Zero Trust is one of the most popular phrases thrown about by cybersecurity professionals and – more importantly – thrown into cybersecurity sales pitches these days. It’s obviously important, and it’s obviously something you want. But what is it? Is it really something you need?
And, critically, how much does it cost?
In this episode of the Fearless Paranoia podcast, we talk about what zero trust cybersecurity really is. We separate the reality from the storytelling and marketing pitches. We break down the three key elements of a zero-trust cybersecurity environment, and provide helpful ways to implement nearly the entirety of the zero-trust framework with little-to-no actual cost.
For more information, a transcript of this episode, and helpful resources, check out the original post.
There are a lot of ways to measure the impact – and relative success – of a cybersecurity program. There are tests you can run to determine how effectively your employees are adopting defenses to phishing emails. There are table-top exercises to determine your ability to defend against an attack. There are even ways to compare the costs of your cybersecurity against others in your industry.
But the best way to measure the effectiveness of your cybersecurity is in your cyber resilience – how quickly, effectively, and completely you recover from an attack.
In this episode of theFearless Paranoia podcast, we discuss what it means to have cyber resilience, including what it means to be resilient, and how you can focus your planning and procedures to make sure that resilience is a primary goal. Remember, even the best cybersecurity can’t guarantee to keep out every potential threat. Are you ready in case today is the day your cybersecurity fails?
For more information, resources, and a transcript of this episode, check out theoriginal post.
The best way to make sure that you and your business are protected from cyberattacks is to employ a broad-focus cybersecurity strategy. In order to do so, you need to have a basic understanding of the threats your business faces from cybercriminals, hacktivists, and other malicious actors. One of the most commonly used weapon in the cybercriminals’ arsenal is the DDoS (or Distributed Denial of Service) attack.
The DDoS attack is a tool of disruption, and they are commonly used by cybercriminals and hackers at all levels – from the disassociated loner in his basement to those working for or on behalf of nation states and international conglomerates. Understanding the nature of the disruption, the resources it takes to maintain the disruption, and the services available to limit or eliminate the devices causing the disruption will help to protect you and your business. Do you have the right policies, procedures, systems, applications, and vendors in-place to neutralize a DDoS attack against you?
In this episode of the Fearless Paranoia podcast, we discuss DDoS attacks, including what they are, how they work, and how you can design your cybersecurity systems to limit your risk of being a victim and improve your resiliency if an attack occurs.
For more information, resources, and a transcript of this episode, check out the original post.
The more access users have to your company’s data, the more vulnerable that data is in the event of a data breach. A malicious actor gaining access to one of your employee’s credentials gives them access to everything that employee is allowed to see. That’s why you need to restrict the access that users have to only what they need to perform their jobs.
We’re talking about implementing something called “least privilege.” Effectively, it means that users are granted the lowest level of access they can be given while still having access to the data they need to do their jobs. Nobody has admin privileges over their own workstation. Rank-and-file employees don’t have access to payroll data. Nobody has access to the password information for the entire business.
Yes, implementing least privilege will reduce your flexibility in certain situations. But requiring users to seek permission from a supervisor or manager when they need temporary higher-level access – a step that should add mere minutes to a task – is a small price to pay for how much more secure your business data will be.
For more information, resources, and a transcript of this episode, check out theoriginal post.
So, right from the start, let’s clarify – this is about the Uber hack that occurred (or was discovered/publicized) in September of 2022. In fact, it was a rather unique breach of an oft-breached company. The hacker who breached Uber appears to have used very basic phishing techniques to initially gain access, and then took advantage of – well, I guess you could say the need people have for human communication – to get a remarkable level of access within the company.
It appears that he didn’t steal anything, didn’t seek to make any money. In fact, he documented the breach and then told the world about it.
So how did this person manage to exploit the internal systems of a company that should have some remarkable security – given how much personal information they have on millions and millions of people? We discuss that and more in today’s episode:
For more information, resources, and a transcript of this episode, check out the original post.
One of the big shifts in cybercrime, and the cyber criminals behind it, over the past 20 years has been from manual to automated processes. Where cyberattacks used to require hands on a keyboard and took a considerable amount of time to execute and complete, today’s cybercrime is mostly the provenance of automated systems. Automated vulnerability scanning is routinely and constantly deployed to identify potential weak points in network infrastructure.
As of yet, very little that has been tried to reduce these activities has been successful, and there does not appear to be much faith in the cybersecurity world that we will ever be able to reduce this kind of automated reconnaissance. So what is a business to do? In this episode, we discuss the impact that constant automated vulnerability scanning has on the security world, and how small businesses can try to use this type of scanning to identify any weaknesses before cybercriminals can exploit them.
For more information, resources, and a transcript of this episode, check out the original post.