The recently published 2022 Microsoft Digital Defense Report revealed a sharp rise in state-sponsored cyberattacks, partially driven by Russia’s ongoing war in Ukraine. This increase marks the acceleration of an existing trend toward more frequent and brazen attacks linked to nation states. Impact of the War in Ukraine Attacks against
With all the recent attention paid to zero-day attacks, there’s a tendency to overlook the ongoing exploit of known vulnerabilities that simply haven’t been patched. Vulnerability management is a critical component of any cybersecurity program. In concept, it seems simple: scan your system for vulnerabilities, then apply patches. In practice,
This October marks the nation’s 19th cybersecurity awareness month. This year’s theme, See Yourself in Cyber, puts the focus squarely on people. In both our private and professional lives, we all have a role to play in protecting ourselves, our communities and our country from cybercrime. Personal Cyber Hygiene While
Amid concern about an impending global recession, many organizations are seeking to reduce their operating costs. Cybersecurity programs may be a tempting target, but blanket cuts to cyber defenses can have devasting consequences. All businesses are potential cybercrime targets; those that are unprepared may suffer heavy financial or reputational losses,
Cybersecurity is a complex endeavor that requires a deep understanding of your organizational environment and its unique risk profile. You can’t just purchase and deploy a suite of security tools, then assume you’re protected. Cybersecurity programs should be designed using a risk-based approach, which can be implemented in four stages:
The United States has historically relied on the private sector to protect itself from cyber threats. However, the recent spike in major ransomware and supply chain attacks has prompted the government to step in with a series of new cybersecurity regulations. A New Regulatory Environment Included among the impending regulations
Private security cameras have become a common sight in American neighborhoods. Amazon’s Ring cameras have proven particularly popular, though many home security companies and IoT device makers offer similar products. Many consumers purchase these cameras to secure their property and provide peace of mind. However, the effectiveness of these devices
The internet is saturated with cookie permissions popups, nagging you for consent on nearly every website. Half of Americans always accept all cookies, likely without understanding what they are agreeing to. Some cookies are essential for using a particular website, but many others are not and may have privacy or
Security researchers recently identified sophisticated malware that’s been infecting small office and home office (SOHO) routers across North America and Europe. This malware, dubbed ZuoRAT, appears to be a modified variant of the Mirai botnet malware. However, unlike Mirai, which used compromised devices to conduct massive distributed denial-of-service (DDoS) attacks,
When an organization suffers a cyberattack, there’s a race during the aftermath to attribute the cause. The root cause is often identified as a vulnerability that wasn’t patched or a compromised password, but simply deducing “how” an attacked occurred misses the bigger picture of “why” it occurred. Security breaches often
At its inception in May 2018, the European Union’s General Data Protection Regulation (GDPR) triggered a transformation of the information privacy compliance landscape. The comprehensive legislation mandates that private organizations obtain consent before collecting personal data and delete collected data upon request, among numerous other requirements. The GDPR has wide-reaching
The possible overturn of the Supreme Court’s landmark Roe v. Wade decision would have far-reaching implications for the country, including in the data privacy realm. There’s deep concern that, if abortion is outlawed, private health data may be wielded by states as evidence in prosecutions. Private Health Data or Admissible
The recent publication of Verizon’s annual Data Breach Investigations Report (DBIR) provides data-driven insight into a tumultuous year for cybersecurity. The comprehensive report analyzes nearly 24,000 security incidents and over 5,000 breaches occurring between November 2020 and October 2021. Let’s review some of the report’s key findings and what they
The global pandemic has accelerated a long-term trend toward living more and more of our lives online. Working, schooling, shopping, socializing and many other daily activities that used to conducted principally offline have now migrated to the digital realm. One consequence of this shift has been the proliferation of personal
Cyberattacks have become a serious risk to organizations that no responsible board member can ignore. In fact, a 2021 survey of risk decision makers ranked cyberattacks as the number one threat to companies, beating out the pandemic, supply chain disruptions and economic recession. An overwhelming majority of board directors recognize
