When business professionals talk about security threats, they often talk about external threats: hackers, phishing attempts, DDoS attacks and so on. However, according to a 2020 survey, 66% of organizations consider the threat of an inside attack more likely than external ones. According to another survey by the Ponemon Institute, insider threats increased by 47% from 2018 to 2020. Additionally, the costs of these attacks increased 31% to $11.45M in 2020. 

So, what is an insider threat? Insider threats are breaches, disclosures, or theft of private and protected data by someone inside an organization. These thieves will almost invariably have authorized access to the data in question, or a way to receive that authorization either legitimately or by stealing credentials from a colleague. 

Insider threats don’t just originate from current employees, either. Many of these breaches occur when a former employee continues to have access to sensitive systems, or they communicate with an accomplice that has such access. 

Read More

One of our country’s more important assets is its information. The U.S. IT infrastructure carries private information covering things like financial information, private information, defense and military information or information that is critical to the operation of government agencies. Some information is classified, and some, while not deemed sensitive enough to classify, are protected as Controlled Unclassified Information, or CUI.

CUI is protected under government regulation, which means that if your business wants to work with federal or defense agencies, it must meet regulations to participate. 

Read More

CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies meet their compliance requirements, CMMC leverages outside certified assessors to serve as a third-party assessment organization (C3PAO).

This article will cover the basics of C3PAOs in CMMC certification. This discussion includes a breakdown of CMMC requirements and the importance of a C3PAO in providing objective evaluations of vendor security in the defense space. 

Read More