Articles by category

How one client found out their cybersecurity tools failed them

Recently, a large organization with many locations decided to take us up on our free 30-day trial to see if we would find anything their current cybersecurity stack missed. While they were interested in our Managed Detection and Response (MDR) service, they didn’t expect us to find anything. The plan was to install our agent on various systems in multiple [...]

By |January 17, 2022|Categories: Blog|

The Log4j vulnerability and why patches aren’t enough

You may have read recently about Apache’s Log4j vulnerability impacting vendors such as Microsoft, Cisco, IBM, Amazon Web Services, VMware, ConnectWise, Fortinet, and even the US and Canadian governments. After a thorough review, we confirm that none of our products and services, including the software agents and web portals, utilize Log4j. Thus, we are not vulnerable to the recently disclosed [...]

By |December 15, 2021|Categories: Blog, News|

Cybersecurity Acronym Soup

LinkedIn presents an endless list of concerns and complaints about the ongoing evolution of cybersecurity acronyms. But, to be honest, new acronyms do little to highlight a solution's function. Take XDR, its function is as clear as mud. To shed some light on the alphabet soup of acronyms, I put together a list of solutions, their objectives, and their [...]

By |October 19, 2021|Categories: Blog|

Cybersecurity for remote workers (infographic)

      Infographic Transcription: Cybersecurity for remote workers TAKE CYBERSECURITY HOME WITH YOU More people are now working remotely than at any other point in history. But, if remote workers aren’t following security best practices, the whole organization is at risk. 47% of Canadians work 2.5 days per week or more. What can you do?  Be wary of public [...]

By |October 14, 2021|Categories: Blog|

How MDR Improves Your Managed Service Business’ Bottom Line

Managed Detection and Response (MDR) solutions improve a managed service business’s bottom line by reducing the risk associated with cyber attacks. Cost of Risk vs Cost of MDR It seems like every week that the team at CYDEF posts about the increasing frequency and severity of cyber-attacks. That’s because these intrusions have become a daily occurrence, and something we have [...]

By |September 1, 2021|Categories: Blog, Business|Tags: , , , |

Data Breaches and How to Prevent Them

Data breaches occur when a cyber attacker illegally accesses confidential information. Investing in cybersecurity awareness training and a detection response solution is the best prevention against a data breach. What Is a Data Breach? A data breach occurs when an unauthorized party accesses private data. Data breaches are most often intentional and part of a campaign by cybercriminals who work [...]

By |August 25, 2021|Categories: Blog, Business|Tags: , , , , |

Handling Ransomware Attacks to Minimize Disaster

Ransomware attacks take place in two phases: access development, then monetization. Stopping cyber attacks while they are still intrusions, and not ransomed data, can prevent data privacy disasters.  Cyber Crime Requires a Division of Labor Cyber attackers take a specialized approach to ransomware development. First, the attacker develops access to a target. Second, the attacker passes the access to ransomware [...]

By |August 16, 2021|Categories: Blog, Technical|Tags: , , |

SOC 2: What Is It and Why Should You Care

SOC 2 is a reporting standard used to assess a business’ internal controls related to Information Technology. It is based around the Trust Principles of Security, Availability, Integrity of processing, Confidentiality and Privacy.  What is SOC 2?  SOC 2 is short for Service Organisation Controls.  These controls help businesses that outsource IT to understand the policies, procedures and processes that cloud service providers use in their solutions.   Why Does SOC [...]

By |August 11, 2021|Categories: Blog, Business|Tags: , , , |

CYDEF’s Approach to a Secure Software Development Life Cycle 

A Secure Software Development Life Cycle (SSDLC) is a collection of best practices that provides added security checks to the standard software development life cycle. It’s a crucial part of CYDEF’s development process and a core element of our solutions.  Security is Essential at All Stages of Development  At CYDEF, security is foundational to the entire organization and especially to its software development life cycle. As a result, security is baked into every phase of development, starting with requirements and ending with complete verification.  From day one, CYDEF’s Chief Technology Officer, Tiago de Jesus, has insisted [...]

By |August 5, 2021|Categories: Blog, Business|Tags: , , |

Cyber Threat Research: Nuclear Power Plant Cyber Attack

In early September 2019, the Kudankulam Nuclear Power Plant in Tamil Nadu,  India suffered a cyber intrusion. On September 3, a local security expert and former member of the Indian signals intelligence agency received a tip that there had been a malware attack and informed the Indian CERT on September 4. Mission Critical Systems Effected by Cyberattack The attack was [...]

By |July 28, 2021|Categories: Blog, Technical|Tags: , , |

Cybersecurity: The Need To Find Common Ground

According to Colonial Pipeline CEO Tim Felt, paying ransom for the return of his company’s data was the hardest thing he had to do. However, the ransom represented less than two days of revenue, based on $1.3B generated by Colonial Pipeline in 2020.   Unmanaged System Leaves Colonial Exposed  The source of the breach was a virtual private network (VPN) account for a system that was supposedly no longer in use. Unfortunately, the VPN was [...]

By |July 27, 2021|Categories: Blog, Business|Tags: , , |

5 Reasons Technological Debt Increases the Risk of Cyber Attack

Failing to keep software and hardware up-to-date can put your business at risk for cyber attacks. The following issues frequently leave businesses exposed to cyber threats and vulnerabilities. The Culprits Behind Technological Debt Most technological debt is unintentional, the by-product of efforts to save money and resources. This focus inadvertently derails cybersecurity by shifting resources away from critical infrastructure and [...]

By |July 21, 2021|Categories: Blog, Business|Tags: , , |
Go to Top