Cyber threats aren’t new, but hackers have increasingly turned their attacks on vulnerable managed service providers and their clients. With the data that managed service providers store for those clients, they are a treasure trove for attackers who would use that data to attack those clients, or the MSP itself, with malware and ransomware.
One of the many changes brought by the COVID-19 pandemic may be the permanent expansion of telehealth. According to a recent study, the US telehealth market is expected to witness an 80% year-over-year growth in 2020. Numerous video communications services exist, not all provide sufficient privacy and security to facilitate the provision of health care (and… Read More
FedRAMP is one of the most popular topics on our website and blogs. One big question we often receive from Cloud Service Providers (CSP), is how can a FedRAMP authorization impact their business. Cloud Service Providers and FedRAMP FedRAMP is a program that enables cloud services providers (CSPs) to meet and demonstrate the security requirements… Read More
The Evolving Need for PCI DSS Compliance. The current COVID-19 pandemic has dramatically accelerated a trend that was already on the rise — a move toward many new forms of electronic payment that involve capturing and transmitting credit card data. Businesses have moved online-only transactions during this crisis, and many consumers don’t want to handle… Read More
Real-word viruses and their online counterparts COVID-19 or the Coronavirus is changing life as we know it. From simple handshakes to finding toilet paper, life has changed tremendously over the past several weeks. Not only is this virus a physical threat, but it is also a threat to cyber-security. Different scams, phishing emails, fake news,… Read More
Secure Mobile Device Deployments As we all know, mobile devices have become not an integral part of the workplace, but even in society. Therefore, the safe deployment of these devices is of paramount importance not just for individuals, but businesses and corporations, government agencies, as well as other entities. For example: Mobile devices have indeed… Read More
The NIST Privacy Framework will complement the popular NIST CSF Data privacy and cyber security have a symbiotic and sometimes conflicting relationship. Without robust cyber security, it is impossible to ensure data privacy, as evidenced by the Equifax hack. However, it’s fully possible for an organization to seriously violate users’ data privacy despite practicing robust… Read More
A robust cyber incident response plan will minimize both damages and recovery time and ensure business continuity. Proactive measures to defend against data breaches, malware, social engineering, and other cyberattacks are crucial to enterprise cybersecurity, but there’s no such thing as a completely impenetrable system. Despite your best efforts, your company could still be hacked;… Read More
Insurers operating in multiple states must comply with a patchwork of state-level legislation patterned after the NAIC’s Insurance Data Security Model Law In 2017, the National Association of Insurance Commissioners (NAIC) developed the Insurance Data Security Model Law in response to a growing number of cyber incidents within the insurance industry. Similar to the NIST… Read More
The California Consumer Privacy Act represents a significant milestone for consumer data privacy in the U.S. Tired of the federal government dragging its feet on consumer data privacy legislation, states have started to take matters into their own hands. The biggest example is the California Consumer Privacy Act (CCPA), which takes effect on January 1,… Read More
The DoD unveiled its proposed Cybersecurity Maturity Model Certification (CMMC) to prevent supply chain attacks Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors… Read More
IT Compliance and Cyber Security: Understanding the Differences IT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two fields complement each other,… Read More
Understanding FedRAMP security impact levels and baselines You would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of… Read More
Your guide to the SOC 2 Trust Services Criteria (formerly the Trust Services Principles) Outsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of… Read More
Advice for writing a successful FedRAMP SSP A FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their implementation. Keep in mind that… Read More
Is Docker Hub hack a harbinger of increasing cyber attacks on cloud containers? According to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as usernames, hashed… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
Seal up your cloud containers with these Kubernetes security best practices. Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers discovered a way… Read More
NIST SP 800-177 Rev. 1 was written with federal email security in mind, but SMBs can also use the guidance to secure their email systems. Email breaches can be just as destructive to organizations as customer data breaches; just ask Sony Pictures and the Democratic National Committee. A breach of a federal government agency’s email… Read More
Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More
Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More