Blog

What I wish MSPs knew about cyber insurance applications

What I wish MSPs knew about cyber insurance applications

The content for this week's post was taken with permission from Joseph Brunsman, a broker at Chesapeake Professional Liability Brokers in Anapolis, MD.  Joe combines his experience as a former IT, with a Master’s in Cybersecurity Law for an in-depth and very unique...

Case Study – Threat detection for SMB

Case Study – Threat detection for SMB

Small businesses are often under the misconception that they are too small for a hacker to attack.  While it is true that they may be too small to be specifically targeted by a hacker in Russia or China, the automation of malware attacks puts them a just as much risk...

Ransomware gangs are targeting executives

Ransomware gangs are targeting executives

We've seen an evolution of ransomware, beginning with malware inserted into malicious advertising on websites by hackers who knew how to code.  In the next stage, the Dark Web marketplace allowed people with no coding skills to purchase pre-packaged ransomware and the...

SUBSCRIBE TO OUR Blog UPDATES

Should MSPs take a stronger stance on security?

Should MSPs take a stronger stance on security?

Your customers depend on you to guide them through the world of technology.  You support their day-to-day needs and recommend new technologies to increase productivity or save money.  It makes perfect sense that they would also rely on your to advise them on how to...

What’s the real story with CMMC?

What’s the real story with CMMC?

There is a lot of uncertainty and misinformation around new Cybersecurity Maturity Model Certification (CMMC), especially for the downstream suppliers who do not directly contact a contracting officer. Small and medium-sized defense contractors should be far more...

Does your Managed Services Agreement address cybersecurity?

Does your Managed Services Agreement address cybersecurity?

The first question should be if you have a written Managed Services Agreement or MSA.  Whether you are the service provider or the customer, this agreement is critical for both sides to have a clear understanding of what is (and what is not) covered. Many clients have...

FAQ: How does cybersecurity or compliance affect my business?

FAQ: How does cybersecurity or compliance affect my business?

A manufacturer who is a subcontractor for the U.S. Department of Defense learned that his business will now be subject to the new Cybersecurity Maturity Model Certification (CMMC) requirements.  He asked the question, "How does my compliance help my business?" An...

FAQ – What are the FINRA requirements for cybersecurity?

FAQ – What are the FINRA requirements for cybersecurity?

FINRA is the US government agency authorized by Congress to protect investors by overseeing over 600,000 brokers across the country.  Some of these brokers are clients of Foresite's network of Managed Services Providers, and the question has come up "What are the...

Read this if you don’t use SolarWinds

Read this if you don’t use SolarWinds

Many organizations were not affected by the SolarWinds breach, however it highlighted some important questions that we should all consider. Does your organization have cloud services or 3rd party access that may not be adequately secured?  (It was reported that the...

How long before you could detect a cyber breach?

How long before you could detect a cyber breach?

Threat detection is a critical component of cybersecurity and compliance requirements to protect data, but the statistics show that we have a long way to go.  The average time to detect a breach in 2019 was 206 days!  Six months is plenty of time for hackers to seek...

Emergency Directive to Mitigate SolarWinds Orion Code Compromise

Emergency Directive to Mitigate SolarWinds Orion Code Compromise

Emergency director via cyber.dhs.gov This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”. Section 3553(h) of title 44, U.S. Code, authorizes the...

CIS Basics – 6 critical controls for cyber defense

CIS Basics – 6 critical controls for cyber defense

In 2008 the United States defense industry suffered a severe data loss, which galvanized the industry to create one of the most robust cybersecurity frameworks for business, government, and institutions worldwide. The framework was taken over by the Center for...

3 things to do now to help customers reduce cyber risk

3 things to do now to help customers reduce cyber risk

Your customers are in a cybersecurity crisis, whether they know it or not.  Cyber attacks are happening at the rate of 1 almost every 30 seconds, and the days of ransomware attacks where you could simply restore from your backups and forget about it are over.  These...

Introduction to the CIS 20 Controls

Introduction to the CIS 20 Controls

The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls), is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. The controls were...

Joint Cybersecurity Advisory from CISA/FBI/HHS

Joint Cybersecurity Advisory from CISA/FBI/HHS

A joint Cybersecurity Advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and...

Are you prepared for law firm data breach litigation?

Are you prepared for law firm data breach litigation?

