Innovative Cybersecurity Firm Edge Networks Rebrands as edgefi After 18-Year History
VANCOUVER, WA., May 21, 2024 – Edge Networks, a fast-growing cybersecurity solutions provider further strengthened their commitment to innovation with the announcement of their rebrand to edgefi. The award-winning firm introduced an evolution of their brand and a refined name to better align with their focus on crafting resilient cybersecurity programs with a concentration on financial services and technology industries.
As a pioneer in modern, simplified IT solutions since Edge’s founding in 2006, the firm has seen consistent growth in their client roster, team, and technology advancements for almost 20 years. This growth was extremely amplified the past three years with an increase in cyber threats, the amount of organizations relying on digital, and the need for reliable security. After uncovering the rising need, Edge pivoted their focus from IT to cybersecurity.
“We’ve been delivering so much more than baseline IT and cybersecurity solutions for our partners – our team has innovation ingrained in them,” said Founder and CEO, Mark Tishenko. “We felt it was time to lean more into what we’re already doing and really focus on the value we bring as the go-to cybersecurity firm for innovative technology and financial organizations.”
edgefi, formerly Edge Networks, has heavily invested into building a robust cybersecurity solutions team including a fresh headquarters in Downtown Vancouver, WA, and the onboarding of a new CISO, Michael Weaver.
About edgefi
Founded in 2006, edgefi is an award-winning cybersecurity solutions team based out of Vancouver, WA, with service to clients throughout the United States. edgefi serves as a trusted partner to their clients, delivering valued solutions to mitigate and remediate critical cybersecurity pains in leadership and strategy, governance, risk and compliance, and operational efficiency. You can learn more about edgefi at edgefi.com.
Portland, OR, May 7, 2024 – edgefi, formallyEdge Networks, is proud to announce that we have been awarded the “Emerging Company of the Year” at the 40th Annual Oregon Tech Awards, hosted by the Technology Association of Oregon! This award celebrates and acknowledges our commitment to innovation and marks a significant milestone in our journey.
For forty years Oregon Technology Awards (OTAs) has celebrated excellence and achievement in the region’s technology industry. This year’s awards were particularly competitive, showcasing not only companies but also outstanding educators and students who are shaping the future of technology in the Pacific Northwest. Being named amongst such inspiring peers — eight remarkable companies, three innovative teachers, and an exceptional student of the year — makes this recognition even more special.
Winning this award is a testament to our team’s hard work, dedication, and innovation in the cybersecurity sector, and would not have been possible with them. A massive thank you to the Technology Association of Oregon for acknowledging our efforts, and a huge shout out to our fellow nominees. We are so grateful for the support of our team, partners, and community members who have been with us on this journey.
“I am just in awe of our team. They work so hard and do so much for our customers and each other. This award is really a testament to them. I’d also like to thank our clients and our partners; we wouldn’t be here if you hadn’t put your trust in us, and we are so thankful for you.”
– Mark Tishenko, Founder and CEO of edgefi (formally Edge Networks)
We remain committed to driving growth and prosperity in our region through technical innovation and leadership. As we celebrate this achievement, we are excited to continue advancing our mission to enhance our customers’ business resiliency through simplified cybersecurity.
Partner With edgefi
edgefi is a leading managed cybersecurity company based in Vancouver, Washington with a mission to enhance our customers’ business resiliency through simplified cybersecurity. We accomplish our mission by serving as a trusted partner to our customers, delivering valued solutions to mitigate and remediate their critical cybersecurity pains in leadership & strategy, operational efficiency, and governance, risk & compliance.
Edge Networks Announced as a Finalist for Emerging Company of the Year by Technology Association of Oregon
Vancouver, WA, April 9, 2024 – Edge Networks, a leading innovator in the cybersecurity industry, is honored to announce its nomination as a finalist for the Emerging Company of the Year award by the Technology Association of Oregon (TAO). This nomination places Edge among the top contenders in the 40th Annual Oregon Tech Awards, recognizing the company’s significant contributions to the region’s technology industry.
The Emerging Company of the Year award is part of the Oregon Technology Awards, which celebrates excellence and achievement within Oregon and Southwest Washington’s technology community. This year, finalists were selected based on their financial performance, employment growth, and community contribution to the PNW.
“We are incredibly honored to be recognized by TAO as a finalist for the Emerging Company of the Year award. This nomination is a testament to our team’s hard work, dedication, and focus. We are committed to continuing to contribute to our region’s growth and prosperity through technical innovation and advancement. We look forward to celebrating with our peers at the awards ceremony and further collaboration with our vibrant tech community. “
– Mark Tishenko, Founder and CEO of Edge Networks
The nomination highlights Edge’s role as a key player in the technology sector, showcasing the company’s commitment to innovation, leadership, and community involvement. As the Pacific Northwest’s tech community continues to thrive, Edge remains dedicated to developing solutions that address the needs of the region and beyond, fostering growth and sustainability within the technology ecosystem.
