Tag: Cyber security

Organizations worldwide use Active Directory (AD) as their primary identity service, which makes it a top target for ransomware attacks. This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern...

Information is an organization's most valuable asset — and with over 94% of US-based organizations using cloud-based systems, one data breach can have serious consequences for a growing business. Maintaining the integrity and security of your data should be high on your priority list...

Growing organizations are constantly changing — and staff turnover is often a part of that. Unfortunately, when it comes to managing access to enterprise systems, staffing changes can pose critical security risks. Tight, scalable onboarding and offboarding processes are essential to mitigating...

Customers want digital experiences that make their lives easier and wallets lighter. However, they have a complicated relationship with their personal data. They don’t trust most companies, but they also won’t stop sharing information with them.  Salesforce’s 2020 State of the...

Early last year, Salesforce announced that they would be requiring their customers to use multi-factor authentication (MFA) on all Salesforce products, beginning February 1, 2022. With less than a week before this new cybersecurity measure is implemented, we wanted to walk you through...

Most organizations today rely on Entra ID (formerly Azure AD) and Microsoft 365 (formerly Office 365) for core business operations. But how secure are these vital platforms against ransomware? This article explores the key concern concerns in Entra ID and Microsoft 365 and details the key...

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) has been a stalwart ally for organizations for years, providing guidance on understanding, evaluating and communicating about cybersecurity risks. The release of NIST CSF 2.0, expected in early 2024,...

Organizations often create multiple IT policies for a variety of needs: disaster recovery, data classification, data privacy, risk assessment, risk management and so on. These documents are usually interconnected and provide a framework for the company to set values to guide...

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of "don't share your password" is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you're...

Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations: It requires local admin rights on the compromised machine. Organizations can block Mimikatz from executing...