Duo's Security Blog

OCTOBER 6, 2023

To achieve more resilience in this heightened risk environment, stepping up zero trust maturity is essential. In other words, it’s not just about implementing MFA to verify user trust, it’s about using phishing-resistant MFA with risk-based authentication , device posture checks and other security controls.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Duo's Security Blog

JANUARY 3, 2021

I’ve been very fortunate to have a couple CISO round tables per week since March, and I have been able to witness the shift in organizational responses from one of triage and firefighting to a more strategic view of how remote work will manifest in the years to come There have been challenges to be certain. Looking beyond.

Risk 75

Risk CISO VPN Cybersecurity 75

Duo's Security Blog

APRIL 5, 2021

In this talk, Brad will discuss how Cisco’s Zero Trust rollout was not only a logistical challenge with 100,000 global users and a complex mix of cloud and on-premises applications, but also a huge shift in how the company itself thought about networks, perimeters, and security (including reducing its own VPN usage).

CISO 97

CISO InfoSec Financial Services Marketing 97

CyberSecurity Insiders

FEBRUARY 16, 2021

There are risks associated with a remote workforce and the at-home use of business devices and IoT devices, but the right tools are available now to continuously manage these risks. How should they manage the risks that this creates? Enea: Another risk on the minds of most is malware. Key takeaways.

Cybersecurity 143

Cybersecurity IoT Malware Risk 143

The Last Watchdog

JUNE 20, 2023

Produced by the company’s security experts, the guide is part of the CISO Toolkit, which is designed to help cybersecurity managers to communicate tips and best practices and help employees in maintaining a higher level of security – easily and effectively.

Security Awareness 100

Security Awareness Media Risk CISO 100

IT Security Guru

FEBRUARY 3, 2021

In this article, we discuss the preparation CISOs should consider making to offset a number of security implications that arise from returning your workforce from home and back to the office. Rogue Devices: While unknown connected devices pose a security risk at all times, the return to the office represents an even bigger risk.

Software 115

Software CISO Risk Passwords 115

Security Boulevard

JULY 7, 2023

PV OT: VPN PDQ! CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems. The post Contec SolarView: Critical Bug Unpatched After 14 MONTHS appeared first on Security Boulevard.

VPN 105

VPN IoT CISO Security Awareness 105

CyberSecurity Insiders

APRIL 20, 2023

As this trend continues to grow, it inevitably forces companies to invest more resources in end-user security; According to Gartner, spending on security and risk management products and services will grow by 11.3 percent in 2023, reaching an all-time high of $188 billion.

CISO 121

CISO Authentication VPN Cyber Attacks 121

Duo's Security Blog

NOVEMBER 10, 2020

As work from home for most began, the priority for many organizations was keeping the lights on and accepting risk in order to accomplish this end. This year’s report is our best yet!

Authentication 75

Authentication CISO VPN Technology 75

Cisco Security

AUGUST 26, 2021

Only by integrating these tools into your larger security reporting and analytics infrastructure, and by leveraging actionable responses, can one reduce the threat risk to an organization. CyberArk reduces VPN risk with MFA enforcement on any VPN client that supports RADIUS; including Cisco Secure Firewall.

Technology 145

Technology Firewall VPN Authentication 145

SecureWorld News

JULY 15, 2024

That should have been a warning to both private and public sector IT professionals that Kaspersky software posed a possible cyber espionage risk." " The founder of Kaspersky Labs, Eugene Kaspersky, graduated from a KGB-affiliated university in 1987, prior to the dissolution of the Soviet Union," Col. government use of Kaspersky products.

Cybersecurity 113

Cybersecurity Antivirus Government Software 113

eSecurity Planet

MAY 28, 2021

Department of Homeland Security is the Cybersecurity and Infrastructure Security Agency (CISA), charged with being the nation’s risk advisor for cyber and physical risk and working to strengthen national security resilience. The newest agency in the U.S. ” Software: What Lies Beneath the Surface?

Software 119

Software DNS Firmware VPN 119

Cisco Security

JUNE 30, 2021

Prior to Cisco’s Duo acquisition, Ash led Duo’s Product Management, Product Marketing, Technology Partnerships, and Advisory CISOs. ? . This complete zero trust security model allows you to detect, mitigate, and respond to risks. What kind of networks are they on, and what are the net-new risks? What devices are they using?

Authentication 130

Authentication Technology Risk Passwords 130

SecureWorld News

JUNE 3, 2024

Brad Jones, CISO at Snowflake, issued a Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation on its Snowflake Forums. However, there are potential risks to relying on customer-driven security measures, as highlighted by this recent attack involving Snowflake.

Data breaches 106

Data breaches Authentication Accountability Passwords 106

IT Security Guru

JULY 19, 2021

According to the World Economic Forum 2020 Global Risk Report , ransomware was the third most common, and second most damaging type of malware attack recorded last year, with payouts averaging a hefty $1.45M per incident. Contributed by Nicolas Casimir, CISO, Zscaler EMEA. Consider Zero Trust.

Ransomware 107

Ransomware Digital transformation Antivirus DDOS 107

SecureWorld News

MARCH 17, 2022

That was the case for a broadcast SecureWorld recently hosted with Mike Britton, CISO of Abnormal Security , and legendary investigative journalist Brian Krebs. Key takeaway #2: Collaborative platforms are at heightened risk for security breaches due to WFH.

InfoSec 97

InfoSec Social Engineering Phishing Cybercrime 97

Security Boulevard

MARCH 24, 2021

Surprisingly, a large portion of cyberattacks can be best prevented by reducing the risks to a remote workforce created by human error. In a survey of UK&I CISOs, 55% said that human error posed a risk no matter what protections are in place. Always use a virtual private network (VPN). How to Reduce Human Error.

