Request a quote
Apply now
World Trade Day SecurityRI.com

SecurityRI.com x Bryant University – World Trade Day 2018

May 1, 2018
Events

World Trade Day 2018 Will Address Technology in Global Trade at Bryant University

 

SecurityRI.com is proud to announce our technology team will be attending and speaking at the 33rd Annual World Trade Day: Technology in Global Trade on Wednesday, May 23, 2018. World Trade Day is presented by the John H. Chafee Center for International Business and is one of the region’s largest international business conferences, with more than 500 industry leaders and business executives expected to attend.

As Bryant University states – “Each year at World Trade Day, keynote speakers, workshops, and panel discussions provide high-level insights and thought-provoking discussions on future trends and economic drivers. With this year’s focus on Technology in Global Trade, experts will discuss innovations in manufacturing including robotics, drones, and other technological advancements. Attendees will learn about the use of big data and analytics to drive strategic decision making, as well as ethical considerations in data mining practices. Other featured topics include block chain technology, cybersecurity, and global logistics.”

World Trade Day 2018 SecurityRI.com

Our topic / focus will touch upon:

  • Security & Compliance Management
  • Complete IT / Risk Assessments
  • Cyber Security
  • Data Protection
  • and More

In closing, the goal of World Trade Day is to bring together experts and leaders to share knowledge, vision, and opportunities for growth and success within the global marketplace. That’s why SecurityRI.com has been invited to advise on the complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction.

If you have any questions regarding the event, please contact us or comment below.

Thank you.

0
Read More

Penetration Testing vs. Vulnerability Assessment: What’s the Difference?

February 27, 2018
Penetration Testing

Penetration Testing and Vulnerability Scanning are often confused as the same service. The problem is, they have their differences and are not the same. Let me explain how they differ:

Vulnerability Assessment

Vulnerability Assessment is an inspection of the potential points of exploit on a computer or network to identify security holes.

A vulnerability scan detects and classifies system weaknesses in computers, networks, communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provider, possibly as a condition imposed by some authority. The vulnerability scan involves the use of automated network security scanning tools, whose results are listed in the report. As findings reflected in a vulnerability assessment report are not backed by an attempt to exploit them, some of them may be false positives.

Client Note: A solid vulnerability assessment report should contain the title, the description and the severity (high, medium or low) of each vulnerability uncovered. A mash of critical and non-critical security weaknesses would be quite puzzling, as you wouldn’t know which vulnerability to patch first.

Penetration Testing

In contrast to vulnerability scanning, penetration testing involves identifying vulnerabilities in a particular network and attempting to exploit them to penetrate into the system.

The purpose of penetration testing is to determine whether a detected vulnerability is genuine. If a pentester manages to exploit a potentially vulnerable spot, he or she considers it genuine and reflects it in the report. The report can also show unexploitable vulnerabilities as theoretical findings. Don’t confuse these theoretical findings with false-positives. Theoretical vulnerabilities threaten the network but it’s a bad idea to exploit them as this will lead to DoS.

Client Note: At the initial stage, a reputable provider of penetration testing services will use automated tools sparingly. Practice shows that a comprehensive penetration testing should be mostly manual.

During the exploiting stage, a pen-tester tries to harm the customer’s network (takes down a server or installs malicious software on it, gets unauthorized access to the system, etc.). Vulnerability assessment doesn’t include this step.

Penetration testing vs. vulnerability assessment at a glance

Which lays bare the differences between the two techniques:

How often to perform the service?

Vulnerability assessment: Once a month. Plus an additional testing after changes in the network.

Penetration testing: Once a year, at the least

What’s in the report?

Vulnerability assessment: A comprehensive list of vulnerabilities, which may include false positives.

Penetration testing: A “call to action” document. It list the vulnerabilities that were successfully exploited.

Who performs the service?

Vulnerability assessment: In-house security staff or a third-party vendor.

Penetration testing: A provider of penetration testing services.

What’s the value of the service?

Vulnerability assessment: Uncovers a wide range of possible vulnerabilities

Penetration testing: Shows exploitable vulnerabilities.

The choice of vendor

The differences between vulnerability assessment and penetration testing show that both information security services are worth taking on board to keep your network & computer infrastructure safe. Vulnerability assessment is good for security maintenance, while penetration testing discovers real security weaknesses.