Partners, supporters, and members of the technology community are invited to join in celebrating this significant achievement at the Oregon Tech Awards ceremony on May 6th, 2024 at OMSI. The event promises to be an evening of recognition, networking, and inspiration, reflecting the strength and diversity of the region’s technology industry.
For more information about TAO visit their website, and for tickets to the Oregon Tech Awards, please click here.
Partner With Edge
Edge Networks is a leading managed cybersecurity company based in Vancouver, Washington with a mission to enhance our customers’ business resiliency through simplified cybersecurity. We accomplish our mission by serving as a trusted partner to our customers, delivering valued solutions to mitigate and remediate their critical cybersecurity pains in leadership & strategy, operational efficiency, and governance, risk & compliance.
Edge Networks Honored as a Top 10% Clutch Champion for 2023
Edge Networks has been recognized a 2023 Clutch Champion by Clutch, the leading global marketplace of B2B service providers. Clutch Champions is the company’s newest award given to the top 10% of Clutch Global winners, a designation that recognizes business service providers across the world for their industry expertise and ability to deliver exceptional results compared to other companies in their line of service.
Edge Networks was included among the 2023 Fall Clutch Champions due to our commitment to providing the best cybersecurity service. This award recognizes Edge as a top-rated leader in the Cybersecurity space based on our clients’ satisfaction and high-quality service ratings. We want to extend our gratitude to our incredible clients for their kind reviews and support which helped us in receiving this award!
Past Awards
Earlier this month, Edge was also recognized by Clutch as a 2023 Global Award Winner for Cybersecurity Services. This year we also celebrated our success with the UpCity Best of Washington Award for the second year in a row, highlighting our commitment to enhancing our customers’ business resiliency. In addition to our 2023 recognitions, we’ve received awards in years past from Clutch and Expertise.
We’re honored to be recognized once again for our industry expertise. Receiving this award given to the top 10% of Clutch Global winners is a reminder of how incredible our clients are and how dedicated our team is. None of this would have been possible without our team and the support and trust of our clients and partners.
A Note from the Clutch CEO:
Sonny Ganguly, Clutch CEO, shared a statement about the Clutch Champion award winners: “The Clutch Champion designation is the newest award providers can earn on Clutch. This year’s honorees represent the best of the best on our platform, and I am thrilled to celebrate and commend these champions for their ongoing achievements and dedication to consistently exceeding their clients’ expectations. The companies named to this list continue to set the bar high. Their devotion has not only enriched our platform but has also inspired others to strive for similar levels of distinction. We are grateful for their partnership and look forward to witnessing their continued success in the future.”
Being named a Clutch Champion is not just a testament to the hard work our team has put in, but also a reflection of the commitment to consistently exceed the expectations of our clients. We are proud to be among this year’s honorees, who, in the words of Sonny Ganguly, represent companies that continue to set the bar high.
Partner With Edge
Ganguly’s words acknowledging the dedication and ongoing achievements of the Clutch Champion award winners resonate deeply with us. We believe in not only meeting but surpassing the needs of our clients, and this recognition reinforces that our efforts are making an impact. If you’re looking for a cybersecurity partner that goes above and beyond, contact us today.
Edge Networks Named 2023 Global Award Winner for Cybersecurity Services by Clutch
We are delighted to share the great news that Edge has been named a 2023 Global Award winner for Cybersecurity services by Clutch! Companies are selected based on their industry expertise and ability to deliver exceptional results. Clutch scores are calculated based on client feedback from comprehensive interviews and reviews published on Clutch.
Our journey in cybersecurity has been one of continuous growth and dedication to simplifying cybersecurity for our clients. Our founder and CEO, Mark Tishenko, expressed his gratitude for the award: “We’re honored to be recognized by Clutch and our incredible clients for outstanding cybersecurity services. I’m extremely proud of our team for their hard work in earning us this award.”
A Note from the Clutch CEO:
Clutch CEO, Sonny Ganguly, shared a few thoughts on the award: “We are thrilled to showcase the incredible success of leading companies worldwide on our platform.Their dedication to delivering outstanding services has not only contributed to their own success but has also empowered countless clients to thrive. We aim to highlight this year’s industry frontrunners and facilitate connections for Clutch users seeking top-notch services tailored to their specific needs.”
Past Awards
This isn’t the first time Edge has been recognized. For the second year in a row, we celebrated our success with the UpCity Best of Washington Award, highlighting our commitment to enhancing our customers’ business resiliency. We’ve also been featured on Expertise.com and by Clutch as a top Cybersecurity Company.
