Blog

Spring4Shell
Last week a Remote Code Execution vulnerability was disclosed in Spring. Spring is an open-source application framework that provides infrastructure support for creating Java applications that can be deployed on

Penetration Testing Anecdote Series
Authentication bypass due to weak verification of SAML Token What is authentication bypass in web applications? The web application vulnerability – authentication bypass occurs when there is improper validation of

Why Being HIPAA compliant is not enough
If there is a central key aspect of healthcare security, it is HIPAA. The Health Insurance Portability and Accountability Act of 1996 changed the way healthcare providers increased the security

Pre-Placement & hiring in times of Covid
Accorian at UPES, Dehradun Despite industry-wide hiring freezes as a result of COVID, Accorian has established its first university recruitment channel with UPES Dehradun for their security graduates; having hired

A Cloak with holes: CSP Provided Security
The last 2-3 years have seen a spike in the adoption of cloud especially among organizations who had possibly never thought about moving to a shared environment due to security

The Privacy and security issues of expanding Telehealth
Telehealth is the distribution of health-related services and information via electronic channels allowing long-distance patient and clinician contact, care, advice, reminders, education, intervention, monitoring, and remote admissions. There has been

The Journey from HIPAA Compliance to HITRUST Certification
In today’s complex technological world, there is always the danger of a hostile threat environment lurking around the corner, waiting to manipulate the potholes in the processes and technology. People

Common Controls Framework of Industry-acclaimed security standards
Today’s world is an ever-changing scenario with changes to the technology sector happening more frequently than ever due to emerging technologies. The case is quite similar in the field of

Securing your O365
E-mails are the most used productivity tool by employees. They are also a treasure trove of information and are a lucrative target for hackers as all your data – company,

Risk Management Framework – Managing & Measuring what matters
A risk management program allows you to manage overall information security risk. It is an approach to identify, quantify, mitigate, and monitor risks. The reason to look at risk in

Data Privacy & Protection – Why you should be concerned
In the digital age data privacy & protection is a huge concern for company of all sizes. In part, because data breaches are happening daily, exposing personal data of millions

Unsecured APIs – Underlying threat waiting to be realized
APIs & Web Services are essential supporting building blocks for today’s applications. They’re not only the connective tissue between applications, systems, and data, but also the mechanisms that allow developers

Cybersecurity in a time of Covid-19
No one event has had the focus of the world at this scale in the last decade. As IT teams are working round the clock to ensure that organizations continue

1 Minute Guide to the Updated HITRUST Scoring & Metrics for 2020
At the start of the year, HITRUST released an updated methodology for scoring requirements. This will ensure that organizations focus on maintaining a robust program with implemented controls for enhancing

The role of the modern CTO with regards to Cybersecurity
How the times have changed. 15 years ago, cyber-security consisted of making sure you had an anti-virus program running on your machines. It didn’t matter if it was effective, but

How do you prepare for a Penetration test?
A penetration test (Pen Test) is one of the best ways a company can test their IT assets for vulnerabilities that a hacker could exploit to access sensitive data (customer,

Insider Threats – Healthcare’s Crippling Reality
We often learn about the latest security issues, threats, vulnerabilities, attacks, and ransoms every day. While much of the advertised information we read is about external vulnerabilities, there is another,

HITRUST just released Version 9.3 of the HITRUST CSF. How will that affect your company?
On October 28, 2019, HITRUST announced the release of version 9.3 of the HITRUST CSF information risk and compliance management framework. The HITRUST CSF is an important step in the

Five Important Concerns of Cybersecurity Today
October is National Cybersecurity Awareness Month and it’s a reminder that we need to be vigilant about protecting our privacy and our business from possible cyber attacks. This initiative is a joint

Deepfake videos are everywhere. So how do we know what’s real?
Remember the phrase “Seeing is believing?” Deepfake videos have people second guessing what they are watching. Deepfakes are videos manufactured by AI technology that can superimpose someone’s face on another

Who should prepare for the California Consumer Privacy Act?
Any for-profit company that does business or has customers in California should prepare for the California Consumer Privacy Act (CCPA). Here’s why they should. The CCPA applies to businesses that

Lessons from our recent HITRUST Community Extension Program.
On August 27, 2019, Accorian, facilitated a successful HITRUST Community Extension Program in New York city. Security and Technology professionals from organizations in healthcare, finance and technology attended the town

Are we forgetting to “lock the front door” when we invest in Cybersecurity? Lessons from the Capital One and Equifax data breach.
Like my high school coach always said, “Stick to your basics”. The Equifax and CapitalOne breaches reminds us that cyber-attacks don’t always come from sophisticated hacking groups. I’m sure these companies

Should you be concerned about the security of FaceApp?
FaceApp, the AI-powered picture-editing program, is trending in social media. We’ve all seen the pictures of celebrities using FaceApp to make themselves look older or younger. However, security experts are

How can your company prevent a data breach through a third-party vendor?
Companies of all sizes are doing a good job beefing up their cybersecurity and that’s great. But… many are forgetting an often overlooked target – their third party service providers.

Can you afford to stay in the dark about cybersecurity?
Small and Medium Businesses (SMBs) are often unsure of where they stand when it comes to cybersecurity. While larger companies treat cybersecurity with white gloves SMBs often think that they

7 Ways to protect your Healthcare Data in 2019
In 2018, 15 million patient records were breached during 503 healthcare cyber-attacks. That’s three times the amount of reported incidents in 2017*. As breaches continue to escalate, healthcare records are

10 reasons why just buying a security product is not a strategy.
With the number of security breaches occurring right now there is a tremendous focus on cybersecurity in companies of all sizes. In many cases, the board wants to know that

How to Make Risk Assessments Work for Healthcare
Risk assessments are the backbone to any good security and risk plan. Risk assessments test your current information system and reveal any areas where data is at risk of theft