November is budget season for most small and mid-size enterprises (SME). This year, many business leaders are looking for areas to reduce their budget to deal with the uncertainty of the coming year. I’m here to make the case against any reduction to cybersecurity in the coming year.
Look no further than the almost daily cybersecurity threats and attacks on businesses to know that cybersecurity should be at the top of every organization’s priority list. Yet, for small and medium-size businesses (SMBs) it seems to always slip down the list because cybersecurity is viewed as a sunk cost rather than an important business enabler.
Happy October! Did you know that October is National Cybersecurity Awareness Month (NCSAM)? In fact, this is the 17th year that the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCSA) have joined forces to help raise awareness about the importance of cybersecurity to businesses.
From time-to-time on this blog we like to take a moment to connect with those folks on the front lines of the cybersecurity battle, to give you a direct look into the issues they’re facing every day. Today, we sat down (virtually) with Sherry Horeanopoulos, the Information Security Officer at Fitchburg State University.
We all know that it’s hard to navigate the cybersecurity space. From tooling to services, recruiting to resource limitations, it poses many obstacles before you can even begin to combat cyber threats. With that said, if you have identified that you need help, cybersecurity-as-a-service is a great option. It allows you to overcome recruiting challenges, resource constraints and provides help on the tools you need to manage, detect and respond to cyber threats.
No doubt every credit union will have heard of the Automated Cybersecurity Examination Tool (ACET). It’s the latest compliance requirement aiming to provide a repeatable, measurable and transparent process that improves and standardizes supervision related to cybersecurity in all federally insured credit unions. A Cybersecurity Agency delivering Security-as-a-Service can help credit unions with the people and repeatable process to meet ACET requirements.
How to Protect Against Credential Stuffing Attacks
It’s impossible to miss the reports of massive, high-profile data breaches. Adobe, Ancestry, Bitly, Comcast, Dropbox, Equifax, Google+, Marriott Starwood, T-Mobile, Ticketfly, LinkedIn, Yahoo and many other companies have leaked massive amounts of personal information, such as user names and passwords. But you may not be aware of what happens to this data after it’s been stolen.
Cybercriminals often purchase stolen data on the Dark Web. For example, on February 17, 2019, a hacker going by the name Gnosticplayers put eight hacked databases containing data for 92.75 million users on sale for 2.6249 bitcoins (about $9,300) on the Dark Web Marketplace known as Dream Market. Previously, the same hacker had posted a batch of 16 databases containing data for 620 million users and another batch of eight databases with data from 127 million users.
How Security-as-a-Service gives you a leg up in developing a comprehensive cybersecurity plan
If you’re one of the thousands of banks, mortgage companies, insurers and other financial service firms that do business in the state of New York, your deadline to complete the final phase of compliance with the New York Department of Financial Services (NYDFS) Cybersecurity Regulation is upon you.
On March 1, 2019, you are required to ensure that third-parties who access your customers’ private data have security protections in place. This measure comes on the heels of three previous sets of requirements, rolled out in phases beginning in March of 2017, designed to address today’s increasingly sophisticated cybersecurity threats.
We’ve seen all too often that the cause of the major breaches we see in the news is failure by the organization to patch a software vulnerability for which a patch has long been available. As a result, more and more organizations are looking for solutions that help make the process of identifying and deploying patches easier and more automated. If you’re looking for a solution for patch management, here are four things to consider: