Podcast Episode 17: Current and Future Concerns of Securing IoT Devices

Why is my toaster talking to my accounting software? Are internal or outside devices causing DDoS or botnet attacks? Larry Bianculli discusses IoT device security, current and future concerns, with Matthew Pascucci and Joe Goldberg.

Details

How IT Plays A Role In Business Success

IT has long shaped major corporations and made them stronger in the marketplace. Yet if you listen to investors and accountants, they are often viewed as a department that is really one of the larger cost centers in any company.

The question then, is how can a company use IT in a way that allows it to add to the success of a business in a greater way than it costs overall? For most companies, the answer is to play some of your opportunity forward and make strategic choices that may provide competitive advantage regardless of the added expense.

Details

Future of Cybersecurity Threats – Looking Ahead So We Can Prepare Now

There are two maxims essential to the understanding of security. First, no security system is 100% effective. Second, hackers are always preparing for future attacks, and you need to be ready, too.

Future-proofing cybersecurity is notoriously difficult because no one really knows what’s around the corner. However, many of the principles that will keep you safe in the future are already well known.

Details

Keeping Customer Data Secure in the Cloud: 5 Things to Know

Cloud computing has drastically changed how people store and access data. For example, employees can access the information required to do their work from anywhere, even while on the road.

However, you’re probably keeping customer data in the cloud, too. If so, you have an additional obligation to protect that information. Here are five things to know when accomplishing that:

Details

The Three Best Practices for Securing the Hybrid Cloud

When it comes to cloud infrastructure and implementation, the hybrid cloud option is one that many companies are beginning to latch on to. Overall the most notable element of this realm of security is that it combines the flexibility and customization of a private cloud with the availability of the public cloud. This approach tends to be significantly more cost-effective and offers a wide array of features.

Details

Twenty Tech Trends for 2020

Over the last few years, the word “disruption” became one of the most common terms when talking about the tech industry. According to Google Trends, the use of this term has been steadily increasing during the last nine years, peaking in July 2019. Today, the new technology doesn’t just make our lives easier but changes our way of thinking. The tech industry itself transforms quickly, so it becomes especially important for brands, tech experts, and marketers to keep up with the latest trends.

Details

Cybersecurity Frameworks in Healthcare (And How to Adopt Them)

Just like any other industry, healthcare must be ready to handle cybersecurity threats.

What’s more, clinics and hospitals have to prove over and over again – the devices, technologies, and methods they use don’t bring any risk to patients. 

To do that, healthcare institutions start compiling their security with recognized standards and frameworks like NIST or HITRUST. 

But what exactly is a security framework? Which one should you use? What’s the right way to implement it?

Details

Endpoint Detection and Response: Securing Your Borders

According to a recent study, a new cyberattack occurs roughly every 39 seconds or 2,244 times a day. A successful attack costs an average of US$3.9 million to identify, eliminate, and recover from. The chance that an attacker will attempt to breach your systems is incredibly high. However, this doesn’t mean you’re helpless. 

You can use Endpoint Detection and Response (EDR) to significantly reduce your risks and potential costs. In this article, you’ll learn what EDR is and what kind of threats it can protect you from. You’ll also learn some best practices for implementing EDR to ensure your system is maximally protected.

Details

Third CISO Roundtable Overview – Building a Defendable Enterprise with Continuous Monitoring

It was our third CISO roundtable that we hosted at a local vineyard and the conversation was as lively as ever. I’m not sure if it was the wine tasting, the food or the experience of the CISO’s in attendance, but this event was lively discussion that focused on “Building a Defendable Enterprise with Continuous Monitoring”. The excitement and passion that was coming back from our attendees was nothing short of encouraging to see how these leaders in our field are taking their roles serious in defending their organizations. It was once again a privilege to be in the midst of these leaders learning from their wisdom and experience in the field. This blog is being written as recap of a few highlighted discussion points throughout evening that were discussed.