In the never-ending cybersecurity arms race, hackers are opening a new front against multi-factor authentication (MFA). A technique called MFA prompt bombing is being used to trick victims into bypassing MFA defenses. Let’s look at how this attack works and what you can do to protect yourself. MFA Protection Recently,
With the maturation of cloud computing technologies and efficient data transfer via APIs, digital supply chains have become increasingly complex and indispensable. However, the scalability and flexibility afforded by third parties also come with hidden risks. As demonstrated by several major cyberattacks, such as the SolarWinds and Kaseya supply chain
Organizations continue to pour money into their cybersecurity programs, with annual spending predicted to reach nearly half a trillion dollars by 2025. Prioritizing security is a necessary response to the growing financial risks associated with a breach, but are these investments actually making companies safer? The only way to know
Is your cyber defense strategy reactive or proactive? Reactive security relies on bolstering perimeter defenses and detection capabilities to mitigate known vulnerabilities or active attacks. This is the traditional security approach. However, increases in zero-day attacks and rapid expansion of the corporate attack surface are now prompting many organizations to
Following the trail blazed by the successful FedRAMP program, the State Risk and Authorization Management Program (StateRAMP) aims to bring standardized, streamlined cybersecurity assessments to the states. Arizona recently announced a year-long pilot of StateRAMP to test and refine the program, and momentum seems to be building toward wider adoption
The number of data breaches last year set a new record, marking a 68% increase compared to 2020. Cybersecurity Is your organization’s security infrastructure ready to withstand a cyberattack? Here are some steps you can take to bolster your defenses before they are put to the test. Build Resiliency Experiencing
Cryptocurrency values exploded last year, growing to exceed $3 trillion globally. Now, with the sharp collapse in prices over the past two months, you may be wondering whether it’s the perfect time to buy in low. However, if you decide to take the plunge into the world of crypto investing,
In the wake of several major cyberattacks launched over the past year, and the ongoing scramble to protect networks from recently discovered log4j vulnerabilities, the U.S. Congress sees an opportunity to modernize the Federal Information Security Management Act (FISMA). Although FISMA reforms were omitted from the National Defense Authorization Act
Many organizations approach security documentation as a tedious exercise to check a compliance box rather than a critical component of a security program. Despite the massive migration to remote work during the pandemic, only 40% of small businesses have bothered to implement remote work security policies. But a cybersecurity team
Human centered design (HCD) is a problem-solving methodology that starts and ends with users. Instead of basing design decisions on profit, efficiency or aesthetic goals, this approach is rooted in human empathy. Each facet of the design process tightly orbits around the user’s perspective and experience—their needs, limitations, habits and
As the year draws to a close, we’re reviewing several of the top 2021 cybersecurity incidents and the impact they’ve had on the cyber threat landscape. Microsoft Exchange In early March, Microsoft revealed that security flaws in its Microsoft Exchange Server email software were being widely exploited. Hafnium, a state-sponsored
Strategic planning is hard. Strategic planning during a worldwide pandemic, even harder. Organizations must contend with ongoing disruptions to the global supply chain, managing remote and hybrid workforces and simply keeping their employees from jumping ship. Now, rising inflation and the emergence of another concerning coronavirus variant may portend more
As we plan for the holidays, people are coordinating events with family and friends, checking off items on their gift lists and wrapping up year-end projects before taking some time off. In a warning issued last week, CISA and the FBI want us to add another item to our holiday
2021 has been a banner year for cybersecurity awareness. Large-scale attacks, such as the SolarWinds and Colonial Pipeline attacks, have dominated the headlines, and the number of data breaches reported in 2021 already exceeds last year’s total. Global spending on cybersecurity is predicted to reach $150 billion by the year’s
The labor market is experiencing major upheaval in response to the pandemic and corresponding rise in remote work. Employees are quitting jobs in record numbers, including 2.9 million in the month of August alone, and many workers laid off during the pandemic are still looking to re-enter the workforce. Scammers
In a recent survey published by Deloitte, almost all (98%) U.S. executives said that their organizations experienced at least one cybersecurity incident in the past year. Yet, despite this staggering incidence rate, nearly 14% also revealed they have no strategic or operational plans in place to defend against cyber threats.
