Incident response is one of the 14 requirements outlined in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, and enforced by the U.S. Department of Defense (DoD). If your organization contracts for the government, you must implement all 14 of these security requirements and controls by December 31, 2017. Simply put, if you do not comply, you risk losing your contracts, costing your organization millions of dollars in lost revenue.
A Survey of IT Leaders’ Thoughts on WannaCry, Petya, and Vault 7.
Uncontrolled internet access is a high-risk activity for any business, regardless of size, but it is particularly dangerous for the small to medium- sized businesses (SMB) that make up a managed service providers’ client base. Unfortunately, endpoint security alone is no longer enough to keep clients safe from modern cyberattacks. And, as MSPs well know, remediating threats that have successfully infiltrated the network is challenging and extremely time-consuming. That’s why today’s MSPs are increasingly turning to services that can stop threats before they hit the network.
If there’s one thing that came through loud and clear in our analysis of malware and other threats in 2017, it’s that, when it comes to cybersecurity, change is the only constant. While analysts, researchers, and security companies worked quickly to identify and block emerging threats, attackers were just as quick in finding new ways to evade defenses. Phishing attacks became more targeted and successful, and most phishing sites were only online for 4-8 hours.
Every year, millions of people fall victim to cybercrime. Hackers and criminals prey on their victims using a wide variety of elaborate techniques such as phishing emails, ransomware attacks, and phony web pages, among others. In fact, scams that have plagued society for centuries only continue to grow in size, sophistication, and complexity. For instance, the well-known Nigerian email hoax has roots from a common “Spanish Prisoner” scam that dates back more than 100 years. In this type of primitive “advanced fee scam,” the fraudster requests cash in return for a large commission which, of course, is never delivered.
When an IT incident occurs, two important tools can help tell the story. A remote monitoring and management (RMM) platform tells of what has gone wrong at a customer’s site; a professional services automation (PSA) platform explains what was done to fix the issue. The combination of these two solutions allows MSPs to quickly respond to issues. This is particularly crucial in the case of security incidents that could impact the business and jeopardize compliance with applicable laws, particularly the General Data Protection Regulation (GDPR).
With the Global Data Protection Regulation (GDPR) set to be implemented in May 2018, IT consultants and managed services providers (MSPs) have been wondering how the new law will affect them. In many cases, the IT press has treated this new regulation with a mixture of panic and consternation. It certainly makes sense—it’s a new law that requires organizations to step up on their security measures or face potentially hefty fines.