HHS Announces New Strategy For Healthcare Cybersecurity 

Posted in Commentary with tags on December 9, 2023 by itnerd

The Department of Health and Human Services released a concept paper outlining its healthcare cybersecurity strategy and establishing goals for improving the sector’s cybersecurity posture, including future updates to HIPAA and the establishment of voluntary performance goals.
 
According to the HHS Office for Civil Rights, cyber incidents in health care between 2018-2022 saw a 93% increase in large breaches reported to OCR, with a 278% increase in large breaches involving ransomware.  

The healthcare cybersecurity strategy consists of four pillars and focuses on strengthening resilience for hospitals and patients impacted by cyberattacks:

  • Publish voluntary healthcare and public Health sector cybersecurity Performance Goals.
  • Provide resources to incentivize and implement cybersecurity practices.  
  • Implement an HHS-wide strategy to support greater enforcement and accountability.  
  • Expand and mature the one-stop shop within HHS for healthcare sector cybersecurity.  

“Taken together, HHS believes these goals, supports, and accountability measures can comprehensively and systematically advance the healthcare sector along the spectrum of cyber resiliency to better meet the growing threat of cyber incidents, especially for high-risk targets like hospitals. Acting on these priorities will protect the health and privacy of all Americans and enable safe access to health care,” reads the paper.

George McGregor, VP, Approov Mobile Security had this to say:

   “It’s a good thing that the initiative aims to provide financial and technical resources for healthcare providers in combination with enforcement.

   “However this announcement is light on specifics about exactly what the voluntary Cybersecurity Performance Goals may be. Further communication needs to detail these or tie them to guidelines which exist already.

   “The HSS also continues to push for sharing of PII and clinical data between providers as well as third-party apps and services and these developments present security risks to providers.  

   “This means that two critical areas which should be addressed directly with enhanced security guidelines for healthcare service providers are:

  1. the security of APIs such as FHIR
  2. the enforcement of protections for mobile apps which access PII:  either owned by service-providers themselves or third-party apps”


Troy Batterberry, CEO and Founder, EchoMark follows with this:

   “Once again, these government policy papers fail to fully acknowledge the large and disproportionately growing threat of information breaches done by insiders. Historically, leaks or theft by insiders are some of the most damaging types of information breaches.

   “While conventional insider risk management tools including logging and monitoring activities are important, and must be implemented as soon as possible, we know they do not go nearly far enough to prevent insider leaks and theft. Insider leaks continue to accelerate at well run government and commercial organizations all over the world, even with sophisticated monitoring activities in place. The leaker (insider) simply feels they can hide in the anonymity of the group and never be caught. Sadly, today, many of them are right.

   “An entirely new approach is required to help change human behavior and prevent insider leaks. The best way to do that is to catch leakers which will help deter other leakers in the future. Information watermarking is one such game-changing technology that can help keep private information private.”

Stephen Gates, Principal Security SME, Horizon3.ai follows with this:

   “After reviewing the Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services paper, one strategy they have completely missed is in the form of continuous security self-assessments. Although the paper does reference the Health Industry Cybersecurity Practices, which mentions the term assess or assessment 17 times, no mention of assessments can be found in the prior publication just noted. This should be a wakeup call to those responsible for cybersecurity in the healthcare industry to petition HHS to duly note the value of cybersecurity self-assessments, making them an industry-wide best practice.

   “Today, organizations in every industry are beginning to take a preemptive approach to cybersecurity improvement. This preemptive approach is not in the context of deploying more defensive-based security technologies. In place of more defenses, this approach encourages organizations to begin assessing themselves using the same tactics, techniques, and procedures (TTPs) that attackers are using so they can preemptively identify their truly exploitable weaknesses and fix them before falling prey to attackers.

   “There is a considerable movement throughout all industries and geographies whereby a call for action in the form of continuous self-assessments using manual and automated adversarial exercises (aka red team exercises) is beginning to surface. These exercises are not in the form of the once-per-year penetration tests or periodic vulnerability scans. Instead, organizations are beginning to adopt and deploy autonomous assessment solutions that can be run continuously so that organizations can rapidly act upon the weaknesses these solutions are discovering in their environments.

   “If readers would like to learn more about what this preemptive approach is all about, this whitepaper can help.”

Having a strategy is a good thing as long as it makes measurable progress towards having an IT infrastructure that is resilient to cyberattacks. Let’s see how will this works.

