Monthly Archives: October 2022

Set High Standards for Cybersecurity

As we know, October is Cybersecurity Awareness month. There is much to be aware of, including how to prepare for an attack, current threats, how well your data is protected, and who has access to it. Read on to learn how following rigorous compliance standards helps your cybersecurity efforts.


Rigorous Standards Aid Cybersecurity Efforts


Currently, new standards are being drawn up in the form of the Cybersecurity Maturity Model Certification, a Department of Defense program that applies to Defense Industrial Contractors and by extension to those businesses doing business with defense contractors. According to CISCO, the CMMC is designed as a unifying standard to ensure that contractors properly protect sensitive information. Three levels exist, with Level One containing seventeen practices to follow. Level 2 is more stringent, and Level Three is the highest. Domains within the model include Access Control, Identification and Authentication, Incident Response, Awareness and Training, among others. A few of these domains (like Identification and Authentication) could incorporate zero-trust, a paradigm gaining ground in the cybersecurity community. 


Considering Zero Trust as a Cybersecurity Model


“Trust, but verify” as the saying goes. However, in cybersecurity efforts it should be “Verify, then trust.” Zero-trust is the practice of identifying each request for access to the network, and authenticating or verifying the request as a prerequisite for access to systems. The zero-trust paradigm still is a work in progress, because it’s a different way of thinking about cybersecurity, one that includes all of the organization and influences workforce and workflow decisions. The Cybersecurity Maturity Model Certification has the idea of zero-trust built in, and even aligning your cybersecurity efforts with the practices of the first level should help considerably.


CMMC’s Role in Cybersecurity and  Compliance


Even if your business does not work directly with Department of Defense contractors, you have good reason to model your cybersecurity and compliance efforts on CMMC’s standards for data protection and compliance. First, CMMC can fit within your current infrastructure and help you comply with already-applicable regulations like PCI-DSS or HIPAA. Second, If your business does any work with government contractors, your compliance will eventually be required to comply at one of the three levels. Following CMMC can help you keep your system safe by only allowing authorized entities to access your network (“zero-trust”), and protecting your data. All of the CMMC domains pertain to aspects of cybersecurity, and could make your cybersecurity and compliance efforts easier. 


Cybersecurity, once an additional IT component, is continually becoming integral to a company’s way of doing business. To learn more about how we can help you with your cybersecurity and compliance efforts, contact your trusted technology advisor today.

Cybersecurity Awareness is Just the Beginning

Readers are likely aware of some of the headline-grabbing cyber attacks in recent years–WannaCry, SolarWinds and Colonial Pipeline, just to name a few. But what about the attacks–and resulting loss of revenue and reputation–that don’t make the news? What is your organization’s cybersecurity posture, and how can it be improved? Read on to learn about cyber threats and how to protect your business.


Threat Awareness and Intelligence


Cyber attacks continue to occur, and to become more sophisticated. No longer coming just from lone hackers, attacks come through email and text (“phishing” and “smishing”, respectively). Supply chain attacks are also on the rise. The global cost of cyber incidents are about 6.1 trillion, far outstripping cybersecurity spending.   Often, cyber threats are viewed as something “outside” the organization. The tendency is to treat symptoms and not possible root causes like a lack of threat intelligence. How well do you know what threats like malware and ransomware could do to your business if you’re attacked? According to the 2022 State of Cybersecurity report, businesses are aware of threats, but are not necessarily looking within the organization for vulnerabilities. 


Cybersecurity Awareness Throughout Your Organization


More than simply a component of IT function, cybersecurity needs to become a business imperative, with deep awareness on the part of the C-suite and newest employees alike. For example, do your employees know how to recognize a phishing email designed to get them to give up confidential information? For managers, how does the adoption of new technology (along with the cybersecurity challenges it might represent) help with reaching business goals? Often, despite the tools to protect organizations and the money spent on cybersecurity, humans tend to be the weakest link due to lack of threat intelligence. To know your firm’s cybersecurity posture, a good place to start is an audit of your current protections and how well they defend against possible threats. Your primary business goals (including regulatory compliance and data handling) can be a good vantage point for evaluating your current cybersecurity picture and how to improve it.


Cybersecurity awareness and preparation is ideally a constant pursuit, rather than just once a year. For help in auditing your preparedness and formulating a response plan, contact your trusted technology advisor today.