Thank You toOur Clients, Team, and Partners
We extend our deepest gratitude to our clients for your trust and collaboration. Your feedback has been critical in earning these awards, and we look forward to continuing to enhance your cybersecurity posture in the face of evolving challenges.
Equally deserving of recognition is the team at Edge. This achievement is a testament to our entire team’s hard work and commitment, from cybersecurity experts to administrative staff.
To our partners, your trust and collaborative spirit have been vital in our growth and success. Together, we have strengthened our ability to navigate the complex cybersecurity landscape and provide innovative solutions that drive success.
Partner With Edge
Are you looking for a cybersecurity partner that goes above and beyond? When you choose Edge, you gain access to a team of industry-leading professionals dedicated to swiftly resolving issues and providing tailored solutions. Contact us today to book a consultation.
A Deep Dive into the Recent Casino Cyber Attacks and How to Be Proactive in Your Cybersecurity Strategy
The recent cyber attacks on industry giants Caesars Entertainment and MGM Resorts International have raised pressing questions on the vulnerabilities existing in the sector and the way forward. As leading cyber experts, we took the time to unravel the intricate details of these attacks, the exploited systemic vulnerabilities, and the strong cybersecurity measures that stand as the industry’s best bet in defending its assets.
What Happened with the Casino Cyber Attacks?
The casino industry recently witnessed unsettling waves of cyber-attacks orchestrated by an aggressive and sophisticated criminal coalition identified as “Scattered Spider.” Collaborating with the Russia-based operation ALPHV, this group launched a mission to breach the casino giants, leaving a trail of distrust and significant financial ramifications.
Caesars Entertainment - a name synonymous with luxury and entertainment, came under the radar of these cybercriminals. The casino reported a breach on September 7, potentially compromising the personal information of a massive customer base involved in its loyalty rewards program. Despite the company’s efforts to contain the damage, uncertainties loom regarding the long-term security and integrity of the compromised data. The evolving landscape of cybersecurity threats means that new vulnerabilities may emerge, requiring ongoing vigilance and adaptive security measures. Additionally, the potential for unauthorized access or the use of compromised information by cybercriminals remains a concern, highlighting the need for a comprehensive and sustained response to safeguard both the company and its valued customers.
At the same time, MGM Resorts faced disruptions that spanned across its resorts and casinos in the US, attributed to a calculated cyber offensive that started with a social engineering breach targeting the company’s IT help desk. The incident spiraled into a more complex intrusion involving impersonations and network compromises that shook the foundations of the firm’s cybersecurity infrastructure.
How Did the Casino Cyber Attacks Happen?
Social Engineering and IT Help Desks
At the epicenter of these attacks lay sophisticated social engineering strategies meticulously deployed to infiltrate the IT infrastructures of the targeted companies. The attackers exhibited prowess in exploiting human vulnerabilities, coaxing individuals at the IT help desks to reset multifactor authentication (MFA) settings, thus paving the way for a deeper incursion into the networks.
David Bradbury, Chief Security Officer at Okta, highlighted the method involving low-tech social engineering tactics to gain initial access, escalating into advanced impersonations within the network. “The human part was simple, but the subsequent part of the attack was complex,” he says.
The warning bells had been sounded earlier, with advisories pointing to similar tactics deployed against high-privileged users, illustrating the evolving landscape of cyber threats where even seemingly simplistic strategies can yield profound results.
Exploiting Weak Links
A closer inspection of the attacks reveals an effort to exploit the perceived weak links within the organizations. The help desks emerged as significant points of vulnerability, with protocols allowing relatively easy access to password resets based on easily obtainable personal details.
This glaring loophole points to the necessity of reinforcing even the basic layers of cybersecurity to counteract adept criminals who are constantly evolving their strategies. Regular security audits, robust encryption protocols, multifactor authentication, and ongoing employee training are critical in cultivating a culture of heightened cybersecurity awareness and resilience.
Furthermore, the offensive on Caesars highlighted another area of vulnerability – outsourced IT support vendors. The attackers managed to breach the network through a social engineering attack on an unnamed vendor, illustrating the pressing need for robust vendor risk management protocols.
Many companies rely on a network of suppliers and vendors for essential functions and aren’t aware of the security risks it may entail. You should include vendor security training for any employees who work with or are in contact with vendors so they can learn how to identify risks such as vendor impersonation fraud. Download our free white paper here and share it with your team.
When it comes to selecting your vendors, be sure to conduct thorough background checks, evaluate the vendor’s cybersecurity practices, and set clear expectations for compliance with industry-standard security protocols. Moreover, any contractual agreements should include specific clauses regarding data protection and incident response procedures to ensure that vendors are held accountable in the event of a breach.