Leave a comment »

Cradlepoint Serves Up Predictions For 2024

Posted in Commentary with tags on December 8, 2023 by itnerd

Here’s a few predictions from Cradlepoint for 2024 on AI, IoT, Zero Trust, 5G wireless strategy and private 5G networks.

1.  AI will become one with the network, impacting all business operations

If 2023 was the year of flashy AI investments, 2024 will be the year of AI impact—which may not be as visible to the naked eye. AI will move from a “tool you go to” (such as ChatGPT) to being integrated into the applications we are using everyday and empowering network connectivity. As such, we’ll begin to see the benefits of AI being integrated into all applications related to the network, bolstering network predictability, troubleshooting, security and more. Businesses will need to ensure AI transparency and security practices are adequate in order to make the most of AI. 

2. IoT will finally bring the “smart” society to life — from cities, to malls, to businesses

From powering smart infrastructure to traffic management to smart parking, IoT devices throughout cities are actively creating seamless experiences and empowering the cities of the future In 2024, we’ll see an increase in industries that leverage IoT devices to bolster connectivity opportunities to increase efficiency, bolster productivity, and meet the need for consumer and customer experiences. As such, we’ll begin to see the inklings of a “smart society” as IoT-enabled establishments from shopping malls to public transportation to modern businesses take flight.

3. A 5G wireless strategy will become a key boardroom decision as connectivity moves from foundational to essential 

Fixed wireless access, private networks, satellite, WAN—today’s enterprise connectivity options are as expansive as ever. In 2024, enterprises across verticals will have more opportunity to choose which solutions may work best on their end, but will ultimately need to pick the option that will cater to their specific business needs and operations. As such, the wireless conversation will move into the C-Suite and become a strategic decision for the modern business. As part of this decision, organizations will need to weigh their decisions and engage in debates such as satellite versus 5G, to determine what will work best for them. 

4. The move to nearshoring will be a catalyst to private 5G and the edge

In the next year, we’ll see an increased need to drive cost savings while manufacturing in home countries and neighbouring regions. In order to do this, we’ll see more enterprises and the manufacturing space invest in edge computing technologies to increase efficiencies and drive down the costs of product inspections, management and overall plant operations. The manufacturing space will specifically look to technologies like private 5G networks and IoT in 2024 to create networks and tools to give us more control over products. 

5. Zero Trust evolves with a growing risk landscape in 2024

Over the last few years, companies have taken steps to get ahead of ransomware threats by enhancing their internal security measures while training their employees on security best practices. While these implementations have seen success, the unpredictable, disruptive, and costly nature of cyber-attacks has left companies tired of playing cat and mouse with ransomware actors. Looking ahead, businesses will look to proven, yet not widely adopted technologies such as zero-trust web browser solutions, like remote browser isolation, to air-gap their employees’ web and email sessions. By running web browser sessions in an isolated cloud container, information will be rendered in a safe stream to an employee’s device. 

Authors:

Eric Purcell, Senior Vice President of Global Partner Sales, Cradlepoint  (1 and 2)

Donna Johnson, Chief Marketing Officer, Cradlepoint  (3 and 4)
Vancouver-based Camille Campbell, Senior Product Marketing Manager, Cloud Management & Orchestration Platform, Cradlepoint (5)

Leave a comment »

2023 Uber Eats Cravings Report Reveals Fun & Unusual Canadian Delivery Trends – With A Holiday Twist!

Posted in Commentary with tags on December 8, 2023 by itnerd

It’s the most wonderful time of the year—Uber Eats’ fifth annual Cravings Report is here!

To get Canadians into the holiday spirit, they’ve baked some festive surprises into this year’s report. They’ve highlighted the cities that order the most eggnog and the top last-minute Christmas Eve orders. In keeping with tradition, they’ve also shared a snapshot of the most popular, most unique—and in some cases—most unusual delivery requests received over the last year. 

