Cyber Intelligence
Weekly
View all editions of our weekly cyber security newsletter.
Roundtable: Beyond Checkboxes - Navigating Compliance and Security
Explore the crucial differences between compliance and security in this insightful roundtable with Echelon’s Paul Interval and A-LIGN’s Blaise Wabo. Learn how to move beyond checkboxes, address risks, and implement forward-thinking strategies to protect your organization.
Posted on Dec 05 / 2024
Cybersecurity Trends and Predictions for 2025: Expert Insights to Stay Ahead
Discover the key cybersecurity predictions for 2025 as industry experts explore the transformative role of AI, the critical importance of employee training, navigating compliance challenges, and strategies to counter evolving threats like ransomware and social engineering.
Posted on Dec 04 / 2024
New PAN-OS Vulnerability Exposed: Steps to Defend Your Network
Learn more about the critical vulnerability found recently in the PAN-OS management interface by the CISA.
Posted on Nov 21 / 2024
Hacking Boundaries: Travis’s Journey of Innovation, Leadership, and Cybersecurity Excellence
Discover Travis Weathers's inspiring journey from military service to Senior Director of Offensive Security at Echelon. From a surprising start in ethical hacking to becoming a leader in the cybersecurity field, TW’s story is one of determination, growth, and a passion for protecting both organizations and individuals.
Posted on Nov 20 / 2024
Best Practices for Role-Based Access Control (RBAC)
In today’s digital world, managing access is essential for security, efficiency, and compliance. Role-Based Access Control (RBAC) simplifies this by assigning roles and granting access based on those roles, rather than individual permissions. This ensures consistent, well-managed access across the organization, making RBAC one of the most effective security methods. In this article, we'll explore RBAC, its implementation challenges, and practical tips for maintaining an effective system as organizations scale.
Posted on Nov 13 / 2024
Echelon Selected as Finalist in Cybersecurity Category for Pittsburgh Technology Council's Prestigious Tech 50 Awards
Echelon is proud to announce its selection as a finalist in the Cybersecurity category at the Pittsburgh Technology Council's esteemed Tech 50 Awards. This honor recognizes Echelon’s key role in reducing cyber risks and enhancing digital security for organizations across Southwestern Pennsylvania's tech community.
Posted on Nov 11 / 2024
Echelon Welcomes Josh Fleming as Senior Manager of Risk Advisory and GRC Services, Leading Innovation in Cybersecurity and Risk Management
Posted on Nov 05 / 2024
Cybersecurity Myths vs. Facts: What You Need to Know
Join us this Cybersecurity Awareness Month to debunk myths and strengthen your defenses! Learn key truths about phishing, password security, and the importance of updates to protect your organization from digital threats.
Posted on Oct 31 / 2024
Inc. Names Echelon Risk + Cyber as a 2024 Power Partner Award Winner
Inc., the leading media brand and playbook for the entrepreneurs and business leaders shaping our future, announced its third annual Power Partner Awards. The prestigious list honors B2B organizations across the country that have proven track records supporting entrepreneurs and helping startups grow. This year’s list recognizes Echelon Risk + Cyber (Echelon) among 359 companies in marketing and advertising, health and wellness, financial services, legal, logistics, public relations, and productivity, as well as other critical areas of business.
Posted on Oct 29 / 2024
Comprehensive Guide: Mastering Third-Party Risk Management
In today's interconnected world, Third-Party Risk Management (TPRM) is essential for safeguarding your organization against cyber threats introduced by external partners. This guide explores the critical aspects of TPRM, providing a framework for identifying, assessing, and mitigating risks associated with third-party relationships.
Posted on Oct 16 / 2024
Protecting What Matters: Hernán’s Story of Purpose, Security and Service.
Hernán Lazarde, Senior Consultant for our Defensive Security services has proven to be a true advocate for proactive security and community support. With a sharp eye for identifying security gaps, he believes that preparation and swift action are essential for staying ahead of threats. His passion for service began in high school in Venezuela, where he learned that helping others fosters personal growth. Explore his journey and discover how his commitment extends beyond technology.