The Financial Repercussions: Ransoms and Data Security
Post-intrusion, the criminal syndicate adopted an aggressive stance, threatening to release sensitive data and coercing the companies into a financial settlement to prevent data leaks. Reports suggest that tens of millions were paid to contain the situation, raising ethical and financial dilemmas on the efficacy of such measures.
This financial aspect brings forth the concept of “pinky promises,” as described by Brett Callow, a threat analyst at Emsisoft. Organizations often find themselves in a predicament, negotiating with criminals for the security of their data, albeit with no guarantee of the data’s safety post-payment. The ramifications of such financial transactions echo far beyond the immediate financial loss, raising concerns over data security and ethical boundaries.
Scattered Spider & ALPHV: The Collaborative Menace
The collaborative effort between Scattered Spider and ALPHV represents a growing trend of cyber-criminal syndicates pooling resources and expertise to orchestrate large-scale cyber offensives. Scattered Spider, also known as UNC3944, showcases a blend of adept individuals based primarily in the US and UK, some as young as 19, bringing a dynamic and contemporary approach to cyber-criminal activities.
Their collaboration with ALPHV, a group believed to be based in Russia, amplifies the threat potential, merging diverse skill sets and geographic locations to form a formidable force in the cyber underworld. This union raises alarm bells, calling for a concerted effort from cybersecurity firms globally to counteract such emerging threats.
The Cyber Underworld: A Hub of Collaborations and Innovations
In the dark recesses of the cyber underworld, groups such as Scattered Spider and ALPHV constantly evolve, innovating their tactics and expanding their networks. They operate in a space where knowledge sharing and collaborations are commonplace, fostering an environment that nurtures criminal ingenuity and agility.
These groups exploit the anonymity offered by the dark web, leveraging it as a platform to coordinate attacks, share insights, and even claim responsibility for their actions, as witnessed in the recent attacks where ALPHV claimed credit and countered rumors regarding the involvement of teenagers from the US and UK.
As we navigate this complex landscape, it becomes crucial to understand the dynamics of these criminal networks and to develop strategies that can effectively counteract their evolving tactics.
The Repercussions Beyond Financial Loss
Impact on Brand Equity and Customer Trust
Cyber-attacks often leave a lasting impact on the brand equity and trust that organizations have built over the years. Customers entrust companies with their personal data, expecting strict measures to safeguard their privacy. Incidents such as these shake the foundation of trust, potentially leading to customer attrition and tarnishing the brand image, as it did for T-Mobile.
T-Mobile has been in the headlines numerous times in the last few years, and not for good reasons. Since 2018, T-Mobile has suffered nine breaches affecting millions of customers and resulting in an ongoing class action lawsuit and a loss of customer trust. Thankfully, the company has since reported substantial progress and backed its statement by pledging $150 million toward enhancing its cybersecurity.
Regulatory Scrutiny and Legal Repercussions
The casino industry operates within a legal framework that demands adherence to data protection regulations. Cyber incidents of such magnitude can attract regulatory scrutiny, with potential legal repercussions that can translate to hefty fines and sanctions. These incidents bring forth the pressing need for compliance with data protection regulations and the implementation of robust cybersecurity protocols to prevent such breaches.
Here, the NIST Cybersecurity Framework (NIST-CSF) stands as a valuable resource. It provides a comprehensive set of guidelines and best practices for organizations to manage and mitigate cybersecurity risks effectively. By adopting the NIST-CSF, casinos and other entities within the industry can systematically assess their cybersecurity posture, identify vulnerabilities, and implement measures in alignment with industry-recognized standards.
This framework not only bolsters their security defenses but also demonstrates a proactive commitment to regulatory compliance, potentially mitigating legal consequences in the aftermath of a breach. It serves as a strategic roadmap for developing and maintaining a resilient cybersecurity posture, safeguarding both sensitive customer data and the reputation of the organization.
Industry-Wide Ramifications
The repercussions of such attacks echo across the industry, setting a precedent that can influence operational strategies and investments in cybersecurity across players in the sector. Companies are now urged to rethink cybersecurity strategies, acknowledge the evolving nature of threats, and adopt proactive measures to safeguard assets.
Economic Implications
From an economic perspective, such cyber incidents can have broader repercussions on the industry and the economy. The financial losses incurred, coupled with potential dips in stock prices and investor confidence, can translate to substantial economic ramifications, underscoring the importance of strong cybersecurity measures in sustaining economic stability.
How to Avoid Incidents like the Casino Cyber Attacks
Strengthen Authentication Processes
A foundational step in building an impactful cybersecurity infrastructure involves strengthening authentication processes. Implementing multifactor authentication with stringent verification checks can act as the first line of defense against social engineering attempts. This measure demands a cultural shift within organizations, nurturing a spirit of vigilance and awareness regarding the evolving nature of cyber threats.
