December 1, 2020
Good morning, everyone!
|This week’s critical vulnerabilities:
Cisco Webex has released patches for vulnerabilities that enabled attackers to covertly join meetings. Facebook Messenger recently patched a flaw that could have allowed attackers access to your camera and microphone. cPanel & WebHost Manager patched a critical vulnerability that allowed bypassing 2FA.
Patch all the things!!
CISA’s Cyber Essentials Toolkit #6 is out
The final Cyber Essentials Toolkit has arrived: Chapter 6: Your Crisis Response.
This chapter focuses on responding to and recovering from a cyberattack. In addition to resource links, this chapter also includes an exercise that information technology and cybersecurity managers can use to engage company leaders in thought-provoking discussions about cybersecurity. The exercise is designed to raise leaders' awareness of the risks and the need to integrate cybersecurity decision-making with day-to-day risk management processes and procedures.
It’s official! We are CMMC-RP & CMMC-RPO
If you do work for the Department of Defense, you have no doubt heard of the new Cybersecurity Maturity Model Certification program that will apply to all defense contractors over the next five years. I am pleased to announce that I was among the first candidates to be credentialed a CMMC-AB Registered Practitioner by the CMMC Accreditation Body, and that The Net Effect is now a CMMC-AB Registered Provider Organization™. I have been trained in the basic constructs of the CMMC Standard, and I’m ready to assist you with your CMMC preparation! Contact me to get started. Remember, NOW is the time to prepare, and my work(fromhome)shop on December 15 is a great place to start. I’m here to help!
Cybersecurity Grows in Importance
I doubt anyone would argue with that statement, but still, it bears a new look. I read a really good, in-depth discussion about a recent report by Cisco researchers (“Future of Secure Remote Work Report") on Dice.com, and I’m going to quote just a few keys points here:
Even if a vaccine becomes available in the first half of 2021, businesses large and small believe that significant portions of their workforce will remain remote, as employees have taken to these home-office arrangements, which are also helping accelerate the shift to more cloud services as well as digital transformation projects.
We have read before that cybersecurity threats have increased exponentially during the current pandemic, which means that:
organizations need to continue to invest in and refine their cyber defenses.
Another interesting metric from the report:
61 percent of all respondents reported that their organizations experienced a jump of 25 percent or more in cyber-threats or alerts since COVID-19 arrived in March. This played across all sizes of organizations with 55 percent of small businesses, 70 percent of medium-sized organizations, and 60 percent of large enterprises reporting increases in cyber-threats.
What are your key takeaways?
- Telework is here to stay, at some level at least for a while and probably a long while
- Cybersecurity is more important than ever
- Size truly doesn’t matter! Small, medium, large or giant – cyber criminals are after every victim they can hit
My Next Work(fromhome)shop
December 15: This online class will introduce you to the basics of the DoD's new Cybersecurity Maturity Model Certification: terminology, timeline, applicability, and basic preparation steps. Participants in this class will have the first chance at signing up for my "deep dive" series on the specifics of achieving Maturity Levels 1-3 coming up in Spring 2021.
Talk to you again soon!
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