FISMA vs. FedRAMP and NIST: Making Sense of Government Compliance Standards
Government compliance standards can be confusing. Making matters worse, many of them overlap, and organizations aren’t certain which standards apply to them. Even if your organization does not currently operate in the public sector, it is important to understand the...
What is Cyber Security as a Service (CSaaS)
When you think about information technology implementation and support, the optimal solution is often the combination of internal resource(s) who know the business, the culture and the current technologies and controls and an outside resource who specializes in the...
A Third Party Claims You Have Been Breached, What Do You Do?
Organizations sometimes ignore breach notifications because of a loophole in virtually all privacy regulations – they do not address third-party notifications, so companies feel free to ignore them. Whether deliberate or a casualty of the notification overload...
SUBSCRIBE TO OUR Blog UPDATES
What is the proposed “Hack Back” Bill?
The proposed "Hack Back" bill is officially called the Active Cyber Defense Certainty Act (ACDC) to allow organizations who are victims of hackers to take aggressive action in defense. While this may sound like a positive step in the fight against cyber crime, there...
8 Tips for Cybersecurity in Healthcare
The healthcare sector is unique in its position regarding cybersecurity. In very few other industries is access to good data in a timely manner a life or death situation. This would lead you to think that cybersecurity must be top of mind for healthcare organizations,...
Minimizing the Insider Threat – What is your staff REALLY doing with your data?
Acts by staff, whether malicious or not, account for well over half of all reported data breaches. While many organizations already monitor email or network use, how do you really know what your employees are doing with your data?
The Missing Pieces of Your MSP Practice
You have built a Managed Service Provider (MSP) practice and you provide IT support, cloud and back up services, and maybe even some testing and network monitoring for your customers. What are you missing? One piece that may be missing is "Detection". Without...
What is SASE?
In information security there is a new term pronounced ‘sassy’ but written as SASE (Secure Service Access Edge). Gartner depicts SASE as “transformational” which addresses traditional networking being concentrated into the cloud. Many think this will become standard...
5 Cybersecurity Tips From Lawyers
A question that often comes up around cybersecurity and incident response is when to involve legal. The best time to get advice from your attorney is before an incident. Here are 5 tips from legal resources of steps to take NOW: 1) Obtain verification from key...
Inefficient Incident Response Costing Billions
Inefficient incident response to email attacks is costing billions in losses every year. Barracuda researchers found that, on average, a business takes three and a half hours (212 minutes) to remediate an attack. In fact, 11% of organizations spend more than six hours...
How Is FTC Data Security Enforcement Changing?
The U.S. Appellate Court agreed with LabMD that an order by the Federal Trade Commission (FTC) for them to "establish a comprehensive information security program" was too vague, leading to changes in the way the FTC handles penalties after conducting audits to...
4 Cybersecurity Budget Focus Areas for Higher Education in 2020
Chief information security officers are grappling with a variety of issues as they try to keep their campuses safe from cyber criminals. In fact, the No. 1 issue for higher ed IT leaders this year is information security, according to EDUCAUSE, a nonprofit association...
Which Solution Is Best to Control Access?
Recently a customer asked us to compare Privileged Access Management (PAM) and Password Manager (PM) products, thinking they were the same thing. Single Sign-On (SSO) is also often confused for these other two types of products. Let's look at each and their...
NIST CSF – Part 4 – Respond
Today we continue down the National Institute of Standards and Technology Cyber Security Framework (NIST CSF). In our earlier blog posts, we learned how to identify our assets and then we did our best to protect them. Then since nothing is 100% secure, we detected...
Cybersecurity Risks Are Threatening Deals
Recent acquisitions highlight the threat that cyber risks can pose to a company’s reputation and bottom line. When Verizon was making a bid for Yahoo's internet business, the sale price was discounted $350,000 million after Yahoo's security breaches were discovered. ...
Why Do You Need Dark Web Monitoring?
Have you ever Googled your own name and been surprised by some of the information you found? Comments on a blog post from years back, maybe an old email address from a past job, or an article about your involvement in a charity event. Now imagine you were searching...
The Accidental Insider Threat – A clear and present risk
Media images depict the unknown ‘hooded’ bad actor in the dark room with many computer screens and we often forget about one the biggest risks organizations face - the insider. The insider can be broken into two categories, 1) the accidental insider who is duped into...
