VikingCloud

ShinyHunters breached Canvas during finals week. Ransom notes appeared on the homepages of Harvard, Princeton, Columbia, Georgetown, and other universities and school districts across the country. Canvas serves more than 30 million users at 8,000+ institutions, many of them mid-exam right now. The timing was the point. Hit students at peak pressure, and you maximize the squeeze on the vendor to pay. Ransomware-as-a-service is putting that kind of strategic, timed campaign within reach of more attackers than ever. VikingCloud's 2025 Cyber Threat Landscape Report found 46% of cybersecurity leaders feel least prepared for ransomware, nearly double the 28% the year before. Canvas is what that gap looks like when it gets exploited. When one critical vendor goes down, every institution that depends on it goes down with it. Read more in CNN: cnn.it/4tCHGhg. #Cybersecurity #Ransomware #ThirdPartyRisk #CyberThreats

Haven't caught VikingCloud's new podcast, "Business Uninterrupted" yet? Here's your reminder. Check out episode 1 in which Jon Marler, CISSP, CEH, Director of Product Management and Cybersecurity Evangelist at VikingCloud, tackles the most uncomfortable truth in security right now: your controls aren't failing. The spaces between them are. Watch the full episode: bit.ly/3QWzFGf. #Cybersecurity #Quishing #AIinCybersecurity #CyberRisk #BusinessUninterrupted

The HIPAA Security Rule is getting its first major overhaul in over a decade. The new approach won't accept intent. It will demand evidence. For healthcare CISOs, that shifts what compliance looks like going forward. Documentation alone won't pass an audit. Continuous proof will. VikingCloud's Fayyaz Makhani, Global Security Architect, breaks down what's coming, what's required, and where to focus first. Read the full analysis: bit.ly/3ORAMGJ. #HIPAA #HealthcareSecurity #Compliance #Cybersecurity

Welcome to "Cyber Myths", a series by VikingCloud. 🔍 In this episode, we’re tackling another dangerous assumption: “If data is in the cloud, it's automatically secure.” The truth? Just because you use a cloud provider, it doesn't mean your data is fully protected by default. #Cybersecurity #CyberMyths #CyberRisk #Ransomware

Here's a question worth sitting with: How much of your PCI compliance spend is actually buying you security and how much is just managing the friction between vendors? For most multi-location operators, the honest answer is uncomfortable. When compliance is pieced together rather than purpose-built, the inefficiencies compound quietly. Schedules don't align. Scopes don't match. Findings sit in limbo while accountability gets passed around. And the longer it runs that way, the harder it is to unpick. We've put together a white paper that maps exactly how this happens, and what organizations that have simplified their compliance programs actually did differently. Watch the video, then download the white paper through the link in the comments. It might reframe a cost you thought was fixed. #PCICompliance #PCIDSS #ManagedSecurity #Cybersecurity #RiskManagement #MultiLocation

A data breach doesn't always start with a hacker. Sometimes it starts with a trusted partner. A de-identified dataset covering 500,000 UK Biobank volunteers was listed for sale on Alibaba after researchers at three authorized institutions accessed the data. UK Biobank called it a clear breach of its data use contracts and revoked their access. When oversight stops at the contract, organizations are left exposed to risks they didn't create and can't see coming. Read more in Bloomberg: bloom.bg/4wb457N. #CyberSecurity #ThirdPartyRisk #DataBreach #RiskManagement

There's a version of firewall management that doesn't involve your team spending their best hours on configuration issues, patch backlogs, and after-hours alerts. Are you familiar with managed firewall services? It's less about outsourcing a task and more about evolving how your security program operates. When it's done right, it changes your approach entirely. Watch the video to see how a managed approach changes the picture. #Cybersecurity #ManagedSecurity #FirewallManagement #NetworkSecurity #CISO #ITLeadership

"That doesn't necessarily mean that just because you verified the identity that you have trusted intent." ☁️ Jon Marler, CISSP, CEH and Whitney Ruggles sit down and discuss the one belief that CISOs are holding onto that no longer reflects how attacks actually happen. Watch the full episode: bit.ly/4tD87nN. We're curious, what's the one belief YOU see CISOs holding onto that no longer reflects how attacks actually happen? Drop your thoughts in the comments. #Cybersecurity #AIinCybersecurity #CyberRisk #BusinessUninterrupted #CISO

ICYMI! 🚨 In this episode, we're busting one of the most common misconceptions in cybersecurity: "Ransomware only targets big companies." Watch the full episode: bit.ly/3QR5wIl #Cybersecurity #CyberMyths #Ransomware

You can harden your own stack and still get breached through a vendor you authorized. That's the lesson from the recent incident at Rockstar Games. ShinyHunters didn't hit Rockstar directly. They compromised Anodot, a third-party SaaS monitoring tool, extracted authentication tokens, and pivoted into Rockstar's Snowflake environment. No exploit. Just stolen trust. The fallout: 78.6 million records, 2.4 million support tickets, and eight years of internal KPIs now on a dark web leak site. VikingCloud's 2025 Cyber Threat Landscape Report found 59% of businesses suffered a successful cyberattack last year. This is one reason why. The modern attack surface includes every vendor and SaaS integration you've authorized, not just your own stack. Rockstar's perimeter held. The third-party ecosystem didn't. For most enterprises running a modern cloud stack, that's the harder problem to solve. Read more from the BBC: bbc.in/4cHw7in. #CyberSecurity #SupplyChainRisk or #ThirdPartyRisk

