Phishing attacks can happen to anyone whether you’re a CEO, financial analyst, nurse, janitor, IT specialist, or receptionist. In the 2020 Internet Crime Report, the FBI revealed phishing was the top reported cybercrime, consisting of 241,342 reported incidents. This number has more than doubled since 2019. Phishing attacks often consist of an email that is […]
The CISO (Chief Information Security Officer) reporting structure is a hotly debated topic and the solution often differs depending on the organization. This question has perplexed many organizations. It’s a topic of growing importance as cyber attacks grow in frequency and breach costs increase. Many organizations initially place the cybersecurity responsibility within the IT department […]
If the SolarWinds hack taught us anything, it’s that the security of a company’s infrastructure is dependent on the resilience of their vendors. A breached vendor is a trojan horse that bypasses normal defenses and accesses the trusted areas of the network. Threat actors have cunningly discovered that a trusted vendor is often the easier […]
A Vulnerability Scan is NOT a Penetration Test. Unfortunately, when we perform third-party reviews or risk analyses, we often see that organizations get these two terms mixed. In this article, we are providing information about the differences so companies get the accurate services they need (and paid for) and they can achieve their compliance goals. […]
Weak passwords are often the cause of data breaches. Love or hate them, everyone is using passwords today. Ensuring individuals are using strong passwords in important to securing an organization. Whether you’re performing a penetration test or a password audit, tools can help you add value and efficiency for your report. At Stern Security, we […]
The Triangle Net has a vision to build a better world and provide opportunities to those striving to join the cyber security field. This amazing organization interviewed Stern Security’s founder, Jon Sternstein, to discuss his security career. View the full interview here: https://www.thetrianglenet.com/episode-2-jon-sternstein/
Vendor Risk Management Accuracy is all that Matters! Are Vendors Secure? If you ask any company if they are secure, most would say “Yes, of course we are!” This is especially true of vendors. No vendor ever says, “No, we’re not secure, but trust us with your data.” Most vendors are not being dishonest, but […]
Vendor Risk Management Accuracy is all that Matters! Many organizations utilize spreadsheets to measure their internal security posture and vendor risk. We get it – spreadsheets are simple, convenient, and it comes with the office suite that you have on your computer. Unfortunately, it does not scale and gets out of hand quickly. Let’s look […]
Vendor risk management is an incredibly complicated process. While some methods are much more efficient than others, there is no consensus on how all organizations accurately manage vendor risk. We generally see that organizations measure vendor risk in five ways, each with an increasing level of security: Nothing at all Contract verbiage only Audit check […]
Introduction Imagine building a strong, stable fortress around your most important assets. All of your focus is on stopping the intruder that will directly target your organization. However, there is an indirect way to breach the gates – through your third parties. Your organization relies on third parties (vendors) for necessary services and you have […]