was successfully added to your cart.

Cart

Monthly Archives

May 2020

No one said Ransomware Should Be Fair

By | Ransomware

Data Breach today published a relevant post on Cicer One’s cybersecurity news feed today outlining how “Criminals continue to tap ransomware, backed by more advanced network penetration techniques, hitting larger targets and leaking data in an attempt to maximize their illicit paydays.”  

In talking to many CEOs they feel helpless as they juggle keeping their company safe and secure during massive shift to work from home (WFH), with the need to enable their employees, clients and vendors to easily access and share digital information.  

The attackers are becoming bolder and are increasingly preying on a general lack of employee training when it comes to cyber threat and methods of attack.  It is more difficult to protect your company’s most valuable resource, your data and sensitive information, when your employees are working remotely using their home networks and devices.

The reality is that it’s not a fair fight.  Cyber criminals don’t play by the rules.  They will exploit anything and everything to get your company’s data and information, only to hold it for ransom.  The consequences of which are an average restoration cost of $111,000 per incident and a significant likelihood that your business will cease to exist.  Studies demonstrate that this is the fate for 60% of businesses that suffer a breach.

We created SCUTE systems to level the playing field and make it easy for business leaders to monitor, control and protect their data as it is being exchanged amongst employees, vendors and clients.  SCUTE systems are the perfect complement to the cloud, offering protection that’s strong enough to meet the rigorous criteria of the DoD’s CMMC framework while being simple enough for non-technical people to implement.

Book an online demo to determine if SCUTE could be a good fit for your company’s cybersecurity needs.

 

The Darkening Cloud

By | Cloud, Work From Home

Like most business leaders, you’re probably concerned about trusting that your most sensitive data and information is secure in the cloud.

Your concern is valid!

Over the past decade many industries have switched from primarily on- premise computing to cloud computing.  There is no doubt that cloud computing has helped companies reduce their IT costs, improve data access and increase agile scalability.  This is all amazing for data and information that is public in nature.

However, the cloud darkens when you consider this same level of access relative to your most sensitive and valuable data and information.

Consider the points below:

1. Privacy – You need to understand the policies of your cloud provider as well as your own legal obligations when it comes to protecting privacy.  Given that employees within your cloud service provider can access your information without your knowledge, lack of privacy is a top concern!   

2.  The cloud never forgets – it is impossible to completely erase data when shared through many cloud service providers due to their exchange and storage policies.

3. Regulatory compliance – it may be impossible to achieve regulatory compliance under the framework that governs your industry if all of your data resides in the cloud.

4. Data Jurisdiction – many cloud providers do not guarantee that your data stays in your country.  As such, your most sensitive data will be subject to compromise and access under the laws of foreign governments, many of which are not friendly.

5. Audit requirements – in the event of an audit by your clients or vendors, you are compelled to provide a complete log of all transactions on the related data.  This is next to impossible in the cloud. To complement the cloud, Cicer One has created ‘Sealed System’ technology that provides the benefits and ease of cloud-like data exchange while ensuring the data is exclusively your property and in your control.  It is simple enough that non-technical business leaders can control and monitor data access and exchange while improving full disaster recovery and business continuity practices.

CMMC Compliance IS Essential to All Companies

By | CMMC

By 2021, the Department of Defense will begin implementing a mandatory third party audit for all suppliers.  In summary from the OUSD(A&S) website:

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.

OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).

  • The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
  • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is for certified independent 3rd party organizations to conduct audits and inform risk.

Cicer One is dedicated to data privacy and data ownership and its turnkey solution, SCUTE, meets Levels 1-3 of CMMC out of the box with the following benefits to SME companies:

  • Network-in-a-box – enables SME companies to easily and securely manage their digital assets with no external IT support required.  Setting up a similar system with off-the-shelf hardware and software components has 5-10X upfront installation and monthly maintenance costs.
  • Replaces Google Drive, Dropbox, Microsoft Sharepoint and similar services.
  • Replaces Text and Chat apps – these apps are subject to third party monitoring and monetizing of the user data.
  • Digital assets that are stored on the cloud or persisting in third party servers (email etc) are subject to compromise by hacking, third party employee theft, and storage in foreign jurisdictions.  Cicer One’s on-premise solution ensure easy compliance with privacy and security standards including HIPAA, GDPR, CCPA, and CMMC.

Cloud computing enables scaling of data storage and exchange but simply isn’t the right answer for the government supply chain as cloud providers do not guarantee the data will remain in the USA and that it is only accessible by personnel with the proper clearance.  CMMC is the first cyber security standard that will require an independent audit to ensure compliance and affects 350,000+ companies.  Industries such as medical, legal, and financial services standards are closely monitoring the CMMC implementation and are planning parallel cyber health monitoring in their respective ecosystems.

Cicer One offers businesses in every industry to reduce the risks of managing their customer and client data exchanges and get ahead of the coming standards based audits.