Ethical Hacker and Adaptive Problem Solver. According to Howell King Jr., most breaches start with overlooked vulnerabilities, misconfigurations, or simple human error. That’s why Howell’s work focuses on uncovering those gaps through offensive security assessments, hands-on web and network testing, and efficient automation. Before attackers do. Get to know Howel: bit.ly/414sg9u. #Cybersecurity #PenetrationTesting #VulnerabilityAssessment #AppSec

Your controls aren't failing. The spaces between them are. That's the uncomfortable truth Jon Marler, CISSP, CEH, sits down to unpack with Whitney Ruggles, VP of Marketing, in Episode 1 of Business Uninterrupted, VikingCloud's new podcast series on cybersecurity and compliance. In this episode, Jon breaks down the one belief he still sees CISOs holding on to that no longer reflects how attacks actually happen. Check out the full podcast: bit.ly/4t5qxNL. Read the blog it's based on: bit.ly/4bFtMFF. #Cybersecurity #Quishing #AIinCybersecurity #CyberRisk #BusinessUninterrupted

Welcome to "Cyber Myths", a series by VikingCloud. 🔍 In this episode, we’re tackling another dangerous assumption: “Ransomware only targets big companies”. The truth? SMBs are increasingly in the sights of ransomware attackers #Cybersecurity #CyberMyths #CyberRisk #Ransomware

Heading to the Little Caesars Pizza Expo in Las Vegas? So are we. Find us at booth #515 and talk to our team about how VikingCloud can help protect and grow your business. 📆 Apr 13 - Apr 15 📍 Las Vegas, NV #️⃣ 515 We hope to see you there! Krissy Carnaghi, Tristan Henderson, Steven Rosenthal

Geopolitical conflict doesn't stay on the battlefield. It moves into business systems and critical infrastructure. As tensions rise between Iran, the U.S., and its allies, Iran-linked groups are scaling cyberattacks across industries—combining operational disruption with psychological pressure to maximize impact. This isn't a distant risk. VikingCloud's 2025 Cyber Threat Landscape Report found that nearly 80% of cybersecurity leaders expect to be targeted—directly or indirectly—by a nation-state attack within the next 12 months. The threat landscape is broader, faster, and harder to contain than it was a year ago. Organizations that treat geopolitical risk as someone else's problem are already behind. Read more in Fortune: bit.ly/4lUAxqg. #CyberRisk #Geopolitics #CyberSecurity #ThreatIntelligence

Meet Howell King, Offensive Security Engineer and Vulnerability Assessment Specialist at VikingCloud. Howell approaches every assessment with an attacker’s mindset, uncovering hidden security gaps, simulating real-world attack paths, and helping clients strengthen their defenses before threats become incidents. See how Howell helps organizations stay ahead of attackers: bit.ly/414sg9u. #OffensiveSecurity #CyberResilience #CyberSecurity #Infosec #RiskManagement

Malware doesn't always take your site down. Sometimes it quietly steals your customers' data, even though everything looks completely fine on the surface. You won't know until it's too late. By then, the damage to your reputation is already done. Think about what's actually at stake. According to VikingCloud’s latest SMB Threat Report, SMB owners believe they will: - Suffer a data breach leading to a loss of customers. - Face lasting reputational damage after a breach. - Experience significant business downtime. And 40% say a financial impact of $100,000 or less would be enough to put them out of business. Website scanning is the digital equivalent of checking the locks at night. It sweeps your site for vulnerabilities so you're alerted the moment something goes wrong. Here are some questions to ask yourself: - When did you last scan your business website? - Do you have automatic alerts set up? - Do you know what would happen to your customers' data if your site were compromised tonight? If you're not sure, that's your sign. Spring cleaning tip #2 starts with your website. For more information, check out the blog: bit.ly/3QmJXfR. Read our latest report on the issues facing SMBs: bit.ly/4u0f9DR. #Cybersecurity #SpringCleaning #SMB #WebsiteSecurity

AI is making cybersecurity faster. It's also making it murkier. Faster detection. Faster response. Less context. Less visibility. That tradeoff is becoming a serious problem for security teams managing fragmented environments—where automation scales, but understanding doesn't always follow. VikingCloud President and COO Kevin Pierce breaks it down in Fast Company with three priorities every security leader should act on now: 1. Build intentional human oversight in. Know exactly when a human needs to be in the loop—before a high-impact decision gets made, not after. 2. Validate with outside expertise. Internal teams can't see their own blind spots. External partners can—and should. 3. Put AI where the risk actually lives. Sensitive data. Critical operations. That's where deployment decisions matter most. Machine-speed threats require machine-speed responses. But resilience depends on how well organizations govern the systems making those decisions. Read more in Fast Company: bit.ly/41hJtwD. #CyberSecurity #AI #RiskManagement #Leadership

Security spend is going up. Confidence in its impact isn’t. Most organizations still can’t clearly answer a simple question: Is our risk actually going down? That’s the gap. At VikingCloud, we help organizations move beyond fragmented, compliance-driven assessments to a consistent, risk-based view of security — one that actually shows measurable progress. 🎥 Watch the video to see how it works. Then go deeper here: bit.ly/4sDaDJP. #CyberSecurity #RiskManagement #BusinessValue #SecurityROI #Infosec

If you're managing PCI compliance across multiple locations with multiple vendors, you're overpaying. Full stop. Disconnected programs mean duplicated costs, coordination gaps, and security blind spots that no single vendor owns. Most operators don't find out what it's costing them until something goes wrong. Our new white paper breaks down the hidden costs of fragmented PCI compliance and what it takes to fix it. Download our white paper for insights: bit.ly/4e28enW. #PCICompliance #RetailSecurity #Cybersecurity #ComplianceSimplified