HIPAA Trends & Predictions for 2021
Since passing in 2003, the OCR has issued total fines and penalties in excess of $129,000,000. The fact is, data breaches, hacks, ransomware, etc., are nothing new, but regulators are painfully aware that malicious actors are actively exploiting “windows of opportunity” due to COVID. Those who are succeeding in 2021 understand that their wins are directly tied to maintaining effective security and compliance programs this year. Before exploring those solutions, though, let’s dive deeper into the drivers behind this need.
Read More
5 Reasons to Continue Growing a Program in the Middle of a Pandemic
According to a survey by ISSA and ESG, cybersecurity professionals saw 63% increase in cyber-attacks related to the pandemic. With the current climate in mind, I’m going to give you 5 key reasons you should not only resist the temptation to put off your cybersecurity projects until after the pandemic levels out, but why you should prioritize growth in your program right now.
Read More
Identity is the New Perimeter: Passwordless Authentication Solutions
Security, as the saying goes, is not convenient. Security is meant to make it as hard as possible for the bad guys to gain access to things they shouldn’t. But as a result it makes end users life difficult, especially with the advent of multi factor methods of authentication. Sometimes, this can make your users frustrated with having to use several different forms of authentication or having to enter their passwords multiple times for each application.
Read More
What Are Purple Team Exercises and Who Needs Them?
Terminology and acronyms in cyber security can get confusing. Try to distinguish between Blue Team, Red Team, Black Box, White Box – and now Purple Team exercises, it can be hard to know if you are dealing with terminology or marketing buzz words unless you are a security testing insider. Are we talking about offense or defense? Internal or external? Penetration testing or a vulnerability assessment? One-time or ongoing? We can explore a number of these topics going forward, but I am going to specifically focus on Purple Team exercises in this blog, laying out key definitions, the purpose behind this style of exercise, key stakeholders you will want to involve, and what outcomes you should expect.
Read More
Why “Security First Approach to IT Services is the ONLY Approach”
During my time at TRUE I have seen some major pitfalls from companies that failed to see the importance of having a “Security First” approach to their IT. So I’m here to explain why you – YES, YOU – should take the “Security First” approach to heart.
Read More
Move the Needle with Your Vulnerability Management Program
TRUE has been providing managed vulnerability scanning services for clients for years, scanning external and internal network environments for the latest exploits, supplying reports, and remaining just a phone call away for remediation guidance, report interpretation, and discussing what keeps our clients up at night. Scanning continues, but organizations don’t always move the needle and are often no more secure as a result.
Read More
Solving the Vulnerability Problem
Despite years of government issued alerts, subject matter expert directives, and even repeated lamenting of cybersecurity podcasters, unpatched vulnerabilities are still a leading cause for breaches. Why, with so much awareness, is this still a problem? Simply put, vulnerabilities can’t be 100% solved by just adding more activities to your teams’ schedules.
Read More
Microsoft Defender Advanced Threat Protection Summarizes Exposure Score
Let’s face it, today’s battleground for IT is in Cybersecurity. You fight the good fight of identity security, you diligently apply your network security, you do your best to manage and protect your data, but those darn computer users take their devices into the dark recesses of public Wi-Fi. What if you had a tool that would help reflect your organization’s exposure associated with all the devices within your organization? Welcome to Exposure Score (ES) in Microsoft Defender Security Center!
Read More
Urgent US-CERT Healthcare Trickbot & Ryuk Alert
The Joint Cybersecurity Advisory, comprised of the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), published a critical alert of verified and widespread attacks targeting Healthcare and Public Health Sector organizations.
Read More
Beyond Endpoint Technology: Why You Should Leverage Security Experts for MDR
You have to see bandwidth not only as a way for all the good stuff to come in, but also as the perfect conduit for the bad stuff. The more stuff you stream, the more devices that get deployed, the larger the attack surface, the better the chances of finding a way in – it only makes sense. Fortunately, when it comes to protecting your newly expanded corporate IT presence, a few things have remained relatively constant. These include 1) that every user has an “endpoint device” or two that they depend on for getting their work done, 2) that endpoint remains the primary target of most attacks, and 3) we’ve become extremely good at protecting those endpoints.
Read More