Your request has been received.

Foresite Blog

Wannacry Ransomware

Posted on May 16, 2017

Reported by multiple news and information security outlets, Wannacry ransomware hit organizations in over 100 countries and is believed to be the largest successful attack to have occurred to date. WannaCry ransomware is successfully infecting organizations around the world. Malicious persons have taken this information and infected devices  through common phishing attacks. The inclusion of infected attachments in the email is the delivery mechanism of the payload. With the infection, the victim device is known to attempt to scan for open TCP port 445, which appears to be an attempt to identify additional victims. (Additional attack vector may also be…

Read More

Question from Prospect – How does FISMA relate to NIST?

Posted on May 11, 2017

How does FISMA relate to NIST? This question has relevance to many organizations, so we wanted to share the response.  We’ll start with explaining the terms within this question. FISMA is the Federal Information Security Management Act of 2002.  FISMA requires each federal agency to develop, document and implement an agency-wide cyber security program NIST is the National Institute of Standards and Technology.  NIST’s role is to develop information security standards or FIPS (Federal Information Processing Standards) and guidelines call Special Publications (SPs) that categorize types of information and provide guidelines to protect them. NIST is also responsible to review…

Read More

Don’t Let These Cyber Myths Cost You Millions

Posted on May 3, 2017

DarkReading just published an article “10 Cybercrime Myths that Could Cost You Millions“.  This information is so on point, that we wanted to share it, and also add some advice of our own for each myth. Myth #1 – Only large enterprise needs to worry.  Tell that to the SMBs that were targets of over 30% of all attacks in 2016.  Attackers know that SMBs often store valuable data without the costly technical controls and regular staff training to protect it effectively.  Evaluate your risk so you can determine what makes business sense to address it. Myth #2 – Threats…

Read More

Are your vendors your biggest risk?

Posted on April 25, 2017

A cybersecurity startup exposed a hospital’s data without permission.  The company used the hospital’s network to demo their software, and by doing so, it exposed sensitive information.  What’s more, they never had permission to use the hospital in any way for demonstration purposes. Sadly, your vendors may be your biggest risk – even if they are under contract to protect you.  Our cyber security assessments and compliance audits often find unsecured connections used by IT consultants, web developers, accountants, and other third-parties when we review our client’s networks. While the most well-known example of data exposure by a vendor is…

Read More

What You Need to Know about CJIS Compliance

Posted on April 20, 2017

Criminal Justice Information Services, or CJIS compliance, is perhaps one of the most important compliance standard of all. The policies and departments of CJIS were established in 1992 and comprise the largest division of the FBI. This compliance is what keeps professionals in criminal justice and law enforcement (at local, state, and federal levels) in agreement about standards for data security and encryption. CJIS databases contain what you might expect: all necessary information for detaining criminals, performing background checks, and tracking criminal activity. It is safe to say that if CJIS compliance weren’t in place, it could mean the difference…

Read More

Addressing Monitoring Requirements to Meet Regulatory Compliance

Posted on April 12, 2017

When we consult with clients who fall under a regulatory compliance, one of the most common points of failure is around the requirement to monitor their network.  While the specific monitoring requirements vary per compliance, there is a misconception that simply adding a tool or third-party service to monitor is all that is needed to meet all of the requirements.  Here are some key points you need to consider to confirm that your monitoring solution is in fact both meeting the requirement and helping to protect your data. Scope – Do you have the proper scope of the devices that…

Read More

3 Tips for Building a Long-Term IT Security Strategy

Posted on April 6, 2017

Businesses of all sizes must have robust and proactive IT security strategies as hackers continue to innovate new cyber threats. Their botnets (think Dyn incident late 2016) and ransomware (think Popcorn Time) are reaching new lows of insidious behavior, taking advantage of the increasingly integrated and social nature of our technology. As with many things in business, however, it’s easier said than done to come up with a strategy that can cover all your company’s bases 24/7. You should account for all aspects of your organization including, but not limited to, people’s training, third-party partnerships, and of course, the hardware…

Read More

Is Your Business Meeting 23 NYCRR 500 Compliance Guidelines?

Posted on March 22, 2017

As of late December 2016, New York’s Governor proposed cybersecurity regulation for the State Department of Financial Services (DFS) was published. Called 23 NYCRR 500, also known as “Cybersecurity Requirements for Financial Services Companies,” this document set out guidelines for “minimum standards” for DFS cybersecurity programs. The 23 NYCRR 500 is considered the first comprehensive regulation in the nation to set out these 16 minimum standards for over 4,000 institutions operating under DFS jurisdiction. The standards were revised to reflect 150 comments received over the proposed guidelines that will be going into effect as of March 1st, 2017. That means…

Read More

Data Breach Costs Continue To Rise – What Steps Can Be Taken To Reduce Them?

Posted on March 14, 2017

According to the annual Ponemon “Cost of Data Breach Study” for 2016, the costs related to a data breach continue to rise, up 29% since 2013.  The average cost per record is now $158.  The cost per record also varies based on your business sector, and exceeds the average $158 per record in heavily regulated industries that will incur fines, such as healthcare ($355/record), education ($246/record), and finance ($221/record). Multiply that by the number of client/patient/employee files that you maintain (make sure to include inactive records that you have archived) and you will see that your potential breach costs for…

Read More

Is Your Small Team Lacking Formal IT Security Training?

Posted on March 7, 2017

Hackers run their schemes in a highly organized and professional manner these days. Why do you think Hector Monsegur, Anonymous’ most notorious hacker, was able to make the switch from hacktivist to security researcher so easily? Most of the trouble that stems from hackers these days concerns a disparity between a company’s IT security knowledge and a hacking group’s ingenuity in exploiting computer system tools used in daily operations. And if you happen to have a smaller team that lacks formal IT security training, this disparity can be very costly. Sophisticated viruses like ransomware are becoming exceedingly common in some…

Read More

Interested in what Foresite can do for you?

At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.

Contact Foresite