OPINION: Cybersecurity Today Is Treated Like Accounting Before Enron. Nathaniel Fick, the chief executive of Endgame, a cybersecurity software company, writes in The New York Times: “Last week, we learned that researchers had discovered two major flaws in microprocessors of nearly all the world’s computers. The revelation came on the heels of a distressing series of major hacks: In 2017, Yahoo revealed that all of its three billion accounts were compromised, WannaCry ransomware shut down hospitals across the globe, and an Equifax breach affected approximately 145.5 million consumers in the United States. The latest news about the computer security problems — whose names, “Spectre” and “Meltdown,” appropriately convey their seriousness — is just the latest evidence that true digital security remains out of our reach.” Read more
INDUSTRY INSIGHT: AI Cybersecurity: Let’s Take Some Deep Breaths. The concept of artificial intelligence in cybersecurity has taken on nearly mythic proportions over the past couple years. Many articles have been written on the topic, breathlessly heralding the potential benefits and hazards posed by the rise of machine learning. However, all the hype surrounding AI tends to obscure a very important fact. The best defense against a potential AI cyber attack is rooted in maintaining a fundamental security posture that incorporates continuous monitoring, user education, diligent patch management and basic configuration controls to address vulnerabilities. Here’s how each of these four fundamental security practices can aid in the fight for cybersecurity’s future (and present). Read more
IRS: Tax Scam Alert – The IRS Just Issued a New Cybersecurity Warning. While cybersecurity should be a year-round concern for small business owners, income tax filing season can bring some particular risks, according to the IRS. The agency says it has gotten an increase in reports of attempts to obtain employees’ W-2 forms in hopes of stealing people’s personal information and identities. The scams often go after employees in companies’ human resources and payroll departments, but any staffer or manager could be a target. In the scam, a potential thief poses as a company executive, sending an email from an address that might look legitimate, and requests a list of employees and their W-2s. Read more.
TRENDS: 18 Cyber Security Trends We Are Watching in 2018. If any trend is obvious, it’s that 2018 will continue to be interesting for the cybersec industry. How interesting? Here is are the 18 trends that will be making the headlines and should be on your radar for 2018. Read more.
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems December 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-december-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.