Posted on Oct 10 / 2024
Top 4 Things to Know About ISO/IEC 42001:2023 for Organizations New to the Standard
Discover the top 4 things to know about ISO/IEC 42001:2023 for organizations new to AI standards. Learn how this framework supports ethical AI development, risk management, and continuous improvement to ensure responsible AI governance.
Posted on Oct 09 / 2024
Expert Insights for Cybersecurity Awareness Month: Strategies to Enhance Protection
Discover expert strategies from Echelon to enhance your organization's cybersecurity during Cybersecurity Awareness Month. Learn about training enhancements, cyber exercise benefits, internal testing, and building a culture of awareness to strengthen cyber defenses.
Posted on Oct 01 / 2024
From Vulnerability Assessments to Red Teaming: Choosing the Right Cybersecurity Assessment
Choosing the right offensive cybersecurity service can be challenging, especially with options like red teaming, penetration testing, and vulnerability assessments that often appear overlapping. Each service, however, serves a distinct purpose and addresses different aspects of your security needs. To help you make an informed decision, let’s explore the differences between these services and how they align with your organization’s specific cybersecurity goals.
Posted on Sep 30 / 2024
Navigating the Cybersecurity Landscape: Travis Weathers Joins Echelon as Senior Director of Offensive Security
In today's rapidly evolving cybersecurity landscape, Echelon Risk + Cyber believes that privacy and security are basic human rights, driving growth and innovation to protect and uphold this fundamental purpose. This commitment is exemplified by their recent addition of industry veteran Travis Weathers as the Senior Director of Offensive Security. With a robust background in security and military service, Weathers brings a wealth of experience and a fresh perspective to Echelon's mission of providing comprehensive security solutions.
Posted on Sep 26 / 2024
Network Vulnerability Basics: Securing Every Layer of the OSI Model
The OSI Model, or Open Systems Interconnection Model, is a way to break down how networked devices communicate into seven layers. It was developed in the late ‘70s and published by the International Organization for Standardization (ISO) in 1984. This article details the vulnerabilities and recommended remediations of each layer of the OSI model. It will be helpful for anyone just starting their cybersecurity career, as well as a refresher for our long timers.
Posted on Sep 25 / 2024
How to Strengthen Your Cybersecurity Posture: Key Takeaways from CISA's 2023 Vulnerability Report
Discover essential strategies for strengthening your cybersecurity defenses based on the key insights from CISA's 2023 Vulnerability Report. Learn how to combat phishing, prevent lateral movement, secure credentials, and enhance incident response to protect your business from evolving cyber threats.
Posted on Sep 24 / 2024
Cybersecurity Offensive Service Comparison: Assessment, Testing, and Red Teaming
Organizations often face confusion when selecting offensive cybersecurity services. Vulnerability Assessment, Penetration Testing, and Red Teaming are essential but serve different purposes. At Echelon Risk + Cyber, we frequently encounter this confusion, so we’re here to break down each service and clarify which might be the best fit for your organization.
Posted on Sep 23 / 2024
Navigating Cybersecurity and the World: A Journey of Growth and Mentorship
Shir Butbul, Senior Consultant for vCISO services, has made an extraordinary impact at Echelon since joining the team. Starting her career in GRC (Governance, Risk, and Compliance), Shir has continually expanded her leadership and soft skills, culminating in co-founding the Women in Cyber employee resource group. This initiative reflects her dedication to mentoring and uplifting the next generation of women in cybersecurity. Shir’s passion for continuous learning extends beyond Echelon RiIsk + Cyber, as she frequently shares her expertise at industry conferences, encouraging curiosity and proactivity in others. Join us as we dive into her inspiring journey.
Posted on Sep 18 / 2024
Comprehensive Guide: Maximizing Cybersecurity with vCISO-Led Security Teams
Written by Echelon’s Cybersecurity Associate, John Hurd, our guide, "Maximizing Cybersecurity with vCISO-Led Security Teams" dives deep into the potential pitfalls and offers strategic insights to help you safeguard your organization.
