Blog | Legion Cyberworks

2025-02-132025-02-13Blog, Cyber Threat Spotlight

Spear Phishing: When Attacks Become Personal

In today’s digital landscape, cybersecurity threats are becoming increasingly sophisticated and targeted. For example, a client of ours experienced a spear phishing attack where an employee was targeted by a cybercriminal who tried to get her to run a malicious executable disguised as a Zoom updater. Fortunately, the cybersecurity controls and restrictions in place on her laptop did not allow her to execute the malware. Had these not been in […]

2025-01-242025-01-24Blog, Risk Management

Why Full Disk Encryption is a Critical Security Control for Laptops

In today’s digital age, laptops have become indispensable tools for business productivity. However, they also pose significant risks to data security, especially when they leave the office and enter the unpredictable world outside. Whether traveling for business, working remotely, or simply commuting, laptops are highly vulnerable to theft or loss. This is where full disk encryption (FDE) comes into play as a critical security control. What is Full Disk Encryption? […]

2025-01-082025-01-23Blog

New HIPAA Proposal for 2025

Since its enactment in 1996, HIPAA compliance has been a top priority for healthcare industry leaders, with the primary goal of protecting patient information. In 2005, these regulations were expanded with the introduction of the Security Standards for the Protection of Electronic Protected Health Information, also known as the “Security Rule.” This set of standards was designed to safeguard electronically stored patient data, with the last update occurring in 2013. […]

2024-10-302024-10-30Blog

The Rise of Identity-Related Cyber Threats: The Need for Broad and Proactive Security

Understanding the Threat In today’s threat landscape, monitoring account activity is essential to prevent catastrophic cyber incidents. Identity-related cyber threats, such as Business Email Compromise (BEC) and Account Takeover (ATO), are on the rise, exposing sensitive information and disrupting operations. These attacks often leverage network access points like VPNs, further expanding an adversary’s reach and the potential impact on your business. To illustrate the stakes, consider a recent ransomware attack […]

2024-10-302024-10-30Blog

What is Identity Threat Detection and Response (ITDR) and Why is it Important for Your Business?

Detect and Prevent Identity Based Attacks In an era where cyber threats are becoming increasingly sophisticated, securing your business’s digital identity is more critical than ever. Attackers target credentials and accounts, exploiting them to breach networks, steal sensitive data, and disrupt operations. This is where Identity Threat Detection and Response (ITDR) steps in as a vital cybersecurity strategy. What is ITDR? ITDR focuses on detecting, responding to, and preventing identity-based […]

2024-10-152024-10-15Blog

2024 Cyber Survival Kit

Cyber Survival Kit: Protecting Your Business Through Prevention, Detection, and Response In today’s evolving cyber threat landscape, preparation is not just an option—it’s a critical business need. Without a proper plan, businesses put themselves at risk for all manner of cyberattacks, including ransomware, insider threats, and more. But what makes up a proper plan? There are three pillars that all businesses must look to when designing their cybersecurity strategies. Namely, […]

2024-09-092024-09-11Blog, Risk Management

Assumed Breach Exercise: Verify Your Security Program

In today’s rapidly evolving cyber threat landscape, even organizations with mature security programs can’t afford to implicitly trust that their security controls are functioning as designed, or that they have all their blind spots covered. Traditional security measures, while crucial, are no longer sufficient on their own. This is where assumed breach exercises come into play—an advanced approach to testing and enhancing your organization’s cybersecurity posture. What Are Assumed Breach […]

2024-05-232024-05-23Blog, Risk Management

Prevent Breaches With Continuous Pentesting

In the rapidly evolving landscape of cybersecurity, the traditional methods of securing networks and systems are increasingly proving inadequate. The stakes are high: a single breach can cost a company millions of dollars, not to mention the potential damage to its reputation and customer trust. Enter NodeZero from Horizon3.ai—an autonomous continuous pentesting platform that promises to revolutionize how we defend against cyber threats. In this blog post, we’ll explore what […]

2024-01-262024-01-26Blog, Risk Management

Secure Your Web APIs

Safeguard Your APIs with Legion Cyberworks Penetration Testing Services The recent revelation that a seemingly innocuous Trello API function exposed 15 million email addresses underscores a critical reality: in today’s hyper-connected world, APIs have become prime targets for malicious actors, necessitating robust and proactive security measures. While APIs offer unparalleled functionality and connectivity, their inherent accessibility also creates a vast risk landscape if not secured with rigorous AppSec protocols. Imagine […]

2023-10-092023-10-09Blog, Risk Management

Unlocking Business Success: The Benefits of Penetration Testing

In today’s digital age, cybersecurity is paramount for businesses of all sizes. As cyber threats continue to evolve, organizations must take proactive measures to safeguard their sensitive data, reputation, and bottom line. One invaluable tool in the cybersecurity arsenal is penetration testing. This article will delve into the benefits of penetration testing for businesses. What is Penetration Testing? Penetration testing, often referred to as ethical hacking, involves simulated attacks on […]