All Blog Posts
Most Recent
ICS and OT Systems are Becoming More Frequent Cyber Attack Targets
The term “cyber attack” brings ransomware and stolen data to mind, but today there’s a quieter yet equally devastating war being waged against industrial control systems (ICS) and
Identity-Focused Attacks Are a Trend—Here’s How They Work and What To Do About Them
In today’s digital landscape, a single set of valid employee credentials can be all an attacker needs to infiltrate an organization, navigate through its systems, escalate their access,
Cybersecurity Awareness Month 2024 Provides Four Simple Steps to Secure Our World
In today’s technology-driven world, Cybersecurity Awareness Month serves as an important reminder of the proactive steps we can all take to safeguard ourselves, our families, and our businesses
Uncovering Hidden Threats: The Crucial Role of Penetration Testing in Cybersecurity
In the digital age, where data breaches and cyberattacks are increasingly common, safeguarding your organization’s digital assets isn’t just an option—it’s a necessity. While many businesses implement basic
Plurilock Critical Services Mobilizes Rapidly—and This Transforms Outcomes
Cyber threats are evolving faster than ever. From sophisticated ransomware attacks to state-sponsored espionage, the speed at which an organization can respond to risks and threats often determines
How Many Vendors Are Represented In Your Environments?
Our Critical Services team routinely encounters environments populated by multiple products from multiple vendors and multiple VARs or suppliers. In some cases, we encounter networks built with equipment
Plurilock AI is a Quadrant Gold Medalist for the Fifth Year Running
Don’t look now, but Plurilock AI has been named a quadrant gold medalist for the fifth year running by Info-Tech and SoftwareReviews.com. Products from lumbering technology industry behemoths
Plurilock Critical Services Delivers the Capabilities You Need in a World of Increasing Risk
Data and security breaches. Regional warfare. Natural disasters. Pandemics and social crises. Supply chain instability and opacity. These are challenging times in technology. The rates of just about
Pairing World-class Services with a World-class VAR Gives Plurilock—and You—Key Advantages
At Plurilock we’re both a consultant and services provider (through our Plurilock Critical Services unit) and a large technology reseller with millions and millions of SKUs on file
How GDPR, CCPA, HIPAA, and Other Data Privacy Standards Safeguard Our Digital Lives
In the digital age, our lives are more connected than ever. We shop online, communicate through social media, store personal photos in the cloud, and use countless apps
Fortifying Education: A Guide to Cybersecurity Resources for K-12 Schools
In the rapidly evolving landscape of digital education, the role of cybersecurity in K-12 schools cannot be overstated. As educational institutions increasingly rely on technology to facilitate learning,
Bridging the Gap: The Challenge of Finding Cybersecurity Allies in the Midst of Crisis
In an era dominated by technological advancements, our dependence on digital infrastructure has never been more pronounced. However, with this increased reliance comes an elevated risk of cybersecurity
No, Cybersecurity Isn’t Beyond the Reach of Small Businesses and Organizations
If you’re a small business, a small organization of any kind, or an organization that lives at something of a remove from Wall Street and the hi-tech economy,
A Call for Responsible Governance of AI Use
In the dynamic realm of artificial intelligence (AI), organizations find themselves at a pivotal juncture, tasked with finding a way to balance innovation and accountability. AI’s transformative capabilities
Learning Technology in K-12 Schools Poses Unique Cybersecurity Challenges
Learning technology in K-12 schools poses unique cybersecurity challenges that aren’t often considered by the broader cybersecurity industry. Chrome OS is incredibly important in education, yet the industry
The Unparalleled Security Dance: YubiKey and Plurilock AI Cloud
At Plurilock, we understand the paramount importance of cloud security, and our mission since the beginning has been to pioneer innovative and agile solutions for enterprises worldwide. Plurilock
Empowering Insurance: The Role of Generative AI and AI Guardrails
In recent years, the insurance industry has undergone a transformative journey, leveraging cutting-edge technologies to enhance efficiency, accuracy, and customer experience. Among these technologies, generative artificial intelligence (AI)
Lithium and Cobalt Supplies Are Among the Cybersecurity Battlegrounds Emerging due to Electrification
“Electrification” is one way to describe the fact that more things in the real world than ever before are now computing systems under the hood. Decades ago, the
How Digital Fatigue Turns Employees into Cyber Risks
In an era dominated by digital communication and information overload, the modern workplace is grappling with a silent adversary—digital fatigue. A recent study by CybSafe has uncovered alarming
How to Navigate the Generative AI Frontier—and Ensure AI Safety and Security in Your Business
In an era where innovation and technology are at the forefront of business operations, the integration of generative AI has become a game-changer for countless industries. Companies are
Social Engineering Attacks in Today’s World: A Looming Threat to Organizations
In today’s interconnected world, the threats that organizations face are evolving at an unprecedented pace. While cyberattacks and data breaches have long been a concern, a more insidious