Details

Cloud, a Year in Review and Looking Forward

In 2019, cloud computing truly became mainstream, more than ever and the trend is here to stay.

As more and more businesses from all industries rush to migrate to the cloud and build cloud-based applications, Gartner predicts that the public cloud services market will grow 17% next year, from US$ 227.8 billion in 2019 to an estimated US$ 266.4 by the end of 2020. And a recent Forrester report estimates that the market will grow to a total of US$ 411 billion by 2022.

Details

MSP Voice Episode 71 – “Longevity as a Startup” with Larry Bianculli

This week’s guest is Larry Bianculli, managing director, with CCSI who provide MSP and MSSP services in the New York City/Long Island area. CCSI (which stands for Contemporary Computers Services) has been around since 1974. CCSI has always been focused on services, the founders coming from IBM. CCSI has a range of customers from SMB to fortune 500. They have customers around the US as well as overseas.

Larry has been with CCSI for 4 years and is focused on growing the enterprise and commercial business. Prior to CCSI Larry spent over 15 years working for vendors (both big and small). For their large customers, CCSI helps to augment their IT staff in specialized areas. They’ve seen some great opportunities with co-managed SIEM. CCSI focuses mostly on financial, healthcare, insurance and manufacturing.

Listen to the full episode for more information on how CCSI has been so successful over the years by essentially thinking of themselves as a startup.

Details

How Cryptocurrency Could Benefit You

Cryptocurrency is a digital currency which works as an exchange system for secure financial transactions in the digital marketplace. One of the greatest benefits of cryptocurrencies is that it uses decentralized control as oppose to the central banking system. The public financial transactions work through a distributed ledger, also known as a blockchain. All of this allows for the owner of the cryptocurrency to have full control of their assets.

Details

7 Cyber Regulations Your Business Don’t Prepare For (But Should Be)

The last five years have been monumental for cybersecurity. Between data breaches that have affected the world’s biggest corporations and new laws passed worldwide to ensure better data security, the increased focus on securing data is a welcome one.

However, the number of cybersecurity threats is going. According to a UK-based firm, Hiscox, 50% of surveyed firms experiences an attack, up from 40% over the same period during the past year.

Details

Policy and Procedures – Security Compliance

All organizations have policies and procedures on how particular tasks and goals are established within the organization. The issue here is many of these are either word of mouth or haven’t been written down. This leads to having subjective policies and procedures that morph over time based off a loose understanding of the objective. Almost every regulated organization is being asked to have written policy and procedure to adhere with compliance that allows for a defined and objective method of handling policy and procedures within their organization. This creates a strategic framework for those that the policy and procedures are guiding. This being said, there are a few differences when it comes to policy and procedure.

Details

How to Write Perfect Cyber Security Strategy for Your Venture

Protecting your company from online dangers is one of the most important things you need to take into consideration when it comes to running your own business. The threats you can come across are plenty and in order to avoid them, you will need a strong cyber security strategy.

Even if you don’t know about this topic, there are still quite a few simple steps you can follow in order to protect your business while still educating yourself and your employees about the matter. Here are some of the best tips to help you write the perfect cyber security strategy for your venture.

Details

Time Series Databases, the Future of Monitoring and Logging

Long gone are the times where “the” database was single Relational Database Management System installed typically on the most powerful server in the datacenter. The monsters handled anything the business required. Today databases run on commodity hardware, they are also more sophisticated in terms of the high availability and specialized to handle particular types of data. Specialization allows them to achieve much better performance – everything is optimized to deal with a particular kind of data: optimizer, storage engine, even language doesn’t have to be SQL, like it used to be in the past. It can be SQL-based with some extensions allowing for more efficient data manipulation, or it can be something totally new.

Details

It’s in the Cloud, So it Secure . . . Maybe!

Since the introduction of cloud computing, more and more companies have been flocking to cloud computing, because it has proven to be cost effective and inherently more secure than on premise data centers. However, no one has ever claimed that making switch magically happens by pressing a button. Cloud computing needs to be properly managed and configured. Processes and policies that protect the data and applications that reside in the cloud need to be developed and continuously monitored to stay within best practices.