Check out all the sweet and savoury Eats trends from 2023:

  • 🎅Santa’s midnight Eats: Traveling the world in one night is hard work, and Canadians take the task of keeping Santa fueled seriously. The most popular last-minute food orders were milk, cookies and brownies on Christmas Eve. 
  • ☃️All about that ‘nog: This holiday drink tends to be a divisive treat, but Vancouverites can’t get enough. It’s the top ranking city for eggnog orders, followed by Calgary and Edmonton.
  • 🙏Feelin’ tips-y: While all Canadians enjoy a reputation of being polite, some cities take it a step further. Prince George scored the top spot with the most generous tippers this year, followed by Ottawa and Halifax.
  • 🍸Keeping the libations flowing: When Canadians run out of their favourite liquid spirits at their events, they turn to Uber Eats to keep their bar cart stocked. This year, vodka, beer and whisky topped the list of most popular alcohol orders.
  • 🍽️Go big at home: Nothing wrong with balling out and treating yourself (and those around you) to a boujee meal every once and a while. In November 2023, a Toronto resident took the top spot for the most expensive order totaling $1,729 from Gusto 101. They ordered 20 pizzas, 30 pastas and 71 appetizers. 
  • 😳Giving the ick: Don’t blame the people, blame the taste buds. Some cities have been proven to be pickier than others when it comes to placing orders. The city who was the most particular about their orders was Moncton, NB.
  • 🌎A world of flavours: In a country full of different cultures, Canadians have access to an array of cuisines right at their fingertips. This year’s most ordered were American, Japanese, Indian, Chinese and Italian.

Here’s some more details:

*Data results are weighted to control for population differences. 

Santa’s midnight snack: The most popular orders on Christmas eve

The man of the hour needs fuel to make it through his biggest night of the year.

  1. Chocolate milk
  2. White chocolate chip cookies
  3. Chocolate fudge brownies
  4. 2% milk 
  5. Chocolate bars

All about that ‘nog: The cities that order the most eggnog

The most eggs-cellent time of year for eggnog lovers across the country. 

  1. Vancouver
  2. Calgary 
  3. Edmonton
  4. Lethbridge 
  5. Victoria

Keeping the libations flowing: The most popular alcoholic beverage orders

Keeping the bar cart stocked without leaving the house.

  1. Vodka
  2. Beer 
  3. Whisky 
  4. Pinot Grigio 
  5. Margarita cooler

Feelin’ tips-y: The cities that tip the most

Top tippers from coast-to-coast 

  1. Prince George
  2. Ottawa
  3. Halifax
  4. Hamilton
  5. Toronto
  6. Edmonton
  7. Kamloops
  8. Windsor
  9. Calgary
  10. London, Ont

Eating their greens: The cities where adults order the most cannabis edibles

Gummies, anyone?

  1. Toronto
  2. Vancouver
  3. Victoria
  4. Kitchener-Waterloo
  5. Kingston
  6. Ottawa
  7. Peterborough
  8. Hamilton
  9. Niagara Region
  10. London, Ont

Snack game on point: The most popular convenience store items

A snack a day keeps the hunger pains away

  1. Hot dogs
  2. Taquito 
  3. Slurpee 
  4. Chocolate milk 
  5. Chips
  6. Ice cream 
  7. Popcorn 
  8. Pepperoni pizza
  9. Candy 
  10. Brownies

The key ingredient: The most popular grocery item orders

Behind every good chef is a full pantry

  1. Bananas
  2. Cucumbers
  3. Strawberries
  4. Tomatoes 
  5. Eggs
  6. Cilantro
  7. Raspberries
  8. Avocados
  9. Green onion 
  10. Bottled spring water

A world of flavours: The most popular cuisines in Canada

Take a trip around the world with your tastebuds.     

  1. American        
  2. Japanese        
  3. Indian
  4. Chinese  
  5. Italian

Celery-brate wellness: The cities that order the most healthy food

These cities are glowing from the inside out

(based on restaurants labelled “healthy” in the app)

  1. Montreal
  2. Ottawa
  3. Kingston
  4. Toronto
  5. Vancouver

It’s what is on the side that counts: The top requested sides

No meal is complete without a complimentary side dish

  1. French fries
  2. Garlic Naan
  3. Poutine
  4. Miso soup
  5. Hash browns

Giving the ick: The pickiest cities 

Are they picky or do they just know what they want?

  1. Moncton
  2. Kelowna
  3. Red Deer
  4. Greater Sudbury
  5. Halifax
  6. Regina
  7. St. John’s, NL
  8. Nanaimo
  9. Winnipeg
  10. Victoria

Leave a comment »

90%+ Of Energy Companies Have Experienced 3rd And 4th-Party Breaches 

Posted in Commentary with tags on December 8, 2023 by itnerd

According to SecurityScorecard’s new Energy Sector Third-Party Cyber Risk Report, almost 90% of the world’s 48 biggest energy companies have suffered a supply chain data breach in the past 12 months, and of the 2000-plus third-party vendors surveyed, only 4% experienced breaches themselves.
 
