What we’re talking about
Cyber insurance has become a larger part of the cybersecurity risk management process for businesses. This is due to the rising potential impacts of cyber threats to sensitive data. As a result, cyber liability insurance market is changing rapidly. These changes include reduced coverage limits, increased premium, and requirements for adequate security controls for cyber
Cybersecurity trends for 2025 show multiple areas of concern in a time of growing risks. A Cybersecurity Assessment Report from Bitdefender reveals findings from 1,200 cyber professionals that define key areas for improvement. These areas include reduction of attack surfaces, complexity of disparate tools, c suite perceptions, and cyber professional burnout. Reporting Incidents In the
The U.S. Secret Service dismantled a network of devices in New York city that posed a significant telecom threat. This equipment could have potentially disabled cellphone towers facilitating anonymous communications for criminal activities. This operation was particularly urgent due to the ongoing United Nations General Assembly meeting with world leaders. Equipment at Various Sites Across
Cybersecurity Maturity Model Certification (CMMC) and export compliance programs should be coordinated efforts driven by upper management to avoid export regulation violations. A Federal News Network article discussed the fact that CMMC assessments are uncovering unknown export regulation violations. The article points out the dangers of maintaining compliance programs in separate silos. Technology Control Plan
The Defense Federal Acquisition Regulation Supplement (DFARS) implementing the Cybersecurity Maturity Model Certification (CMMC) program has been finalized. This rule, available on the Federal Register, will become effective November 10, 2025. This action by the Department of Defense (DoD) (now the Department of War) will make CMMC compliance a contractual requirement on all solicitations and
A Department of Defense (DoD) class deviation has postponed the CMMC compliance requirement originally set for October 1, 2025. This requirement, effective as of September 3, 2025, notifies contracting officers that they are not to use the DFARS 252.204-7021 contract clause in new solicitations and contracts. This class deviation will remain in effect until the
Microsoft has been using Chinese engineers to assist with the maintenance of the Department of Defense’s (DoD) cloud systems, supervised by U.S. personnel known as “digital escorts.” This arrangement, which dates back decades, involved using U.S. citizen Microsoft employees with security clearances to oversee work being done on highly sensitive databases. In many cases these
The National Institute of Standards and Technology (NIST) is developing control overlays for securing Artificial Intelligence (AI) systems to help organizations manage cybersecurity risks associated with various AI use cases, including generative AI and predictive AI. These overlays are designed to help organizations manage cybersecurity risks associated with various AI applications. The NIST AI control
C-suite cybersecurity responsibilities include promoting a security culture, aligning cyber and business strategies, and provision of resources. This requires involvement by all executives not the Chief Information Security Officer (CISO). The prevention of a cybersecurity incident should be a key element in business strategy because of loss of operations, financial loss, and damage to organizational
The Bureau of Industry and Security (BIS) has issued new guidance for Advanced Computing ICs in an effort to prevent diversion of electronics that could be implemented in Weapons of Mass Destruction (WMD). The BIS also updated Supplement No. 3 to Part 732 “Know Your Customer” Guidance and Red Flags to provide a due diligence
DoD Acquisition nominee Michael Duffy plans to review Cybersecurity Maturity Model Certification (CMMC) implementation in an effort to balance a need for security and excessive regulation. Duffy also recognized the need for affordability for the Defense Industrial Base (DIB) to maintain cybersecurity best practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Duffy
Recent studies have shown that organizations are not ready for CMMC. The Aware but not Prepared report from Redspin states that only half of the Defense Industrial Base (DIB) are even moderately prepared for a Level 2 certification. Despite a five year roll out for the final rule from the Department of Defense (DoD) DIB
Integrated business management systems provide more effective solutions to the challenges facing organizations today. This approach consolidates business processes and systems across teams and unifies objectives. It can effectively address requirements for quality management, export compliance, information security management, and other concerns, ensuring compliance without gaps, duplication of efforts, or teams working at cross purposes.
The Department of Defense (DoD) has released its Cybersecurity Maturity Model Certification (CMMC) final rule. This rule will now require contractors to verify that required security measures have been implemented for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). These requirements will are to be implemented in early to mid-2025 when verification of security
The Bureau of Industry and Security (BIS) has expanded its Validated End User (VEU) Program to include controls for data centers in an effort to create a trusted ecosystem for artificial intelligence (AI) development. The VEU will now review applicants data centers to ensure application of appropriate safeguards and security measures. This update to the
Ransomware may have been the possible cause of death of a patient in Dusseldorf. A ransomware attack on thirty servers at the Dusseldorf University hospital on September 9, 2020 prevented immediate emergency treatment and resulted in the patient having to be transported to a facility 20 miles away where she died from a delay of
