Archive for February, 2020

Cyber Security and Breach Fatigue

Friday, February 28th, 2020

What is Breach Fatigue? You know when you are craving a food… Let’s say pepperoni pizza.   You think about it all day.  You dream about it at night.   You’re trying to watch your figure but that warm, stretchy, gooey, deliciousness won’t stop haunting you. So you give in.  You’re going to have “just one slice” […]

Understanding CMMC Maturity Levels (ML)

Thursday, February 27th, 2020

By this point, you should hopefully understand that the purpose of the Cybersecurity Maturity Model Certification (CMMC) is to simplify cybersecurity for federal contractors and sub-contractors. Katie Arrington, the DOD’s Chief Information Security Officer for Acquisition and Sustainment, noticed (quite aptly) that “self-certifying” just wasn’t cutting the cake, so to speak.  Hackers were targeting contractors, […]

US Blames Russia for Attack on Georgia

Wednesday, February 26th, 2020

State Department officials blamed the Russian military intelligence agency’s (GRU) Main Center for Special Technology (GTsST), for cyberattacks targeting the country of Georgia this past October; attacks that not only impacted thousands of websites, but actually disrupted two Georgian networks.  This is the first time the US State Department openly linked the GTsST to Sandworm, […]

Falling Down the CMMC Rabbit Hole

Wednesday, February 26th, 2020

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts. Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS […]

Mozilla’s Firefox’s Default DoH

Wednesday, February 26th, 2020

Beginning today, February 25, 2020, Mozilla will now automatically send all of their US-based customers’ DNS queries to Cloudflare DNS servers, as opposed to the default DNS servers set by their users via their new feature, DNS-over-HTTPS (DoH). DoH executes DNS look-ups over an encrypted server instead of just sending them over plaintext, making it […]

Former Head of NSA Left Retirement to Help Cybersecurity Shortfall

Wednesday, February 26th, 2020

There is a national shortage of cybersecurity specialists, and the former head of the NSA, Mike McConnell, is actively trying to fix that issue. McConnell is a DC professional but is now splitting his time between there and the University of South Florida, in an attempt to fill in this gap of about 500,000 professionals […]

Hackers Close Down a Natural Gas Compression Facility

Thursday, February 20th, 2020

Hackers used a spear-phishing campaign to successfully target an undisclosed natural gas compression facility here in the US, leading to a two-day closure. Their network and data were encrypted with ransomware, which essentially shut down the company’s control and communication abilities. While CISA did not provide many details about the virus involved, it appears that […]

Patients’ PTSD Details Leaked After Law Firms Hacked

Wednesday, February 19th, 2020

Law firms appear to be the latest black hat hacking trend. No less than FIVE law firms have been breached by cybercriminal group, Maze, in the last four months, and the results have been devastating.  Not only have these criminals STOLEN data, but they’ve also released extremely sensitive protected health information (PHI) from veterans’ pain […]

Columbus County School Still Not Whole After October Cyberattack

Tuesday, February 18th, 2020

The Columbus County school system, which was taken offline after a cybersecurity attack last October, is STILL feeling the effects today, even though progress is being made. Last night, school officials updated the county commissioners at a meeting on their current situation.  The National Guard has been helping and while some of their equipment has […]

Is CMMC Going to Cost My Business a Small Fortune?

Monday, February 17th, 2020

One of the most frequent questions I hear from our clients about the new Cybersecurity Maturity Model Certification, after a few choice words, is: “How much is this going to cost me?” It’s a great question, and one I can’t fully answer because, unfortunately, they haven’t even rolled out the auditor program yet!! That being […]