Report on Ransomware Q4 2019
A look at the recently released cybercrime report by Malwarebytes that focuses on ransomware has some interesting takeaways: First the United States is the target 53% of the time. Canada came in second at a distant 10%.The top 5 states targeted were in order: Texas,...
Contractors face big changes from DOD’s new Cybersecurity Maturity Model (CMMC)
The Department of Defense (DoD) recently announced the development of the ”Cybersecurity Maturity Model Certification” (CMMC), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (DIB), particularly as it relates to...
Do we need a new standard for network testing and security?
This question was posed by a Forbes Technology Council member who points out that with the increase in devices connected to networks, cybersecurity has become part of every C-level, staff member and third-party vendor's role to help manage risk of data exposure. This...
The Importance of Source Code for Web Application Penetration Testing
Overview It is a common misconception that a web application penetration test and bug bounty program are the same thing. Although a lot of the skills transfer over and the methodology is very similar, the biggest difference between the two is that a bug bounty program...
Case study – Cyber monitoring insurance claim coverage examples
We've all heard the phrase "there is no silver bullet", especially when it comes to cyber protection. There are so many different methods of attack and avenues of exposure, and they constantly evolve. So how do you protect your customer's data and your organization...
The Future MSP
Managed Service Providers (MSPs) are facing increasing challenges to support their customers as cybersecurity and compliance needs continue to grow. Many look to build their own Security Operation Center (SOC), select and purchase a SIEM tool and staff the SOC to...
Deception Technology – Fooling the Enemy
As the allies prepared for the D-Day invasion they employed deception to trick the enemy into fortifying the wrong place. To give the appearance of a massive troop buildup in southeast England, the Allies created a largely phantom fighting force. In later discovery it...
Data theft by employee leads to federal indictment
Many businesses focus so much on protecting their data from outside threats that they give little thought to inside threats - namely their own staff. For a manufacturer in Chicago, that turned out to be a very costly mistake! The company hired an engineer in 2014 and...
Ransomware Risk Assessment
Ransomware attacks are spreading and ransom demands are growing. 22 cities across Texas were recently held hostage for millions after their networks were infiltrated and data was encrypted, and that's just the latest in a string of cities and businesses being...
How do I know which Service and Organization Controls (SOC) audit I need?
Foresite often assists Resellers and their Clients with Service and Organization Controls or "SOC" compliance. Typically the engagement starts by defining what type of report will be needed, SOC 1, SOC 2 or SOC 3. In this post, we will define the differences and...
Another FTC ruling against business that failed to protect data
The Federal Trade Commission (FTC) has been very proactive in going after business that do not protect their clients from cyber breaches. This is not only happening with major companies; Foresite was called in to help a small business who was audited and fined more...
Active Directory Security Best Practices – Privileged Accounts
An estimated 95% of companies use Microsoft’s Active Directory as the main identification and authentication (IAM) platform. While some in the industry may wish to see this change, Active Directory (AD) shows no sign of decline. “The 1990s called and want their IAM...
New cyber monitoring service includes $250,000 in cyber liability coverage
No matter how many controls you put in place, or how much cyber awareness training you provide, there is no 100% guaranteed solution to protect you from exposure to a cyber incident. But now Foresite can offer you and your customers the next best thing with cyber...
Cybersecurity 2019 – Detection Over Prevention
As the number of attack vectors increases, making it easier for cyber criminals to find ways around the controls it is more important than ever to have a proactive and layered approach to cybersecurity. However, organizations of all sizes need to face an...
9 U.S. States Pass New or Expanded Data Breach Laws
In the absence of federal action, states have been actively passing new and expanded requirements for privacy and cybersecurity. While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach...
New NIST Requirements Increase Cyber Security Controls
A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way. The proposed supplement 800-171B adds 35 new requirements that go alongside...
INTERESTED IN WHAT FORESITE CAN DO FOR YOU?
At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.
Connecticut: 1 HARTFIELD BLVD, SUITE 300
EAST WINDSOR, CT 06088 USA
Tel: 1 (800) 940-4699
Kansas: 7311 WEST 132nd STREET, SUITE 305
OVERLAND PARK, KS 66213 USA
Tel: 1 (800) 940-4699
United Kingdom: A8 IVELY ROAD, FARNBOROUGH
HAMPSHIRE, GU14 0LX UK
Tel: +44 800 358 4915
About Us | Testimonials | Contact Us
Copyright © 2018 Foresite MSP, LLC. All rights reserved