Details

Threat Hunting Strategies for 2020

Cyber attacks are becoming more advanced with each year, as indicated by the increase in data breaches. According to a Risk-Based Security report, 2019 might break a new record, with more than 3,800 breaches, and still counting. 

Threat hunting aims to help reduce the number of breaches. Some security analysts even take threat hunting as far as infiltrating the dark web, all to ensure they are the first to discover a new attack type. Read on for an overview of the state of cybersecurity, and key threat hunting tips for 2020. 

Details

Improving Security in Web App Development

Traditional, downloadable, applications are becoming less common as cloud services expand. Instead, organizations and consumers are turning to programs they can use from any connected device: web applications. Web applications allow organizations to accommodate remote workers, as well as access a globalized market of connected customers. However, these applications require that services be constantly accessible and that data transfer is secure. An application breach or service inaccessibility can cause significant impacts to you and your customers. 

Details

What We Need To Know About Bluetooth Security

Since its introduction in the early 2000s, Bluetooth technology has been helping people to connect their devices and share data seamlessly. Wireless microphones and headphones, for example, are there because of Bluetooth. But is Bluetooth technology safe?

Well, as you could be aware, Bluetooth connection and internet connections in their entirety have their vulnerabilities. This is particularly so because data thieves are everywhere these days, all waiting to pounce on unsuspecting smartphone users. Yet, engineers are constantly looking forward to ensuring the safest devices and programs for their users, thereof they have focused on java programming, as one of the safest coding languages that are less prone to hacking. Given its popularity, there are many companies that provide java programming services that would accommodate every request. However, in this post, we will focus on the potential Bluetooth security risks and how you can mitigate these risks.

Details

Developing Cybersecurity Muscle Memory with Table Top Sessions

Anything that’s difficult takes time to master, or at least become competent, and it requires constant training and being pushed in situations which will sharpen your reflexes. This is the predominant reason why we perform cybersecurity tabletops in order to improve our reaction time regarding security incidents and breaches. During these situations there’s much more than the technical aspect that needs to be considered and if the entire organization isn’t moving in tandem, mistakes will be made. Organizations as a whole need to live this experience, even if it’s just a tabletop, in order to understand the ramifications of where you might have blinders on from a maturity standpoint. This consistent role playing, aimed to force all levels of participant’s out of their comfort zone, is used to create that tempered muscle memory on how to react to incidents without question.

Details

IoT Security or the Lack There Of

The Internet of Things (IoT) is poised to become the biggest technological breakthrough of this decade. Many households will soon own a smart car, smart refrigerator, and smart thermostat. In the business world IoT is also here and is steadily gaining additional profile and credibility. With that comes a vastly complex IoT ecosystem. 51% of surveyed IT and business decision makers report that their organization uses IoT devices that have been created by a third-party.

Details

Just Patch Already… It’s Not that Easy

We’ve all heard it before, “Just patch all the things and you’ll be perfectly fine” and there’s a lot of truth to this statement; it’s also extremely shortsighted. If you’re working in a large enterprise or an organization that uses unique equipment for business functions it’s almost impossible to follow the “patch all the things” mantra. Mostly, because there aren’t available patches or the systems have become unsupported. At CCSI we work with some of the world’s largest organizations and in doing so we’ve noticed that patching isn’t always an option, even though we recommended it as a priority, to some systems on the network. Here are few areas we recommend when patching isn’t an option.

Details

How to stay safe while using Airport WiFi

The more people you share an internet connection with, the more vulnerable you are to data theft. That is why it is always safe to browse the internet from home or at the workplace where the networks are uncongested and secure. But you cannot hide in this comfort zone forever; you will occasionally need to use public internet such as a coffee shop or airport Wi-Fi. When that happens, how do you secure your data? Please read on to discover 5 tips on how to stay safe while using airport Wi-Fi.

Details