As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that […]
As we have previously discussed, a vishing attack is usually one of the most successful types of social engineering both in the wild and during engagements. Due to the nature of a vishing attack, many employees fall victim to simple variations because they are conducted over the phone and they aren’t as familiar with the […]
In today’s blog, we are going to look at how ransomware works and why it necessitates the use of offline backups for your organization. Having audited hundreds of organizations, it is clear to me that most IT professionals are considering availability. It is very common for organizations to be taking regular backups and for these […]
South Carolina became the first state to pass cyber security legislation for insurance companies in 2018. The South Carolina Insurance Data Security Act was passed on May 3rd, 2018 and was modeled after the NAIC Insurance Data Security Model Law. Today we will dive deeper into the law and try to understand the ramifications of […]
The path to HIPAA compliance is paved with many hurdles. One of the first issues most organizations encounter is identifying how HIPAA applies to them and whether they need to meet compliance. So in order to move forward and start applying the necessary controls to meet compliance, you’ve got to determine whether you are a […]
In today’s blog, we are going to explore the concept of Black Box vs. White Box testing. There are a lot of terms thrown around when it comes to security, and it is easy to get confused, especially when different sources use different definitions for each term. Not to worry, we’ll explore black box, gray […]
