Ten to fifteen years ago cybersecurity was considered secondary to other IT and computer science related interests like cloud computing, machine learning, big data, and data analysis. Sure, there were a plethora of anti-malware vendors, news reports on cybersecurity breaches, and a handful of cybersecurity programs and bootcamps; still, the focus was more on the software engineering side, and monetization of apps, with basic and essential security in place only. COVID served as a mediating impact where cyber-attack numbers skyrocketed, novel attack vectors were implemented, and new attack surfaces were exploited.
Despite the known vulnerabilities for SQL injection attacks, cross-scripting attacks on web browsers/online spreadsheets, and the need for zero-trust systems many businesses and medium sized corporations have not implemented known patches and security upgrades. With the lockdowns in effect more employees and students worked or studied remotely creating new pathways to malicious attackers: Phishing, smishing, ransomware, attacks on multifactor authentication (MFS), and social media hacking and impersonation from private accounts to work accounts.
CISA, NIST, HIPPA, and regulatory frameworks are often not followed because they are either not known to exist, or decision makers do not properly understand the requirements. While business owners and executives are not to blame for the common lack of knowledge/training there is a need for the managed security service provider (MSSP) to step in to assess the what, why, how, of a given businesses' IT network and digital ecosystem, analyze potential compliance/governance issues, and reveal underlying privacy and security needs.
My name is Jacob Mack and I help assess such needs with the guidance of our business owner Burton Maben with Creative Cyber Management (LLC).
With the MOVEit zero-day exploit wreaking havoc all over the US in the public and private sector we are only witnessing the beginning of the vulnerabilities and exploits that are yet to come.
Feel free to reach out for a 15-30 minute discovery call; while the call is free the potential losses in terms of capital and reputation with a serious data breach are often one businesses cannot afford.
Cybersecurity education and assessment are essential for anyone who uses digital devices and networks. Cybersecurity education teaches the basic principles and best practices of protecting data, systems and users from cyber threats. Cybersecurity assessment evaluates the current level of security and identifies the gaps and weaknesses that need to be addressed.
- Badges
- Science topic
- Similar topics
- Papers