Password Managers Don’t Replace SSO, and This is Why
We’ve been stuck with username-password identity for decades, and in 2023 everyone knows a few truisms about them: Users tend to pick relatively insecure passwords by default. When
Alert Fatigue Remains a Problem—and Needs a Different Class of Solutions
The average cost of a data breach in 2022 reached a record $3.86 million, yet the average time to identify and contain a breach was 277 days. How
Cybersecurity’s Women are Breaking Barriers, Leading the Way—But We Need More of Them
In today’s interconnected world, where cyber threats are on the rise, the need for skilled professionals in the field of cybersecurity has never been greater. Historically, this industry
“Shadow AI” Is Becoming a Problem in IT, and It’s Going to Get Worse
Generative AI has seen explosive growth in popularity this year. Platforms like ChatGPT and Bard are quickly becoming go-to tools for everyday work—at the same time that they
Announcing Early Access Program Availability of Plurilock AI PromptGuard
The first half of 2023 has seen explosive growth in AI adoption. Employees across every sector of the economy are finding ways to use platforms like ChatGPT to
AI Means Companies are Leaking More Confidential Data Than Ever Before
Once a matter of science fiction, artificial intelligence (AI) has now been seamlessly integrated into our lives. Open your phone with facial recognition? AI. Use Google search? AI.
Cyberattacks are Increasing in This Surprising Sector
When I mention the terms “ransomware attack” or “data breach,” what’s the first sector or business you think of? Most likely your answer was a corporation like Toyota,
2022
Who is Lapsus$?
Who is Lapsus$? After claiming responsibility for high-profile attacks on major corporations like Microsoft, Okta, Samsung, Ubisoft, and NVIDIA at the beginning of 2022, the LAPSUS$ group made
Cybersecurity Positions and the Need To Think Differently
Introduction In the 1993 film Rookie of the Year, coach Larry Fisher, thinking differently while fighting to save his club from the ignominy of a declining fan following,
Behavioral Biometrics and Passive Identity Authentication in Support of Zero Trust Architecture
A zero-trust security architecture has a minimized threat surface and more control over authentication and user access. It is a reliable security approach for countering unauthorized access by
Behavioral Biometric Systems: Privacy-Friendly, Less Risky, More Compliant, and More Secure
Many organizations today depend on digital services and data to run daily operations and ensuring the privacy of critical data and information systems is now a key part
Zero Trust, the Workplace, and Post-COVID: 5 Questions Answered
Zero trust. Those two words are gaining ground as businesses continue to weather the pandemic. COVID-19’s sudden impact in 2020 tested organizations’ ability to adapt almost literally overnight,
U.S. Government Announces Zero Trust Requirement for Federal Agencies
On the heels of a White House memo published in mid-January, the Office of Management and Budget (OMB) has issued its second memo on cybersecurity in 2022, announcing
Biden’s Memo Calls for Cybersecurity Improvements for National Security
Weeks into 2022, following a record-breaking year of more than 1,200 cyber attacks, President Biden’s White House has issued a memo calling for U.S. federal agencies to prioritize
2021
Cybersecurity Year in Review: Big Breaches, Ransomware & Zero Trust
In recent years there has been a significant increase in the number of cyber attacks, and 2021 was no different. According to the Identity Theft Resource Center (ITRC),
Cybersecurity Awareness Month and the Need for a Zero Trust Architecture
While we at Plurilock™ know that cybersecurity is a year-round effort, October marks the 18th annual Cybersecurity Awareness Month, bringing awareness of the industry and its importance in
Zero Trust and Privileged Access Management: NIST 800-207
Zero trust has been a long-known concept within the cybersecurity industry but has not, until recently, trickled out into the larger vernacular. Following several high-profile breaches like Colonial
The Existing Authentication Paradigm is Failing Us
The headlines make clear what many in the industry have long known to be true – cyberattacks are on the rise and traditional authentication tools, like passwords, are
Biden’s Executive Order on Cybersecurity Is a Needed Response to Growing Cyber Threats
Over the last year, we’ve seen a series of dramatic cyber-attacks on U.S. soil. Just three of these paint a picture of increasing risk and increasing consequences: The
Plurilock™ Enables Critical Systems to Both Restrict and Guarantee Access at the Same Time, Seamlessly
Critical systems are a tricky problem in most organizations. They're not just critical because bad things will happen if they go down—they're also critical because they're central to
How Identity-as-a-Signal is the Secret to Protecting Against Credential Compromise
When malicious actors get administrator access in an Active Directory (AD) environment, illicit activity can be extraordinarily difficult to detect or prevent. Earlier this month, Plurilock™ Solutions Architect
When Stolen Credentials are $7,100 a Set, You Need Behavioral Biometrics
The Register recently reported that initial access brokers are doing a brisk business following the work-from-home push of 2020. Among the items that they note are: Stolen credentials
With Behavioral Biometrics, IAM Meets DFIR
Modern DFIR practices and processes bring a whole slew of systems, data sources, and types of expertise to bear in seeking to detect, address, and understand security incidents.
