Blog

Is hiding a data breach ever a good idea?

Is hiding a data breach ever a good idea?

Is hiding a data breach ever a good idea? You may think the answer is obvious, but we do get questions like this.  So did Joe Brunsman, an insurance broker who specializes in cyber coverage.  Click here to watch Joe's video with the answers to five questions that lead...

Threat Intelligence from buzzword to value

Threat Intelligence from buzzword to value

“Threat Intelligence” seems like a pretty common buzzword these days. Pretty much everyone security vendor says they have threat intelligence. But, what is it, and is it enough to just ‘have’ threat intelligence? Wikipedia defines threat intelligence as “Cyber threat...

Cyber attacks on higher education show room for improvements

Cyber attacks on higher education show room for improvements

A cyber attack at the beginning of 2021 is being described by the University of Colorado's President as "the largest, most complex incident involving data that the system has ever seen."  This exposure was caused by the breach of their third-party file sharing...

SUBSCRIBE TO OUR Blog UPDATES

True stories of cyber risks

True stories of cyber risks

Understanding actual cyber incidents that others have experienced can help businesses identify where they may also be at risk.  Each of these scenarios is an actual incident with identifiable details removed. Unauthorized access risk:  Suspicious email activity was...

MSPs and CSPs Targeted – What Steps To Take Now

MSPs and CSPs Targeted – What Steps To Take Now

The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning for Managed Security Providers (MSPs) and Cloud Security Providers (CSPs) that they were at high risk of cyber attacks.  Why the focus on MSPs and CSPs?  Gaining access to these types of...

What is the motivation behind ransomware?

What is the motivation behind ransomware?

Is the motivation behind these faceless attacks simply greed?  Talos Intelligence Group interviewed a hacker referred to as "Aleks", a university-educated Russian male who says he taught himself cybersecurity skills to find new vulnerabilities and gain recognition....

Introducing the VisionTrack Cyber Risk Calculator

Introducing the VisionTrack Cyber Risk Calculator

The VisionTrack Cyber Risk Calculator is now live on our website! This calculator was developed to help our Resellers to be able to do high-level initial assessments for clients and prospects to identify areas where they are vulnerable so we can make recommendations...

False Claims Act – Could your cybersecurity put you at risk?

False Claims Act – Could your cybersecurity put you at risk?

The False Claims Act (FCA), 31 U.S.C. §§ 3729 – 3733, provides liability for any person who knowingly submits false claims to the government . A settlement with Cisco is the first public report of a cybersecurity claim fine under FCA. This case stemmed from an FCA...

Talking to your clients about cybersecurity

Talking to your clients about cybersecurity

We know it can be intimidating to discuss cybersecurity with your clients, but it doesn't have to be.  Here are some tips: Start the discussion BEFORE a need arises.  For example, don't wait for a client's 100-page cybersecurity questionnaire that you are not at all...

Is your monitoring ineffective?

Is your monitoring ineffective?

In a Ponemon survey of over 600 organizations, it became clear that even with dedicated Security Operation Center (SOC) teams, effectiveness and value vary greatly. Major factors that contribute to ineffective monitoring include: SOC staff burnout - Increased workload...

Healthcare Cyber Risk Update

Healthcare Cyber Risk Update

In keeping with the warnings from Federal agencies at the end of 2020, healthcare continues to be pummeled by cyber attacks.  Data was leaked from a medical center, health system and even an IT vendor with health sector clients. The hackers attacked with ransomware...

What I wish MSPs knew about cyber insurance applications

What I wish MSPs knew about cyber insurance applications

The content for this week's post was taken with permission from Joseph Brunsman, a broker at Chesapeake Professional Liability Brokers in Anapolis, MD.  Joe combines his experience as a former IT, with a Master’s in Cybersecurity Law for an in-depth and very unique...

Case Study – Threat detection for SMB

Case Study – Threat detection for SMB

Small businesses are often under the misconception that they are too small for a hacker to attack.  While it is true that they may be too small to be specifically targeted by a hacker in Russia or China, the automation of malware attacks puts them a just as much risk...

Ransomware gangs are targeting executives

Ransomware gangs are targeting executives

We've seen an evolution of ransomware, beginning with malware inserted into malicious advertising on websites by hackers who knew how to code.  In the next stage, the Dark Web marketplace allowed people with no coding skills to purchase pre-packaged ransomware and the...

Should MSPs take a stronger stance on security?

Should MSPs take a stronger stance on security?

Your customers depend on you to guide them through the world of technology.  You support their day-to-day needs and recommend new technologies to increase productivity or save money.  It makes perfect sense that they would also rely on your to advise them on how to...

What’s the real story with CMMC?