Education 59

Education Risk VPN Social Engineering 59

Thales Cloud Protection & Licensing

MARCH 31, 2021

Trust is now a risk. In the case of user efficiency, now with a full remote workflow for user authentication, all devices are authenticating over an enterprise VPN client. Utilizing a VPN model also creates the scenario where users must add another credential set to their running list of usernames and passwords to remember.

Digital transformation 77

Digital transformation VPN Technology Architecture 77

BH Consulting

DECEMBER 14, 2021

At a time of year when many security professionals are putting the finishing touches to budget proposals, the latest Internet Organised Crime Threat Assessment (IOCTA) has outlined the key risks facing organisations in Europe. The report listed ransomware affiliate programmes as a major risk. Links we liked.

Cybercrime 59

Cybercrime Mobile DDOS CISO 59

Duo's Security Blog

NOVEMBER 17, 2020

In the rush to move to a work from home (WFH) workforce — maintaining security remotely took a backseat to productivity and survival and risk. “In In the future — which is now, actually — ‘remote access’ will just become ‘access.'" — Wendy Nather, head of advisory CISOs at Cisco's Duo Security The Remote Access Guide Version 3.0

Risk 51

Risk Passwords CISO VPN 51

eSecurity Planet

MAY 2, 2024

Risk-based analytics: Considers the level of risk as the context for the level of permission needed to access systems, applications, and data. It’s always tempting to blame budgets, but most CISOs feel confident about their budgets and have already deployed significant resources.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

SC Magazine

MAY 18, 2021

For many companies, “if security was done during the pandemic, it was probably too late,” explained McCarthy’s colleague Sajed Naseem, CISO of New Jersey Courts. And while the court system’s VPN could ostensibly accommodate a safe of 2,500 staffers, McCarthy said its true capacity may actually have been as little as 500.

VPN 52

VPN Encryption Authentication CISO 52

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. AllegisCyber Investments. BVP Investments.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

CyberSecurity Insiders

SEPTEMBER 3, 2021

Colonial Pipeline hackers gained entry to the company’s computer network through a VPN that wasn’t using multifactor authentication, using a leaked password found on the dark web. This validation is a key part of the company’s next offering – assurance for current clients in the form of financial loss protection and risk transfer.

Cybersecurity 40

Cybersecurity Data breaches Technology Threat Detection 40

Security Boulevard

JULY 29, 2021

Joe Carson | Chief Security Scientist & Advisory CISO, ThycoticCentrify. Tracks : Risk, Compliance and Security Management, Security Operations & Incident Response. They’ll help you stay safe and reduce the risk of becoming compromised. Avoid Public WIFI and use mobile data always with a VPN.

CISO 40

CISO Risk VPN Backups 40

Security Boulevard

MAY 17, 2021

Due to the rise in data breach incidents in the last few years, businesses have grown increased privacy concerns over securing customer data. With advancement in technology, there is a bigger need to protect information. Thus, individuals and businesses now look for newer methods of securing their data.

Data privacy 96

Data privacy Data breaches Technology Big data 96

SecureWorld News

FEBRUARY 9, 2024

People, process & technology framework A successful IAM program requires all three dimensions—people, process, and technology—working in concert to enhance the user experience, fuel efficiency gains, and minimize enterprise risk. Session risk evaluation secures every connection attempt dynamically based on these factors.

IoT 109

IoT VPN Architecture Risk 109

SecureWorld News

OCTOBER 15, 2020

And they traced the cybersecurity failures to a lack of leadership and a vacant Chief Information Security Officer role: "The problems started at the top: Twitter had not had a chief information security officer (“CISO”) since December 2019, seven months before the Twitter Hack. This is something end users at many organizations experienced.

Social Engineering 104

Social Engineering Media Scams Financial Services 104

SecureList

DECEMBER 7, 2021

It is no longer just being discussed by CISOs and security professionals, but politicians, school administrators, and hospital directors. Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.

Ransomware 145

Ransomware B2B B2C Government 145

eSecurity Planet

SEPTEMBER 9, 2021

REvil is back, and not just their leak sites,” AJ King, CISO at incident response expert BreachQuest, told eSecurity Planet. Ivan Righi, cyber threat intelligence analyst with digital risk protection firm Digital Shadows, also said there has been new activity around REvil. Renewed REvil Activity. Happy Blog became active on Sept.

Ransomware 123

Ransomware Cybercrime Antivirus CISO 123

Duo's Security Blog

JANUARY 28, 2022

The requirements suggest taking an iterative approach: “Agencies must identify at least one internal-facing FISMA Moderate application and make it fully operational and accessible over the public internet” and “without relying on a virtual private network (VPN) or other network tunnel.” What’s Next?

Authentication 52

Authentication Government DNS Encryption 52

ForAllSecure

DECEMBER 2, 2021

Vamosi: So you’re CISO at a major corporation and all of sudden there’s been a ransomware attack in your network, and it’s spreading throughout your infrastructure. Maybe your first concern is to make sure the company is functional. So, these kinds of things, and then a hacker becomes a user.

Penetration Testing 52

Penetration Testing Encryption Ransomware Passwords 52

The Last Watchdog

DECEMBER 14, 2023

We asked two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords.

Cybersecurity 235

Cybersecurity Risk Cyber threats CSO 235

Cisco Security

JUNE 25, 2021

This month, we interviewed Esmond Kane, CISO of Steward Health Care. I now understand what Seamus Heaney called the “truth and risk” that surround us, the human procilivity for self-destruction was never more stark than when we faced weaponized disinformation and merciless ransomware attacks when millions were dying.

CISO 98

CISO Healthcare InfoSec Computers and Electronics 98