Posted on Sep 11 / 2024
Summer Wrap-Up: Intern Experiences at Echelon Risk + Cyber
Let's reflects on the transformative internship experience at Echelon Risk + Cyber, highlighting the journeys of interns Drew Foley, Cole LaCamera, Pamela Sanchez, and Niko Raketich. Each intern shares their insights gained through hands-on exposure to various aspects of cybersecurity, from vCISO services to compliance assessments and marketing. The program not only nurtures talent but also infuses the company with fresh perspectives, illustrating the profound impact of a supportive learning environment. A heartfelt thank you is extended to all interns for their valuable contributions this summer.
Posted on Aug 29 / 2024
Echelon Risk + Cyber is excited to welcome David Faraone as a new partner.
David brings extensive experience in cybersecurity and risk management, enhancing Echelon's ability to deliver innovative solutions and expert guidance. His addition to the team is expected to strengthen Echelon's position in the industry and further drive its mission to protect clients from evolving cyber threats.
Posted on Aug 26 / 2024
From All-American Rower to Sales Dynamo: Launa Rich's Inspiring Journey
In the ever-evolving world of cybersecurity and sales, Launa Rich, Echelon Risk + Cyber’s Client Solutions Manager, emerges as a beacon of perseverance and innovation. Her story is not just about expertise but about an extraordinary journey from the rowing waters of academia to the bustling corridors of high-stakes sales. With a narrative steeped in resilience, adaptability, and a deep commitment to community, Launa's transition paints a vivid picture of personal growth and professional triumphs. Join us as we delve into her inspiring path to Echelon, offering insights and reflections that highlight the essence of overcoming challenges and achieving success.
Posted on Aug 26 / 2024
Inside BSides Mexico City 2024
The origin of BSides goes back to 2009, when a group of cybersecurity professionals recognized the need for community in the field, of a place to share knowledge and ideas. It began as an alternative to popular cybersecurity conferences, putting emphasis on openness, accessibility, and collaboration. The concept was well received, leading to the establishment of BSides chapters worldwide.In this occasion, the Echelon Risk + Cyber’s Mexico team had the opportunity to attend BSides 2024 in Mexico City. This year’s event continued the tradition of providing an open space for discussing the latest trends and challenges in the cybersecurity field. We will explore the highlights and key takeaways from this event, offering a detailed overview and the most significant moments.
Posted on Aug 21 / 2024
The Business Case for Investing in Cybersecurity Compliance
The idea that cybersecurity compliance is a financial obstacle is a dangerous misconception. Having robust cybersecurity compliance is more than just checking the box on compliance. It is a strategic investment that can create significant returns for any organization, but for the investment to be successful, they must commit time and resources to it. Organizations that view compliance as an opportunity rather than just a box they must check, will have a competitive advantage against competitors. Customers are more likely to trust and engage with businesses that prioritize their data and privacy. Trust can then lead to increased customer acquisition and retention for any organization.
Posted on Aug 14 / 2024
Comprehensive Guide: The Security Risks of Generative AI
Written by Echelon’s Cybersecurity Associate, John Hurd, our guide, "The Security Risks of Generative AI," dives deep into the potential pitfalls and offers strategic insights to help you safeguard your organization.
Posted on Jul 24 / 2024
Enclave Excellence: Elevating Your CMMC 2.0 Compliance Game
The new CMMC 2.0 requirements can be overwhelming at first glance. By implementing an enclave, organizations can greatly lessen the efforts and costs associated with CMMC 2.0 compliance.
Posted on Jul 24 / 2024
Untangling the Privacy Alphabet: Privacy Risk Assessments
Posted on Jul 10 / 2024
The Remote Worker’s Guide to Building a Professional Cybersecurity Network
Posted on Jun 26 / 2024
WiCyS 2024 Conference Recap: Athena Smiles for Cybersecurity
WiCyS 2024 showcased the vital contributions of women in cybersecurity, featuring inspiring sessions and emphasizing the importance of community and mentorship. The conference encouraged more women to join and strengthen the cybersecurity domain.
Posted on Jun 19 / 2024
Packet Paranoia – Manipulating ICMP Packets to Covertly Exfil and Infil Data
Posted on Jun 11 / 2024
The Latest in FedRAMP Compliance: Breaking Down Red Teaming for Enhanced Security
FedRAMP announced a new red team requirement impacting cloud service providers. This article breaks down the details of the requirement and the difference between red teaming and pen testing.