What’s the real story with CMMC?

There is a lot of uncertainty and misinformation around new Cybersecurity Maturity Model Certification (CMMC), especially for the downstream suppliers who do not directly contact a contracting officer. Small and medium-sized defense contractors should be far more...

Does your Managed Services Agreement address cybersecurity?

Does your Managed Services Agreement address cybersecurity?

The first question should be if you have a written Managed Services Agreement or MSA.  Whether you are the service provider or the customer, this agreement is critical for both sides to have a clear understanding of what is (and what is not) covered. Many clients have...

FAQ: How does cybersecurity or compliance affect my business?

FAQ: How does cybersecurity or compliance affect my business?

A manufacturer who is a subcontractor for the U.S. Department of Defense learned that his business will now be subject to the new Cybersecurity Maturity Model Certification (CMMC) requirements.  He asked the question, "How does my compliance help my business?" An...

FAQ – What are the FINRA requirements for cybersecurity?

FAQ – What are the FINRA requirements for cybersecurity?

FINRA is the US government agency authorized by Congress to protect investors by overseeing over 600,000 brokers across the country.  Some of these brokers are clients of Foresite's network of Managed Services Providers, and the question has come up "What are the...

Read this if you don’t use SolarWinds

Read this if you don’t use SolarWinds

Many organizations were not affected by the SolarWinds breach, however it highlighted some important questions that we should all consider. Does your organization have cloud services or 3rd party access that may not be adequately secured?  (It was reported that the...

How long before you could detect a cyber breach?

How long before you could detect a cyber breach?

Threat detection is a critical component of cybersecurity and compliance requirements to protect data, but the statistics show that we have a long way to go.  The average time to detect a breach in 2019 was 206 days!  Six months is plenty of time for hackers to seek...

Emergency Directive to Mitigate SolarWinds Orion Code Compromise

Emergency Directive to Mitigate SolarWinds Orion Code Compromise

Emergency director via cyber.dhs.gov This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”. Section 3553(h) of title 44, U.S. Code, authorizes the...

CIS Basics – 6 critical controls for cyber defense

CIS Basics – 6 critical controls for cyber defense

In 2008 the United States defense industry suffered a severe data loss, which galvanized the industry to create one of the most robust cybersecurity frameworks for business, government, and institutions worldwide. The framework was taken over by the Center for...

3 things to do now to help customers reduce cyber risk

3 things to do now to help customers reduce cyber risk

Your customers are in a cybersecurity crisis, whether they know it or not.  Cyber attacks are happening at the rate of 1 almost every 30 seconds, and the days of ransomware attacks where you could simply restore from your backups and forget about it are over.  These...

Introduction to the CIS 20 Controls

Introduction to the CIS 20 Controls

The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls), is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. The controls were...

Joint Cybersecurity Advisory from CISA/FBI/HHS

Joint Cybersecurity Advisory from CISA/FBI/HHS

A joint Cybersecurity Advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and...

Are you prepared for law firm data breach litigation?

Are you prepared for law firm data breach litigation?

A $50 million dollar malpractice suit against a law firm for failure to protect a prominent client's data is being closely watched as it highlights the question "Is a data breach a breach of duty"? In at least two cases, courts have gone so far as to hold that...

NIST CSF – Part 5 – Recover

NIST CSF – Part 5 – Recover

In this final post on the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), we will look at the final section, "Recover". In our earlier blog posts, we learned how to identify our assets and then we did our best to protect them. Then...

How to show Return on Investment for cybersecurity

How to show Return on Investment for cybersecurity

When a new solution is being recommended to improve cybersecurity, it often will require buy-in from one or more people who may not have the technical knowledge to fully understand the benefits.  In those cases, making the business case for the solution can help with...

Productivity vs Security

Productivity vs Security

When we think about an organization that would put far more focus on day-to-day productivity than cybersecurity, we probably think of a small business that doesn't have much critical data, not the Central Intelligence Agency/CIA.  However, we can all learn from five...

Can Zero Trust Network Access make you more secure?

Can Zero Trust Network Access make you more secure?

Zero Trust Network Access or ZTNA is an approach to access that does not put the user’s computer directly on the network. Unlike traditional VPN where the entire workstation becomes part of the network, ZTNA only allows the user to access the applications and services...

Cybersecurity Maturity Model Certification (CMMC) FAQs

Cybersecurity Maturity Model Certification (CMMC) FAQs

We've had a resurgence in questions around the change from NIST 800-171 to the new Cybersecurity Maturity Model Certification (CMMC).  Here are some of the frequently asked questions and responses. What is CMMC, and why is it replacing NIST 800-171?  CMMC stands for...