Main Menu
  • Filter:
image
Blog

Cyber Security for the Road Warrior

In my previous columns, I’ve been describing the benefits of having offense-oriented testing performed on your company’s network. This time around, I want to give some advice for the road...

image
Blog

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid...

image
Blog

How Much Should You be Spending on Cybersecurity?

We often hear clients and prospective clients asking “how much should I be spending on cybersecurity?” That is a very complex question and one that is not easily answered without first...

image
Blog

Their Breach is Your Breach

When you’re catching up on the news, it’s become all too common to see stories about new breaches that have occurred, resulting in the theft of customers’ personal and financial...

image
Blog

R.I.P. VCRs: Lessons in Disruption for the Audit Industry

I was shocked to learn the last VCR rolled off the assembly line in July 2016. I remember my family buying our first VCR – the magic of being able...

image
Blog

Don't Let Cyber Risk Derail Your M&A Deal

Headlines around hacking and data breaches have become a regular occurrence over the last few years. When a business loses the trust of its customers, it can be nearly impossible...

image
Blog

You've Been Breached. Think It Won't Happen Again?

There’s a popular saying in the cybersecurity space, “There’s two types of organizations, those that have been breached and those that don’t know they’ve been breached.” In working with organizations...

image
Blog

The Victims of Cyber Security Training

It’s harder than you think to identify good talent in cyber security. Whether you’re trying to fill full-time security positions within your organization, or partner with service providers and vendors...

image
Blog

An Internet of Hackable “Things” Threatens Your Business

In this column, I try to avoid “buzz words” and jargon. Information security is complex enough without them. The security industry is overrun with companies that intend to confuse you...

image
Blog

Vendor Management: Ignore at Your Own Risk

In this busy, ever changing business world, management has so many things to worry about that some key business responsibilities often get overlooked. One key area that is front and...

image
Blog

Being a Compliant Victim of Cybercrime

When I discuss cybersecurity with business leaders, the most common misconception I see involves the role of security compliance. In my last column, I described the reality of cybercrime, a...

image
Blog

Why 2017 Could Be the Year of Cyber-Espionage

In this digital age where most businesses are focusing on the disrupt or be disrupted ethos, it seems that most are ignoring an even bigger trend that will affect their...

image
Blog

What Can the C-Suite Learn from the Latest Companies to Suffer Data Breaches?

2016 is ending with another round of major data breaches with online companies such as PayAsUGym, Lynda, and Yahoo....

image
Blog

The Reality of Cybercrime

Computer networks have given us the ability to operate, communicate, and conduct business more easily today than ever before. It is, however, hard to imagine a more dangerous time for...

image
Blog

What Should You Learn From Your Penetration Test?

Having a true advanced penetration test performed on your organization’s infrastructure is one of the fastest ways to gain valuable insight on the state of your security posture. It provides...

image
Blog

FFIEC Cybersecurity Assessment Tool Frequently Asked Questions

This past month the FFIEC issued a statement to provide clarification on several questions the FFIEC recieved for the Cybersecurity Assessment Tool (CAT). Since the release of the CAT and...

image
Blog

Staying Ahead of the Threat

Forrester Research released a report recently which predicted that our President-elect Donald Trump will face a major cyber crisis within the first 100 days of being president. Who knows if...

image
Blog

GAO Audit: Can We Learn From Their Mistakes

The old saying “if it ain't broke, don’t fix it” immediately came to mind as I began to look at the audit report from the Government Accountability Office regarding Federal Agency...

image
Blog

Under the Surface Cyber Risk

Part of my role as a Cyber Risk Analyst is to help companies think through their cybersecurity threats. Like most threats, they lie under the surface and most of the time remain unseen...

image
Blog

Where is Your Data? Why Performing a Data Inventory is Integral for Companies in this Digital Age

There’s no denying that the days of printed documents are a distant speck in the rearview. Industries are becoming much more reliant on automated systems and processes versus the manual...

image
Blog

AICPA Exposes Guidance for Cybersecurity Risk Management Examinations

The American Institute of Certified Public Accountants (AICPA) recently released two exposure drafts on criteria for cybersecurity. The first Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk...

image
Blog

Alphabet Soup: Understanding the Qualifications of Risk Management Professionals

You’ve just gotten an email from a potential vendor looking to make a connection. In their signature, following their name is a list of five abbreviations, all intended to make...

image
Blog

Strengthening Your Cyber Resilience: Six Questions to Ask Yourself

As a former network administrator and IT Manager, I’ve spent most of my IT career defending networks from the bad guys along with keeping the daily IT ship afloat. Take...

image
Blog

Size Doesn’t Matter to Cyber Criminals: 5 Tips for Securing Small to Mid-Sized Organizations

Data or access to another organization’s data is what makes a target attractive, not the size of the organization. We hear it over and over – “why would a hacker...

image
Blog

5 Cybersecurity Strategy Mistakes You Can’t Afford to Make

Read through your Twitter feed or turn on the news on any given day and one thing is evident: cyber attacks are happening in every industry and organization size. It...

image
Blog

How InTREx Changes Audits

On June 30th, 2016, the FDIC announced that the Information Technology Risk Examination (InTREx) Program would be replacing the existing Information Technology Risk Management Program (IT-RMP) effective July 1st, 2016....

image
Blog

Any Bitcoins in Your Wallet?

