All posts by Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage.Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Some ransomware viruses are strategically designed to cause as much damage as possible while producing large profits for cybercriminals. And the ransom demands for these Advanced Ransomware Threats (ARTs) far exceed those for a typical ransomware attack. ARTs hold your most valuable assets for ransom and ensure that copies of the data are not available for restoration. There are typically six phases of an ART attack, including: Reconnaissance This process begins with reconnaissance. The attacker reviews information on the company and may even make a list of employees mentioned on the company…

Continue reading

Linux is an open source operating system that is very versatile due to the large group of volunteers that maintain and update the popular open source operating system. There is a broad range of Linux distributions aimed at different purposes and preferences. Some are built for specific tasks such as privacy protection or perimeter defense and a host of options are available for both desktop and server operating systems. Linux has been around for decades, yet it only claims 2.36% of the desktop operating system market share. Linux is much more popular…

Continue reading

Cybersecurity challenges companies, countries, and individuals to continually improve protections against an enemy that wants our secrets, money, and identify.  Over the last few decades, the industry has moved from an explorative infancy to an integral and vital corporate function. I had the opportunity earlier this month to discuss the evolution of cybersecurity with Dr. Alissa Johnson, CISO at Xerox.  Her perspective on this journey was interesting to me because Alissa Johnson, also known as “Dr. J”, has served in both the public and private sectors.  She has been involved in…

Continue reading

An acquaintance from a younger generation said to me one day, “Don’t you know that privacy is dead?” I was taken aback at his frank assessment, but I replied “Privacy is not dead, but it is under attack, much like many of our other values.  It is like virginity.  Once given away, it cannot be given back, and that is all the more reason to protect it.” Many give their privacy away for daily trifles.  Mail in rebates, product registrations, text coupons, credit requests, SMS updates, and store discount cards…

Continue reading

Most people will never have a fire in their home or office, but everyone can remember going through a fire drill at some point. The process of evacuating a building and meeting outside prepares us for the actual conditions we might face in a real fire. Many companies go to great lengths to prepare for disasters like fires and floods, but most remain woefully unprepared to deal with ransomware—despite the fact that ransomware attacks are far more likely. One way to improve your company’s ransomware incident response capability is to gather your employees…

Continue reading

The process of making sure your business is prepared to protect its data from ransomware and other disasters depends largely on the characteristics of your specific computing environment, such as the type of data you have and how it is stored. To begin the process of implementing or optimizing a data protection plan, you need to gain a full understanding of how data is used within your organization and what needs to be protected the most. Start by asking yourself these four questions: 1. What data do I have? The first thing…

Continue reading

Virtual reality has received a lot of attention lately, but there is much to be said for Augmented Reality (AR) and Mixed Reality (MR) technologies that enhance our capabilities in the real world or allow us to interact with technology more intuitively. Both technologies have clear applications for the enterprise and the future workplace. Examples from Vuzix and ODG could be seen at the recent CES 2017 and there is, of course, the much-discussed Microsoft Hololens. Augmented Reality Augmented Reality overlays virtual or synthetic elements onto the real world, whereas virtual reality is immersion in…

Continue reading

A new malware do-it-yourself kit called Karmen is making it easy for wannabe cybercriminals to launch ransomware attacks. Security researchers believe the recently discovered ransomware as a service (RaaS) offering was developed in part by a Russian-speaking ransomware author who goes by the alias DevBitox. For a price, Karmen can turn almost anyone into a cybercriminal in just a few clicks.   RaaS offerings like Karmen began popping up on the dark web in 2015 and ransomware developers have continued to make the kits more user-friendly over time. Karmen is…

Continue reading

With the upcoming onset of the GDPR, many companies are seeking to leverage their cloud services for GDPR compliance. The Microsoft Office Modern Workplace episode, ‘GDPR: What You Need to Know’ includes outlines to make this process painless.  Companies want to ensure that those cloud services in use are compliant.  The GDPR places a higher burden on companies storing data on Europeans, and for many businesses, this data resides in the cloud.  Some important GDPR compliance considerations include building support for the consent requirement, rights to erasure and data portability,…

Continue reading

The General Data Protection Regulation (GDPR) is the latest in a host of rules designed to protect privacy.  It is significant because it affects companies that do business in Europe or collect data on Europeans.  GDPR’s wide-ranging scope ranks it right at the top of significant regulations, sitting beside well-known requirements such as HIPAA and PCI. Your business may be doing quite a few things required by GDPR already because GDPR has similar goals to other regulations.  While HIPAA is designed to protect patient information in covered entities and business…

Continue reading