Month: July 2020

  • What to Expect When You’re Expecting a (Raxis) Penetration Test

    What to Expect When You’re Expecting a (Raxis) Penetration Test

    I made this video to help you understand a little better how Raxis works, and specifically what happens once you engage us. I hope it allays some of your concerns about penetration testing.

    There’s no reason to fear a pen test. Seriously. After all, it’s just a simulated cyberattack, one that you authorize and allow. Yet some CEOs, CIOs, and CISOs are hesitant to allow this ethical hacking for fear that the bad guys will somehow use it against them, that it will cause security issues, or that it will make them look bad. In fact, it’s just the opposite – especially if you choose to engage Raxis.

    We get it, though. It’s natural to be cautious, and it’s prudent to want to know more about the people you’re working with, especially when granting access to your company’s most sensitive data. Whether you choose to work with Raxis or any other firm, we recommend you ask (and answer) plenty of questions up front. You want to know the company has the right experience to offer a range of high-quality services. One size definitely does not fit all. The firm you select should speak to you in advance to understand your specific needs and expectations . . . and then design and deliver the type of test, training, and follow-up that best protects you and makes you more resilient.

    The Raxis team has some of the industry’s most advanced certifications, but we don’t intimidate our customers or hide anything from them. We believe knowledge empowers our clients, and we share it freely. Whether you use us or someone else, penetration testing is a critical part of your corporate cybersecurity strategy that you should not put off or bypass.

    As you can see, we welcome your questions and concerns during every phase of our process. We conclude our pen tests with an executive summary for management and detailed findings and screenshots that can serve as a to-do list for your internal teams.  

    Raxis stands by our processes, our team, and our word. Now it’s up to you to perform due diligence and research the expertise and deliverables of any cybersecurity company you’re considering. Follow us on this blog or social media, read more about our pen testing experience, or contact us directly to learn more about why some of America’s corporations (and small businesses) choose to work with us.

  • Securing the Internet of Things

    Securing the Internet of Things

    The term “Internet of Things” is almost redundant now. If it’s a “thing” that has more than one setting, odds are it is or can be online. Whether or not you need remote access to your toaster oven is a question for another day, but it is an option

    Here’s the problem: As the Raxis team proves on a near-daily basis, anything that’s connected can be hacked. It’s not that someone’s going to overcook your morning bagel as a prank (although that would be a good one). Instead, it’s that uncontrolled access to any device can give a bad guy a way into your network (and maybe all your devices) if you’re not careful.

    The good news is that there are some simple safeguards you can take to protect your smart devices, and our new Securing the Internet of Things series will take you through them.

    Scottie Cole, senior penetration tester, is kicking things off with the quick video above about securing your home thermostat or corporate HVAC system. I encourage you to watch and to follow Scottie’s advice. Better to take a few minutes now than take a big loss later.

    PS – We’ll do a video on protecting your smart toaster . . . as soon as we find someone who owns one.

  • When There’s More than Money on the Line

    When There’s More than Money on the Line

    In our line of work, reading about the latest cybersecurity breach instinctively raises the questions of how many records were lost or how much money did it cost to recover. Hackers are most always after the big payoff, either directly or indirectly, so we’re conditioned to think mainly in terms of economic losses, privacy issues, or damage to a company’s reputation. However, as more and more devices are connected to the Internet, the stakes can be much higher.

    Computer Weekly reported in June that cyberattacks against healthcare facilities had increased 15-fold between January and March of 2020 — coinciding with the COVID-19 outbreak. Think about that for a second. With our hospitals and medical personnel facing a global pandemic with overburdened resources, the bad guys seized the opportunity to ramp up their attacks. Not only hospitals, but the US Department of Health and Human Services (HHS) and the World Health Organization (WHO) were targets as well.

    Although we at Raxis enjoy our jobs, we never forget the true nature of the people we’re trying to stop. And we always remember the hard-working people we’re trying to help.

    One such person is my friend, Judy Chang, a senior nurse in a local hospital’s neonatal intensive care unit (NICU). As I thought about the potential impacts of a major health care breach, I thought it might be a good idea to introduce Judy to our friends and readers, so I set up a conversation with this front-line hero who works with some of the most vulnerable patients anywhere — the newborn babies who need intensive care in the first hours and days of their lives.

    I encourage you to watch the interview and hear Judy describe her work to help these struggling infants. As you do, consider the impacts of a cyber breach that impacts her team and the sensitive equipment they rely on. As much as I enjoy my work, her story helps me remember that cybersecurity doesn’t just protect networks — it also protects innocent lives.

  • Understanding the Why Behind Password Management

    Understanding the Why Behind Password Management

    In this video, Brian will help you understand password management from the viewpoint of a hacker. It’s more than a how-to; it’s also a why-to. We’re hopeful that by seeing a little of what we see, you’ll make password management a high priority for your company.

    Despite years of warning, cajoling, and even begging by security professionals, password mismanagement is still one of the most reliable (and one of our favorite) ways to breach a company network. This week, our chief technology officer, Brian Tant, continues his video series about the most common vulnerabilities we see during hundreds of penetration tests each year.

    Remember: Complex passwords, unique to each account, and changed frequently are keys to effective password management and security. Also remember to check your service accounts and make sure that old passwords aren’t lingering on your devices.

    Effective cybersecurity is a matter of behavior as much as it is technology. Let’s make strong password management a habit that catches on. 

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.