Risk Management articles

Businesses looking for a cybersecurity solution might feel confused about the terms used to describe various offerings. Writers often (and mistakenly) utilize the terms MDR (managed detection and response) and MSSP (managed security service provider) interchangeably, adding to the confusion. Making matters worse, one provider’s MDR service doesn’t equal another — the same goes for MSSPs. Although MDR and MSSP are umbrella terms, the way each company provides each service differs.  Each type of provider has its benefits and downsides […]

We take a look at how cybercriminals go about scamming both purchasers and suppliers, and what you can do to protect yourself and your business.

There are plenty of security “precautions” out there that simply don’t provide the protection they promise.

Learn how cybercriminals get your server to do their dirty work for them through the use of webshells.

Credential stuffing is all over the news at the moment. But who should bear the cost?

Effectively building, implementing, and operationalizing a cybersecurity strategy is no small feat, and often requires significant employee power and resources — resources that many businesses don’t have. The skills needed to develop and implement a security strategy are incredibly technical, and the security labor shortage has meant most talent is scooped up by large enterprises. That leaves many businesses with few options, including outsourcing security to a third party, delegating security tasks to IT, or skipping cybersecurity efforts altogether. While […]

Strategies for Safe and Private Communication for Organizations Malware and phishing scams aren’t the only cybersecurity risks that emails pose. The content of the emails themselves can be its own risk factor. Email content can include a treasure trove of exploitable information for cybercriminals. Employees may send passwords or social security numbers via email or share sensitive company information with no way of retracting the email once it’s sent.  John Podesta, Hillary Clinton’s campaign manager in 2016, had his Apple […]

So many breaches! Such dramatic graphs! So much malware! Such huge numbers!

As the tech landscape becomes increasingly vast yet more interconnected and bad actors utilize more advanced techniques, the process of building a security strategy and implementing that strategy is becoming ever more complex. Although new point solutions and service offerings are emerging to address some of those complexities, it doesn’t do much to help businesses that don’t have the expertise, time, or budget to operationalize a whole security tech stack. This speaks to the larger problem of operationalizing cybersecurity. As […]

Malware writeups used to tell you everything there was to know about each new threat. But life’s not like that today, and it’s not because threat researchers aren’t as smart or as diligent as they used to be!

Cybersecurity is constantly evolving. As technology changes, new threats emerge, and companies are forced to find new ways to defend their organizations against those threats. Every so often, however, changes build to the point that the old way of doing things no longer works and a seismic shift is necessary. The cybersecurity industry is currently at this inflection point where something has to change. Breaches are on the rise and attackers are increasingly successful in their efforts. Cybersecurity is becoming […]

Our latest addition to the content team at SolCyber is none other than trusted cybersecurity authority Paul Ducklin, so we asked him to introduce himself in no uncertain terms!

Enterprises are attractive, high-value targets for hackers; and, because enterprises often have more employees and a more complicated environment, protecting against phishing and social engineering attacks is even more difficult. The Dropbox breach of late 2022 is a prime example of this weakness. Hackers emailed a large number of Dropbox employees, directing them to a malicious website where their credentials were stolen. This kind of risk is more common than not. According to the 2023 Verizon Data Breach Report, 74% […]

Email is the second-most common vector for cyberattacks, according to the latest data breach report from Verizon while IBM’s Cost of a Data Breach report for 2023 indicates that Business Email Compromise (BEC) attacks, one type of email attack, resulted in an average loss of $4.67 million. Clearly, these attacks are succeeding against organizations. However, by following a few best practices, you can prevent many of the most common email-based cybersecurity incidents. 1. Invest in email/spam filters A sophisticated email […]