Posted on Apr 18 / 2024
SEC’s Cybersecurity: Insights into the SEC's Recent Cybersecurity Disclosure Mandates
Discover insights into the recent SEC cybersecurity disclosure mandates, exploring the evolving intersection of finance and technology. Learn about critical updates, implications for the cybersecurity landscape, and the importance of compliance for companies and investors.
Posted on Apr 08 / 2024
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2024 Global Threat Landscape
Dive into CrowdStrike's 2024 Global Threat Report with insights from Daniela Villalobos and Mitchel Sykes. Understand the most important cyber threat trends and learn strategies to stay ahead by focusing on identity protection and cloud security while fostering a cybersecurity culture.
Posted on Mar 05 / 2024
Navigating the Top Cybersecurity Risks in 2024
In the rapidly evolving landscape of cybersecurity threats, organizations face an array of risks that demand proactive measures to safeguard sensitive data. This article emphasizes the importance of creating a robust risk register and outlines a four-step process to identify, assess, and manage potential risks effectively.
Posted on Feb 09 / 2024
2023's Top Picks: The 10 Must-Read Cybersecurity Articles Authored by Our Team
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2023.
Posted on Jan 02 / 2024
Is My Cyber Incident ‘Material’? 10 Questions to Ask to Determine SEC Cybersecurity Materiality
Understand the materiality of cyber incidents according to the Securities and Exchange Commission (SEC) rules. Explore 10 questions to assess the materiality of cybersecurity incidents.
Posted on Dec 16 / 2023
CISOs, Are You Doing Enough to Evaluate and Address Your Vendor Risk?
Is your organization's Vendor Risk Management strategy robust enough? This article explores the critical role of CISOs in assessing new vendors and monitoring existing ones to safeguard against data breaches and potential disruptions. Stay ahead in the evolving landscape of third-party threats and enhance your cybersecurity posture.
Posted on Dec 15 / 2023
The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness
Discover 7 essential steps for CISOs to bolster cybersecurity during the holiday season. Learn how to recognize and prepare for heightened cyber threats, including data-backed insights and attack-specific playbooks.
Posted on Dec 14 / 2023
A Six-Step Starter Guide for HIPAA Compliance
Embark on a journey to HIPAA compliance with Daniela Villalobos' comprehensive guide. Explore the six essential steps, understand HIPAA's importance, and discover how Drata's automation tool streamlines the process.
Posted on Nov 27 / 2023
NYDFS Second Amendment to 23NYCRR500: Changes and Updates to the Regulation
Explore the significant changes and updates introduced by the NYDFS Second Amendment to 23NYCRR500, impacting cybersecurity regulations for financial institutions. Erin Conway provides insights on critical amendments, timelines, and actions for compliance.
Posted on Nov 13 / 2023
The Language Revolution: Enhancing Cybersecurity with Large Language Models
In this article, Renata Uribe Sánchez explores the transformative impact of large language models (LLMs) in the field of cybersecurity. LLMs, particularly Transformers, are powerful tools within deep neural networks that can interpret and generate natural language, making them invaluable in various applications. The article discusses the benefits of integrating LLMs into cybersecurity, including advanced threat detection, phishing prevention, malware detection, and investigative data analysis. It also highlights the challenges associated with biases, AI-driven hacking, and data privacy.
Posted on Sep 18 / 2023
Hackin’ SaaS – Echelon’s Top 10 Web App Vulnerabilities
Echelon's Offensive Security (OffSec) team of ethical hackers conducts daily penetration tests on web applications, uncovering common vulnerabilities that threaten online security. In this article, we explore the top 10 web app vulnerabilities frequently encountered during penetration tests. From SQL injection to CORS misconfigurations, we'll delve into each vulnerability and discuss how to both exploit and safeguard against them.
Posted on Sep 13 / 2023
How to Attract and Retain Women in Cybersecurity
Discover effective strategies and insights to bridge the gender gap in the cybersecurity field with our senior cybersecurity consultant, Shir Butbul. Explore her findings, recruitment practices, mentorship programs, and more as we delve into the crucial mission of attracting and retaining women in cybersecurity. Learn from Shir's expertise and contribute to building a diverse and resilient cybersecurity workforce for a safer digital future.
