Policy

[ Introduction On July 10th, Apple released a “Rapid Security Response” to fix a code execution flaw in the Webkit browser component found in iOS, iPadOS, and macOS Ventura. Although this, update was pulled back the subsequent remediation, was released in quick succession on July 12th. In fact, Apple has long held a reputation as a leader in user privacy and security. Their commitment to protecting user data and maintaining robust defense mechanisms against cyber threats has made the tech giant synonymous with trust and reliability in an era of rapid digitization. After the release of their new VR wearable “Vision Pro”, Apple has also promised they won’t share eye focus movement due to security risks, marking another instance where Apple seems dedicated to their user’s security.  Admittedly, Apple’s products often carry a premium price tag, reflecting the advanced security and privacy features they offer. Yet, in the increasingly hostile…

Read more

Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches.   These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network.  In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack.  Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…

Read more

We Have All Heard This Story Before It’s no doubt that ransomware is is the biggest threat in the modern cybersecurity landscape. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation. Blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020. Defenders have all been hearing this story for years, and know how to secure against ransomware right? The most common initial access vector is phishing so staff training sessions educating our staff on how to spot a deceptive url is required to keep the bad guys out. Installing endpoint security products and keeping them updated, and of course keep bulletproof backups right? Well, yes and no….

Read more

Let’s talk about a critical intersection in the world of security; the combination of physical security and brand reputation. On January 9th 2022, a woman was killed while pumping gas when a 65 year old man backed up his SUV into the gas pump. The pump exploded into flames. The woman who was standing beside it was burned to death. This is a horrific and tragic situation that should never have happened. The gas station should have installed bollards to protect the physical pumps from being hit by a car. There should be a federal law that all gas pumps are required to have bollards protecting them. However, there is no such law and so instead, when loss of life happens from such a preventable incident we are left to ask whether the franchise owner is partially responsible.  Many will rightfully criticize the owner and the brand for allowing such…

Read more