Search By Category
A Structured Blog -- Today’s CISOs must surely feel as if EVERYONE is looking over their shoulder -- adversaries and allies alike -- probing for risk and vulnerabilities. And they would be right to feel that way. Ransomware’s insidious rise, combined with enhanced civil and criminal penalties for negligent corporate boards and C-suite executives, placed CISOs under more pressure than ever before to identify, document, communicate, and remediate risk. As a standard best practice, they have to do this for the safety and security of their organization. But there’s a new wrinkle to this mandate: the cyber insurer. Self-Assessments and The Cyber Insurer Cyber insurers are the latest entity to join federal regulators in demanding greater transparency and accountability of cyber risk, and they hold a lot of power. If not satisfied with an organization’s efforts, they can limit or deny coverage, significantly raise premiums, and even deny claims. So what is an earnest, hard-working CISO to do? A good place to start is with a self-assessment based on a rigorous accounting of security across the enterprise. Think multi-factor authentication, network segmentation, data encryption, end-user awareness training, robust threat detection and remediation tools, and a 24x7x365 security operations center (SOC)…
MGM Hack: What Happened and How to Prevent Future Attacks
By Structured Director of Cloud Security Collin Miller and Structured Director of Governance, Risk & Compliance Rob Wayt -- On September 11, 2023, MGM Resorts International, the owner and operator of some of the most popular casinos and hotels in Las Vegas, announced that it had experienced a cyberattack. The attack caused significant disruption to…
Security Advisory: MOVEit Vulnerability
Apply security patch released by Progress Software on June 9, 2023 as soon as possible. PORTLAND, Ore. (June 16, 2023) – Today many news organizations are reporting a large cyberattack leveraging a vulnerability in MOVEit, a managed file transfer (MFT) software application The MOVEit vulnerability (CVE-2023-34362) is a critical SQL injection vulnerability that allows an…
Incorporate Resilience Planning for Stronger Cybersecurity
By Structured Staff -- Does resilience planning factor into your cybersecurity strategy? If not, it should. And here’s why: While prevention is a great objective, it is increasingly difficult to defend a complex attack surface from all threats – especially the sophisticated and advanced threats we encounter today. Instead, organizations are bolstering prevention efforts with…
So Vulnerable: Common Findings from Penetration Testing
By Chris Green, Structured Security Engineer, CISSP-ISC2, CISA ISACA, QSA PCI SSC, PCIP PCI SSC Amid rising global tensions and numerous warnings from the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), organizations across the globe can expect to see an increase in cyber attacks from nation-states, criminal gangs, and copycats riding the…
Worried about Higher Cybersecurity Insurance Premiums? Here’s How to Limit Your Exposure.
By The Structured Security Team -- Experts agree, it isn't a matter of if your organization will come against a cybersecurity threat, it's a matter of when. And companies that provide cybersecurity insurance are passing along the costs, increasing premiums to combat the risk of increasing payouts. Cybersecurity Insurance Costs Are Increasing Rapidly Cybersecurity insurance…
Protect Identities with MFA, Validation and Strict Management
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP -- Last week in the news were reports of more than a billion accounts being leaked online from just two sources (Facebook (533M) and LinkedIn (500M)). The data is still being validated, but the source seems to largely be public information that has been aggregated, bundled…
Trust is Dead, Long Live Trust!
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP -- Zero Trust is a philosophy, a journey. No one manufacturer or security product will get you where you’re going. It will take all of your technologies, and likely some new ones, to arrive at a Zero Trust architecture. Trust is dead, long live trust! Zero…
Supply Chain Hacks: Fallout from a nation-state-backed attack
By Jesse Wilson, CISSP, Sr. Security Engineer -- Two weeks have passed since the discovery of Sunburst (https://us-cert.cisa.gov/ncas/alerts/aa20-352a), an exploit so vast it likely will become the biggest breach in history – at least to date. Government agencies and private businesses alike are scrambling to detect indicators of compromise (IOCs), install patches and implement damage…
Secure Critical Infrastructure Demands Proactive Measures
By Collin Miller, Director of Cloud Security -- Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option. Critical infrastructure…
Back to Basics – Inventory Documentation and Network Visibility
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP -- One of the first things you must do as a network or systems administrator is document. Oh, Documentation! The bane of IT professionals everywhere. In our harried work lives, it is a tedious, time-consuming process. Most people prefer to avoid documentation. But, when it is…
