Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Double Down on Your Backups

In August, a ransomware attack hit another company. Unfortunately, it hit a regional cloud provider in Europe this time, and we can call this a “critical hit.” So far, we know a virtual server got compromised and used as a jump host; from there, the attacker started to encrypt all volumes in the same domain. Based on pure luck or some profound reconnaissance, the same server migrated into a different data center and continued its unplanned job from there.

Fighting the Good Fight for a Resilient Digital Future

This Cybersecurity Awareness Month, cybercriminals have far too much to celebrate. Attacks are rising in sophistication and brazenness, and no company or organization is immune. We could panic. Or we could lock arms, fight the good fight and put customers first. I vote for the latter.

Small Business Cybersecurity: Uncovering the Vulnerabilities That Make Them Prime Targets

According to a 2021 report by Verizon, almost half of all cyberattacks target businesses with under 1,000 employees. This figure is steadily rising as small businesses seem to be an easy target for cybercriminals. 61% of SMBs (small and medium-sized businesses) were targeted in 2021. But why are small businesses highly vulnerable to cyberattacks? We are looking into where the vulnerabilities are and what small businesses can do to protect themselves.

Leaky Apps - How Banning Them Builds App Security

Banning apps is sometimes necessary to protect your organization from malicious or misused applications. In particular, leaky apps can be a significant threat, and identifying and banning them is an essential app security measure. Some organizations choose a more flexible approach by allowing employees to use unsanctioned apps and monitor their usage for suspicious activity. Yet others don’t monitor employee app use at all, which is the riskiest approach imaginable.

The Importance of Transparent Payment Systems

Transactions have also changed the way businesses operate in this modern era of digital technology era. In this age of e-commerce, digital services, and global trade, there is an increased demand for simple, secure, and transparent payment solutions. In such a setting, solutions enabling users to design and make online payment forms, in line with what platforms comparable to FacilePay propose, have become revolutionary factors. Not only do they make payments easier for businesses and individuals alike; but they also focus on transparency, which is critical for both parties involved.

Stress-free IT management: An IT manager's playbook for mitigating risks

As IT infrastructures become more complex, the responsibilities of IT managers expand exponentially. Their role is akin to a tightrope walker, balancing the need for innovation with the imperative of security. From spotting system vulnerabilities to preparing for unexpected setbacks, the IT manager’s world is one of vigilance and foresight. Zero-trust is an approach to cybersecurity that assumes no trust, even within an organization’s network.

How to SSH into Docker containers

A Docker container is a portable software package that holds an application’s code, necessary dependencies, and environment settings in a lightweight, standalone, and easily runnable form. When running an application in Docker, you might need to perform some analysis or troubleshooting to diagnose and fix errors. Rather than recreating the environment and testing it separately, it is often easier to SSH into the Docker container to check on its health.

How to get your security team on board with your cloud migration

To find out more about cloud migrations, the pitfalls that await the unwary, and what the security implications are, I recently sat down with Dustin Dorsey, Systems & Data Architect at Biobot Analytics, based in Cambridge, MA. In the first post in this series, we talked about cloud providers being responsible for security ‘of’ the cloud, while their clients are responsible for security ‘in’ the cloud.