Risk Based Threat Assessment Informed Risk Management Did you know a ransomware attack happens about every 14 seconds? And nearly 25% of data breaches are tied to web application attacks. The reality is—cyber threats are on the rise across the board, and| HALOCK
Remote Social Engineering Penetration Testing Your employees are targets. Putting Security Awareness Training to the Test That users are the weak link when it comes to cybersecurity is a generally accepted truth. Very few technical controls can compensate for| HALOCK
The humble browser is about to have its day. Are you ready for this? We’re not talking about Chrome or Edge with AI (artificial intelligence) add-ons. We’re already passed that. We’re talking about AI-native browsers like Comet and Dia. These browsers are no longer passive tools; rather, they’re intelligent assistants embedded deep into every (more...) The post AI Browsers in the Enterprise: Security, Risk, and Responsible Adoption appeared first on HALOCK.| HALOCK
When we “trust” someone in business or our personal lives, we’re really giving up control. We typically default to giving the benefit of the doubt, but there’s always some level of doubt. What does this mean for information technology (IT)? Recent breaches and published research findings reveal that even our most relied-upon providers can (more...) The post Tackling Software Supply Chain Risks… Through a Zero Trust Lens appeared first on HALOCK.| HALOCK
The fastest way into an organization is through the people who hold the keys. As we have seen from the Salesloft and other recent attacks, service desks, help desks, and SaaS administrators distributed throughout lines of business are now prime targets. The attackers’ goal: a foothold in the company by obtaining an identity for (more...) The post Social Engineering the Service Desk and SaaS Administration on the Rise appeared first on HALOCK.| HALOCK
The importance of freight rail to the U.S. economy and its position as a backbone of the nation’s infrastructure cannot be overstated. Freight rail accounts for almost 40% of U.S long-distance freight volume in ton-miles, more than any other mode of transportation.[1] According to the Association for American Railroads (AAR), the freight rail industry (more...) The post Top Cyber Threats in the Freight Rail Sector appeared first on HALOCK.| HALOCK
Nestled within the “Transportation Systems Sector,” one of the 16 critical infrastructure sectors of the United States that, according to CISA, are integral to national security, economic security, public health, and/or safety, or any combination of those, are the “Highway Motor Carrier” and “Maritime” sub-sectors. The Highway and Motor Carrier sub-sector consists of more (more...) The post Top Cyber Threats in Highway Motor Carrier and Maritime Transportation Systems Sub-sectors ...| HALOCK
DePaul Cyber Risk 2025: Corporate Leadership in a New Era of Threats In collaboration with DePaul's Jarvis College of Computing and Digital Media and the College of Law, the Arditti Center for Risk Management is proud to present an annual conference on cyber risk. WHEN: December 2, 2025 WHERE: DePaul University Loop Campus DePaul Center (more...) The post DePaul Cyber Risk 2025: Cyber Insurance: Strategy, Coverage & Risk Transfer appeared first on HALOCK.| HALOCK
Top Cyber Threats in the Aviation Sector The global aviation network connects people, economies, supply chains, and even supports national readiness in times of emergency. Operating tens of millions of flights in the United States every year alone, it facilitates the movement of passengers and cargo throughout the country and around the world. According (more...) The post Top Cyber Threats in the Aviation Sector appeared first on HALOCK.| HALOCK
While we all know HIPAA stands for ‘Health Insurance Portability and Accountability Act’, the list of acronyms and abbreviations on this topic continually expand. For reference, here is a list of common terms related to HIPAA and healthcare organizations. AOD Accounting of DisclosuresAAHRPP Association for the Accreditation of Human Research Protection ProgramsAAMC Association of (more...) The post ABCs of HIPAA and Healthcare Acronyms appeared first on HALOCK.| HALOCK
Description The Uvalde School District in San Antonio, Texas, was forced to shut down the week of September 15, 2025, due to a ransomware attack. The attack was detected over the prior weekend on September 13, which led to school leadership cancelling classes for Monday morning. In addition to the school district’s website being taken offline,| HALOCK
HALOCK Security Briefing Because keeping up on the latest breaches, regulations, technology, and industry reports can be all consuming. Industry Insight for Our Clients The HALOCK Security Briefing helps to advise and keep security leaders informed with as little impact as possible to their schedule. The Briefing is a review of significant events,| HALOCK
Supply Chain Cyber Security Supply chain efficacy and complexity are increasing hand-in-hand. Even as digital tools improve inventory management and delivery tracking, executives point to concerns around visibility and fluctuating consumer demand. Yet, the adoption of technology-driven solutions comes with another concern: supply chain cyber security. It’s true that cloud-based| HALOCK
Live Breach Response & Forensic Services Incident Response Hotline: 800-925-0559 You Think You've Been Breached. We Can Help Contain and Manage the Incident. Don’t panic. HALOCK is here to help. Our forensic incident response investigators analyze your systems to| HALOCK
A Compromised Chatbot Integration Leads to Widespread Data Theft| HALOCK
Browser Security: A Primer In most organizations, the web browser remains the most commonly used and least governed application in the enterprise. While most security programs treat it as a utility, attackers treat it as a platform. The browser now sits between the user, their credentials, sensitive data, SaaS applications, and critical business workflows. (more...) The post A Primer to Browser Security appeared first on HALOCK.| HALOCK
Description A major cybersecurity supply-chain incident involving the Atlanta-based company, Salesloft, was recently uncovered by Google’s Threat Intelligence Group, an attack that could have far-reaching consequences. Salesloft is the creator of a popular AI-powered sales engagement platform used by B2B sales teams. The attack can be traced to March of 2025, when attackers gained access| HALOCK
Have fun securing your data and networks with these cybersecurity awareness posters. Request your favorite designs electronic or print. Looking for more designs? Take a look at our seasonal themes and more! CLICK| HALOCK
Overview A developer of core JavaScript libraries distributed through NPM was hacked after falling for a phishing email. The email used a common trick: an urgent warning that the recipient’s account would be locked unless they updated their two-factor authentication using a link that looked legitimate. A low-skill malicious actor then added crypto-stealing code to those libraries.| HALOCK
Few words strike fear within IT departments like ransomware. The thought of a successful ransomware attack is enough to keep CIOs and cybersecurity leaders up at night. To address these fears, cybersecurity product vendors spend a lot of time touting their tools as the latest weapon against ransomware. Despite all the attention and| HALOCK
Risk Management Program Reach and Maintain Acceptable Risk How do you balance the numerous risk requirements? From internal to external parties, we can address those security, compliance, and cost challenges in the evolving age of risk. Managing The Risk Needs of| HALOCK
Advisory & StrategicPlanning Cyber security risk evaluation for M&A matters, and to assist clients who are changing their business operations. Sensitive Data Management Solution for Law Firms Unique solution assists privacy attorneys in finding sensitive data efficiently| HALOCK
When Verizon Business decided to publish their DBIR they had been amassing cyber incident data for years through their incident response and forensics investigations team. They decided to publish the trends they were seeing in a format that was both informative and engaging so we could learn how to protect ourselves.| HALOCK
Cyber Security Awareness Training Don’t Learn About Security the Hard Way! An Integral Part of Your Corporate Security Program Cyber security awareness training delivers a high return but often receives the least investment in a security management| HALOCK
Security Risk Assessments Don’t Put Your Organization at Risk Achieve Compliance with a Security Risk Assessment What is a Risk Assessment? Security risk assessments create a unified set of protection| HALOCK
CIS RAM Contact us to help you implement CIS RAM for reasonable security. Do you need assistance implementing CIS RAM at your organization? We can help. Contact us to review your risk. Learn about Reasonable Risk, the only GRC| HALOCK
Cloud Security Assessment Do you know your underlying risks? What Are Your Underlying Risks? When it comes to cloud security, one of the biggest threats isn’t a shadowy hacker—it’s access-related vulnerabilities. In fact, most cloud breaches stem from things like weak credentials, misconfigured| HALOCK
Policies and Procedures Need Assistance with Your Security Management Policy? IT Management Security Policies and Procedures Policies and procedures are among the first things that organizations think of when planning their compliance program. But network security management policies and procedures can| HALOCK
Third-Party Risk Management Services Secure Your Partners. Minimize Risk. Third-Party Risk Management & Vendor Assessment Services Ensure third-party partners are aligned with your organization’s risk posture. Vendors and contractors serve as an extension of your business.| HALOCK
ISO 27001 Certification Going for the Gold Standard The Gold Standard of Information Security Meeting ISO 27001 certification requirements means that an organization has achieved the global gold standard for securing information. ISO 27001 provides the Information Security Management System (ISMS) that| HALOCK
HIPAA Compliance & Risk Assessment Risk Assessment, Treatment, Management for HIPAA Compliance HIPAA Compliance The Health Insurance Portability and Accountability Act (HIPAA) Security Rule and Meaningful Use require that organizations| HALOCK
Incident Response Plan Plan to Fail — Don’t Fail to Plan Why You Need a Cyber Security Incident Response Plan How prepared are you in the event of a security incident? Data breaches are a| HALOCK
News and updates on cybersecurity attacks, risks, threats, and litigation regarding data breaches.| HALOCK
Description The New York Attorney filed a lawsuit against multiple insurance companies that allegedly failed to protect the personal information of New York drivers from being compromised in cyberattacks. The timeline of the events involving the breach incidents is as follows: August 2020 - The first attack against the National General insurance company October 2020| HALOCK
As organizations continue to shift toward cloud-first, hybrid work environments, the limitations of traditional perimeter-based security have become more apparent. The convergence of Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE) is no longer just a theoretical security model - it’s| HALOCK
The Duty of Care Risk Analysis Standard (“DoCRA”) Define Reasonable Security for your Organization. Implement CIS RAM MORE ABOUT REASONABLE RISK The Duty of Care Risk Analysis Standard (“DoCRA” or “the Standard”) presents principles and practices for analyzing risks to establish reasonable| HALOCK
hbspt.forms.create({ region: "na1", portalId: "39682346", formId: "f93cc487-3f05-447b-b924-f536af54ab7a" }); How can we help? For inquiries on our information security or risk services, just fill out the form or call| HALOCK
PCI DSS Compliance Scope, Preparedness, Remediation, Validation for PCI Compliance and Mandates Achieving and Maintaining PCI DSS Compliance | March 31, 2025 and Beyond The Payment Card Industry Data Security Standard| HALOCK
Least Privilege Takes Center Stage in PCI DSS Update In today's digital landscape, organizations recognize that completely preventing cyberattacks is nearly impossible. As a result, the principle of least privilege (PoLP) has become a cornerstone of modern cybersecurity strategies. By restricting user account permissions to the minimum required for specific tasks, PoLP minimizes the potential damage| HALOCK