It’s possible to take advantage of both services only if you contract a high-quality vendor, who understands and, most importantly – translates to the customer the difference between penetration testing and vulnerability assessment. Thus, in penetration testing, a good vendor combines automation with manual work and doesn’t provide false positives in the report. At the same time, in vulnerability assessment, the vendor uncovers a wide range of possible network vulnerabilities and reports them according to the customer’s business.

0
Read More
Reduce Human Error in your business

Human Error: Understand the IT Threat

December 12, 2017
Security Best Practices for Businesses

With over 90% of all cyber security breaches due to human error, it’s safe to say that mistakes in the workplace are more than costly. So what mishaps are your end users making, and what exactly are the repercussions to your organization? 

 

Many of the successful security attacks from external attackers who are preying on human weakness, waiting patiently for employees to be lured into providing access to sensitive information. Their human errors can be incredibly costly, especially since the insiders involved have access to a host of sensitive data.

One of the greatest impacts of a successful security breach is the exposure of this kind of information, loss of intellectual property and the infection of malware.

The Threat of Human Error

 

One of the most common mistakes made by employees, is sending sensitive documents to unintended recipients. This is relatively easy to solve when deploying security controls to monitor sensitive information being leaked from your organization.

These controls were once considered complex to deploy, but have now been made considerably easier to implement by vendors in recent years. This has dramatically reduced the level of user involvement required and increased the use of such controls.

These tools can also:

  • Prevent users from engaging in inappropriate behavior
  • Eliminate sending documents home via email, placing them on file-sharing sites or removable media such as USB sticks

See how the growing culture of bring-your-own-device (BYOD) exposes additional major concerns, especially with the risk of lost or stolen mobile devices. Again, technology vendors are available to help companies control what happens to data stored on such devices, even allowing sensitive data to be remotely wiped – so that it doesn’t fall into the wrong hands.

Even the most trusted and highly skilled employees run major risks of human error. System and network administrators are commonly guilty of incorrect system configurations, poor patch management practices and the use of default names and passwords. There are numerous security controls that organizations can explore to guard against these types of threats.

0
Read More
SecurityRI.com Cyber Security

THE SEVEN PITFALLS OF CYBER SECURITY

October 30, 2017
Cyber Security

Based directly on IBM / Ponemon research, the following represent the top seven cyber security pitfalls that are opening US businesses up to massive financial liabilities, with the potential for something as serious as an extinction event.

  1. INCONSISTENCY

IN ENFORCING SECURITY POLICIES

A security policy is clearly worthless unless it is correctly enforced, and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.

  1. NEGLIGENCE

IN THE APPROACH TO USER SECURITY AWARENESS TRAINING

Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee on-boarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing.

  1. SHORTSIGHTEDNESS

    IN THE APPLICATION OF CYBER SECURITY TECHNOLOGIES

    Six of the nine most typical cyber security technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems).

  1. COMPLACENCY

 AROUND VULNERABILITY REPORTING

Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.

  1. INFLEXIBILITY

 IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH

Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started considering new technology, while 14% purposefully did nothing.

  1. STAGNATION

 IN APPLICATION OF KEY PREVENTION TECHNIQUES

Only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.

  1. LETHARGY

 AROUND DETECTION AND RESPONSE

Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, of the 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing

The survey shows that:

  • Detection times have grown for 40%
  • Response times have grown for 44%
  • Resolution times have grown for 46%

So, in hard commercial terms, what does this vulnerability cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications? In the “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and Ponemon calculated a standard cost per lost or stolen record of USD $158. This calculation included direct expenses (e.g. engaging forensic experts, outsourcing hotline support, and customer relationship remedial costs such as discounts on products and services) and indirect costs (in-house investigations and internal communications). It also extrapolated typical values of lost customers and the impact of brand damage on future customer acquisition.

  SMB Enterprise
Average number of records held 482 5,946
Average cost per lost / stolen records (IBM/Ponemon statistics) $158 $939,444
Average number of breaches suffered in 12 months 0.32 1.05
Typical yearly cost of data breaches to a generic SMB/Enterprise $24,465 $983,139
 

In closing, cyber security should not be taken lightly. Companies should invest in their IT infrastructure, while setting strict cyber security test dates. Also, user training can go a long way – seeing how “human error” causes majority of cyber breaches. If you have any questions, please feel free to contact us 24/7/365.

0
Read More
Quick Links
Services
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
14 Holly Lane - Westport MA 02790

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365