Author: Lynn Strand

30 Nov FBI Tips to Guard Against Ransomware

It’s interesting to read how many businesses are getting infected with ransomware. It’s also interesting so see that a lot of them are quick to transfer bitcoins to recover their encrypted files. I suppose most of us have mused about how we would respond if we were bitten by ransomware.  Would you pay? The FBI published a “Public Service Announcement” regarding ransomware. The...

Read More

29 Aug No Rules!  UEBA as it Should be

When significant new technology appears in the marketplace, it’s always interesting to see how many vendors and products quickly jump on the band wagon to embrace it. The trouble is that with many of the vendors there is no real substance to their claims regarding the new technology. It’s often just talk; smoke and mirrors; and clever use of marketing...

Read More

15 Aug Detecting Insider Credentials Compromised on the Dark Web

For years, I've been fascinated with the Dark Web. In particular, the people who buy and sell information there, how they steal and hide information, and their motivations for their actions. Over the years, I've learned about the fraudsters' hierarchy. Talk about a crime ring! Fresh credit card details are sold based on a fraudster's rank within the organization - with...

Read More

03 Aug What’s Going on at Black Hat? Or Are You Incommunicado?

In Dark Reading, I enjoyed Lysa Myers’ entertaining and useful tips for surviving Black Hat. Next year, I’ll need to be certain to take these tech precautions, in particular she wrote: Update your security Take some time before you leave to beef up your security. Update your software, especially the operating system, browser, and plugins. Block all incoming ports and require outgoing apps...

Read More

02 Aug Learning From the Healthcare Industry

I just read a report that 81% of the hospitals and health care insurance companies in the United States experienced a significant data breach during the last two years. That’s a staggering statistic. For the uninformed, here’s a quick recap. It’s estimated that one in 10 U.S. residents were affected by a recent medical data breach. Here’s a list of just...

Read More

25 Jan Top 10 Security Administration Blunders

After recently posting the blog titled “Top 10 Mistakes Employees Make That Can Lead to a Data Breach,” I’ve had a lot of related discussions about the serious errors that administrators make. So I thought it only prudent to do a post on the top security administration blunders. So here’s my take on the top 10 common, but critical, failings and...

Read More

22 Jan Top 10 Security Blunders by Employees

As a security professional, I frequently find myself cringing at dozens of little things that employees do every day. I say things like: “Don’t click on that,” or “Your Adobe Flash is way out of date and full of serious security issues.” When an employee makes a security slip-up, they can instantly set your entire organization up for a painful and...

Read More

20 Jan Why SIEM is Not Enough for User Behavior Analytics

Many who are new to user behavior analytics (UBA) struggle initially to understand the difference between their SIEM (security information and event management) system and UBA. The question often arises “If I have SIEM, do I really need UBA?” The answer is a resounding yes, you need both, and here’s why. SIEM tools can collect massive amounts of data from the...

Read More

17 Jan Data Breaches May Expose Family and Friends of Victim Too

A while back I posted about the Vtech data breach. That stolen data included information not just about the account owner, but family members as well—including personal data and pictures of children. Since then, I’ve been paying a lot of attention to other data breaches that affect friends and family of the victim. One of those incidents was the U.S. Office...

Read More