In our line of work, we see many institution’s environments, cultures, and positions on the journey of their information security programs. One of the most common pitfalls is the belief that a...

There’s yet another debate growing post-COVID. It’s not vaccinations, masks, or whether it’s safe to eat at a restaurant, it’s when and how much workers will return to the office. In considering the...

Information Security leadership can be a tough spot. We are agents of almost constant change in order to combat threats that no one can see. Threats that often don’t show evidence of their...

It’s safe to say that remote work is here stay. While we are on the verge of opening back up after COVID, people have loved the flexibility that remote work provides and perhaps there’s no going...

Qakbot (also known as Quakbot or Qbot) is a malware strain that has been used to attack financial institutions since 2008. It’s primary target is stealing bank credentials in order to enable wire...

Unless you had a really secluded and long holiday vacation, you’ve probably heard about the SolarWinds breach and how it has affected many US industries including financial institutions and their...

We are seeing findings related to change management cropping up in several audit reports this year. Appropriately scoping change management can be tricky in smaller financial institutions which do...

We’ve all heard about the latest big vulnerabilities, end of life software or compromised passwords as the cause of breaches. However, another pattern is emerging for the financial and insurance...

Ransomware has become more common in the past year with the hackers constantly changing tactics, such as moving from infecting backups to deleting them altogether and evolving ransomware variants....

The access review is the most underrated control in the Information Security Officer’s toolkit. We hear so much about threat intelligence, vulnerability management, and fancy tools that monitor this...