All of this may seem overwhelming, but hopefully I can help make it more interesting and entertaining! First off, and no surprise, I am passionate about cybersecurity awareness, and I believe that everyone— from kids to colleagues and clients—needs to understand the constantly changing cybersecurity threats. Like others who focus on their jobs year-round, cybersecurity […]
Why defense in depth and next-gen firewalls matter Morgan Stanley’s September 2023 wealth management report AI and Cybersecurity: A New Era stated that “cybercriminals are using AI to carry out a variety of sophisticated attacks, from data poisoning to deepfakes.” So, what’s the solution? If bad actors are always one step ahead, is it even […]
But where do you start with your security assessments? Which one should your organization invest in first? To answer that question, let us explore the purpose of each assessment in greater detail. The types of security assessments Penetration testing – Tests the effectiveness of your security controls with simulated cyberattacks that criminals would use. Vulnerability […]
Quantum computing seems like a technology that is off in the distant future, but the reality is, significant progress is being made and it is becoming a pressing concern for government agencies and major corporations alike. To avoid being left behind, companies must look closely at the kinds of encryption they have deployed and begin […]
Zero trust is a strategic framework every company can strive to implement that will strengthen enterprise security systems. The basics of zero trust are foundational and vital to the continued defense of your digital estate. A crucial part of a successful cybersecurity strategy is determining where to place your organization’s focus. A good starting place […]
This episode of Inside the CISO’s Office explores some of the most significant developments in cybersecurity in 2023 to date, including the MGM Resorts breach, the MOVEit data breach, and the resulting updates to compliance rules from regulators. The 2023 cyber threat outlook The threat landscape continues to see an increase in ransomware activity week […]
Organizations that rely on legacy applications increasingly expose themselves to security threats. Legacy applications do not provide the security protections of cloud-first apps. In some sectors, risky legacy infrastructure holds back organizations from cloud migration. A joint report from Capita and Citrix found that over 50% of CIOs believe legacy apps hold back digital transformation […]
Deploying a zero trust security philosophy is crucial to minimizing the risk of a data breach. Government security teams worldwide recognize the increase in advanced persistent threats and are moving to zero trust principles—a trend that is already forcing the private sector to follow suit. In this post, we will review the key elements of […]
Instead, ZTA takes a granular approach that boosts internal security to match external firewalls—maximizing security measures across the entire environment. Zero trust frameworks are transformational for the cybersecurity of enterprises across industries. How does it work? Much of the buzz surrounding ZTA is driven by pressures to secure software supply chains. Zero trust requires that […]
In this blog, we will discuss strategies to consider if you are denied coverage, common reasons an insurance provider might deny coverage, and several alternatives to cyber insurance. Common reasons insurance providers deny policies With insurance, it all comes down to risk. An insurance company will deny a policy if they deem the risk too […]
Read more: Top 5 cybersecurity actions to take right now Departments outside of IT have ownership of data mentioned in the insurance questionnaire. For example, human resources stores sensitive employee data like salaries, social security numbers, and health insurance information. Finance ensures vendor data, payment records, bank information, and other assets are secured properly. If […]
Completing your insurance questionnaire will be much simpler if your organization already has a formal and documented cybersecurity program. Otherwise, you should prepare yourself to focus on improving your security controls before speaking with the agent. If your company does not currently have data security measures in place, odds are you may not qualify at […]
In response, many organizations are purchasing insurance to transfer risk and mitigate some of the cost of a cybersecurity attack. But what is cybersecurity insurance? What kind of coverage does it provide? This post will take a closer look at these questions. What is cybersecurity insurance? Cyber insurance provides compensation for companies when they have […]
Just like applications and firmware, people need to be kept up to date to protect against the latest malware threats. Implementing cybersecurity awareness training is a cost-effective and increasingly necessary solution. More and more oversight bodies require information security training as a part of compliance regulations. Additionally, consumers are demanding intensified cybersecurity. According to Arcserve, […]
Bipartisan bills before Congress targeting Big Tech What is it? Two bills attempting to reduce the power of Internet monopolies are currently being debated in the United States Congress: S. 2992, the American Innovation and Choice Online Act, and S. 2710, the Open App Markets Act. Both bills are substantial and complex. One of the […]
Information security focuses on three concepts, known colloquially as the CIA triad: Information privacy, on the other hand, involves: The overlap between the concepts of information privacy and information security comes from the protection of personal information, which is a crucial concern for both. The differences between information privacy and security are illustrated below. In […]
Using a ZTN, your company can employ the same process of collecting information to ensure protection against cyberattacks. It can be challenging to know where to begin when looking to improve your company’s cybersecurity mechanisms. OnX Canada’s security services can equip your organization with the support you need to identify and manage threats across your […]
The MITRE ATT&CK framework has expanded since then to document more TTPs used against macOS, Linux, mobile operating systems, network infrastructure devices, cloud systems, and other enterprise IT technologies. By cataloging the tactics that cyber criminals use to gain unauthorized access, the ATT&CK framework helps cybersecurity teams detect and defend against potential threats. Here’s how […]
It’s easy to feel intimidated by the CSF from the National Institute for Standards and Technology (NIST). With 23 categories and 108 subcategories detailing key aspects of cybersecurity, the framework might seem as impossible (and as unappetizing) as eating an elephant. It’s hard to know where to begin. But like any valuable and effective undertaking, […]
So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take. First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up […]
Equipped with a thorough understanding of these security frameworks and the support of a dedicated security partner like OnX Canada, organizations can strengthen their defenses against cyber threats. A robust IT security program can give your company the ability to assess ever-changing risks and take measures to establish security policies, conduct ongoing testing and training, […]