Welcome to
A place to release your cyber-stress

The Attack Surface is Swelling

Millions of self-quarantined employees are as productive as ever with extended and scaled Zoom and VPNs. However, it’s too soon to announce ‘business as usual’ without addressing the additional attack surface gained as a result. This is increasingly true in the case of combined home-work computers.

Corporate firewall and anti-phishing security controls rarely apply, home routers are ungoverned, browsers hold sensitive passwords and kids and adults alike are being targeted with phishing campaigns daily through email and sites. A possible outcome is that the VPN is transformed, by an "owned" computer, into a magical back door to the organizational network. 

The most important thing to do is to test and test again - to determine and prioritize the controls required to harden the dwelling workforce environment.

  

Get CyberToons to your inbox

Millions of self-quarantined employees are as productive as ever with extended and scaled Zoom and VPNs. However, it’s too soon to announce ‘business as usual’ without addressing the additional attack surface gained as a result. This is increasingly true in the case of combined home-work computers.

Corporate firewall and anti-phishing security controls rarely apply, home routers are ungoverned, browsers hold sensitive passwords and kids and adults alike are being targeted with phishing campaigns daily through email and sites. A possible outcome is that the VPN is transformed, by an "owned" computer, into a magical back door to the organizational network. 

The most important thing to do is to test and test again - to determine and prioritize the controls required to harden the dwelling workforce environment.

  

All CyberToon strips

Mar 22

IT Emergency

Having read the Equifax Data Breach Congress Report from December 2018, one can see that the alleged Chinese attackers did not need to work very hard. All they did was take advantage of a few expired security certificates, a non-patched Apache Struts software and utilize a few web shells that led into additional databases.

Before you even ask, the answer is yes, it could have been prevented. If only there was an effective way to continually pen-test the entire network and point to these non-critical vulnerabilities that can lead to a disastrous breach. Well, now there is - automated penetration testing. And it is here to stay.

  
CyberToon_2_with_Header (1)-1

Having read the Equifax Data Breach Congress Report from December 2018, one can see that the alleged Chinese attackers did not need to work very hard. All they did was take advantage of a few expired security certificates, a non-patched Apache Struts software and utilize a few web shells that led into additional databases.

Before you even ask, the answer is yes, it could have been prevented. If only there was an effective way to continually pen-test the entire network and point to these non-critical vulnerabilities that can lead to a disastrous breach. Well, now there is - automated penetration testing. And it is here to stay.

  
Load More