Blog
Keep up to date with on-going threats and CISA notifications!
Sign up for our newsletter to never miss a post
Can you believe it's been 20 years for patch Tuesday?
Even after 20 years of patch management and vulnerability scanning improvements, cybersecurity faces ongoing challenges like complex software ecosystems, sophisticated ransomware, and limited resources. Addressing these issues requires a comprehensive approach, including education, automation, and proactive security strategies beyond basic compliance.
CISA Providing Critical Information to Prevent Ransomware
In October, during Cybersecurity Awareness Month, CISA updated the Known Exploitable Vulnerability (KEV) catalog, highlighting 185 out of 1020 vulnerabilities currently exploited by ransomware. This significant update aids organizations in focusing their cybersecurity efforts, particularly in addressing vulnerabilities to prevent ransomware attacks and enhance overall network security.
Known Exploitable Vulnerabilies Catalog Update
The Cybersecurity and Infrastructure Security Agency (CISA) updated the Known Exploitable Vulnerability (KEV) catalog during Cybersecurity Awareness Month, introducing a new category for vulnerabilities known to be used in ransomware campaigns. This update aids organizations in prioritizing ransomware threat mitigation, improving risk assessment, and enhancing overall cybersecurity preparedness and compliance.
Depth in Defenses
Despite advancements in cybersecurity, the threat landscape continues to evolve with challenges like ransomware and sophisticated social engineering. A holistic approach, combining in-depth defenses, regular patch management, security monitoring, updated best practices, employee education, and strong incident response planning, is essential to combat these evolving threats effectively.
Quishing, Not What it Sounds
"Quishing" is a type of phishing involving QR codes. To protect against it, be cautious of unexpected messages, avoid clicking on suspicious links or QR codes, use multi-factor authentication, keep software updated, and verify sender identities. When in doubt, it's safer to delete suspicious messages.
SEC Breach Disclosure: How the New Reporting Requirements Impact Organizations
The SEC introduced new rules requiring companies to report material cybersecurity incidents within four business days. These regulations mandate detailed disclosures about the incidents' impact, risk management strategies, and the board of directors' oversight role to enhance investor transparency and accountability in cybersecurity.
Our Hosting and SaaS Facilities
Our first class, resilient data centers have attained SOC1 and SOC2 compliance, ISO27001/17/18 certification, EU Model Clause approval, and FEDRAMP authorization for approved government workloads. We can deploy into the closest facilities in any region for best performance, and to meet data movement and storage compliance mandates.
Disclosure and Technology
As a security industry best practice, we follow the ideals of least privilege and security through obscurity as much as possible. We do not use our customer’s logos for marketing purposes or needlessly disclose the underlying products and infrastructure we employ. Contact us privately for more information about our leading technologies and capabilities tailored for your organization.
