Applied

The Cost of Ransomware

Posted on

Ransomware is particularly insidious. Prior to the rise of ransomware, criminals focused on the attacking the confidentiality of data with large data breaches that compromised personal data like financial and health data. Fortunately for victims, those records are hard to commoditize with credit card numbers selling for mere pennies on the dark web. Ransomware instead […]

Applied

Use a Password Manager!

Posted on

Given that BuboWerks aims to provide more support for small organisations than most information security consultancies, we would like to put out a primer of what security controls most small organizations should use. Chief among those recommendations will be, “Use a password manager!” Recently, Stuart Schechter put out a great piece cautioning against such advice. […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]

Technology

Value of Bro

Posted on

One of our partners recently asked me what I thought of Bro — was it something I would recommend setting up for one of his clients? If you’ve used Bro before, this is probably a no-brainer, but for many folks — even ones with deep infosec experience — Bro can be a little confusing. In […]