Posted: Friday, November 17, 2023

Zero Trust Access, Zero Trust Network Access, and Zero Trust Application Access

Zero Trust Access, Zero Trust Network Access, and Zero Trust Application Access

Understanding the differences and benefits of each

By : Sentia

As we look ahead to 2024, the focus on digital security will continue to intentisfy. Out with the old, and in with the new, will be the new philiosophy to maintain a competitive edge and to ensure that organizations are prepared for the evolving threat landscape.

Zero Trust has been creating siginificant buzz within the industry in the recent past and its importance as a modenized approach to secutity is only going to continue to gain momemtum into next year.

Zero Trust is an overarching security concept exercising the 'never trust, always verify' philosophy. It is an approach that assumes that threats can come from both outside and inside the network, and it requires verification from anyone trying to access resources, regardless of their location or network connection.

In this post, we look at the different subsets of Zero Trust:  Zero Trust Access (ZTA), Zero Trust Network Access (ZTNA), and Zero Trust Application Access (ZTAA) and the key benefits each offer.

Read more »

Number of views (1183)

Posted: Monday, October 16, 2023

Social Engineering - What is it and what are its implications?

Social Engineering - What is it and what are its implications?

By : Sentia

We know there are a myriad of different types of cyber attacks that have evolved over the years. From ransomware to phishing, the list grows as hackers become more sophisticated.

Las Vegas' MGM Grand was hit with a major cyber attack in September that lasted several days affecting IT systems, hotel keys, casinos and other digitally-driven resouces, which, to say the least, threw a wrench into the experience of many of the visitors there during that period. 

One might wonder how an organization as large and prominent as the MGM grand could be hit with such a massive attack (which resulted in the loss of around $100 Million) and it almost always comes down to the attack vector. In the case of the MGM Grand, it was reported to have been an attack that originated through social engineering where an unassuming employees were duped into disclosed sensitve information that ultimately resulted in the onslaught of this widespread breach.

Read more »

Number of views (1627)

Posted: Thursday, October 5, 2023

Ransomware Amplified - Double and Triple Extortion Ransomware

Ransomware Amplified - Double and Triple Extortion Ransomware

What They Are and How to Avoid Them

By : Sentia

October is Cybersecurity Awareness Month so our blog posts for this month will focus on differents areas of cybersecurity to continue to drive awareness and education on evolving trends.

This week, our focus will be on ransomware - specifically double and triple extortion ransomware.

Traditional ransomware, as we know, has been around for decades.In a "regular" ransomware attack, system data is locked and encrypted until the victim agrees to pay the attacker to get the data back. This has proven unsuccessful for attackers, however, because victims can often restore their data and systems from backups.

The first ever ransomware attack is reported to have occurred in 1989 with the "AIDS trojan", where 20,000 infected floppy discs were handed out at that year's World Health Organization (WHO) AIDS conference. After a certain number of boots, user files were then encrypted with an ask for a ransom to be sent to a PO box. Luckily, the ransomware was fairly easy to isolate and remove using technology available at that time. 

Of course, ransomware has evolved rapidly since then becoming much more sophisticaed over the years. Enter double and even triple extortion ransomware. 

Read more »

Number of views (1674)

Posted: Wednesday, May 24, 2023

IAM vs. PAM - What's the Difference?

IAM vs. PAM - What's the Difference?

By : Sentia

Privileged Access Management (PAM) and Identity Access Management (IAM) are two related but distinct concepts in the world of cybersecurity. While they both deal with regulating access to resources, they have inherently different objectives.

Let's look at both in more detail:

Identity Access Management (IAM): IAM follows the principle of least privilege allowing the management of staff identities so that only authorized personnel can access and update files that are meant for them based on their roles and responsibilities. This type of access control involves conditional access security at the system, user, and directory level with insights into access policies, centralized identities, and more. It deals with the entire lifecycle of user identities, including user provisioning, authentication, authorization, and user deprovisioning.

Read more »

Number of views (2934)

Posted: Tuesday, September 13, 2022

Fileless Malware - What is it and Why Traditional Security Practices Can't Protect Against It

Fileless Malware - What is it and Why Traditional Security Practices Can't Protect Against It

By : Sentia

Fileless malware is a malicious activity that infects a system using built-in legitimate and native programs. In contrast to other malware programs like ransomware, attackers don’t need to install a malicious program in the system to execute an attack, which makes it hard to detect and prevent. A traditional anti-malware solution detects malware by matching files against a database of known malicious programs. However, fileless malware payloads reside in the memory only and do not write any files to the hard drive making it difficult for signature-based security solutions to detect it. Thus, cybersecurity experts agree that attackers are ten times more likely to succeed when executing fileless malware attacks than file-based attacks.