Robust Training and Awareness Programs
A proactive approach to cybersecurity involves the cultivation of robust training and awareness programs that equip staff with the necessary skills to identify and counteract potential phishing attempts. These programs should encompass various facets of cyber threats, including SMS text phishing, a tactic frequently deployed by groups such as Scattered Spider.
In-depth training sessions should cover not only the technical aspects of recognizing suspicious emails or messages but also the psychological tactics used by cybercriminals to manipulate human behavior. Employees should be educated about the telltale signs of phishing, such as unfamiliar senders, requests for sensitive information, or urgent language designed to induce hasty actions. Simulated phishing exercises can be invaluable in providing practical, hands-on experience, allowing employees to practice their responses in a controlled environment.
Vendor Risk Management
The recent attacks brought to light the vulnerabilities associated with outsourced IT support vendors. This revelation underscores the need for rigorous vendor risk management protocols, scrutinizing the cybersecurity measures of third-party vendors, and ensuring compliance with stringent cybersecurity standards.
Outsourcing services is common and allows organizations to tap into specialized expertise and resources. However, this practice also introduces an additional layer of risk. Companies must treat their vendors’ cybersecurity practices with the same level of scrutiny as they do their own.
Conducting thorough due diligence when onboarding vendors is the first line of defense. This includes comprehensive assessments of their cybersecurity policies, procedures, and infrastructure. It’s imperative that vendors have robust security measures in place, including firewalls, encryption protocols, and intrusion detection systems. It’s crucial to evaluate their incident response plans and disaster recovery capabilities, as a vendor’s ability to respond to a breach quickly can directly impact the security of the organization they serve.
Advanced Analytical Tools
In the arms race against cyber criminals, the deployment of advanced analytical tools stands as a critical component in building a resilient defense infrastructure. These tools, leveraging machine learning and real-time analytics, can detect and counteract threats dynamically, evolving concurrently to stay ahead of the adversaries.
Real-time analytics can enhance an organization’s ability to respond effectively to cyber threats. By processing and analyzing data in real time, security teams gain immediate insights into potential breaches or suspicious activities. This allows for rapid decision-making and timely intervention, potentially mitigating the impact of an attack.
Additionally, the integration of threat intelligence feeds into these analytical tools and enhances their effectiveness. By leveraging up-to-date information on known threats, attack vectors, and cybercriminal tactics, organizations can proactively adjust their defenses to counteract emerging threats.
Developing a detailed incident response plan emerges as a vital element in the blueprint for strong cybersecurity. This plan, outlining the steps necessary for swift action during a breach, can potentially limit the damage and secure critical data, acting as a safety net in times of crises.
The incident response plan serves as a structured guide, providing a clear roadmap for the organization to follow in the event of a security incident. It outlines the roles and responsibilities of key personnel, ensuring that everyone understands their specific tasks and how they contribute to the coordinated response. This level of clarity is invaluable in high-pressure situations, enabling a more efficient and effective response.
Furthermore, the plan should incorporate a thorough risk assessment, considering potential vulnerabilities, likely attack vectors, and the potential impact of various types of breaches. This assessment allows for the prioritization of response efforts and the allocation of resources to the areas most in need.
Your peace of mind and your company’s future are worth every effort. Contact us today if you’re searching for a holistic approach that ensures your cybersecurity strategy aligns with your organization’s unique needs and challenges.
When it comes to digital security, passwords have long served as the primary line of defense for users to protect their personal information. From online banking to food delivery apps to social media, we rely heavily on passwords to secure our data. However, the limitations of traditional passwords have become evident over the years. Between human error and cybercriminals becoming increasingly sophisticated, sometimes the only thing standing between cyber criminals and our sensitive information is eight characters.
In previous blog posts, we provided insight into passwords and password managers, but as the digital landscape and cybersecurity trends change, we should be keeping up. This article will cover the limitations and risks of traditional passwords and password managers and why passkeys are seen as the future of passwords.
The Rise and Fall of Passwords
From humble beginnings in the early days of computing to now, passwords have played a crucial role in ensuring the security and privacy of our online accounts. In the past, passwords were often simple and easy to guess, reflecting a time when cyber threats were less prevalent. However, the need for stronger passwords grew as technology advanced and hackers became more sophisticated, using methods like brute-force attacks, keylogging, phishing, malware, and more.
These advancements led to stronger password recommendations, including using more characters and a mix of uppercase and lowercase letters, numbers, and symbols. Though recommendations can improve your password strength, when it comes to things like length and composition, your password doesn’t actually matter. Without an extra layer of security, like Multi-Factor Authentication (MFA) or advanced threat detection, your password is still vulnerable to countless password-based attacks every day.
