onShore Security

Because Security Gives Us Freedom.

Blog

 

Senior Security Consultant Joins onShore Security

New Hire Comes as onShore Security Adds New Offerings for Small & Mid-Sized Businesses

Senior Security Consultant Joins onShore Security George Quinlan has joined Chicago-based onShore Security as a Senior Security Consultant, bringing more than 26 years of security, GRC, IT infrastructure, network security, and engineering experience to our portfolio of cyberdefense and governance services. The addition of Quinlan to our Cybersecurity Leadership Team comes as onShore completes the reorganization of our security solutions to allow businesses of all sizes to benefit from a deep and comprehensive security portfolio typically unavailable to all but the largest enterprises.

A Cybersecurity Audit Just for Banks

“The National Bank of Blacksburg lost $2.4 million to Russian hackers and its insurer only wants to reimburse it $50,000, according to a lawsuit the bank filed in U.S. District Court in Roanoke,” stated The Roanoke Times on July 26, 2018.

How could they have protected their assets more effectively? What gaps do they still have with their cybersecurity? Unless they conduct a cybersecurity audit, gaps may still exist that could be exploited with fraudulent transactions and ransomware.

Videoblog: Does Your Cyber Security Team Work with Banks?

After tricking employees into opening emails that gave them access to debit card account numbers at National Bankshares of Blacksburg, Virginia, Russian hackers stole $2.4 million from hundreds of ATMS across the country in 2016 and 2017, news accounts say.

To make matters worse, the bank’s insurer has offered only $50,000 to cover the loss, a dispute that is now in federal court.

Taking your insurance company to court is one way to reduce your cyber security losses. A better way is to arm yourself against such losses in the first place. At onShore Security, we have 20 years experience in protecting banks from cyber intrusions and a comprehensive system of detection, analysis, and ongoing vigilance that builds security, inside and out. Learn more from our CEO in the video below.

Are Cyber Insurance Policies Being “Spoofed” by Recent Computer Fraud Decisions? – Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Are Cyber Insurance Policies Being “Spoofed” by Recent Computer Fraud Decisions? - Guest Blog

Courts have generally defined “spoofing” as “the practice of disguising a commercial e-mail to make the e-mail appear to come from an address from which it did not originate. Spoofing involves placing in the ‘from’ or ‘reply-to’ lines, or in other portions of e-mail messages, an email address other than the actual sender’s address, without the consent or authorization of the user of the e-mail address whose address is spoofed.”

DDOS Protection

DDOS Protection

A question we’ve been asked recently is why an IPS isn’t sufficient to protect a financial institution (or any organization) from a DDOS attack. The explanation is quite simple, with an understanding of what a DDOS attack is and what an IPS is and does.

Videoblog: VPNFilter Malware

Recently, it was revealed that more than 500,000 routers in 54 countries were infected with the VPNFilter malware. VPNFilter has new capabilities, including the ability to perform an active man-in-the-middle attack. In our latest videoblog, Stel discusses the network detection that is necessary to protect your business from this attack.

Securing Personal Information: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Hogan Injury.

Technology has come a long way. The advancement of technology has paved the way for much more development in the fields of medicine, transportation, economics, finance, and many more. Along with the multitude of benefits that came with the rapid growth of technology came some issues, one of which is cybersecurity.

How to Meet the GDPR Deadline Next Week: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Discussions on privacy laws have taken front and center in recent weeks as European Union (EU) member states begin enforcing the General Data Protection Regulation (“GDPR”) on May 25, 2018.  As we have been discussing for a while, there is confusion as data collectors try to figure out the impact of this legislation.  There is no question that large, multi-national corporations will have to comply and many of these corporations are already in compliance.  However, with this deadline just around the corner, smaller companies that do not actively target EU residents are struggling with how this legislation impacts them.

onShore Managed Security Services Profiled in CEOCFO Magazine

The following interview is reprinted with permission by CEOCFO Magazine.

Click here to read the interview at CEOCFO Magazine.

Managed Security Provider onShore Security is using a Panoptic Approach to revolutionize Cyberdefence, Governance, Risk and Compliance

Stel Valavanis
CEO
onShore Security

Interview conducted by: Lynn Fosse, Senior Editor, CEOCFO Magazine
Published – May 7, 2018

CEOCFO: Mr. Valavanis, according to the onShore Security website, your mission is to protect the freedom of information by revolutionizing cyber defense and governance. How are you doing that?

