Lee Sutterfield

With an increase in consumer banking done online post-pandemic, and the current geopolitical situation, it’s important for the Public and Private sectors to share threat intelligence to stop bad actors and Secure the Internet.

5

This is very interesting... seems to be a riff on an analysis technique that we described in an article titled "Beyond Timelines - Anchors in Relative Time" ten years ago in Digital Forensics Magazine. The technique has been applied to extremely high-profile and high-stakes cases since then.

11

2 Comments

This could be the source of your "aha" moment with CMMC. Trust me when I say that there's a lot of FUD and myths in the marketplace, and there's a lot of sleight of hand being performed by people who really are not the experts they pretend to be in the CMMC echo system. Here's a few quick screening questions to ask. 1. Is CUI classified information? 2. Did DoD develop the requirements for protecting my sensitive information? 3. If I don't meet a particular control, I can always get an extension of up to a year to do so, correct? 4. Do I just have to meet 80% of the assessment objectives in each control to be certified? 5. Do I pass the assessment and receive a CMMC Level 2 certification if I meet 75% of the requirements? If you encounter hesitation on any of these questions by any company you're asking to help you comply with CMMC, I would suggest you keep looking. Better yet, go the NCMBC web site and pay the admission. It's $130 per person, and you get food, entertainment and fellowship with other managers and subject matter experts as you plot your journey through the CMMC echo system. Hope to see you there. It's an in person event at McKimmon Center of North Carolina State University. (https://lnkd.in/eitYSGUf, McKimmon Conference and Training Center at NC State University, 1101 Gorman St, Raleigh, NC 27606 (919) 515-2277). Registration link is in Laura's post.

1

Check out this podcast interview with me just after my TribalNet keynote in Vegas recently. I was asked a random question at the end about the first concert I attended that you might find interesting (and it's not just what's listed in the podcast description). #infosec #CISO #CIO #businessleaders #cybersecurity #podcast #keynotespeaker #backtobasics #rockconcerts #ISAC

5

The increasing relevance of data sanitization in classified data environments...

23

1 Comment

Exciting to analyze the latest insights from the Boeing Ransomware incident. We're seeing notable trends emerge that underscore the evolving landscape of cybersecurity threats for manufacturers. Firstly, the myth that manufacturers are immune to cyberattacks is crumbling. Many have believed they aren't prime targets due to limited personal data holdings, but recent events prove otherwise. Ransomware isn't solely about PII—it's about halting operations until demands are met, hitting manufacturers hard. Secondly, the ransom amounts demanded are soaring. The ransomware industry has matured, with negotiations becoming more complex and costly. A $200 million demand might seem steep, but for Boeing—a company with a substantial market cap (157 Billion in 2023) —it's a calculated fraction, albeit a painful one. Thirdly, Boeing's resolute stance against paying the ransom is commendable. Companies are increasingly refusing to yield to extortion, despite facing fallout like data leaks and disruptions to relationships with customers and partners. These trends underscore the urgent need for heightened cybersecurity measures and resilience strategies across industries. Let's stay vigilant and adaptive in the face of evolving threats. #Cybersecurity #RansomwareProtection #Boeing #Drip7 #Cybersecuritytraining

12

1 Comment

How many PCI compliance requirements can you check off? Each checkmark is a step towards a more secure future. Don’t just meet the standards — exceed them. Curious to see how you stack up? Contact our team to find out. https://lnkd.in/gJ2EsiUC #OmegaTecks #Cybersecurity #KansasCity #ITSupportKansasCity #PCICompliance #Checklist

1

How many PCI compliance requirements can you check off? Each checkmark is a step towards a more secure future. Don’t just meet the standards — exceed them. Curious to see how you stack up? Contact our team to find out. https://lnkd.in/gJ2EsiUC #OmegaTecks #Cybersecurity #KansasCity #ITSupportKansasCity #PCICompliance #Checklist

3

Another Unitronics security advisory today. Note that if you have a Unitronics Vision PLC, you cannot rely on the Info Mode passcode to protect you. This is previously the top mitigation advice in other advisories for this product line. CVE-2024-1480 may be used to retrieve the passcode even when it is changed. Your best bet is, unfortunately, limiting access to the device entirely. The vendor did not say much to us about this, other than to confirm that is indeed a new issue that was never previously disclosed. We have seen no evidence that this bug is in use, but some hacktivist groups are targeting this specific model of controller. We're rolling out signatures in Platform KP_Plus-7.0. https://lnkd.in/gyzKiBwj

