Insights

At Critical Path Security, we spend quite a bit of time performing research on threats against the public and government sectors.  Much of that research leads us to discover that missing patches and default credentials far surpass any other mechanism used to breach an environment. In a typical Penetration Testing engagement, we will compromise several assets on the network using default credentials in well under 2 minutes.  Often, this leads to a total breach of the environment. Malware can spread much faster. The attack on the Creech Air Force Base in Clark County, Nevada was another example of those attacks.  This time, the default credentials for a Netgear router (admin/password) granted access to a military network with classified information. To be more specific, the manuals and information about the airman assigned to the base’s Reaper maintenance unit were siphoned and placed on the dark web for sale. The gravity of the…

CalCPA Entertainment Conference 2018 was an amazing event, full of helpful advice regarding Alternative Investments (Cryptocurrency) and protecting from “Acts of God”. Finally, our favorite topic came up… Cybersecurity. As many great points were brought up during our panel, we thought we’d generate a quick list of tips offered to attendees. Tip #1 - You are a target of Cyber Criminals. Don't ever say "It won't happen to me". If your data is important to you, that’s all that matters. Criminals aren’t looking for a market to sell your data in. They’ll just sell access back to you through ransomware. Tip #2 - Keep software up to date Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices. Most recent operating systems and mobile devices offer free updates. If you aren’t covered by formal internal support, reach out. Tip #3…

Critical Path Security is excited to announce that Patrick Kelley be speaking at the California CPA Entertainment Industry Conference in June! PRACTICAL TIPS TO PROTECT YOURSELF, YOUR FAMILY, YOUR CLIENTS, AND YOUR BUSINESS FROM CYBER AND PHYSICAL THREATS IN TODAY’S WORLD Speakers will include: Anthony Davenport Avi Korein Patrick Kelley Kimberly Pease The panel of experts will provide relevant, easy to implement solutions that accountants can provide to clients and implement themselves. Often advice like this goes way beyond what someone would actually do. The panel will be covering simple solutions for cyber security for individuals and businesses, as well as physical security for high profile individuals. Come see us! http://conferences.calcpa.org/entertainment-industry-conference/

Photo courtesy of PCI PCI Security Standards Council published PCI DSS Version 3.2.1 with minor revision to the PCI Data Security Standard (PCI DSS), which businesses around the world use to safeguard payment card data before, during and after a purchase is made. PCI certification ensures the security of card data at your business through a set of requirements established by PCI. These include a number of commonly known best practices, such as: Installation of firewalls Removing default credentials Performing routine security assessments Encryption of data transmissions Use of anti-virus software The changes are defined as: MFA is now required for all non-console administrative access; an addition of one-time passwords as an alternative potential control for this scenario. After 30 June 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol. POS terminals  may continue using these as…