Beginning in 2019, the Cybersecurity and Infrastructure Security Agency (CISA) began releasing their Risk and Vulnerability Assessment report. This report compiled several months of testing, audits and remediation efforts carried out on behalf of federal entities. Their assessments of these stakeholders helped them identify common attack vectors, the effectiveness of these attack vectors and how IT systems were responding to these attacks. 

Recently, CISA released their report for FY 2020. While some of the information in the report is insightful and informative, much of it is also becoming unfortunate common knowledge.  

Read More

July 5th saw a major attack on Managed Service Providers (MSPs), including Kaseya services. MSPs like Kesaya often offer their cloud-based services to several clients in multiple sectors, and Kesaya is no exception. In fact, Kesaya offers specific managed IT resources for healthcare clients, although no information has been released about any affected organizations. 

The combination of increased reliance on MSPs and the sensitive nature of healthcare providers make ransomware attacks a real threat, one that your dedicated IT team must consider as part of your cybersecurity and compliance strategy. 

Read More

The Cybersecurity Maturity Model Certification (CMMC) framework is a new and evolving compliance standard for contractors working with agencies under the Department of Defense (DoD) or select Executive Branch functions. 

Much of this framework focuses on the readiness of a contractor to manage risk and security in their IT systems, and the capabilities they have to handle Controlled Unclassified Information (CUI). Since this is such a new framework, however, there is a push to train cybersecurity auditors and managed service providers who can successfully audit contractors in the upcoming years. Accordingly, there are plenty of companies out there advertising that they can provide training for CMMC audits and implementation. 

You must vet any organization that claims they can provide authorized instruction or assessments for CMMC authorization. 

Read More