29

2 Comments

CMMC Level 2 Assessment Objective: Network Communication by Exception PRACTICE: Organizations must deny network communications traffic by default and allow network communications traffic by exception. ASSESSMENT: This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, permit-by-exception network communications traffic policy ensures that only those connections that are essential and approved are allowed. Be prepared! Your assessor could ask to 🔍 EXAMINE system and communications protection policy. 🗣 INTERVIEW system or network administrators. 📝 TEST mechanisms implementing traffic management at managed interfaces. (CMMC Assessment Guide: Level 2 Version 2.11, page 218) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

43

🚨 **Texas Tech Health Cyberattack – Critical Systems Down, Recovery Ongoing** 🚨 Since late September, Texas Tech Health Sciences Center has faced a ransomware attack, crippling key systems like patient records and radiology services. Recovery is still in progress, affecting care across the region. This underscores the urgent need for **well-tested recovery plans** for mission-critical systems and infrastructure to ensure rapid response and minimize impact when cyber threats strike. https://lnkd.in/gUTAqqUv #Cybersecurity #TechRecovery #MissionCritical #PatientSafety #Infrastructure Cayosoft

6

Thoughts on Just-In-Time procedures and NIST SP 800-171 / #CMMC compliance... At Kieri Solutions - Authorized C3PAO , we figured out that people follow procedures best when they 𝘢𝘳𝘦𝘯'𝘵 𝘱𝘳𝘰𝘤𝘦𝘥𝘶𝘳𝘦𝘴. ??? Let me explain. You're onboarding a new user. To be compliant with #CMMC, your onboarding team needs to go through a convoluted process involving getting details about the new user, verifying NDA, background checks, training, requesting permissions, justifying permissions, reviewing permissions, authorizing permissions, creating accounts, creating records of the accounts, creating records of the permissions for the accounts, assigning expiration dates for each account, setting up a laptop, authorizing the laptop...!!! It goes on and on. If your strategy is to tell your HR and IT team that they need to perfectly follow a 70 step process on page 19 of ye old 𝐈𝐓_𝐏𝐫𝐨𝐜𝐞𝐝𝐮𝐫𝐞𝐬_𝐌𝐚𝐧𝐮𝐚𝐥, 𝘺𝘰𝘶 𝘮𝘪𝘨𝘩𝘵 𝘢𝘴 𝘸𝘦𝘭𝘭 𝘱𝘢𝘤𝘬 𝘶𝘱 𝘺𝘰𝘶𝘳 𝘣𝘢𝘨𝘴 𝘳𝘪𝘨𝘩𝘵 𝘯𝘰𝘸. The error rate will be upwards of 80%, unless you nag and threaten 😡 everyone constantly, in which case you might get down to an error rate of 30% (and your team will quit). Instead, if you use a combination of a well-designed Access Request Form and an Account Management database, all your team needs to do is remember to start with the correct form. 📝 The form should have fields and just-in-time instructions for each step of the process between HR and your IT Department. All your team needs to do is fill out each field in the form and they will complete the background screening, training, permissions, justifications, etc. naturally without nagging. Then, a well designed Account Management database helps your team manage the accounts long-term by including checks ◻️ for commonly-forgotten steps (like user agreements), next-review dates, annual training refresher dates, mapping the user to their supervisor, granular "should-be" permissions for both digital systems and facilities, and historic authorization notes. The last step for perfect procedures is a regular review to look for and fix errors. But again, if you want to be successful, don't expect your team to remember your dusty policies and procedures book in the corner. Instead, use a scheduled task, a ticket, or a checklist with just-in-time instructions to make sure that the review gets done. Pro-tip: next-review-dates are an excellent way to spread this task across time, instead of trying to do it all in one lump. Are your compliance policies and processes working for you, or against you? There is a better way. Use thoughtful design in your compliance system to reduce errors and streamline functionality. Screenshot below is from the Kieri Compliance Documentation's Account Management Database, showing some of the magic of our full-featured 800-171 / CMMC Level 2 compliance program. I'll put the link in comments, for anyone that is interested.

54

5 Comments