Risk Management articles

As cybersecurity demands increase, the available pool of talent is not keeping up with the pace. And over the last few years, the already profound talent gap has continued to expand. According to the latest (ISC)² Cybersecurity Workforce Study, there are 2.7 million unfilled infosec positions worldwide. And it’s estimated that the cybersecurity workforce needs to grow 65 percent to meet global demand. Given that cyberattacks are becoming more frequent and sophisticated, now isn’t an ideal time to be playing […]

There’s a new vulnerability making waves across the cybersecurity industry and the business media at large. It’s called log4j, it’s a zero-day exploit, remote code execution vulnerability, and is found within a number of various third-party vendors, infrastructure providers, and SaaS companies. Because these companies are major third-party providers, the number of companies, sites, and services impacted are wide. A zero-day exploit or vulnerability refers to the fact that the vulnerability is unpatched and is often discovered by hackers first, […]

The holiday shopping season is well underway and it’s often one of the busiest for retailers, eCommerce companies, and others who seek to use the holiday as an opportunity to offer discounted prices on their most popular products. Online shopping reached $8.9B on Black Friday and $10.7B on Cyber Monday and Google estimates that, on average, websites can see a traffic increase of 300% during the holiday shopping season. However, this period can also be a holiday for hackers who […]

Much to the chagrin of security professionals, cybersecurity best practices are often seen as a nuisance by employees outside of the security and IT teams. The consensus is that security slows down processes, and limits autonomy and training is one more thing to check off the list. But employees are ultimately your biggest vulnerability, so in order to move the needle and actually improve your security posture, you need participation from all teams. IT needs to patch software, employees must […]

Managing cybersecurity vendors wasn’t the daunting task it is these days. Not too long ago, organizations were bound by a perimeter, and it was simpler to piece together a set of capabilities to stay safe and secure. Businesses of all sizes followed a surefire formula that kept most of them safe. With the introduction of the cloud and the push for digital transformation, everything changed. The perimeter has largely evaporated — companies rarely own their servers and entire teams are […]

In a recent Right Hand Security, Front Lines event, SolCyber Chief Technology Officer David Emerson interviewed cybersecurity expert and friend of SolCyber, Scot Hutton, on how cyber leaders can more effectively communicate with boards to make positive changes that will increase a company’s security posture. Below are key takeaways from their conversation. You can also watch the full interview on YouTube. Much to the dismay of security professionals, implementing secure strategies doesn’t always fall under their purview. Cyber professionals can […]

Ransomware is quickly becoming the number one threat for nearly all organizations. Over the last few years, ransomware attacks have skyrocketed with COVID fueling the number of incidents levied on various organizations. In 2020, ransomware attacks rose 485% and payouts also hit a record high, reaching an average of $312,000 in 2020. This trend isn’t stopping in 2021, either. The banking industry alone saw a 1318% increase in ransomware attacks in the beginning of 2021. This evidence alone should demonstrate […]

For those of you who are just joining us, I’m retired Marine and security expert Scot Hutton and I’ve been invited by my friends at SolCyber to write a blog series on security that matters. So far, I’ve covered why ransomware has forever changed the security landscape for small and mid-sized businesses (SMEs) and explained why now is the time for SMEs to invest in cybersecurity. In this post, I’ll cover security frameworks and why in many cases, they don’t […]

‘Hi Scott, nice talking with you. We’ve got AV, some firewalls and spam filters for email…isn’t that enough?  I think we are pretty secure”  This is probably the most consistent interaction I have with customers in the mid-market. But what is ‘enough’ security? It’s a question I get asked almost every day because it’s becoming increasingly difficult to answer. Part of that is due to the changing nature of the threats organizations face, but it’s also because our security mindset […]

Up until recently, it was thought that companies only needed a detailed security program if they were handling sensitive data. If you weren’t collecting customers’ credit card information, data related to their personal health or wealth, or other private data, you were likely safe from the most persistent cyberattacks, specifically ransomware attacks. With ransomware, an attacker can lock up your business’ data or systems and demand your business pay a sizable ransom to decrypt and unlock said data. The larger […]

The MSSP market is crowded, and it’s not easy for a CISO to find the right provider for their organization. There are many factors to consider and making a mistake can be expensive, squander precious time, and may inadequately protect your organization. Here are some considerations for navigating this landscape and identifying the right MSSP for your company. Firstly, what is a CISO’s priority? Partnering with an MSSP is one of the most impactful decisions you can make for your […]

Nothing is more enjoyable than standing on the side of a helicopter while flying fast and aggressively. To this day, the work I accomplished during my time in the Marines is some of the most rewarding in my career. It takes discipline and calculated risk to jump into a helicopter whirling around thousands of parts made by the lowest bidder. You stay focused, understand the risk and, if possible, enjoy the heck out of the ride. Moving into the cybersecurity […]

Why you need the minimum effective dose of security When it comes to cybersecurity, companies large and small are up against the same adversaries. While the most advanced hackers would once target only large companies, hackers have started to use the same advanced techniques as part of larger campaigns. In many cases, attacks on SMBs are just as profitable, so that’s what they do. This, naturally, becomes problematic because small and mid-sized businesses (SMBs) don’t have the same cybersecurity budgets […]

Looking back 20 years, the security industry was vastly different. With so few entry points, organizations needed a two-tier firewall and an intrusion protection system to secure the perimeter of their network. Small and mid-sized enterprises (SMEs) could outsource their IT needs to a managed service provider (MSP), and they would receive an alert anytime an issue was detected. Managing security was a breeze. Then came the cloud, smart phones and IoT devices and the threat landscape expanded—enormously. The move […]