BNMC Blog

The Internet of Things, a collective term for the countless connected devices out there that have traditionally not been connected to the Internet, is a vast and dangerous territory for businesses to cover, perhaps now more than ever before. Unfortunately, this massive group of connected devices also tends to make itself a target for hackers who want to leverage these devices to their advantage. A recent hack shows just how much hackers can stand to gain from infiltrating these connected devices.

Some vulnerabilities can fly under the radar for quite some time, some for months or even years. This is the case with a recently discovered Microsoft Azure database vulnerability. The exploit, discovered by cloud security provider Wiz, is found in Cosmos DB, Microsoft Azure’s managed database service, and it’s a real nasty one at that. Let’s dive into the details and see what we can learn from the incident.

The password has long been the first line of defense against security threats, but what would you say if we told you that the password could disappear entirely from your Microsoft account? Well, get ready, because boy do we have news for you. Let’s take a look at what it means to go “passwordless” and what it could mean for your account’s security.

It’s good to go about your business with an abundance of caution, but sometimes this abundance of caution can lead people to see threats where they simply do not exist. In cybersecurity, this is actually quite easy to see happening, as cybersecurity is such a multi-faceted topic. But how much do these false-positive security reports wind up costing organizations?

Email is a crucial part of any modern business, but it’s not always the most fun topic to cover. It’s more of a necessity than something super exciting, like machine learning or automation. Still, this does not make it any less important, so why don’t we discuss some of the ways you can make sure your organization’s email server is as secure as possible?

The ransomware attack against Kaseya’s VSA servers for approximately 1,500 organizations was yet another major challenge for businesses to overcome, and while most of the affected companies did not give in to the hackers’ demands, others felt forced to pay the ransom. The problem, however, is that some of those who did pay the ransom are now having trouble decrypting their data, and with REvil MIA, they do not have the support needed to decrypt their data.

While there are plenty of ways for a business to secure its resources, there are just as many ways for your employees to undermine these protections… often without even realizing that they’re doing so. Let’s focus on some of the cognitive biases that you and your team members might experience when it comes to your security.

It seems like there is a new data breach every time we turn around, and in most cases, these breaches expose the personal data of many people. The most recent breach in this troubling trend is for the popular social media website LinkedIn. This breach exposed 700 million profiles, an event which led them to be sold on a popular hackers forum. The scary part? LinkedIn denies that there was any data breach.

The 2020 hack of SolarWinds saw a major disruption of the supply chain for many organizations around the world, including the U.S. government, but a recent survey shows that these organizations have felt varying degrees of effects from the hack itself. Furthermore, many have taken the hack as evidence that further information sharing must occur if we are to ever take the fight to cyberthreats.

Ransomware is a threat that has seen exponential growth in recent years. We have witnessed it grow from a minor annoyance to a considerable global threat. Even the U.S. Justice Department has issued a declaration that they would begin investigating ransomware in much the same way that they would terrorism cases. Let’s take a look at how this policy could change the way your business should respond to these threats.

Any organization that holds medical records or other healthcare-related sensitive data needs to consider legislation and organizations that govern the privacy of those records. In this case, we are referring to HIPAA, the Health Insurance Portability and Accountability Act, and HITRUST, the Health Information Trust Alliance. These two acronyms are incredibly important for healthcare providers in the United States to understand.

The recent hack of Colonial Pipeline has led to no shortage of problems, chief among them gasoline shortages all across the east coast of the United States. The pipeline’s operations may have been restored, but the question still remains: what could have been done to stop it, what can we learn from this incident, and what changes can we expect to see as a result?

Everyday life relies on software to keep going, a phenomenon that is perhaps most visible in the business environment. Unfortunately, it is this software that can prove to be the point of egress that attackers need to your network. Let’s consider a commonly overlooked aspect of IT maintenance—patch management—and why it is so crucial to a business’ operational success.

Data is one of—if not the—most essential resources a business has, which means it is essential that you take the steps to protect it in every way possible from every potential threat. This includes those that could originate from within your own organization. Let’s consider the case of Xiaorong You, who was recently convicted of conspiracy to commit trade secret theft by a federal jury.

One of the most terrifying situations your business can encounter is when it’s clear that you’ve been hacked. It can cause extreme anxiety regardless of what size of a business you run. The most important thing is to know how to react to mitigate the damage to your business’ network and reputation. Let’s go through a few steps you need to take if you’ve been hacked.

Running a business of any size comes with more than its fair share of risks, particularly if that business is on the smaller side. One major risk factor is the prospect of cybercrime and the impact it can have on a business. Let’s look at how this particular risk can influence the challenges that businesses must now contend with.

Ransomware attacks are notorious for their expense to the victim—largely because of the various costs that come along with successful ransomware infections, including many that might not be expected at first. Let’s review some of these costs, if only to reinforce the importance of avoiding ransomware as a rule.

For the small, but growing business, there are a lot of risks that could potentially harm their ability to stay in business. One of those risks comes in the form of cybercrime. Over the past several years, small and medium-sized businesses (SMBs) have improved the ways in which they combat cybercrime. Let’s take a look at some of the problems SMBs have to deal with.

If there is one kind of online scam that people need to be more cognizant about, it would be phishing—where a scammer tries to hack the user instead of the computer, tricking them into sharing sensitive information. Phishing can come in enough forms that it has splintered into a few different varieties to watch out for. Let’s go over what a basic phishing attack looks like, some of the different types you may encounter, and how to deal with such an attack appropriately.

When most of us think of cybercrime, we’re thinking about a lone hacker in a dimly lit room—or, at most, a few hackers hunched over their computers in a dimly lit room. However, to remain restricted to this impression would be inaccurate—particularly when you consider the very real threat that state-sponsored cyberattacks can just as easily pose.