The FDIC has released new training material to help small banks start a discussion on risk… An article review. Sometimes it can be difficult to find a starting point when getting your employees discussing risk and technology, and while we do provide our own resources on the subject we wanted to pass along another resource […]

While already happening in practice, the new legislation would officially make it one of the agency’s priorities. An article review. In an acknowledgment of what is recognized as a growing threat, legislation introduced recently in the House of Representatives would officially add industrial control systems to the Department of Homeland Security’s cybersecurity priorities. The bill, […]

Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data in transit and change what you see on your screen. An article review. Initially, researchers thought that a new piece of router-based malware called VPNFilter was a relatively simple tool for directing and implementing a distributed denial of service (DDoS) attack. […]

US Cyber Command joins with the FS-ISAC to share threat intelligence… An article review. Threat intelligence sharing is a concept we’re all probably familiar with, at least in passing–it’s hard to imagine where we’d be without the efforts of organizations that work to identify and communicate new and developing threats! However, until relatively recently those […]

Newly disclosed vulnerabilities highlight a concerning security trend… An Article Review. Over the winter, the Meltdown and Spectre vulnerabilities called the security risk posed by hardware bugs to the attention of the public…as well as hackers and security researchers. In the months since, as a new article from TechCrunch details, four new major hardware vulnerabilities […]

A new study has identified the most profitable malware, showing just how much unprepared businesses have paid. An article review. Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably […]

Some small organizations continue to use customer data to generate initial passwords, despite the risks. An article review. When rolling out a new online banking platform organizations are often faced with the task of issuing new usernames and passwords to existing users, but how they choose to do that can have a big impact on […]

If you’re in charge of reviewing insurance from an IT perspective, here are three helpful hints… A Jolley | Hadaway Short. Tell your critical vendors you want to have an “endorsement” on  their cyber insurance policies.  Note:  this does not put you ahead of anybody in the “lawsuit line,”  That is a myth.  But what […]

R-7 – The Top Seven Risks – 2018: Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When Dan presents audit reports to boards of directors, he also talks to the board about the top risks the institution is facing. Since 2006, Dan has been […]

As lines of code continue to replace humans and physical devices, quality control is essential…and often overlooked. An article review. Looking back over the last decade or two it is easy to see how computers have changed physically as they shrank in size, spreading to our pockets and beyond, but another change was going on […]