A central component of every cybersecurity program is vulnerability management—identifying weaknesses in the organization’s security posture and implementing controls to address them. Unpatched operating systems, poorly configured firewall rules and unencrypted databases are all chinks in an organization’s cyber armor, but the most critical cybersecurity vulnerability is people. Whether it’s
After a period of decline, hacktivism is emerging again as a serious threat. This month, videogame streaming service Twitch was the victim of a massive breach that exposed creator payout reports and Twitch’s entire source code among other proprietary information. The 125GB data breach follows directly on the heels of
As any hiring manager looking to expand their security team can attest, there’s a dire shortage of cybersecurity professionals in today’s labor market. In the United States alone, there are nearly half a million unfilled job openings in the field. However, part of the problem is that organizations are limiting
The cyber threat landscape is undergoing an important shift as attackers choose stealthy credential-based attacks over malware. An annual threat report published by CrowdStrike last month revealed that 68% of threat detections from the past three months were malware free. The use of compromised credentials and existing system tools, rather
Cybersecurity is a complex field that’s constantly changing to keep up with new technologies. These conditions make it fertile ground for misinformation that can lead to poor security practices. It’s National Cybersecurity Awareness Month, so it’s the perfect time to dispel a few common cybersecurity myths. Myth: Cyberattacks Always Come
The Federal Risk and Authorization Management Program (FedRAMP) was launched in 2011 to drive forward the U.S. Government’s Cloud-First strategy. FedRAMP eliminated duplicative security assessment efforts by establishing a common accreditation for cloud service providers (CSPs). Once a cloud service offering (CSO) is FedRAMP-certified, any federal agency is permitted to
As the healthcare sector continues to fight on the frontlines against the COVID-19 global pandemic, it faces the added challenge of warding off a steady rise in cyberattacks. Attacks against the American healthcare system increased by 55% in 2020, with more than a third of healthcare organizations globally suffering ransomware
Two weeks ago, President Biden held a cybersecurity summit at the White House, where a raft of public and private initiatives were announced to improve the nation’s cybersecurity posture. CEOs of major technology companies, including Alphabet, Amazon, Apple and Microsoft, as well as banks, insurers and educational institutes were in
The Cybersecurity and Infrastructure Security Agency (CISA) recently adopted a new tactic to improve the nation’s cyber defenses: rather than focus on what organizations should be doing to protect themselves, CISA’s new catalog of bad practices puts the spotlight on the worst security practices. The list currently contains three entries:
Cybersecurity is the responsibility of everyone in an organization, but some positions have more responsibility than others. The C-suite has a unique role in establishing and maintaining the organization’s security culture. Employees align their behavior to signals from leadership, for instance, when determining if security protocols should be sidestepped to
In response to the recent onslaught of headline-grabbing security breaches, such as the attacks on SolarWinds and the Colonial Pipeline, the U.S. federal government is taking decisive steps toward a zero trust future. In May, the Biden Administration issued a cybersecurity executive order that, among other provisions, mandates that all
According to the UN Conference on Trade and Development (UNCTAD), more than three-quarters of countries worldwide have or are working towards data protection and privacy legislation. Navigating these numerous and sometimes contradictory regulations present considerable challenges to organizations. In addition, enforcement actions for non-compliance come with severe monetary penalties and
Practicing good cyber hygiene means proactively maintaining the health and security of an information system by establishing routine processes to defend against cyber threats and attacks. It makes data less vulnerable to the risks present in the threat landscape and even helps to prevent information and data from being misplaced. Proper
By the year 2026, organizations wishing to do business with the Department of Defense (DoD) must have Cybersecurity Maturity Model Certification (CMMC). The new CMMC framework applies to all prime contractors and subcontractors in the Defense Industrial Base (DIB), which consists of more than 300,000 organizations. What is CMMC? CMMC
The global cybersecurity labor shortage is more than three million people, and there is a dire need for millions of cybersecurity professionals to fill available jobs, according to the (ISC)²’s 2020 Cybersecurity Workforce Study. Data in the report depicts an industry under intense pressure, forced to do more with fewer resources
During the pandemic, the shift to a remote workforce changed cybersecurity by decentralizing the office-based work environment. And it also hastened the adoption of preexisting expert guidance. The following is a deeper dive into how the WFH environment reshaped the way organizations approach cybersecurity. Addressing the Security Risks People were
1100 N. Glebe Road, Suite 1010, Arlington, VA 22201
703.224.8265 | info@mbltechnologies.com