NetWorks Group Blog

The Dangers of PCI-Only Pen Tests

Posted by Scot Armstrong on Apr 17, 2018 11:09:04 AM

The Dangers of PCI-Only Pen Tests 

In my 11 years of helping customers pen test their network, oftentimes I have seen that  companies choose to test only the bare minimum. I understand that companies have a need to satisfy some compliance like PCI or reassure customers and security budgets can be tight. However, why not get more value out of your pen test?

Read More

Topics: Penetration Testing, Threat Management

Are Employees Dodging Security?

Posted by Nick Brigmon on Apr 12, 2018 11:29:23 AM

Are Employees Dodging Security?

My team regularly assists clients in battling with users trying to access non-business related sites or remote locations that may have been deemed not work appropriate. Before we blame the end-user for not respecting the rules our organizations have set, we must remember that not all end users are aware of the risks involved when they visit these nefarious locations. On top of that, not everyone is able to utilize only  business related information for the full 8 hours of the workday! But there are plenty of clean websites that usually aren’t blocked that are known clean sites and can get your mind off work for some time. We need to continue to block sites that are known bad despite the battle it may take.

Read More

Topics: Information Security, Threat Management

When 911 emergency call system is struck by cyberattack

Posted by NetWorks Group on Apr 9, 2018 10:23:53 AM

When a 911 Emergency Call System Is Struck by a Cyberattack

Cyberattacks are occurring with greater frequency and they can wreck havoc in a business or an organization. When an emergency system is attacked, however, the results can be potentially life-threatening. 
Read More

Topics: Information Security, Threat Management

Understanding The Cyber Kill Chain

Posted by Jyothish Varma on Mar 1, 2018 11:56:48 AM

The cyber kill chain concept is based on the military kill chain, which uses a three-stage process that covers target identification, defending against the attack and wiping out the target. Lockheed Martin started using the "kill chain" to refer to information security. It applies these same steps to cyber attackers who attempt to break into its computer network and corrupt or steal data. While the analogy may not always be a perfect one when you compare the cyber kill chain to the original military one, this concept gives you the opportunity to break a cyber attack into easily comprehensible stages.

Read More

Topics: Information Security, Threat Management

HIPAA Covered Entity: Know How to Respond to a Cyber Security Incident

Posted by Jyothish Varma on Jan 18, 2018 9:33:59 AM

Know How to Respond to a Cyber Security Incident

Organizations that fall under the purview of HIPAA have to respond quickly to a cyber attack. The Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) issued a step-by-step guide to aid organizations. As a covered entity, your organization must have a contingency plan and incident procedures in the event of a security breach.

Read More

Topics: Information Security, Incident Response, Threat Management, Healthcare, HIPAA

Spectre & Meltdown: Important Vulnerability Advisory

Posted by Amanda Berlin on Jan 4, 2018 4:09:27 PM

Spectre 

Release Date (01-03-18) CVE-2017-5753 & CVE-2017-5715

Read More

Topics: Ethical Hacking, Threat Management, Threat Advisory

Understanding OCR Guidance on Ransomware

Posted by Jyothish Varma on Dec 27, 2017 10:11:00 AM

Understanding OCR Guidance on Ransomware

With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.

Read More

Topics: Managed Detection & Response, Information Security, Threat Management, Healthcare, HIPAA

Modeling an effective threat detection and response program

Posted by NetWorks Group on Dec 19, 2017 10:35:41 AM

Modeling an effective threat detection and response program

Know Your Enemy

Read More

Topics: Managed Detection & Response, Information Security, Threat Hunting, Threat Management

The Impact of Cybersecurity Breaches in the Healthcare Industry

Posted by Jyothish Varma on Dec 14, 2017 10:16:05 AM

Cybersecurity breaches reached unprecedented levels in 2017. Few were spared as businesses and government entities alike -- including Equifax, the British National Health Service and even the U.S. National Security Agency, as well as dozens of others -- were hit with data breaches. While frequent targets like the financial sector and retail industries experienced their fair share of attacks, the healthcare sector is now the primary target of hackers, accounting for 25 percent of all data breaches. Understanding why this is happening and the consequences of it will help you improve your company's cybersecurity defenses and mitigate future threats.

Read More

Topics: Managed Detection & Response, Information Security, Threat Management, Healthcare, HIPAA

3 Common-Sense Ways to Prevent Phishing Attempts

Posted by Jyothish Varma on Nov 30, 2017 3:28:04 PM
Today, phishing is one of the most dangerous forms of online threats. In the fourth quarter of 2016 alone, social media-based phishing attempts increased 500 percent As if that weren't enough, a recent 2017 report found that the average business user comes across at least one phishing attempt via email each day.  Luckily, you can reduce the risk of phishing (and ensure you're protecting your endpoints) by recognizing the signals of phishing and taking proactive steps to prevent attacks.

What Is a Phishing Attack?

Phishing attacks take place when a hacker or thief attempts to steal sensitive information through electronic communications. This information includes but is not limited to passwords, usernames and credit card information, by sending electronic communications that look like they are from a trustworthy source. Each year, successful phishing attempts claim more than $5 billion from US consumers and businesses.
Read More

Topics: Ethical Hacking, Information Security, Threat Management

Subscribe to our blog!