Posted on Sep 07 / 2023
eLearnSecurity Web Application Penetration Tester (eWPT): Overview and How to Prepare for the Exam
Prepare for the eLearnSecurity Web Application Penetration Tester (eWPT) exam with this comprehensive guide. Learn about the exam format, prerequisites, and tips to pass the practical and written assessments. Acquire valuable web application penetration testing skills and enhance your professional profile.
Posted on Aug 01 / 2023
Network Pivoting and the eCPPT Exam
Learn about network pivoting techniques for the eCPPT exam and penetration testing. Understand the concept of pivoting, explore tools like Metasploit, Proxychains, SOCKS Proxy, Chisel, and Ligolo-ng, and discover the differences between reverse shells and bind shells.
Posted on Jul 05 / 2023
Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Here are our key takeaways from CrowdStrike's 2023 Global Threat Report. Discover the latest threat trends and explore recommendations for staying ahead of threats.
Posted on May 23 / 2023
Busting Myths about Microsoft 365 Security (Healthcare Edition)
Uncover the truth about Microsoft 365 security in healthcare organizations. Learn why myths about security tools, Microsoft's default settings, third-party filters, and HIPAA certification can leave your organization vulnerable.
Posted on May 23 / 2023
It’s Time for Healthcare to Focus on Vendor Risk Maturity
Cybersecurity breaches are on the rise for healthcare, with many coming through the supply chain. Here's practical advice on how to assess the maturity of a third-party risk management program and reduce the risk associated with vendors and business partners.
Posted on May 22 / 2023
Why Every Healthcare Organization Should Assess their Microsoft 365 Environment
Healthcare organizations should assess their Microsoft 365 environment to protect sensitive data and reduce cyber threats. Read on to learn more.
Posted on May 10 / 2023
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Learn how to locate and exploit Cross-Site Request Forgery (CSRF) vulnerabilities in modern web applications by understanding client-side and server-side code interactions, CSRF tokens, and SameSite cookie policies.
Posted on May 10 / 2023
To hire, or not to hire a CISO? That is the question. Or is it though?
Small to mid-sized businesses often wonder whether to hire a Chief Information Security Officer (CISO). This article examines the factors for SMBs to consider when deciding to hire a full-time or fractional CISO.
Posted on May 04 / 2023
Level-Up Your Testing with Adversarial-Based Red Teaming and the TIBER-EU Framework
Traditional penetration testing may not be enough to simulate real-world attack scenarios. Discover the benefits of adversarial-based red teaming with the TIBER-EU Framework to improve your organization's ability to detect, respond to, and mitigate sophisticated attacks.
Posted on Apr 27 / 2023
Cyber Definition Problems: Red Teaming vs. Penetration Testing
Cybersecurity terms like "red teaming" and "penetration testing" are often used interchangeably, leading to confusion and misinformation. This article explores the differences between these assessments and why the misuse of terms can be detrimental to the industry.
Posted on Apr 17 / 2023
The 5 Things I Learned About Consulting in My First 5 Months as a Consultant at Echelon Risk + Cyber
Six years into her professional career, Shir Butbul decided to make a career change and move into consulting after working as a GRC Lead for various companies. Here's what she has learned on her journey.
Posted on Apr 10 / 2023
Vulnerability Management: Minimizing Risks, Maximizing Security
A reactive approach to mitigating infrastructure vulnerabilities - or playing “vulnerability whack-a-mole” - is both unsustainable and ineffective. Here's how a formal vulnerability management program provides proactive, sustainable, and effective measures to defend against cyberattacks.
Posted on Mar 31 / 2023
Pen Testing is Not Enough – Red Team Assessments in Healthcare
Learn why pen testing alone isn't enough to secure healthcare organizations from cyber threats, and how red team assessments can help identify and mitigate vulnerabilities. Here's a comprehensive overview of red teaming and its importance in healthcare cybersecurity.
Posted on Mar 14 / 2023
eLearnSecurity Certified Professional Penetration Tester (eCPPT): Overview and How to Prepare for the Exam
Preparing for the eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam? Here are three experiences from the Echelon Offensive Security Team and tips on how to prepare.