Identity in Cybersecurity Ep. 9 — Reducing the Noise
How do you prevent juggling thirty disparate security tools? Do you find it hard to correlate relationships between massive amounts of information and events happening in your network?
2020
Identity in Cybersecurity Ep. 8 — The Visibility Issue
How do you source cybersecurity talent? Which skills or certifications actually make the best hires? In this episode, Plurilock™ CEO Ian L.Paterson talks with Larry Whiteside Jr, Co-Founder
Introducing Our Q4’20 Release—With Scalability, Proxy, and Support Enhancements
Over the second half of 2020, we've been privileged to have received a good deal of valuable feedback from our clients—and our development team has been hard at
Eight Security Capabilities Enabled by a Continuous Identity Signal
As a continuous identity solution, Plurilock DEFEND™ is able to provide a real-time signal that confirms the identity of the user working at a computer all day long,
As SSO Becomes Standard, A New Best Practice is Needed
Single sign-on (SSO) and identity-as-a-service (IDaaS) platforms are rapidly becoming standard tools across the business world—and with good reason. As companies use a wider and wider variety of
Identity in Cybersecurity Ep. 7 — Pushing Security to the Edges
How should organizations be thinking about identity and access management today? In this episode, Plurilock™ CEO Ian L.Paterson talks with Andre Boysen, chief identity officer at SecureKey, about
Identity-as-a-signal Will Rewrite the Rules in Identity and Access Management
CISOs today are scrambling to cope with a multiplying universe of systems and access management scenarios. The typical enterprise hosts workstations, internal resources, SaaS applications, legacy systems, command
Identity in Cybersecurity Ep. 6 — Through a Holistic Lens
How do you adequately authenticate a person, device, or organization? In this episode, Plurilock™ CEO Ian L.Paterson talks with Joni Brennan, President of DIACC, about the field of
Unlike Behavioral or Biometric Authentication, Behavioral Biometrics Is Privacy-friendly
In recent years, both biometric authentication and behavioral authentication have increased in popularity as advances in technology have made them accessible for commodity deployment. Companies often prefer them
Identity in Cybersecurity Ep. 5 — Getting Your Arms Around the Root of the Problem
What happens when organizations don’t have identity management practices and systems in place, and what can be done to solve the problems that result? In this episode, Plurilock™
It’s 2020 and Passwords Should No Longer Be a Problem
Fifteen years ago, password policies started to look something like this: At least ten characters. At least one capital letter, one number, one punctuation mark. Changed every four
Announcing Our Summer ’20 Release of ADAPT— Now with SAML and OpenID Connect
Plurilock™ released ADAPT, our invisible login MFA product, in early 2019. Based on the same science that lies behind our DEFEND continuous authentication solution, ADAPT was designed to
Identity in Cybersecurity Ep. 4 — Seeing the Big Picture
As a cybersecurity professional, how do you balance privacy and transparency? How about equality and diversity? Security and usability? How far do you go in preventing that proverbial
Especially During COVID, MFA Remains a Challenge to Deploy
By now, the stat is well known. At RSA, Microsoft reported that 99.9% of credential-driven data breaches involve accounts that weren’t protected by MFA. That’s a powerful stat—the
Why Most “Passwordless” Authentication Solutions Aren’t Actually Passwordless
Authentication is already a modern necessity, and passwordless authentication is fast becoming one. Let's take a moment to review why, in the broadest possible strokes: Computing and the
Give This WFH Security Hygiene Checklist to Your Employees
This year an unprecedented proportion of the world's workforces have transitioned to full-time remote work, a shift dictated by facts on the ground rather than by careful planning.
