No one was more surprised than me. This was my first time with an adaptive test and I was glad I’d been given a sense of what to expect. It seems like it pretty quickly figured out what areas I seemed to know (or at any rate, be able to guess right on) and moved […]
Stupid Human Tricks w/ Email
There are so many ways bad actors try to trick us… And email is a very valuable target. BEC is a very lucrative (maybe the most lucrative!) common computer crime currently. (hey, 4 c’s in a row!) The FBI lists it as a huge loss vector. It’s a simple but devastating trick – just get […]
Ransomware 1-2-3 Punch Combo
As if ransomware wasn’t fun enough (threatened GDPR violations! Yet another faux-remorseful retirement announcement! Double-dipping!) they’re decided to start a version of the three-punch combo to hasten the capitulation of their victims. Hey, these are busy criminals – time is money. I’m not talking about a jab-cross-hook sequence. The original approach was to simply encrypt […]
Risk Mitigation for Dummies
An article on ZDNet caught my eye about picking up the pieces in the aftermath of a ransomware infection. (To be fair, they were extensively referencing an article on the UK’s National Cyber Security Centre website.) Essentially, it was about being victimized a second time by failing to investigate and remediate the failure(s) that caused […]
Setting Expectations via Cost vs Reward
Fantastic article by Douglas Ferguson in Dark Reading about the challenges CISO’s face in the C-suite area, battling for money. The challenge of IT and infosec is often that, if things are going well, it’s tough to get investment from higher up to KEEP them going well. After all, if you give an increased budget […]
You’re So Salty
What I like best about the idea of two-factor authentication is the elegant simplicity of the idea – you can’t hack something if you don’t have both parts of the key. And here’s a way to do your own twist on 2FA. In case you don’t already know what salting is, here’s a link to […]