Posted on Mar 06 / 2023
eJPTv2 Certification: Overview and How to Prepare for the Exam
The eJPTv2 certification is a globally recognized entry-level information security certification that validates practical penetration testing skills. Take a look at this article redacted by our Offsec team where they provide an overview of the certification and tips on how to prepare for the exam.
Posted on Feb 16 / 2023
Practical Strategies to Enhance Your Organization’s Information Security Awareness and Training Program
When it comes to cybersecurity, all organizations share a similar risk – the possibility of human error. When it comes to educating your people about cyber, one size does NOT fit all. Here are six strategies to mature your information security awareness and training program.
Posted on Feb 09 / 2023
Top 10 Cybersecurity Articles in 2022
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2022.
Posted on Dec 12 / 2022
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
ISO/IEC 27001:2022 – Your Guide to the Updates and How to Get (and Stay) Compliant
The highly anticipated ISO 27001:2022 updates modernize the standard to keep up with the evolving cyber landscape. Here's everything you need to know about the changes and how you can get (and stay) compliant.
Posted on Nov 11 / 2022
Bite-Sized Cyber Essentials: Network VPNs
Virtual Private Networks (VPNs) are often presented as the ultimate tool for privacy and anonymity. But this is a strong misconception. Using a VPN does not guarantee protection from location tracking, social and web profiling, and most importantly, using a VPN does not guarantee anonymity.
Posted on Nov 09 / 2022
Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application
Utility Cloud is an operations management software designed to help utilities such as water, wastewater, and natural gas digitally manage their assets and work orders. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Oct 21 / 2022
Bite-Sized Cyber Essentials: Multi-Factor Authentication
Multi-factor authentication (MFA) is the process of having more than one form of authentication to ensure that if one methods is compromised, an attacker is still unable to access the account.
Posted on Oct 12 / 2022
Bite-Sized Cyber Essentials: Password Practices and Password Managers
Passwords have not gone away yet. Although there may be new forms of logging in, such as biometric logins, passwords still ultimately serve as our master key to sign in. This means we need to take better care of how we create, use, and store our passwords.
Posted on Oct 12 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Posted on Aug 22 / 2022
RSA 2022 Recap: Our Main Takeaways
This year’s RSA 2022 event was centered around the theme of “Transform,” which is really on-point for the world we live in. Here are Paul Matvey's big takeaways from the event.
Posted on Jun 20 / 2022
Postcard from the 2022 PA Bankers Convention
Upon returning home from Scottsdale, AZ for the PA Bankers Convention of 2022, I had some time to reflect on my three key takeaways from my time spent amongst leaders in the great banking industry of Pennsylvania.
Posted on May 29 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
What the Lapsus$ Attacks Should Teach Us About Third-Party Insider Threat
The Lapsus$ attacks have helped companies realize that third-party vendors can be the 'weakest link' within their own organizations. This article summarizes what companies can learn (and do) to protect data.
Posted on Apr 11 / 2022
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?
Posted on Apr 06 / 2022
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2022 Global Threat Landscape
The year 2021 brought about some serious cyber challenges. This article summarizes key takeaways from CrowdStrike's Global Threat Landscape report, provides a breakdown of the five 2021 themes, and gives our take on seven recommendations that resonate most with us.
Posted on Apr 01 / 2022
The Countdown Begins for Financial Institutions Using FedLine Solutions
In January 2021, the Federal Reserve Banks implemented the Security and Resiliency Assurance Program outlining new compliance requirements for banks that use FedLine® by the end of 2022. This article outlines everything you need to know about this new program.
Posted on Mar 23 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
Maturing Your IAM Program: Role-Based Access Control (RBAC)
Role Based Access Control (RBAC) has become the holy grail of access management. So why isn't everyone using it? Here are a few tips on how to strategically approach your RBAC adoption journey.
Posted on Mar 16 / 2022
The Countdown is On: New Cyber Incident Reporting Requirements for Banks
Lawmakers have argued about mandatory cyber incident reporting for years, but it has never gained the traction needed to become widespread law. For those in the banking industry, this is all about to change.
