Sage Advice - Cybersecurity Blog

10 Tips to Reduce Common Vulnerabilities Exploited by Cybercriminals

While it seems that today’s cybercriminals have a myriad of tricks and techniques at the ready to gain access to your network, the reality is that they are typically taking advantage of common vulnerabilities – such as unpatched software or default passwords – time and time again. That’s why establishing a regular process for finding those vulnerabilities that put you at risk is a critical part of your cybersecurity program.

Read More

Topics: Technical Testing, Cybersecurity Assessment

What’s the Difference between a Penetration Test and a Vulnerability Assessment?

In the world of cybersecurity, nothing is static. The cyber threat environment is dynamic and evolving. There are new vulnerabilities discovered on a daily basis. Attacks are getting more sophisticated – they’re getting more complex and flying under the radar of traditional detection technologies.

Read More

Topics: Cybersecurity Assessment, Technical Testing

Types of Penetration Tests and Why They are Important

While everyone may be tired of hearing, it’s not if you’ll be breached, but when, it’s the reality of our current environment. Breaches are exploding in scale and scope, and with the availability of malware-as-a-service, it’s no longer just individual lone hackers trying to get in. It’s a thriving business. One that’s incredibly organized and highly profitable.

As such, part of your cybersecurity defense strategy should include assessing the strength of your defenses against hackers. How? Using penetration testing, where a trained “white-hat” hacker tries to exploit your network much like the bad guys do.

Read More

Topics: Technical Testing, Cybersecurity Assessment

Three Ways to Frustrate a Hacker… and Maybe Avoid a Breach

Like most criminals, hackers are opportunistic. For the same reason a thief is more likely to steal a car that has the keys in it or break into a house with unlocked doors, a hacker is looking for an easy way in… the path of least resistance. If it’s difficult – or takes a long time – there is a good chance they’ll get frustrated and move on. After all, it’s typically just business to them. They want to make the most money as quickly and as easily as possible. Here are three things you can do at your organization to slow down an attacker, and hopefully get them to move along without a breach.    

Read More

Topics: Cybersecurity Assessment, Cyber Defense

Cybersecurity Readiness: Defense-in-Depth

Data breaches are a part of our world. Cybersecurity is not something that can be bolted on anymore, it needs to be considered as part of your overall business strategy. You must protect your business because you want to continue to do business. And that means readying yourself to detect, respond to, and recover from a cyber-attack.    

Read More

Topics: Cybersecurity Assessment, Cyber Defense, Risk Management

It's More than a Vulnerability Scan: Penetration Testing Explained

When I ask information security professionals what keeps them up at night, many times they say, “What I don’t know.” It’s no surprise – with reports of breaches on an almost daily basis, it’s impossible to ignore that there are a lot of hackers out there trying to get into networks wherever they can, with tools and techniques that are constantly evolving.  As such it’s important to be diligent about assessing your overall security from the perspective of a hacker.  And the best way to do this is through a penetration test. 

Read More

Topics: Cybersecurity Assessment, Technical Testing

Threat Modeling Simplified

I cringe each time I hear the oft repeated declarations that “every company will be compromised” and that “it isn’t a matter of if, but when.” These statements are the basis of the FUD-driven (fear, uncertainty and doubt) cyber-sales machine. What is closer to the truth is that Internet connected systems have a high probability of being subject to a targeted or opportunistic attack, inadvertent exposure, or malicious subversion. However, it is (and I stress) not inevitable that the attacker will be successful. Motivation, work factor, evasion capabilities, resiliency, and sometimes, luck all play a part. Threat modeling can be used to understand these factors and influence the outcome.

Read More

Topics: Cyber Defense, Risk Management, Cybersecurity Assessment