Identity in Cybersecurity Ep. 3 — The Never-ending Chain
What are we missing in the bigger cybersecurity picture—beyond the systems, technologies, best practices, and zero-day exploits that occupy so much of our time? In this episode, Plurilock™
Identity in Cybersecurity Ep. 2 — Follow the Data
How is our understanding of cybersecurity changing as technology becomes more central to society? What do these changes mean for organizations that aren’t large enterprises? What’s a V-CISO,
Here’s How to Secure Your Organization in the Unexpected Work-from-home Era
How is your office holding up to the new work-from-home reality? If yours is like most other offices right now, a large assortment of people that have never
Identity in Cybersecurity Ep. 1 — Walking the Security and Convenience Tightrope
How have the threats in cybersecurity changed over time? How secure is data access today compared to 10 years ago? Are different strategies required for cybersecurity in government
These Four Stories Show Why YubiKey Shouldn’t Be Your First—or Only—MFA Solution
A key part of our business at Plurilock™ involves helping companies to move beyond the multi-factor authentication infrastructure that they already have—and that they are often not yet
Banks and Financials Are at an MFA Crossroads, and $5.2 Trillion Is at Stake
Accenture says that over $5.2 trillion in value will be lost in the financial services sector over the next five years due to cybercrime. Meanwhile, banks, capital market
Princeton Study Shows SMS Authentication Flows Are Just as Vulnerable as We Said They Were
Not a lot has changed since our post last year about the dangers of using SMS in two-factor authentication (2FA) and multi-factor (MFA) login flows. Companies and organizations
2019
Canadian Medical Company LifeLabs Gets Hacked—and There Are Lessons in It for Everyone
Earlier this month, LifeLabs—a medical testing laboratory used by millions of patients and their physicians—announced that it had become the target of a serious cyberattack. In the attack,
CCPA is Coming, and Your Authentication Practices Matter
The California Consumer Privacy Act, enacted in 2018, goes into effect on January 1st, 2020—and imposes the strictest requirements in North America for the way in which companies handle
Non-repudiation is Becoming Important in Cybersecurity—But Choose a Strong Solution
Internal actors are implicated in more than a third of recent data breaches. If you're an IT or security professional in the corporate world, that's an alarming statistic.
Many Continuous Authentication Solutions Aren’t What They Claim to Be
As "zero trust" picks up cybersecurity steam, more and more companies are considering continuous authentication solutions. This trend will likely accelerate now that NIST 800-207 has essentially outlined
If You’re Pursuing Robotic Process Automation, You May Need Behavioral Biometrics
Robotic Process Automation (RPA) is taking enterprise computing by storm. As something like a cross between machine learning and old fashioned macros or scripts, RPA bots automate complex,
NIST’s Draft Zero Trust Standard Calls for Continuous Authentication
Zero trust is rapidly becoming a cybersecurity best practice, and to buttress this point, the US National Institute for Standards and Technology (NIST) has now released draft NIST
Yes, There Is a Phishing Solution That Doesn’t Make Logins Hard
Phishing has been with us for many years now—almost as long as the problem of email SPAM itself. Of course, phishing is a bigger concern than SPAM for
Massive Breach Shows That Not All Biometric Technologies Are Equal
The security web is abuzz with details about another massive breach. This time, 27 million data records stored in Suprema, Inc.’s Biostar 2 access control system—including a million
Two-Step Authentication is Not Two-Factor Authentication
Your team, your regulators, your clients, and the cybersecurity pundit class have all been telling you for some time now that in today’s world, either two-factor authentication (2FA)
Why Plurilock™ Products Are a Step Ahead of Competing Solutions
Behavioral biometrics is enjoying something of a boom over the last year or two. Analysts now predict a large role for behavioral biometric solutions in cybersecurity in coming
What Plurilock’s Defense Contracts Reveal About Authentication Today
Plurilock has just been awarded another government contract to develop new cybersecurity capabilities, this time for Canada’s Department of National Defence. Like some of our previous contracts with
Zero Trust Means Zero Trust, Not “Trust All Recognized Users”
Lost in the shuffle of the "zero trust" marketing melee over the last several years is the very basic idea that nobody should be trusted. Nobody. Yes, many
Your “Zero Trust” Company May Be More Trusting Than You Imagine