It doesn’t matter who you are, your position, or the size of the company you work for, you never want receive that phone call saying that your company has been...

image
Blog

5 Considerations for Protecting Your Employees, Customers and Data

With the rapid evolution of cloud based computing, many organizations face the fundamental question of whether or not they should employ third party solutions to facilitate convenience within their entity....

image
Blog

4 Tips for Password Management

With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the...

image
Blog

Key Takeaways From the FFIEC Joint Statement on Cybersecurity

This past week the FFIEC issued a statement advising financial institutions to actively manage the risks associated with interbank messaging and wholesale payment networks. The FFIEC warned financial institutions to...

image
Blog

Key Considerations When Purchasing Cyber Insurance

From both current and prospective cyber insurance policy holders, we are frequently asked about what should be considered when purchasing a policy—what terms should be included, what are the important...

image
Blog

HORNE Cyber at MMAAC

The Mississippi Manufacturers Association chose “cybersecurity” as the theme for their 64th annual convention, and I couldn’t imagine a timelier choice. Mississippi is home to some of the largest and...

image
Blog

Immediate Crisis in Healthcare Information Security

After reading the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, the overwhelming themes of the study were clear to me: Breaches are so common that no...

image
Blog

When Your "Insider Threat" Isn’t an Insider

A classic urban legend and horror movie trope involves the hapless victim being repeatedly terrorized by creepy and threatening phone calls. When the police are called, they begin to trace...

image
Blog

Buying Your Own Stolen Data

I’m becoming very used to reading about the latest “ransomware” attacks each morning when I catch up on information security news over my first cup of coffee. Malicious software (malware)...

image
Blog

Modern Cyberattacks: Tradecraft on Your Network

At the Armed Forces Communications and Electronics Association’s Defensive Cyber Operations Symposium on April 20th, DISA Director LTG Alan R. Lynn described a shift in attackers’ operations. Lynn stated that...

image
Blog

10 Takeaways from the 2016 DBIR

Even if you’ve never read Verizon’s Data Breach Investigations Report (DBIR), you’ve been exposed to it. Among the proposals, marketing materials, and whitepapers generated by the information security industry, it’s...

image
Blog

Decidedly Different Cybersecurity Part 3: Hacker Mentality

To wrap up my series on HORNE Cyber’s decidedly different approach to cybersecurity, I want to focus on the importance of maintaining a hacker mentality when testing the resiliency of...

image
Blog

Hacking for Humiliation: The Nightmare You Wake Up To

Since this past weekend I have followed the story of an activist hacker, “Phineas Phisher,” who publicly posted a detailed write-up of an illegal attack he carried out last year...

image
Blog

Decidedly Different Cybersecurity Part 2: Industry Knowledge

As mentioned in my previous blog, at HORNE Cyber, we are a decidedly different cybersecurity company built on three core competencies: the CPA discipline, industry knowledge and a hacker mentality....

image
Blog

Decidedly Different Cybersecurity Part 1: CPA Discipline

HORNE is a decidedly different CPA and advisory firm, so when we officially formed HORNE Cyber Solutions in November 2015, it only made sense that it be a decidedly different...

image
Blog

When Was Your Last Information Security Check Up?

Maintaining information security today is, in many ways, similar to maintaining your personal health. Yearly check-ups and health screenings could detect a potential problem. If a problem is detected, more invasive procedures...

image
Blog

Inside a Hacker’s Mind

The old adage says, “it takes one to know one,” and we believe that is absolutely true when it comes to fighting cyber threats. Originally, hacker was a positive term...

image
Blog

Securing a Mobile Workforce

Last month, our Executive Partner, Joey Havens, announced a new mobile document sharing platform for our organization. With a mantra of fearless unrivaled flexibility, we allow our employees to be...

image
Blog

Securely Integrating the Internet of Things

Last week, members of the security industry gathered for the annual RSA Conference to discuss the latest topics in information security, from the Apple vs. FBI encryption debate to the...

image
Blog

Build Better Legal Cases with Access to Digital Evidence

Attorneys are always looking for new forms of evidence for both criminal and civil matters. With the recent advances in digital forensic capabilities, many legal cases are incorporating digital evidence...

image
Blog

8 Cybersecurity Risks Executives Need to Know

No organization is immune to the threat of security breaches. With cybercrime activity increasing rapidly across the globe, every organization needs to address the potential risks to better protect its...

image
Blog

Vulnerability Scans and Pen Tests: What’s the Difference? Part 3

The Internet of Things Raises Risks Imagine if all of the multi-function printer units in your organization sent an electronic copy of every document that is scanned, copied, or printed...

image
Blog

Vulnerability Scans and Pen Tests: What’s the Difference? Part 2

As I mentioned in my previous post, there is much confusion in the cybersecurity market around vulnerability scans and penetration tests. The words are not interchangeable. They are very different...

image
Blog

Vulnerability Scans and Pen Tests: What’s the Difference? Part 1

When safeguarding an organization against the threat of cybercrime, it’s important to regularly test how well your current security measures are performing. I recommend that organizations apply a regular schedule...

image
Infographic

Data is the New Currency

It’s not if a breach will occur, it’s when.  Where should you look for vulnerabilities?  What should you do?

image
Whitepaper

Cybersecurity Strategies

Manage your business risk.  Questions to ask and steps to take now.

image
Infographic

Cybersecurity Concerns For Executives & Boards

Executives and boards should take a proactive approach to cybersecurity. Here are are eight areas in which you should pay particular attention.

image
Video

Understanding Cyber Attacks

Organizations typically do not find a hacker on their network for 4-7 months. So, how do you identify an attack and effectively defend your organization?

image
Whitepaper

The Practical Guide to Security at Conferences

Conferences are Target-Rich Environments for Private and Nation-State Intelligence Gathering.