Phishing, Smishing

Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most common and effective way to steal data because it goes after the weakest chain in our cybersecurity armor: the human being. Even high-profile people, including one CEO of a major cybersecurity firm and major figures in law enforcement, have fallen victim to phishing attacks.

GovDefenders Wednesdays | Are Your Paleolithic Post-Patch and Post-Phish Processes Leaving You in a Pickle?

Last month the National Institute of Standards (NIST) database of software vulnerabilities, the National Vulnerability Database (NVD), was taken offline for several days because it was discovered that the web servers hosting the NVD, as well as other government databases, had been compromised by a software vulnerability. In this blog, I’ll review the problem; next week I’ll identify tools and processes that can help solve the problem.

GovDefenders Wednesdays: Cybersecurity Starts at the Bottom of the Totem Pole

One of the most frequently misused quotes references the bottom of the totem pole. Many people associate it with negativity - “I’m stuck at the bottom of the totem pole.” However, the bottom is one of the places you wanted to be because it was one of the most honorable positions. It was those at the bottom who everyone relied on to hold society up. Cybersecurity is no different. Those at the bottom now must help hold those at the top.