Fortscale Insider Blog

domino effect is comparable to a ransomware attack

10 Jun Another Ransomware Attack, Cheap and Effective

Fleecing hospitals was only the beginning, now cybercriminals are coming for the universities. The University of Calgary is the latest victim of a ransomware attack —netting  nasty miscreants a ransom payout of $20,000. The University of Calgary is a leading research university. It is ranked one of the top 10 research universities in the country—housing 73 Canada Research Chairs, with more than 80 research institutes and...

Read More
Information security goals often do not align with IT executive ideals

08 Jun Reality vs Information Security Goals of IT Execs

I just read a new and interesting report from LTM Research that highlights the big gap between information security goals of IT executives and what is really happening in their organizations. IT executives want to detect serious cyber security incidents within a single day, but data shows traditional security solutions don’t usually detect a breach for months – if at all. The...

Read More
Top 5 things in security to tick off your CEO

07 Jun Top 5 CEO “Tick Offs” In Security

The majority of “Top Lists” in security focus on what the C-Suite does wrong or something along those lines. Today I present to you my Top List of what security people do wrong. Please note this is strictly my opinion based on 16 years’ experience in this field looking at it from the perspective of the U.S. Government, commercial enterprise,...

Read More
login credentials were easy for this celebrity hacker

07 Jun Celebrity Hacker Proves It’s Easy to Get Login Credentials

The Romanian cyber criminal known as the “Celebrity Hacker” revealed how easy it is to obtain login credentials –and his long list of successful hacks proves that his simple methods work. Login Credentials are Easy Guesses Marcel Lehel Lazar, who broke into the accounts of numerous celebrities, politicians, and government officials recently plead guilty in a U.S. District Court to charges of...

Read More
insider spy

06 Jun How to detect an Insider Spy

An insider spy is perhaps the most significant threat to enterprise security. Monitoring their behavior is a critical component in detecting and deterring their activities. Some years ago the Chinese government sent Chi Mak to the United States to obtain employment in the defense industry with the goal of stealing US defense secrets, which he did for over 20 years. Among...

Read More
security training

03 Jun Security Training Helps, But it’s Not Enough

Industry experts agree that the actions of employees and other insiders are major contributors to data security incidents. Security training helps, but studies show it’s not very effective. Ponemon Institute recently released a report on “Managing Insider Risk through Training & Culture." The study examined enterprises that already have security and data protection training in place, and measured the effectiveness of those programs. Security training...

Read More
LinkedIn breach

01 Jun LinkedIn Breach Surges by 110 Million Records

Like millions of others, last week I received a notice from LinkedIn that my personal data may have been stolen during a data breach in 2012. What prompted the notice four years after the LinkedIn breach was that a few days ago the company “became aware that data stolen from LinkedIn in 2012 was being made available online." LinkedIn posted a...

Read More
penetration test Part 2

31 May How IT Staff Can Make a Professional Internal Penetration Test —Part 2

As I mentioned in Part 1, penetration testing isn't just for hackers and security professionals. If you know how your infrastructure technology works to a protocol level then you can test it fairly properly. That means any IT staff member could be making their own internal penetration tests. As you get more comfortable doing these tests, you may be interested in...

Read More
Fort Friday compromised accounts

27 May Fort Friday Security Clips— Reddit, Myspace Compromised Accounts Rising

  Reddit compromised accounts increasing Redditors are currently under a hack attack—it is account takeover time—the clocks ticking. A Reddit official announcement noted an "uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties." Reddit's founding engineer, Christopher Slowe (AKA: KeyserSosa) wrote "Though Reddit itself has not been exploited, even the best security in the world won't work when users...

Read More
hacktivists strike global banks via operation OpIcarus

26 May OpIcarus — Hactivists Strike Global Banks — And Us

During the past few weeks, the hacktivists group known as “Anonymous” has engaged in an operation they have termed OpIcarus, which is aimed at disrupting the Global Banking network. What began as an Anonymous operation has now become a joint project between Anonymous and Ghost Squad Hackers, the Last American Vagabond, and LulzSec Global. Together their DDoS attacks have interrupted service...

Read More