Posted on Mar 02 / 2022
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Partnership Delivers Best-in-Class Solutions and Services to Help Companies Stop Breaches and Achieve a Higher Level of Endpoint Protection
Posted on Feb 28 / 2022
Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
As an organization that stores sensitive medical data, MetaOptima is focused on investing in their security posture. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Feb 22 / 2022
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Continuous Penetration Testing: Shattering the Hourglass
Threats are continuously evolving - your pen testing should too. As attackers constantly find new vulnerabilities to exploit, a continuous penetration testing approach persistently emulates threat actor activity within a company’s unique environment, helping them stay secure over time.
Posted on Jan 31 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
CMMC 2.0 - Three Big Reasons to Start the Compliance Process Now
The DoD’s Cybersecurity Maturity Model Certification (CMMC) framework is changing, but there are many advantages to beginning your compliance journey now rather than later.
Posted on Jan 13 / 2022
Top 10 Cybersecurity Articles in 2021
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2021.
Posted on Dec 20 / 2021
Log4shell: How Attackers are (Currently) Breaking the Internet, and How to Mitigate
Websites are like buildings. If your website's foundation is vulnerable to Log4j, check out this overview of the attack, how to test for it, and how to mitigate it.
Posted on Dec 16 / 2021
Top 7 Cybersecurity Predictions for 2022
As 2021 winds down, we take a peek into the future of cybersecurity for 2022. Will our predictions come true?
Posted on Dec 14 / 2021
Embracing New Technology? Here’s How to Keep Cybersecurity Top of Mind
As technology advances at an unprecedented pace, many businesses are aggressively accelerating adoption to maintain a competitive advantage. But there’s a big risk for those who don’t keep cybersecurity top of mind.
Posted on Nov 10 / 2021
CMMC Update: November 5, 2021 - Five Key Takeaways
The Cybersecurity Maturity Model Certification (CMMC) underwent a huge makeover in the last 48 hours. Here is what you need to know.
Posted on Nov 05 / 2021
SC Media Interview: Cyber pros used OSINT and sock puppets to aid mass Afghanistan evacuation
In this interview and article from SC Media, Dan Desko and Dahvid Schloss discuss how the Echelon Risk + Cyber team used their cyber skills to help at least 50 Afghan refugees to safety.
Posted on Oct 08 / 2021
Risk + Cyber Perspectives: Securing Financial Services
In this video discussion with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve Bank of Cleveland, Matt and Dan discuss risks of remote workforces, planning for disruptions, mitigating 3rd party risks, going to the cloud, supply chain threats, and resilience in the future.
Posted on Oct 07 / 2021
Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Bell and Howell partnered with Echelon Risk + Cyber to test the security of their systems, ensuring that they will continue to be protected from future cyberattacks and avoid any future disruption to their systems.
Posted on Oct 06 / 2021
Mission Matters Interview: Dan Desko + Adam Torres
Our CEO and Founder Dan Desko was recently interviewed for Mission Matters Innovation with Adam Torres. The interview focuses on our core belief that security and privacy are basic human rights. We're built to live that mission every day.
Posted on Oct 06 / 2021
Banking in the Cloud: Key Considerations for IT Leaders
Considering a move to the cloud? There's a lot to think about, especially for financial institutions. This article lays out those obstacles and some considerations for overcoming them.
Posted on Sep 28 / 2021
Four Ways to Spice Up Your Penetration Testing Routine
Another year, another penetration test? Attackers are evolving, and so should you. Here are four ways to spice up your pen testing routine to be better prepared and reduce your attack surface.
Posted on Sep 22 / 2021
DefCon 29 in Review: The Best Sessions, Badge Spoilers and More
Have you solved your badges yet? With another DefCon in the books, here's our take on the best sessions and a close up look at some of the badges.
Posted on Aug 26 / 2021
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021
CMMC Compliance 101: Answers to Common Questions
Have you Googled CMMC compliance lately? We want to help clear the air. Avoid the marketing jargon and confusing content with these answers to common questions.
Posted on Aug 02 / 2021
Flexible & Secure Remote Penetration Testing in a Changing World
Over the past year and a half, the worldwide workforce underwent a drastic and rapid paradigm shift that has brought with it new opportunities, attack vectors, and methods to test security. When testing security with penetration testing, partner with a firm using the most modern, advanced tactics to test your readiness for tomorrow’s attackers.
Posted on Jul 29 / 2021