Select Page
Image from scenario one: Ransomware

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and ... continue reading

Premier Offerings: Onboarding Accelerator – Office 365 Security and Compliance

Houston… We have a Problem… Have you ever noticed there is an awful lot of educational workshops and deliveries that teach you about all these amazing features, but ultimately leave you wondering how to actually implement them in your environment? ... continue reading
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Computers with Windows Remote Desktop Protocol (RDP) exposed to the internet are an attractive target for adversaries because they present a simple and effective way to gain access to a network. Brute forcing RDP, a secure network communications protocol that ... continue reading

Norsk Hydro responds to ransomware attack with transparency

Last March, aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were ... continue reading
A diagram showing the recommended migration paths for Windows Server Roles

Protect workloads still running on Windows Server 2008 and 2008 R2

Over the last couple of years, we havesharedwhy it is business critical to migrate and upgrade apps and services running on Windows Server 2008 and 2008 R2. As you are aware, on January 14th, 2020, support for Windows Server 2008 ... continue reading

Ransomware response—to pay or not to pay?

The increased connectivity of computers and the growth of Bring Your Own Device (BYOD) in most organizations is making the distribution of malicious software (malware) easier. Unlike other types of malicious programs that may usually go undetected for a longer ... continue reading
Microsoft works with researchers to detect and protect against new RDP exploits

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and ... continue reading

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false ... continue reading

How to avoid getting caught in a “Groundhog Day” loop of security issues

It’s Cyber Security Awareness Month and it made me think about one of my favorite movies, called Groundhog Day. Have you ever seen it? Bill Murray is the cynical weatherman, Phil Connors, who gets stuck in an endless loop where ... continue reading
Rethinking how we learn security

Rethinking how we learn security

A couple of years ago, I wrote an article on the relative lack of investor and startup interest in addressing a crucial CISO priority—the preparedness of employees on the security team. Considering what seems to be a steady stream of ... continue reading