News

The May 12th Executive Order on Improving the Nation’s Cybersecurity directed our friends at NIST to publish guidelines on vendors’ source code testing. As a result NIST recently published Guidelines on Minimum Standards for Developer Verification of Software. An excellent resource for organizations that develop software in-house, it is also useful for organizations that want to practice due care when …

On July 15th the US government released a new website that is the result of an inter-agency “whole-of-government” effort to curb the rise of ransomware cases. This new website is a “one stop shop” for preventing, detecting, reporting, and recovering from ransomware. StopRansomware.gov is an excellent resource for all organizations. “CISA is developing a catalog of Bad Practices that are …

Our friends at MITRE have developed a new cybersecurity framework! The D3FEND framework is intended to improve the security of DoD systems by offering a catalog of defensive countermeasures against common attack techniques. Funded by the National Security Agency, this framework is a defensive counterpart to the ATT&CK framework. “Kill-chain oriented and derived threat models have proved popular and effective. …

Recent events involving the scraping of personal information from social media sites such as the Facebook Leak and LinkedIn Leak should give us all pause to re-evaluate what we consider to be private information. Once data points such as cellphone number, personal email address, and birthday are collected and released in public data sets there is no way to make …

Many of the recent high profile cybersecurity incidents have something in common: stolen credentials are used to gain remote access through a VPN solution that is not protected by multi-factor authentication. Mult-factor authentication prevents attackers with stolen credentials from gaining remote access by challenging the user to provide additional information such as biometric data or TOTP tokens. “The authentication factors …

An information security program requires buy-in at the highest levels of the organization. The recent SOLARWINDS and HAFNIUM attacks are a stark reminder that the cyber threat landscape is quickly evolving, but resilient organizations with robust and unified strategies persevere. The Department of Homeland Security (DHS) has created a guide for leadership discussions about cybersecurity risk management. “Cybersecurity is NOT …

Positioning, Navigation, and Timing (PNT) services such as Global Positioning System (GPS) or Network Time Protocol (NTP) are a critical part of every organization. The impact of a disruption of such services can range from being subtle errors that accumulate over time to complete failure of critical business functions. Our friends at NIST have assembled the tools that you need …

Organizations rely on their suppliers to support critical business functions and in turn these suppliers rely on third parties as well. The complex nature of these dependencies can make it difficult for an organization to quantify and mitigate the risk of a supply chain attack. The National Institute of Standards and Technology (NIST) cyber supply chain risk management program (C-SCRM) …

Physical security is one of the core pillars of cybersecurity. Assessment of physical security is beneficial to every organization no matter the maturity level. Our friends at the Cybersecurity and Infrastructure Security Agency (CISA) have designed a self-assessment tool for securing Houses of Worship which are often the targets of violence and terrorism. “In this security guide, CISA analyzed ten …

The relationship between your organization and customers is built on trust. Your customers trust that you will protect their privacy. Protecting privacy requires more than just practicing good cybersecurity, it requires a privacy program. The NIST Privacy Framework is a tool that you can use to create or improve a privacy program. Learn more: https://www.nist.gov/system/files/documents/2021/01/13/Getting-Started-NIST-Privacy-Framework-Guide.pdf Our offering: Unlimited Technology offers …

Even a zero trust architecture (ZTA) can still be compromised by an attacker with stolen credentials. Multi-Factor Authentication (MFA) can reduce the impact of stolen credentials by requiring the attacker to provide a second form of authentication such as one time password from a phone or hardware token. Security awareness training, MFA, and thoughtful policy add depth to your defense. …

The Risk Management Framework for Information Systems and Organizations promotes near real-time risk management through implementation of continuous monitoring processes. It provides senior leaders and executives with the necessary information to make cost-effective risk management decisions about the systems supporting their missions and business functions. “As we push computers to “the edge,” building a complex world of interconnected information systems …