Password security has seen significant developments since the popularization of MFA, an electronic authentication method that requires 2+ pieces of evidence to access an account. MFA has proven to be one of the most effective ways to protect accounts against unauthorized access. In a report released by Microsoft in 2018, they found that MFA can block over 99.9 percent of account compromise attacks.
Despite these improvements, password users are human, and humans are subject to forgetfulness and complacency. Creating and remembering unique and complex passwords for every account is difficult, leading to repeated passwords and weak protection.
Password Managers
Password Managers have been around for decades, with RoboForm being the first released in 2000. A password manager is a digital encrypted vault where users can store passwords securely, and it is one of the safest ways to juggle and store your accounts and passwords. Most password managers will suggest unique and complex passwords when making a new account, which streamlines the process of creating a strong password and reduces the frustration of creating and remembering a new one. Some more features that password managers have are password strength analysis, warnings when you’re reusing passwords, secure sharing, and auto-filling user credentials. Some password managers, like 1Password, have stated their plans in the near future to integrate passkey support into their platforms.
Though password managers are a great way to secure sensitive information, some drawbacks come with it. Having one password to access your password manager means there is a single point of failure if your master password is compromised or there is a breach in the password manager’s security, meaning all your passwords and accounts could be at risk.
It could also be a risk to depend on a password manager entirely. If you rely on it heavily and it suddenly becomes inaccessible due to server issues, software bugs, or other incidents, you could encounter difficulties trying to access your accounts. Additionally, you would have the challenge of remembering your master password, which should be strong and complex.
What is a Passkey?
On May 3rd, 2023, Google announced its launch of the passkey, a passwordless login for their account users to offer advanced protection. A passkey is a digital credential tied to a user account and a website that allows users to access certain accounts with pins or biometric sensors (fingerprints or facial recognition) to free them from remembering and managing passwords. Google states this technology aims to “replace legacy authentication mechanisms such as passwords.” Many companies already use passkeys in their systems, including Google, DocuSign, Robinhood, Shopify, Paypal, Kayak, and more, and it’s not unlikely that many more will follow the trend.
Why should I use passkeys?
Passkeys are easier. Being able to authenticate your identity using your device’s fingerprint sensor, facial recognition, or PIN removes the roadblocks that come with a password manager and individually memorizing passwords. It also leaves less room for human error and vulnerabilities for cybercriminals to uncover, allowing for a simplified sign-up and login process.
Passkeys are more secure. Because passkeys are tied to individual devices, they provide a higher security level than traditional passwords. They’re generated using cryptographic algorithms, making them more complex and resistant to brute-force attacks. Passkeys are also less susceptible to phishing attacks since passkeys are system-generated, not user-entered, and only work on their registered websites and apps, meaning users don’t need to worry about entering their passkeys on fraudulent websites or providing them to malicious actors.
Passkeys integrate easily with MFA. Passkeys can be used as part of a multi-factor authentication (MFA) setup, where multiple authentication factors are combined for stronger security. Using a passkey can fulfill the criteria for multifactor authentication in a single step, combining the strengths of both a password and a one-time password (OTP), such as a 6-digit SMS code, which provides heightened security and offers enhanced protection.
Passkeys: A Promising Future for Password Security
With enhanced strength and resistance to common vulnerabilities, passkeys provide a powerful means of authentication and a promising future for password security. Passkeys enhance the overall security landscape by eliminating the reliance on user-generated passwords and integrating with multi-factor authentication. Their ability to meet multifactor authentication requirements in a single step and their effectiveness against phishing attacks make them an exciting advancement in password protection.
As more companies move toward passkeys and embrace innovative authentication methods, we can look forward to a future where our online accounts and sensitive data are better protected, enabling us to navigate the digital world with greater peace of mind. If you are looking to improve your cybersecurity posture, contact us today. We would love to get in touch with you.
Ask an Expert: History Repeated with Another T-Mobile Data Breach
T-Mobile has been in the headlines often for all the wrong reasons – multiple data breaches that have affected millions of customers. The telecom giant has a history of struggling to keep its users’ information safe. Understandably, these events caused an uproar among customers, and they were quick to demand answers and improved security measures. Keep reading for a look into the history of T-Mobile data breaches, the most recent 2023 T-Mobile Data Breach and how it affected current and prospective customers, and statements from our Director of Cybersecurity.
The Summarized History of T-Mobile’s Data Breaches
Since 2018, nine hacks have been disclosed by T-Mobile, with half being in the last three years. These previous breaches ranged from the following:
2018-2020
August 2018: About 3% of customers (2.3 million) were affected by unauthorized access to personal customer data, including the name, billing zip code, phone number, email address, account number, and account type of users.
