With more internet-connected devices in the hands of more people, and a larger chunk of the workforce doing their 9-to-5 from home, cybercriminals have targets and opportunities like never before. The state of Connecticut is responding to this tidal wave of cyberthreats with proposed legislation aimed at encouraging companies to increase their cybersecurity. In a nutshell, the proposed bill provides incentives for businesses to reach compliance with nationally recognized standards of cybersecurity. In case of a breach, a compliant company would be shielded from legal liability stemming from a cyber attack. The bill was unanimously approved in the state House on May 20 and now moves to the state Senate.
I’ve been having many conversations with manufacturers about their need to get aligned with an interim rule put out by the Department of Defense (DoD) recently. The basic deliverables of that rule are to submit the score a supplier achieves following a gap analysis based on the controls listed in the NIST Special Publication 800-171 document. Sounds simple right? I can tell you from experience that the idea is not clearly defined within the rule.
Start improving your cybersecurity posture now with this ebook, free when you subscribe to our blog.
Cybersecurity is largely about identifying vulnerabilities and risky practices, ideally before hackers have the chance to find and exploit them. I was quoted extensively, along with experts from Deloitte, Schellman & Co., Sikich and Markel, in a story for SC Magazine on how data and the supply chain drive hidden network threats.
When it comes to IT security, most businesses I speak to have become more sensitive and very concerned regarding IT security breaches. “Why is everyone so worried?” you may wonder. The reasons vary depending on what type of business you’re listening to as well as the position of the person within that organization. Some of the common responses I’ve heard include loss of data and personal identifiable information (PII), loss of revenue, and damage to their organization’s reputation. These concerns are echoed from IT management all the way up to presidents and business owners. Across all those businesses and roles, no one has ever said to me that defending against those ramifications above “is not important to me”.
Phishing is an old game, but the rules are always changing. I was quoted extensively, along with experts from companies like PwC, EY and McKinsey & Company, in a story for SC Magazine on developments in phishing of which CISOs, leaders and companies of all sizes need to be aware.
Following the interim rule passed down in the document DFARS Case 2019-D041 on September 29, 2020, there’s a growing number of subcontractors in the Department of Defense (DoD) supply base selling into the “Primes” who are receiving urgent requests from their customers to comply with this new requirement. Regardless how long the DFARS 252.204-7012 has been a stated requirement for DoD contract awards, this new urgency is driving a lot of activity in the Defense Industrial Base (DiB). As such, you have likely heard from a range of vendors that have offered to help you reach that goal.
Thrive Global recently conducted a Q&A with Kelser President Jim Parise as part of the outlet's series on “5 Things You Need to Know to Optimize Your Company’s Approach to Data Privacy and Cybersecurity.” The article also ran in Authority Magazine.
Senior consulting engineer Andrew Tyler was a panelist for a recent cybersecurity virtual forum presented by the Hartford Business Journal. The theme of the forum was how the pandemic has forced a change in the way many businesses approach cybersecurity in this new work-from-home world.