We all know that the threat landscape isn’t getting any easier to manage. Fact is, most organizations don’t have the resources or the time to carry-out the endless activities that could reduce their exposure. However, there are a few things you can do that will make the most impact. Our partners at Tenable helped us put together these 10 Steps to Effective Vulnerability Management.

The holiday season means holiday shopping and while everyone will be looking for a bargain, it’s important to make sure you don’t get something you weren’t bargaining for. A new study from ADI predicts that this holiday shopping season will be the first to break $100 billion in online sales, with more than half of those sales coming from mobile devices. Here are some online shopping safety tips:

We received quite a few interesting looks at last year’s OctoberTekfest, when we unveiled the KegBot and Hack for Beer challenge. A couple of hours into the challenge, we developed a crowd of folks gathered around the booth. Some people came to watch and cheer on their friends, while others took notes with hopes of decreasing the amount of time it took to “Pwn Beer.” The most interesting thing that happened, at least from my perspective, was that all of the folks that came to the booth experienced all of the excitement and frustration associated with executing a hack to a networked system. Many folks took note that some of the methods used to hack the KegBot, leveraged vulnerabilities and configuration issues that could have been easily mitigated. Several conversations started that examined the ideas of: What if the firewall placement changed? or What if the admin’s workstation had been patched, or not left on or unlocked? This is the true value in the whole demonstration. The process forces us to think about the issues that allowed the hack to happen in the first place. The beauty of the demonstration is that it was conducted in a controlled environment, no real data was ever at risk, and we all learned a lot.

One of the most important goals of IT Security, perhaps the most important goal, is to reduce risk. Generally, when we think of IT Security and Cyber Risk, we think of hackers and/or a breach, however, a security breach is just one risk element. Cyber risk includes the risk of financial loss, disruption to business, or damage to the reputation of an organization due to some sort of failure of its information technology systems. It can also come from many different sources, such as environmental factors, under-staffing, under-funding, lack of processes and procedures, misaligned processes and policies, equipment failure, and breaches. Being able to fully understand what risk is present and determine the best way to mitigate that risk is a significant challenge to any organization. This often leads to a security solution compounding your risk, rather than mitigating it. Here are two common ways we’ve seen security solutions increase an organization’s risk.

Just as the frenzy around Wannacry started to fade, another global ransomware attack was ready to stand in its place. Welcome, Nyetya.

Our partners at Tenable Security put together a great blog post, “Money, Hackers and Spies: Quick Bytes from Verizon’s 2017 DBIR Report,” that shared some highlights and stats from the 2017 Verizon DBIR report, so we created this handy infographic for quick reference.