Blog

Government contractors today are constantly under the scrutiny of security compliance. After all, breaching a government contractor is an efficient path to stealing valuable U.S economic as well as national security information. These attaches are actively carried out by nation-state threat actors. Several years ago, the Department of Defense (DoD) worked with the National Institute of Standards and Technology (NIST) to create a security manual to address this issue- it was titled NIST SP 800-171. However, implementing NIST SP 800-171 has proved difficult as fulfilling its requirement can be costly and almost unattainable for contractors with low cyber literacy. This year the Cybersecurity Maturity Model Certification (CMMC) was released to revamp the existing requirements for DoD contractors and help address the complications associated with NIST SP 800-171.

Data exfiltration is a growing concern among businesses and governments alike. After all, data is the most valuable asset second to people that an organization has. The Cybersecurity Maturity Model Certification (CMMC) is the government’s response to data exfiltration. It’s an attempt to bolster cybersecurity among the defense industrial base (DIB) and is becoming a requirement for defense contractors performing work for the Department of Defense (DoD).

Regardless of your organization’s security posture, a NIST cyber risk assessment can add immense value to your business. The National Institute of Standards and Technology, or more commonly known as NIST, is a non-regulatory federal agency that develops standards for a plethora of commonly relied on services and products.

Security awareness increasing, but numbers show employees are still not listening

Wondering what to expect as you go through your first SOC 2 Audit?  This post covers each step of the process.  At every step, keep in mind that the entire goal of the SOC 2 audit is to measure how well your organization handles its business processes, users, data (proprietary, customer, etc.). A SOC 2 security audit can help your company demonstrate it has applied the best control mechanism to assure security, availability, processing integrity, confidentiality, and privacy of client data. This then generates trust and confidence from inquiring vendors and prospective customers.

It is no secret that many protests have erupted after the death last month of George Floyd. However, a lesser-known fact is that a significant amount of online protesting has also emerged. This blog aims to focus on how protestors and various social organizations are using hacking as a vehicle to accomplish their objectives. The term ‘hacktivist” is used to describe cyber threat actors who are politically motivated.

Whether or not companies want to admit it, every company is in the cybersecurity industry. This even applies to organizations like manufacturing who are not historically associated with technology. Unfortunately, in the age of digital transformation, many companies believe that simply allocating a couple of bucks to purchase “state of the art” security tools is enough to fend off threat actors. In an analysis conducted by the well respected FireEye Mandiant Security Validation team, it was uncovered that 53% of successful intrusions remain undetected despite having several security products. The research indicates that the majority of organizations need an overhaul of their cybersecurity strategy. In a previous article, we examined how the saturated vendor market has encouraged organizations to hastily purchase tools without really considering their organization’s specific need and thus, giving them a false sense of security. However, this blog seeks to expose why high ticketed solutions are unable to effectively detect and prevent the growing number of cyber-attacks.

In a global survey commissioned by Barracuda, a prominent security company, 46% of global businesses have encountered at least one cyber scare since adopting a remote workforce as a result of the stay at home orders from COVID-19. While the security scares vary in severity, they all present a diverse range of new risks, threats, and challenges for organizations. These elements are only expected to increase as cybercriminals seize the situation to make a profit or nation-states try to gather intel.

This past week the US National Surveillance Agency (NSA) joined up with Australian Signals Directorate (ASD) to issue an information packet on how to detect and mitigate web shell malware. Web shell malware is a type of malicious code that executes arbitrary instructions on a targeted web server. It is becoming such a large growing cybersecurity problem that government agencies like the NSA and ASD released a 17-page guidance on how to approach it.