A $50 million dollar malpractice suit against a law firm for failure to protect a prominent client's data is being closely watched as it highlights the question "Is a data breach a breach of duty"? In at least two cases, courts have gone so far as to hold that...

NIST CSF – Part 5 – Recover

NIST CSF – Part 5 – Recover

In this final post on the National Institute of Standards and Technology Cyber Security Framework (NIST CSF), we will look at the final section, "Recover". In our earlier blog posts, we learned how to identify our assets and then we did our best to protect them. Then...

How to show Return on Investment for cybersecurity

How to show Return on Investment for cybersecurity

When a new solution is being recommended to improve cybersecurity, it often will require buy-in from one or more people who may not have the technical knowledge to fully understand the benefits.  In those cases, making the business case for the solution can help with...

Productivity vs Security

Productivity vs Security

When we think about an organization that would put far more focus on day-to-day productivity than cybersecurity, we probably think of a small business that doesn't have much critical data, not the Central Intelligence Agency/CIA.  However, we can all learn from five...

Can Zero Trust Network Access make you more secure?

Can Zero Trust Network Access make you more secure?

Zero Trust Network Access or ZTNA is an approach to access that does not put the user’s computer directly on the network. Unlike traditional VPN where the entire workstation becomes part of the network, ZTNA only allows the user to access the applications and services...

Cybersecurity Maturity Model Certification (CMMC) FAQs

Cybersecurity Maturity Model Certification (CMMC) FAQs

We've had a resurgence in questions around the change from NIST 800-171 to the new Cybersecurity Maturity Model Certification (CMMC).  Here are some of the frequently asked questions and responses. What is CMMC, and why is it replacing NIST 800-171?  CMMC stands for...

US may address data security through new legislation

US may address data security through new legislation

The Digital Identity and Authentication Council of Canada (DIACC) uses the Pan-Canadian Trust Framework (PCTF) to establish guidelines for securing data and protecting the rights of Canadian citizens by controlling and notifying citizens of how the data is used. The...

Are you spending enough (or too much) on cybersecurity?

Are you spending enough (or too much) on cybersecurity?

What is the right amount to spend on cybersecurity?  Gartner reports average spend of 5-8%, but a CIO survey showed closer to 15% of the IT budget with almost a quarter of the respondents allocating more than 20% of their IT budget to securing their data. Now that...

Master Agents Fighting Cybercrime

Master Agents Fighting Cybercrime

As cybercrime continues to increase, master agents are expanding their services to help protect their customers from losses related to cyber incidents. Telarus recently added Foresite's cybersecurity testing, compliance assessments, audits and consulting, and SOCaaS...

10 things the C-Suite needs to understand about cybersecurity

10 things the C-Suite needs to understand about cybersecurity

Executive involvement is a critical component to any organization's cybersecurity. Why?  The IT department may not have all of the knowledge about what data could have a critical impact on the business if it was lost or exposed, IT can recommend security controls, but...

What basics do I need to know about quantum computing?

What basics do I need to know about quantum computing?

We keep hearing about quantum computing and how it is going to change cybersecurity as we know it, but what is it? Today’s computing is made up of binary bits either 0 or 1, therefore if we ask a computer to guess a number 0-9 it will try 0000, then 0001, 0010,0100,...

What is the government doing to protect us from cybercrime?

What is the government doing to protect us from cybercrime?

A question we have been hearing a lot lately is "what is the government doing to protect business from cyber threats", after all, cyber attacks are often coming from other countries and have been compared to another form of warfare or terrorism. Here in the U.S., the...

How has COVID changed cybersecurity?

How has COVID changed cybersecurity?

Priorities have shifted a bit as COVID drastically changed the way work is being done for so many organizations.  Now that it's become clear that it will not be as short-term a change as we first thought, how does this impact cybersecurity?  Based on our insights and...

Case study – The evolution of a solution

Case study – The evolution of a solution

The time had come for a contract renewal with one of our Managed Security Services clients, and we started the conversation with a look back at what we have accomplished together since 2015 when the relationship began. At that time, the main focus was on replacing...

5 Tips for Effective Log Analysis

5 Tips for Effective Log Analysis

The technologies that you have invested in can provide even more value if you are able to analyze the log data effectively.  Here are 5 key tips: Know which logs to monitor and which not to monitor.  With the average infrastructure generating millions of log events,...