Read more »

Number of views (2599)

Posted: Tuesday, August 9, 2022

Pen-testing & Vulnerability Scanning: What’s the difference?

Pen-testing & Vulnerability Scanning: What’s the difference?

By : Sentia

Penetration testing and vulnerability scanning are vital for enhancing an organization’s cybersecurity postures. However, most businesses are confused about differentiating the two services. For example, a vulnerability scanning process looks for existing security weaknesses and vulnerabilities, such as unpatched systems, lacking authentication schemes, misconfigurations, and weak password security, and reports them as potential exposures. On the other hand, a penetration test looks to exploit identified security weaknesses in the organization’s systems and IT network architectures to determine the extent to which an attacker would compromise your assets. Also, a vulnerability scan often utilizes automated software programs and tools, whereas a penetration test is a manual process carried out by a security expert.

Read more »

Number of views (2885)

Posted: Thursday, July 28, 2022

Security Awareness Training

Security Awareness Training

What is it and Why is it Important?

By : Sentia

Cybersecurity is a top priority for all organizations today. Still, the rapidly changing security landscape introduces unique challenges that require users and cybersecurity professionals to stay informed and adopt best practices. Security awareness training educates employees, third-party partners, contractors, and other relevant stakeholders concerning the current cyber threats, cybersecurity responsibilities, procedures, and policies. It is a critical program that helps inform the necessary threat prevention measures and assists in complying with industry-standard data privacy and security regulations.

Unfortunately, according to Proofpoint’s 2022 State of the Phish Report, only 25% of companies train their employees for two or more hours annually. Yet, a Verizon Data Breach Investigations Report shows that eight out of ten, approximately 82%, data breaches are due to exploitable human vulnerabilities. In addition, untrained and unaware employees account for the largest number of social engineering attacks, stolen credentials incidents, and phishing scams.

Read more »

Number of views (2553)

Posted: Monday, May 16, 2022

E-commerce and Cybersecurity: What Online Merchants Should Know

E-commerce and Cybersecurity: What Online Merchants Should Know

Best Practices to Secure Your E-Commerce Business

By : Sentia

E-commerce platforms and sites are hot targets for attacks and breaches since cybercriminals consider them as treasure troves of financial, personal, and business data. Regardless of the business size, a breach of an e-commerce platform can cause huge financial losses by destroying customer trust, lawsuits, and stolen data. eCommerce businesses are mindful of the security issues facing them and have increased spending on security measures. A 2020 VMWare Carbon Black Cybersecurity Outlook Report revealed that 77% of companies included in the study have invested in new security measures, whereas 69% have hired more security personnel.

Read more »

Number of views (1784)

Posted: Thursday, May 5, 2022

Understanding Multifactor Authentication (MFA)

Understanding Multifactor Authentication (MFA)

How It Works and Why Companies Should Consider Adapting It

By : Sentia

"For every lock, there is someone trying to pick it, or break it." - David Bernstein

One of the biggest problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured it provides an attacker with a source to verify their guesses at speeds limited only by their hardware resources. Given enough time, a captured password database will fall.

As processing speeds of CPUs increase, brute force attacks have become a real threat. GPGPU cracking can produce more than 500,000,000 passwords per second even on lower end gaming hardware. Depending on the software, it can take as little as 160 seconds to crack a 14-character alphanumeric password. A password database alone does not stand a chance against such methods when it is a real target of interest.

Read more »

Number of views (4792)

Posted: Wednesday, November 3, 2021

Top 5 Security and Risk Trends to Look Out for In 2022

Top 5 Security and Risk Trends to Look Out for In 2022

By : Sentia

As the famous Charles Dickens quote goes, "we are in the best of times, yet we are also in the worst of times". On one side, organizations, and users alike, benefit from the emergence of new technologies, including the Internet of Things (IoT), 5G, artificial intelligence (AI), and so on. On the other side, there has been a rise in recent successes scored against high-profile targets, including the world’s largest meat processing company, JBS, that shut down facilities in the United States, Canada, and Australia after an attack.

Meanwhile, since the pandemic started, bad actors have been exploiting the vulnerabilities of organizations moving to remote working strategies. On the other side, security professionals have worked tirelessly to mitigate the threats, and vendors are delivering new and reliable technologies to support their efforts.

Based on the information and analysis from our professionals, here are the top five security and risk trends we think are worth watching as we go into 2022 and ways Sentia helps organizations stay prepared for the possibility of threats.

Read more »

Number of views (1497)

CategoryID: