Okta Breach Update and Analysis

Details continue to emerge regarding the Lapsus$ breach of Okta systems and the impact of the incident on Okta customers and the broader security community. On March 21, 2022, the Lapsus$ cyber threat group posted screenshots on their Telegram channel demonstrating that the group had gained superuser access to Okta systems and access to Okta…

Read More

8 Tips for the Holiday Season

Our holiday guidance blog series for retail and hospitality continues. For more blogs in this series, visit https://www.rhisac.org/blog/ Being this time of the year, our sector needs to be vigilant. There’s a chill in the air, decorations hung in every window, children’s eyes sparkle with wonder and expectation… and hackers lurk around every corner. The holiday…

Read More

Why Red? Why Purple? A NIST CSF View

Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect and Detect before using Red Teams to validate Respond. I’ve heard the question, “Do Purple Teams help to test the incident response process?” over and…

Read More

The Threat of Online Skimming to Payment Security

Below we cover basic questions with PCI SSC Chief Technology Officer Troy Leach about a newly released bulletin by the PCI SSC and RH-ISAC on the topic of digital skimming and how to detect and prevent this dangerous threat. For more information about best practices for detection and prevention, review the full bulletin here. Q. …

Read More