November 2019:Less than 1.5% of customers (over a million) were affected by unauthorized access to name, billing address, phone number, account number, rate, plan, and calling features (such as paying for international calls).
March 2020: Unknown amount of customers affected by unauthorized access to names and addresses, phone numbers, account numbers, rate plans, and billing information.
2021-2023
January 2021: Less than 0.2% of customers were affected by unauthorized access to name, phone number, account number, and billing address.
February 2021:Unknown amount of customers were affected with unauthorized access to names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.
August 2021:40 million former or prospective customers affected with unauthorized access to names, date of birth, SSN, and driver’s license/ID information, were compromised. 7.8 million customers were affected by unauthorized access to name, date of birth, SSN, and driver’s license/ID information, as well as 5 million customers affected with unauthorized access to phone numbers, as well as IMEI and IMSI information.
December 2021: “A very small amount of customers” experienced SIM Swap Attacks – meaning a SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.
April 2022:Stolen source code after T-Mobile employees’ credentials were stolen online. No government or customer data were compromised.
January 2023: In November 2022, 37 million customers were affected by unauthorized access to name, billing address, email, and phone number. This breach wasn’t discovered until months later, in January 2023.
Although this list may seem extensive, it doesn’t include other bugs and vulnerabilities discovered at T-Mobile over the years.
2023 T-Mobile Data Breach: T-Mobile’s Response
After the most recent breach earlier this year, T-Mobile wrote in its SEC disclosure that since 2021, they have made a “substantial multi-year investment working with leading external cybersecurity experts to enhance our cybersecurity capabilities and transform our approach to cybersecurity.” They state that they’ve made substantial progress since and backed their statement by pledging $150 million toward enhancing their cybersecurity.
All things considered, we can only hope to see the results and benefits of their cybersecurity improvements, as T-Mobile claims that protecting customer data is their top priority.
Potential Impacts On Current and Prospective T-Mobile Customers
The latest data breach by T-Mobile will likely negatively impact current and prospective customers. As news of the recent breach spreads and more awareness is made about T-Mobile’s long history of breaches, people may have become wary of trusting their personal information with T-Mobile and may take their business elsewhere. It may also cause some customers to question the overall security of T-Mobile’s systems, and as a result, they may choose not to use their services.
It can be challenging to trust a company that has had multiple data breaches in its history. Still, it’s important to remember that T-Mobile has taken immediate action following its numerous breaches. They invested heavily in improved security measures and are now working to enhance their cybersecurity.
Class Action Lawsuit for January 2023 T-Mobile Data Breach
T-Mobile isn’t the first organization to suffer multiple breaches over the years, and it certainly won’t be the last. Though T-Mobile has acted quickly over the years to shut down breaches, address customers’ concerns, and offer settlements. A recent Class-Action Lawsuit was filed against them for the most recent breach announced in January 2023 breach. The lawsuit states, “T-Mobile failed to exercise “reasonable care” in safeguarding the private information of millions of consumers from a data breach announced around January 20, 2023.” Learn more about the class action lawsuit here.
The Future of T-Mobile After Its Numerous Data Breaches
The 2023 T-Mobile data breach and the prior breaches have been unfortunate events that left many of its customers feeling violated over the years. Though events like these are unprecedented, it becomes a bit concerning when they repeatedly occur to a company of this size. Since its most significant breach in 2021, T-Mobile has announced its efforts to enhance cybersecurity by pledging $150 million toward the cause and working with leading cybersecurity experts to transform its approach to cybersecurity. We have seen quick responses after past breaches and hope to see improvement in the future.
Ask An Expert: FAQ with Edge Networks’ Director of Cybersecurity
What are the most common causes of data breaches?
This is a great question; I believe that the most common causes of data breaches are misconfigurations and human error. Specifically, ensuring that MFA is enabled, and if not, that is considered misconfiguration. An example of human error would be to accept a request asking for approval to allow login if it is not actually you requesting the access.
T-Mobile has disclosed nine hacks since 2018. Why does it keep happening?
Very tough to say. T-Mobile is a national carrier with a lot of information, which makes its organization a desirable target. Cybersecurity is not one-size-fits-all. The best an organization can do is ensure they’re following a well-established security framework and aligning themselves with it.
Should I switch providers if my current one has suffered a data breach?
Honestly, one would probably run out of options if you tried that. A lot of organizations have been breached. I personally do not believe you have to switch providers. However, I also do not believe an organization is more secure after a breach than before.
How can I determine if a company is trustworthy and will handle my data safely?
This is a most excellent question! Ask the company if they have a SOC2 type 2 report that they can share. If they don’t, and the data you plan on having them work with is critical, you might consider walking away. If more consumers asked businesses for this information, they would work towards achieving a higher cybersecurity posture.
How can organizations protect themselves from data breaches?
