WCG Blogs

Discover innovative stories from our leading bloggers, our people, our capabilities, our research, and the ever-changing face of our firm.
Blog
Urgency of Cyber Security After Colonial Pipeline

-On May 7, 2021, Colonial Pipeline, Co. was forced to close operations after a ransomware hack was confirmed to have breached their systems. This attack hindered services to the East-coast of the United States and sparked fears of a massive gas shortage to American motorists. This hack greatly compromised Colonial Pipeline’s system integrity and put private data at risk.

Blog
Best Practices for Securing Educational Resources in the Age of Distance Learning

-According to Microsoft’s Global Threat Activity Tracker, more than 4.7 million malicious software (or “malware”) incidents were detected in the education industry worldwide in June 2020 – which accounted for more than 60 percent of all the corporate and institutional malware incidents reported during the month, the most affected industry by far. More than 20 universities and charities across the United States, United Kingdom, and Canada reported that they were compromised by a cyberattack.

Blog
COVID-19 and Remote Work Security Challenges

-Since the COVID-19 outbreak in January 2020 and pandemic declaration in late March, organizations and federal agencies have been scrambling to secure their systems and create remote work contingency plans to keep continuity for their business matters.

Blog
Securing Your Assets Against Cybersecurity Threats

-According to the U.K.’s National Cyber Security Centre (NCSC) July 2020 advisory, hackers are using phishing tools and spear-phishing tactics in an attempt to steal coronavirus (COVID-19) vaccine data and intellectual property assets from a number of medical research companies.

Blog
Global Privacy Laws and Data Protection Regulations

-The protection of employee and consumer data has become a priority for companies and organizations, especially with the ever-increasing potential for liability due to the use of new technologies. The collection and management of data require a broad range of legal compliance activities. It is essential to prioritize and protect sensitive, confidential, and proprietary information. Data breaches or losses can have a substantial adverse effect on a company’s financials and reputation. This article discusses several privacy laws expected to guide organizations in the protection of their information assets, and the privacy rights of individuals, through compliance.

Blog
Surviving Security Risks Existent in Third-Party Software

-Third-Party Software is comprised of software libraries, modules and other components that are either purchased from a third-party vendor or made freely available. It includes open source software and commercial off-the-shelf components, which are components that are available for use straight away instead of building entirely from scratch, thereby reducing application development time.

Blog
Ways to Mitigate Social Engineering-based Cyber Attacks

-Social engineering is an attack mechanism majorly aimed at misleading employees or individuals to hand over relevant information for the attacker’s financial gain. Social engineering attacks are launched mostly via email, social media, and over the phone.

Blog
The Impact of 5G Networks on Cybersecurity

-5G is a wireless technology with higher speeds and increased bandwidth, which means that you can download/stream videos online at a faster rate without worrying much about the number of users on the network. 5G networks also help reduce the time needed for data to travel across the network. This process is called latency, which is a major factor in automated processes, such as self-driving cars and factory robots. Due to the massive connectivity of devices collectively known as the Internet of Things (IoT) across 5G networks, viable and in-depth security measures should be in place to prevent cybercriminals from hijacking the connected devices or launching Distributed Denial of Service (DDoS) attacks.

Blog
Protecting Sensitive data from Vulnerable Application User Interface

-ProtonMail, a Swiss-based email service provider, duped a sophisticated phishing scheme against a team of journalists from Bellingcat. The cybercriminals had written an email that claimed to be from the ProtonMail team and asked for their login credentials. While the motives appear to be political, ProtonMail prevented their success by partnering with Swiss authorities in shutting down the web domains involved. Should the phishers have succeeded, ProtonMail’s user interface (UI) would have been easy to bypass — no matter how cutting edge their system’s security is.

Blog
How Businesses can Leverage Cyber Threat Intelligence

-Ransomware has become one of the most pressing and expensive cybersecurity threats in recent years. According to Cybersecurity Ventures, a ransomware attack happens every 14 seconds, resulting in damage costs amounting up to $11.5 billion. These numbers are only predicted to increase the more daring cybercriminals become.

Blog
The Better Alternative to Single-Factor Authentication

-When hackers breach a database, they take advantage of weak or stolen passwords 81% of the time. This is what led Troy Hunt to publish a new version Pwned Passwords where people can verify if the password they typed in has been leaked in a previous data breach. The intention is there: businesses are not supposed to let their customers (or employees) use compromised passwords, especially those written in plain text. This begs the question: are passwords enough to secure companies when an actual breach happens?

Blog
Insider Threat in Financial Sector

-According to CA Technologies, 53% of the organizations they surveyed experienced an insider threat in the past 12 months and it is only growing in frequency. How can a company combat a threat when it’s coming from their own people?

Blog
Fighting Phishing in the Financial Sector

-As Russia welcomed the warmth of spring last March 2018, dozens of banks experienced a phishing attack from a hacker group called Silence. The sender of the email was disguised as FinCERT, Russian Central Bank’s security arm. The emails had attachments that claimed to help standardize digital communication across all banks. In reality, the files contained Silence’ downloader to exfiltrate important data.

Blog
Security and Privacy Issues of Connected Medical Devices

-The healthcare sector is developing more technologically advanced devices aimed at making healthcare more accurate and safer. While the goal is to accelerate the body’s capacity to heal, computer-hacking threats to these devices that millions of people depend on pose serious issues. It is also not a surprise why hackers are extremely interested in health record data; while social security number is worth 10 cents on the dark web, and credit card 25 cents, medical health record data could be worth hundreds or even thousands of dollars. This means trouble not only for healthcare providers but also the patients they help.

Blog
The link between Data Loss Prevention (DLP) and GDPR compliance

-Humanity’s entrance into the Fourth Industrial Revolution has made exponential changes to how people relate with one another and with their technology. Data is easily uploaded and shared to other gadgets through high-speed Internet and Cloud storage. The increased use of these and other supply chain networks has also made files easier to access—and harder to protect.

Blog
The Risks of Using Cloud Services

-When J. C. R. “Lick” Licklider developed ARPAnet in 1962, he had the vision of creating a device that could receive and send data simultaneously amongst a large group of people. He called this idea the “Intergalactic Computer Network”. It carried the necessary principles that would find today’s Internet and, later, cloud computing and storage. In 2018, the Internet had 3.2 billion users. As a result, large amounts of data production and sharing created the demand for quicker, more collaborative storage solutions as an alternative to physical drives.