ISO 27001 Prevents Cyberattacks Implementing an ISO 27001 Information Security Management System (ISMS) prevents cyberattacks.  The Ponemon Institute in a 2017 study found that a typical firm experiences 130 security breaches each year.  Mitigating these breaches requires more than advanced IT practices, it requires a dedicated management system.  ISO/IEC 27001 is such a system.  It

In an effort to ease requirements for the protection of Controlled Unclassified Information (CUI), the Department of Defense (DoD) has announced CMMC 2.0.  This new version of the Cybersecurity Maturity Model Certification (CMMC) program will pare down the scope and requirements placed on the Defense Industrial Base. Initial CMMC Cybersecurity Requirements Daunting CMMC was created

According to a number of leaders in cybersecurity, spyware is becoming an issue of growing concern for businesses.  Malwarebytes, in its 2021 report, Malwarebytes 2021 State of Malware Report, observed that business spyware detections increased 51% in 2020.  These spyware infections can be found on both computers and mobile devices. What is Spyware? Spyware is

CMMC Under Review by DoD The DoD is finalizing changed to the Cybersecurity Maturity Model Certification program (CMMC) in an attempt to sufficiently address national security requirements without overburdening the defense industrial sector.  According to an article recently published at the Federal News Network, these changes are to be released soon as a finalized plan

CMMC Still on Schedule Despite Covid-19 Setbacks The Cybersecurity Maturity Model Certification (CMMC) is still on schedule according to articles posted by National Defense Magazine.  CMMC was developed by the Department of Defense and industry as an effective means of implementing a risk based management approach to cybersecurity.  The first draft (Version 1.0) was released

Bloomberg reported on February 12, 2021 that a Supermicro hardware hack had been conducted on server motherboards by a Chinese espionage program.  This report follows previous reports by the news agency in 2018 and illustrates the susceptibility of technology manufacturers to supply chain attacks.  The hack involved embedding a small integrated circuit into the trace

International trends in cybercrime show an increasing sophistication by both organized crime and hostile nation states.  These cybercriminals are continuing their efforts against high-value targets that include the industrial, IT, and infrastructure sectors.  This activity is occurring at a time when many organizations are struggling to develop integrated cybersecurity solutions. Cybercrime Exploitation of Uncertainty Cybercrime

Karlton Johnson chairs CMMC-AB after serving as interim since September of 2020.  The accreditation body can now continue in its efforts to accredit sufficient assessors to certify the cybersecurity maturity of Department of Defense contractors.  The body had faced a challenges when on September 2, 2020 two members of the Cybersecurity Maturity Model Certification Accreditation

An Interim CMMC version was released on September 29, 2020 finishing off a tumultuous month at the organization.  On September 2, 2020 two members of the Cybersecurity Maturity Model Certification Accreditation Board were voted off in the midst of a conflict of interest controversy involving a pay to play strategy.  Karlton Johnson is now the

The National Institute of Standards and Technology (NIST) has released a baseline guidance for IoT device Cybersecurity. Internet of Things (IoT) refers to computing devices that integrate physical and/or sensing capabilities and network interface capabilities.  Providing security for these devices becomes more challenging as they become smaller, more prevalent, and capable. The Growth of IoT

Employee cybersecurity negligence is still a major cause of risk for businesses.  Despite an increased emphasis on training people, human error and bad habits continue to endanger sensitive information. Data Breaches on the Rise Institutions of all types have seen a dramatic increase in the number of cyber attacks.  This has been especially the case

Ransomware may have been the possible cause of death of a patient in Dusseldorf.  A ransomware attack on thirty servers at the Dusseldorf University hospital on September 9, 2020 prevented immediate emergency treatment and resulted in the patient having to be transported to a facility 20 miles away where she died from a delay of

Video conferencing application vulnerabilities have been frequently in the news during the Covid-19 pandemic.  During this time the use of these apps has skyrocketed due to remote work and schooling.  This has presented a tempting target for cyber criminals to steal information and disrupt activities. Zoom Bombing Incidents AL.COM reported that Saturday night Jewish prayer

Denial of Service attacks (DoS) occurs when a targeted host or network is incapable of responding to legitimate users as a result of being flooded by traffic from the attacker.  Businesses worldwide have reported an increased number of these kinds of attacks.  Because these attacks result in inaccessibility of an organization’s resources and service, they