Background on Cozy Bear Cozy Bear is a Russian cyber-espionage group classified by the United States federal government as advanced persistent threat 29 (APT29).  It’s responsible for several high-profile data breaches over the last few years, including the SolarWinds attack and recent Google Drive phishing scams.  While APT29 is notorious in the public domain, the group’s infamy hasn’t […]

Overview of the Cisco data breach  On Wednesday, August 10th, 2022, the networking giant, Cisco, confirmed that it suffered a data breach on 24th May of this year. Below, we’ll talk you through how the hack happened, what data was lost and who was responsible.  We’ll also discuss key learnings from the incident, so you […]

We all know what a traditional phishing scam is, where a cyber-criminal sends a fraudulent email to their victim in a bid to trick them into sharing sensitive information or downloading malware.  Phishing scams are so widespread that most email providers have now installed impressive features that block standard phishing emails. However, just because email […]

Over the weekend, the US-founded communications company, Twilio, disclosed that it suffered a data breach, after some of its employees fell for a sophisticated phishing scam. Below, we’ll give you an overview of the security incident: what happened, who was impacted and how you can prevent the same thing happening in your organisation. Quick background: […]

On top of this, frameworks like ISO 27001 and SOC 2 are fast becoming expectations for companies that supply goods and/or services to other organizations.  With so much to consider, many compliance and security leaders may feel like they’re fighting an uphill battle. For all their efforts to meet compliance demands, they’re always a step […]

What is UEBA? UEBA is an acronym for User and Entity Behavior Analytics. This breed of security solution harnesses the power of technologies like machine learning and artificial intelligence to monitor your users’ behavior for signs of compromise.  Essentially, UEBA solutions analyze your users and other entities – like endpoints and routers – to create […]

The California Consumer Privacy Act (“CCPA”) came into force in 2020 and, since then, plenty of organizations have received notifications from the California attorney general about their data security practices.  In this blog, we’ll take a look through some of the most recent enforcements, so that your company can make sure it doesn’t fall into […]

A couple of months ago, we wrote about CMMC 2.0, the second iteration of the Department of Defense’s Cybersecurity Maturity Model Certification. The revamped CMMC 2.0 is meant to be easier to implement for small and medium-sized businesses, so that contractors and suppliers of all sizes are able to meet the DOD’s cybersecurity requirements.  If […]

Great resignation and the upcoming recession is creating large employee turnover that puts company data at risk of theft and loss.

Cloud account hijacking is a serious problem for companies across sectors. 86% of IT leaders said this form of cybercrime cost them more than $500k last year. 

The cloud and SaaS present a new frontier for risk. SaaS DLP will make all the difference in controlling this risk and avoiding issues