What do you do when the corporate breach rate skyrockets? You lock things down. More and more tightly. Thus we arrive at "zero trust," a catchphrase that's been
If You’re Not Using MFA, You’re Not Complying with Educational Data Protections
Health data and financial data are often at the center of data security discussions. Often forgotten but no less important in this discussion is educational data generated by
Podcast: Bank Attacks Put Password Insecurity Back in the Spotlight
Plurilock™ CEO Ian Paterson recently appeared on The Security Ledger podcast, Episode 145, to talk about the future of passwords and multi-factor authentication. Starting at 22:08 in the
HIPAA and PIPEDA are More Strict About Authentication Than You Realize
Healthcare providers and related companies in the United States and Canada are required to comply with the Health Insurance Portability and Accountability Act (HIPAA, US) or the Personal
You Need Advanced Authentication for These Seven Good Reasons
There is always a sneaky temptation to avoid fiddling with production systems. The applications are up? The users are logging in okay and working? Then nothing needs to
Know Which MFA Technologies to Avoid—and Which to Embrace
If you don’t yet use multi-factor authentication at your organization, chances are you’re actively looking to implement it—and finding that choosing between MFA solutions can be a frustrating
Bad Authentication UX is Becoming Obsolete
UX, short for “User eXperience,” is one of the great keys to productivity in the computing age. Why? Because the “experience” that users have while going about their
Invisible Authentication Solves MFA’s Many Privacy Problems
Privacy is now front and center in technology. Facebook, Apple, Huawei, Google, you name the brand and they’re appearing in one way or another in stories related to
Podcast: Behavioral Biometrics and Cybersecurity, Past and Present
Plurilock™ CEO Ian Paterson recently appeared with host Dave Bittner on the well-known CyberWire Daily Podcast, Episode 721, to talk about cybersecurity and behavioral biometrics, past and present.
Podcast: What is Multi-factor Authentication?
Plurilock™ CEO Ian Paterson recently chatted about multi-factor authentication with Tom Eston from The Shared Security Podcast, in Episode 58. Starting at 2:14 in the podcast, they discuss
Embrace Device-free Authentication, But Do It the Right Way
Authentication is frustrating for today’s users. Another notification. Another multi-digit code to type in. Another occasion to reach for the mobile phone—just a minute or two after the
Your Insecure SMS Auth Flow is Not an MFA Solution
Decades ago, Short Messaging Service (SMS) changed the world—by being a convenient, barrier-free, omnipresent, and desperately easy way for end users to chat about kids, pets, and shopping.
Continuous Authentication Must Eventually Supersede Passwords and Legacy MFA
Passwords were first used in the 1960s by early computer users that were largely academics and specialists. There weren’t nearly as many sets of account credentials to remember
Here are Plurilock’s 2019 Authentication Guidelines
Authentication has become a fraught topic. As many as 81 percent of all breaches result from weak or stolen authentication credentials. So—fix authentication and we’ll fix a huge
2018
Cybersecurity Awareness Month: Cybersecurity, Work, and the Future
October is Cybersecurity Awareness Month, and depending on whether you’re in the United States or Canada, any of the following may be the themes for weeks two and
Cybersecurity Awareness Month: Cybersecurity at Home
October is Cybersecurity Awareness Month, and the theme for this week is “Make Your Home a Haven for Online Security.” Now at Plurilock™ we primarily serve companies, government
Plurilock Awarded $200K by US Department of Homeland Security to Improve Smart Device Security
Originally posted on Cision PR Newswire VICTORIA, British Columbia, Aug 2, 2018 DHS Investment will Fund Development of Real-time ‘Machine Biometrics’ Solution to Protect Non-Person Entities Against Cyber
Plurilock Launches New Global Channel Partner Program for its Invisible Identity Assurance Cybersecurity Solution
Originally posted on Cision PR Newswire VICTORIA, British Columbia, July 12, 2018 Plurilock Security Solutions (“Plurilock”), a provider of behavioral biometrics cybersecurity, today announced the launch of its
Plurilock Partners With Carahsoft to Bring Continuous Identity Assurance to Federal Agencies
Originally posted on Cision PR Newswire VICTORIA, British Columbia and RESTON, Va., June 19, 2018 Plurilock Security Solutions and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider™,
Why Proof of Presence is Critical for Cybersecurity in 2018
THE NEEDLES IN THE HAYSTACK Cybersecurity professionals face an ever-greater number of challenges in today’s landscape. As solutions and technology advance, threat actors keep pace. In fact, according
