How to Prevent Another SFMTA Ransomware Attack

By now, many have heard about the recent ransomware attack against the San Francisco’s “Muni” system on Black Friday where the hacker locked out the railway’s system and demanded 100 BTC as payment. The second, less known, part of the story was published by Brian Krebs on his blog yesterday: “On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s…

Black Friday & Cyber Monday – Who’s Getting the Best Steal?

It’s the most wonderful time of the year! Well, almost! With Christmas just a matter of weeks away, millions of people worldwide have commenced their Christmas shopping and are preparing for the festive season. Whilst Christmas gives us the perfect excuse to splash out on gifts, there’s no doubt that we are all looking to bag ourselves some bargains, and Black Friday and Cyber Monday will certainly have you itching to whip out your credit card. The hype surrounding Black Friday and Cyber Monday shopping deals has certainly intensified over the years, and shoppers both in store and online are…

Achievement Unlocked! Multi-factor Authentication Everywhere

I was recently talking to a CISO for a major airline. We had been discussing innovations in security, when he sighed and said that his budget was strong, but employees were overwhelmed by the constant barrage of breach news. This resulted in a user base that was slow to adopt, and didn’t feel a personal sense of agency in many security solutions. We had been discussing some pretty behind-the-scenes solutions, and it was actually his idea that we move to something much more “in your face” for employees. Something that lets them take a proactive part in security. Something that…

Did a Lack of Common Sense Cybersecurity Just Elect Trump?

There is little debate that this election will be described as a referendum on the status quo, with very strong anti-establishment and anti-elitist sentiment driving record numbers of unexpected voters to the polls. But that doesn’t tell the complete story. Yes, the Hillary campaign brought the current administration out in force in the final weeks, thus cementing her image as an entrenched Washington insider. But I can’t help but think that this status quo image began to be shaped and hardened as a direct result of the leaked insider communications exposed on WikiLieaks and as a result of the hacked…

Cybersecurity in 2016; predictions for 2017

It’s that time of year again. The holiday season is upon us and with it, online shopping will no doubt take another bite out of traditional brick-and-mortar holiday sales. With a colorful new president taking office shortly thereafter, 2017 promises to be an interesting year. But before we get to predictions, let’s take a look at the year that was. 2016: The year in review After a series of high-profile breaches in 2015 that involved criminal and state-sponsored attacks against the personal data of hundreds of millions of people, our prediction last year was that 2016 would bring the increased…

Centrify Crushes Competition for Mac Management via Microsoft Active Directory

In a November 7th Network World article, reviewer Tom Henderson evaluated three different solutions for managing Macs inside a Microsoft Active Directory environment. We look forward to reviews like this due to their ability to illustrate the strengths of our Mac solution from a third-party perspective, and to show customers exactly how we stack up against the competition — on top! Early in the review, Henderson noted that Centrify allows for the direct control of “virtually everything in the Systems Preferences app of our Macs.” In fact, we support over 300 policies for managing Mac configuration and security settings including…

Password Management: Amateurs Hack Systems, Professionals Hack People

To say it in the words of the security guru, Mr. Schneier,“Amateurs hack systems, professionals hack people.” Don’t believe that the typical hacker is the socially awkward 20-something-year-old young man who cannot make eye contact with someone at Starbucks —  like Elliot from Mr. Robot. The most successful hackers are truly gifted grifters who can “talk their way out of almost anything” — or better said, “talk their way into anything.” Kevin Mitnick is probably the most notorious hacker of recent years, who has mastered the art of exploiting human vulnerabilities to get into computer systems, including those of American…

Modernizing Legacy Apps to Boost Security: Part II

As we discussed in part I of this article, many companies are still in the process of modernizing their legacy apps. There are a number of reasons to do this, but securing your environment is typically the main goal. We’ve already identified that a (software) token-based system as essential. Let’s continue with a couple more best practices. Provide for User Provisioning An application needs user data — not for authentication, but because it needs to know the role and responsibilities of the person logging in so that privileges inside the app can be managed and regulated. Therefore, a database of…

Veterans Day: My Transition from Artillery Officer to Identity Management Professional

As an Artillery Officer in the United States Army, I am tasked with the challenge of understanding the enemy, their assets and capabilities, and from what vectors they can and will attack. Based on this knowledge and understanding, it is my responsibility to recommend to the commander on the ground: Where he should place his indirect fire assets (howitzers and mortars). Where he should place his observation platforms (forward observers, radars, and UAVs). What additional enablers (Fixed Wing and Rotary Wing Aircraft) he should request from higher headquarters to ensure his units are properly defended and conditions are set for…

SSO for Cloud-Based Apps a Key to Collaboration Success for Shiseido

At the end of last year, PC Magazine published an article about the five collaboration trends to expect in 2016. The article stated that, “Distributed teams have more ways than ever to communicate and collaborate in real time, and 2016 is set to bring another wave of innovation around cloud-based connectivity, cross-platform integration, and next-generation multimedia conferencing.” They were pretty accurate. Collaboration between employees and contractors — working from anywhere but the office – is more common every day. And, as the article predicted, “cloud-connected everything” (the #2 trend) and “seamless interoperability” (#4) are the name of the game. But building a truly collaborative…