You are viewing 'Preventing Cyber Crime'

How Do You Strengthen Your Cybersecurity Posture?

Here’s the obvious answer…

Aaron Perkins

December 15, 2016 - Posted by Aaron Perkins to Security Insight


If you’ve ever wondered whether your company should spend its hard-earned money on strengthening its cybersecurity posture, the answer is a resounding YES! But why? That’s what we are going to discuss today.

Cybersecurity companies have been saying it for years: “The question is not if, but when your company will be attacked.” At an increasing rate, these attacks come in the form of phishing emails, where an unsuspecting (often untrained) employee opens what appears to be a legitimate email and subsequently clicks on a malicious link. With two clicks, your company and its associated data are now open to the world. An attacker has free rein of your entire network, thanks to the unsuspecting employee who clicked on the malicious link.

Perhaps all too often the obvious answer is to fire the employee – or is it so simple?

Truth be told, had that employee received acceptable training from the time their... read more >

Are You Prepared?

#WarStoryWednesday: Most incident response plans don’t survive first contact

David Biser

December 14, 2016 - Posted by David Biser to Security Insight

This is not technically a war story, however, it is an experience that I would like to share. I recently attended an event featuring a speaker from a large company that had experienced one of the most high profile and extensive breaches in recent history. For the sake of the company I will not name them in this blog, but I do want to stress that the company is very large and the breach was extensive, affecting millions of customers and their entire network. What was interesting is that the speaker was from the company’s legal department, and as such, is not a “technical” person. This provided a brand new perspective to incident response.

In my line of work as an incident response analyst, working in a Managed Security Services Provider company, I routinely help companies that suffer from security incidents. I have first-hand knowledge as to how devastating such an event can be to a company. This speaker stressed that their company lost well over a billion... read more >

Taking Security Back to the Basics

Working from a strong foundation is the key to a successful security program

John Moran

December 01, 2016 - Posted by John Moran to Security Insight

Cyber Attacks ahead

When a major security vulnerability is disclosed, everyone stops what they are doing and takes notice, especially when that vulnerability comes with its own logo. Now don’t get me wrong, newly disclosed vulnerabilities are important. They provide exciting opportunities for researchers and they do, if only temporarily, focus management’s attention on the often overlooked information security. 

Don’t worry, this isn’t another blog about the pros and cons of vulnerability hype. Instead, I’d like to focus on the importance of keeping one eye on the basics, while the other is scrolling through the Twitter feed for the next upcoming disclosure. Because all too often, it is not the latest security vulnerability, but a failure to properly secure and deploy systems that is the root cause of a costly network breach.

Below are several recommendations to help keep your network more secure, and your company safe from new vulnerabilities (or old... read more >

What Motivates a Hacker?

Why It May Be More Than You Think

Derek Weakley

April 07, 2016 - Posted by Derek Weakley to Security Insight

What Motivates a Hacker?

When your phone prompts for an update, you postpone it. When your operating system calls for an update, you ignore it. When your application requires a password update, you begrudgingly change it – all the while thinking “I don’t need a password or PIN. I’m just an average person. I don’t have anything that anyone could possibly want. Are all these layers of security really necessary? Could I really be a target?”

In a word, yes. There are many reasons you are a target, and I don’t mean of the heavy conspiracy type either.

Understanding the motives of potential attackers has long been a problem for many people. Most cannot fathom why hackers would want to attack them. In risk management we define this understanding as attack attribution. While there are infinite possible motives, I believe it’s most important to understand that no matter the situation, there is always something that another wants, an agenda that someone... read more >

How Cybercriminal Gangs Work

Hint: Hollywood gets it wrong

Aaron Perkins

March 15, 2016 - Posted by Aaron Perkins to Security Insight

Access Granted

If there is one thing you should know about cybercriminals, it is that they can be extraordinarily patient.

Much like an anaconda that can wait for its chosen prey for six months or more, cybercriminals are in no rush to launch into a cyberattack unprepared.

With the potential for virtually endless profits, cybercriminals organize their efforts more precisely than an air traffic controller manages takeoffs and landings.

Hollywood, though, tends to embellish what actually happens within a cybercriminal’s operations since, truth be told, hacking is boring – or at least boring to watch.

I’ve met quite a number of hackers in my lifetime, and never once did their stories contain, “And then I hacked into the bank’s servers, and ACCESS GRANTED flashed across the screen in bright green letters!”

With the way hacking and cybercrime are portrayed in movies and TV... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)