Mr. Valavanis: We have been developing our own security detection and event management platform since about 2004. We have been doing cyber security since 1998 or 1999. In 2004, we started building a tool set that we continue to develop today and our approach is what stands out in the industry and that is the Panoptic Cyberdefense approach as we call it, which is about seeing as many different points on the network and lots and lots of disparate data. Most of our competition just looks at the edge, just look at network traffic going through a firewall. We take a much more holistic approach. We are not alone but it is definitely at the cutting-edge of the industry and that is what we mean when we say we are revolutionizing it. This is an ongoing effort so tomorrow what revolutionizing means is different from what it means today and different from what it meant yesterday.

Uber Takes Issue with Municipal Cyber Security Regulations

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Uber Claims Municipal Cyber Security Regulations Run Over State Attorney General’s Authority

Uber Takes Issue with Municipal Cyber Security Regulations
“Data collectors have been struggling with the fact that they may be storing data that is subject to various local, state, and federal laws and regulations. Not to mention the fact that data collectors will soon need to also make sure they are complying with international regulations when necessary. (European Union (EU) member states will begin enforcement of the General Data Protection Regulation (“GDPR”) on May 25, 2018.)

Women In Cybersecurity (WiCyS) 2018 Conference Debrief

onShore Security’s Caron Grantham attended the WiCyS conference recently. We asked her to reflect on her experience:

” I was enthusiastic about attending the fifth annual WiCyS (Women In Cybersecurity) 2018 Conference that took place in Chicago on March 23rd through the 24th.

The conference environment was very well organized and attended by hundreds of women. While the majority of the participants were undergrad or graduate students seeking to break into the broad field of cybersecurity, there were several working professionals like myself in attendance.

Learn How the Segregation of Duties Minimizes Cyber Security Risk

Segregation of Duties

Segregation of duties, and specifically segregation of cybersecurity management duties, is a practice that helps mitigate risks that integrated IT/security staffing can fail to reduce or even enable in the first place. The concept of segregating duties as risk management is already in place in some areas in financial institutions. For example, the chief lending officer would not be the person approving loans, nor would one person alone be in charge of outgoing wires. This practice can and should be extended into a financial institution’s cybersecurity operations, but it is common in IT to see one person responsible for both setting up and monitoring the email system or to be responsible for both the network and penetration testing.

What They Should’ve Done Before the Breach: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Here It Is: The Decision That Tells Data Collectors Exactly What They Should Have Known Before They Had A Breach

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’”

Employee Data Breach Class Action Lawsuit: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Illinois Class Action Suit Highlights Issues When An Employer Allegedly Breaches Employee Data

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’”

How to Assess Third-Party Vendor Risk: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Third Party Trust.

Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting and when it comes to vendor risk management, it is not as straight forward as you might think. Let’s take a deeper look into what Guy Dulberger of Ritchie Bros. has to say about the key metrics to track when assessing vendor risk and how a risk-based approach is the new norm for vendor risk management.

Cyber Security Myth: More Alerts Doesn’t Mean More Security

onShore Security’s Chris Johnson wrote in his entry for MSPblog about a common misconception in cybersecurity. “Many people assume that technology should be doing all of the work when it comes to security (i.e. more alerts = less risk). While technology is a vital part of a robust security posture, it shouldn’t stand on its own. Essentially, blinking lights and shiny objects don’t make you more secure, nor should it be what you base your security service offerings on.” Click here to read the full blog post.  Contact us to learn more about managed security services

onShore’s Ryan Thoryk demonstrates Meltdown

Spectre and Meltdown are a pair of newly discovered cyber attacks that “exploit critical vulnerabilities in modern processors”. These programs, which can attack PCs, mobile devices, and even cloud-based machines, seek sensitive data in the memory of other running programs. In particular, Meltdown penetrates the barrier between user applications and the operating system, allowing a program (the exploit, in this case) to access the memory of other programs, including the OS. Software patches against Meltdown and Spectre have been developed, but are reported to be buggy and could potentially cause problems.

1 3 4 5 6

312-850-5200

216 W. Jackson Blvd.
Chicago, IL 60606

info@onShore.com