The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.
There’s no question that digital safety and data security are serious concerns for everyone these days. Businesses big and small simply cannot survive without some kind of security program in place. While some of the more common cyber attacks include viruses, malware and ransomware — the latter being particularly buzz-worthy these days — there’s one…
Going online has several risks, ranging from identity theft to theft of cash and other items. Some privacy is important as you surf the Internet. You have a choice of two technologies- VPN and SSH to help enhance some protection and privacy. These two technologies are not competing, but work in different ways to ensure…
The first question you may be asking is, “Why should I be considering third party maintenance over OEM maintenance contracts?” The short answer: MONEY
Most buyers who utilize third party maintenance services save up to 50 percent or more over three years, in most cases. In reality though, it isn’t just about the money you could save, excellent service is also an important trait, third party technicians come just as qualified as manufacturer technicians. Third party maintenance requires careful vetting, but in the end, it can be more than worth it.
In today’s world, digital security is more important than ever. Long gone are the days where you only needed to worry about physical security for offices. Now, banks, law offices, government facilities, and private companies all depend on their technology being protected from a range of threats. It’s essential for a seamless continuity of daily life to identify and quickly respond to these threats as they occur.
Around the Millenium when 802.11 was ratified, any measure of security was enough; just having an SSID that was closed was “security”. Then came WEP to stop unauthorized access, however, that was soon cracked. That is why, the IEEE and the WiFi Alliance devised WiFi Protected Access (WPA). Protecting WLANs (Wireless Local Area Networks) should…
Today, cybersecurity is vital to the safety and security of your company and its data. Developing a proper risk assessment strategy for cyberattacks is about as necessary as breathing. Not only can an incident get you in a lot of trouble with your customers, lowering your reputation, but it can also get you into legal…
Effectively connect people, process and technology to minimize MTTD and MTTR
There’s a reason it’s said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It’s the only way to know if you’re heading in the right direction.
That’s why any security operations team worth their salt will be paying close attention to both their mean time to detect (MTTD) and mean time to respond (MTTR) metrics when it comes to resolving incidents.
The average dwell time for attackers still sits somewhere within the ranges of 100 – 140 days and frankly, we can do better. Security operations teams need to be fanatical when it comes to lowering these metrics within their organizations.
Significantly reducing dwell time, MTTD and MTTR starts with an understanding of attacks. From there, you need multiple groups working together in harmony enabled by technology to automate and orchestrate incident response processes.
Often when speaking to people about the cloud, their first reaction is that it isn’t safe and they won’t use it. Odds are that they, and most everyone else who owns an Internet connected device, is already using the cloud.
Let’s take a step back and define the cloud. In essence, it’s just a network of servers — which are large, super-powerful computers. Anything that’s referred to as “cloud-based” or “in the cloud” means it primarily lives online, instead of on something physical in your possession like a CD or your computer’s hard drive.
A good rule of thumb for determining whether something is “cloud-based” is asking yourself the following question: Can I easily log into this service from another device, like my phone or a different computer? If the answer is yes, then the service is probably based in the cloud.