

by The Gurus

November 11, 2019

BlackBerry Limited (NYSE: BB; TSX: BB) today announced the creation of BlackBerry Advanced Technology Development Labs (BlackBerry Labs), a new business unit operating at the forefront of research and development in the cybersecurity space. Led by CTO Charles Eagan, BlackBerry Labs will include a team of over 120 software developers, architects, researchers, product leads and security experts, each working toward the common goal of identifying, exploring and creating new technologies to ensure BlackBerry is on the cutting edge of security innovation. The rise of the...

Almost 5 million customers, delivery drivers and partners hit by DoorDash data breach

by The Gurus

November 7, 2019

Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it's unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for DoorDash, the breach took place via a third party provider - who was not named - and affected users who...

OneLogin Launches Industry-First Solution To Fight Top Cybersecurity Threats.

by The Gurus

November 12, 2019

With nearly two-thirds (65%) of IT professionals don’t check employee credentials against common password lists, OneLogin, has developed the industry-first solution, Shield, designed to combat the top source of data breaches and emerging threat vectors: password reuse. Shield, the Google Chrome browser extension further grows OneLogin’s existing threat capabilities by protecting enterprises against password reuse, identity reuse, weak password practices and phishing. “Time and again, end-user behaviour—specifically password reuse—emerges as the primary source of data...

OneLogin Introduces Vigilance AI And SmartFactor Authentication

by The Gurus

November 7, 2019

OneLogin has announced Vigilance AI, the new artificial intelligence and machine learning (AI/ML) risk engine, and SmartFactor Authentication. The new next-generation identity capabilities empower enterprises to combat emerging cybersecurity threats and move beyond password-based authentication. "There's been a massive uptick in cyberattacks targeting credentials, including brute force and breach replay attacks. Cybercriminals use credentials obtained from one breach, often from a personal application, and apply them to corporate accounts," said Venkat Sathyamurthy, Chief Product Officer...

The Trouble With Biometric Authentication.

by The Gurus

November 11, 2019

compromised credentials, biometrics, MFA

By Josh Horwitz, COO Enzoic The biometric market is expected to soar to nearly $33 billion by 2022 as the technology is heralded as a bulletproof solution to thwart hackers. Consumers view biometrics favorably as it’s an easy way to log into their accounts, which is helping accelerate its widespread adoption. However, there are inherent risks that should be highlighted. Unlike passwords and other authentication methods, biometrics are static, are not deterministic, are public-facing and...