Can you see the real me – can you?

Usernames and passwords are being stolen by ‘bad actors’ every day.  Via human engineering exploits, the ‘bad actor’ lures legitimate users into unwittingly surrendering their usernames and passwords. One of the more popular exploits is the well-crafted e-mail messages that warns of service interruption for the recipient’s e-mail service – just click the link and

The Cause of the Equifax Breach: Why Being Right Still Feels Lousy

I recently wrote a blog about my thoughts on the Equifax breach and predicted that, once the cause of the breach was revealed, it would be attributed to human error and could have been completely preventable.  As it turns out, I was right.  While perusing one of my favorites IT websites, The Register, I came

The Equifax data breach – why their failure is now my problem

Like many of us who heard about the Equifax data breach last week, I went to their website over the weekend to check if my data was one of 143 million accounts that may have been compromised.  Sure enough, it was.  Fabulous.  I was promptly directed to another Equifax webpage and notified I was eligible

The Equifax Hack – The Ingredients for Misery

On Sept 7, 2017, Equifax announced they were hacked sometime between May and July of this year. The incident potentially impacts around 143 million U.S. consumers, exposing names, Social Security numbers, birth dates and more. All the ingredients identity thieves need to cook up some misery. Obviously, we all have reason to be concerned by this breach

Are You and Your Data Ready for NYCRR 500 Regulations

On March 1st, 2017, the New York State Department of Financial Services put into effect new cyber security requirements of its ‘covered entities’. Those entities include banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. Here is a quick

Triangulating and closing security compromises

But the CEO told me to wire $60K to the Caymans! We’ve seen a recent rash of e-mail exploits that blend “social engineering” with e-mail technology. These exploits use e-mail to impersonate respected leaders and authorities of an enterprise giving direction to subordinates or delivering malware payloads and links in what looks like a trusted

How to Value the Cost of a Data Breach

As the Founder and CEO of a technology consulting firm, there are many proprietary data concerns that we must consider and protect, not the least of which is our client information. While our firm, Corporate Technologies, Inc (CTI). may not be directly subject to data security regulations, providing services to many of our clients obligates

Is your manual Incident Response up to snuff?

Do you believe what the security experts say? That bad actors will penetrate your network, so it’s not a question of “if” but “when”? Believe it or not, it’s true. The evidence is clear that even well-funded security teams can’t keep hackers out.  The paradigm has shifted and the new focus needs to include how

There is no immunity from cyber attacks, so be prepared

Threat Assessment

Devastating cases of cyber-attack scenarios continue to mount. Unfortunately,  the most recent high-profile example is a harbinger of things to come.  By now, everyone is at least peripherally aware of the WannaCry ransomware attack that occurred just a few weeks ago.  If you somehow missed it, the WannaCry ransomware attack was a worldwide exploit by