Treating cybersecurity investments as if they were the paper your organization needed to operate. Cybersecurity should never be an afterthought, and organizations need to prepare and budget.
Establish a security framework, and work towards “checking” all the boxes.
Ensure that you have security awareness training for all
Setup Multi-Factor Authentication (MFA)
Work with partners that can help secure and align your business
How should organizations respond after a data breach?
All organizations should be 100% TRANSPARENT. Many laws are coming down the pipeline for organizations. In fact, a few states that already have stronger notification laws in place, such as California. It’s not unrealistic to believe several others will be following their lead. Work on the plan that was hopefully implemented before the breach occurred.
Conclusion
For many people, the latest T-Mobile data breach has left them concerned and vulnerable. If you have any questions or concerns, feel free to contact us. We’d love to chat with you!
On Wednesday, August 17th, 2022, Apple released two security reports revealing significant vulnerabilities that give hackers complete access to certain devices, such as iPhones, iPads, and Macs.
We highly recommend you update your devices regularly to ensure the safety of your data and devices, and prioritize your organization’s cybersecurity.
“It’s important that companies have a patch management program to help them when zero days such as these come out,” shares Dan Pritzlaff, Director of Cybersecurity at Edge Networks. “Apple did state that these vulnerabilities were being actively exploited, which makes them higher priority than your typical patch.”
What are the vulnerabilities?
The security reports highlight the two vulnerabilities found: WebKit, the browser engine that powers Safari, Mail, App Store, and other apps, and Kernel, which is the core of the device’s operating system. In short, these vulnerabilities give hackers the ability to execute any code and run any software as if they are you – the owner of the device.
Which devices are at risk?
Affected devices include:
iPhone 6S and later models
iPad including 5th generation and later
All iPad Pro models
iPad Air 2
Mac computers running macOS Monterey
Some iPod models (such as iPod Touch 7th Generation)
However, some models not listed may be at risk as well.
Has anyone been affected by the vulnerabilities?
So far, there have been no confirmed reports where these vulnerabilities have been used against people or devices, and Apple has made no additional statements on the issue apart from the initial security reports.
How to Update Your Apple Devices after the August 2022 Security Reports
To update your iPhone, iPad, or iPod, go to “Settings”, “General”, “Software Update”, where it should show you the latest version (iOS 15.6.1) to download and install.
To update your Mac computer, go to “System Preferences” then “Software Update” to download and install the latest version (macOS Monterey 12.5.1).
If your Mac is running on an older operating system such as macOS Catalina or Big Sur, your device is not at risk. However, updating your devices regularly are still highly recommended.
Remember to Update Your Software Regularly
To ensure you always have the latest security updates, turn on Automatic Updates in your device’s General Settings. Learn more about how software updates can increase your cybersecurity below.
We highly recommend you update your devices regularly to ensure the safety of your data and devices.
Software updates are just one of the many facets of keeping your company safe from cyber-attacks. To learn more about the health of your business’s cybersecurity, take our free, self-guided IT security risk assessment today, or contact us for a free 30-minute consultation.
Since 2006, Edge Networks has been providing all-things IT to our clients in order to help them be more productive and profitable. Our focus on making our clients happy has caught the attention of Clutch.co. Recently, they recognized Edge Networks as one of the top B2B companies in Washington and the #1 Cybersecurity and IT firm!
The Edge Networks team is happy to be receiving a Clutch Award. Edge Networks Founder and CEO, Mark Tishenko says: “I’m extremely proud of our team for delivering happiness to our customers, who in turn helped us earn this amazing award.”
Clutch is a B2B site that rates and reviews agencies across a variety of industries in the United States. The team helps connect businesses with the best suited service provider to solve their firm’s challenges. Based on their unique method, they rank hundreds of companies by evaluating their client feedback, market presence, and work portfolio. OurClutch profileis #1 in their Leaders Matrix out of the top 15 Portland IT and business service providers.
Our success is not limited to Clutch. Rather, it extends to their sister sites: Visual Objects and The Manifest. Visual Objects publishes thecreative and visual workof B2B companies so that prospective clients may view previous projects. Similarly, The Manifest aids potential buyers by sharing how-to guides and industry reports. Like Clutch, we areranked on The Manifestwith other leading B2B agencies.
Additionally, this year, Expertise.com listed Edge Networks among the Best Managed IT Service Providers in Vancouver.
All the teammates at Edge Networks are happy to receive this recognition. We would like to thank our clients for taking the time to thoroughly review our services with the team at Clutch, and we look forward to the future as we continue to help our clients optimize their IT capabilities!
Want to work happy?Let us know. When you work with Edge, you have a cavalry of award-winning IT professionals behind you that’s dedicated to solving issues fast and recommending the right solution.