The report highlights the risks of so-called “fourth-party” breaches where breaches occur at suppliers of suppliers. 100% of US and UK companies experienced a fourth-party breach in the past year, and 92% globally.

Notably, the UK energy firms were given the highest average security rating, with 80% holding a B or above. Overall, a third of global firms had a C rating or below.

“Preventing the surge of supply chain attacks requires systematically applying real time data triggering automated workflow to manage risk in the digital ecosystem,” argued chairman of the SecurityScorecard Cybersecurity Advisory Board, Jim Routh.

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “In the context of avoiding, reducing, transferring, and/or accepting risk, it’s clear that the global energy sector must do more to manage their expansive cyber risk landscape. Seeing that a third-party or even fourth-party breach could impact the entire sector, the transfer of risk to upstream or downstream partners will no longer be acceptable.

   “We predict that the global energy sector (and other sectors too) will no longer accept some other party’s risk, and as a result, the sector will launch some sort of Global Supply Chain Cyber Risk Management Program. This program will likely include mandatory and continuous self-assessments to ensure one entity is not transferring their cyber risk to other adjacent entities.

   “These self-assessments will not be the once-per-year penetration test or some sort of periodic vulnerability scan. Instead, these self-assessment requirements will demand that entities use both manual and autonomous assessment techniques and technologies that mimic attacker TTPs. In other words, organizations will be forced to attack themselves regularly just like any other attacker would to prove they can fend off an attack and not transfer their risk elsewhere.

   “These red team, adversarial-like assessment exercises will be used by organizations to discover their truly exploitable weakness and help them rapidly remediate them so they can prove their own risks are not being transferred to their various partners. Organizations will need to provide assessment reports on-demand to their adjacent partners, track improvement over time, and attest to the fact that they are not vulnerable to the latest known exploitable vulnerabilities the energy sector may be subject to.

Craig Harber, Security Evangelist, Open Systems follows with this:

   “Third-party suppliers are critical to the operation of most modern businesses. Their systems are interconnected to form a trust relationship to prevent supply chain attacks, data breaches, and reputation damage. Unfortunately, the resulting ecosystem of connected companies has become a favored attack path for attackers to gain access to larger companies that tend to have larger budgets and more resources to invest in cybersecurity. So, it is not surprising that when extended to include fourth-party suppliers with even smaller cyber budgets, that 100% of the companies surveyed reported they had experienced a breach in the past year. The confirmation of the almost universal experience of third- and fourth-party supply breaches highlights the importance of implementing third- and fourth-party risk management to help mitigate undue risks and costs associated with this very real cyber risk.”

The fact that so many companies in this sector are victim to 3rd and 4th party breaches is a #Fail of epic proportions. Companies in this sector need and must do better to make sure that they don’t get pwned because they don’t hold their suppliers to account.

Leave a comment »

KOHO Raises an Additional C$86 Million in Funding and Surpasses One Million Users

Posted in Commentary with tags on December 7, 2023 by itnerd

 KOHO Financial Inc., a leading Canadian fintech company, announced today it successfully raised an additional $86 million in a series D extension at an $800 million valuation. New and existing KOHO investors provided the capital, including Drive Capital, Eldridge Industries, HOOPP, Portage, Round13, BDC, and TTV.

Despite a decline in Canadian fintech investment during the first half of 2023, KOHO shines as an exceptional success story in the industry. Notably, it has sustained a consistently positive valuation since the 2021 funding round.

The company’s overarching success is attributed to the continuous growth of its innovative product range which includes Credit Building, Cover, the ability to check your credit score for free, and an industry-leading 5 percent savings rate. Complementing these products is KOHO’s subscription model, known as KOHO Plans.

Looking ahead to 2024, KOHO is dedicated to enhancing Canadians’ financial well-being through innovative features such as increased credit offerings, in-app bill splitting, access to government benefits, and a wide range of other exciting capabilities. In the app, users have the opportunity to remain informed as KOHO’s roadmap is public and open for comments.

Leave a comment »

Governments Spy On Users Using Push Notifications

Posted in Commentary with tags , , on December 7, 2023 by itnerd

From the “I didn’t see this one coming” department comes the revelation that governments have been using push notifications to spy on people for some time. This came to light when Oregon Senator Ron Wyden wrote in a letter to the Department of Justice on December 6 asking the Justice Department to lift restrictions in terms of informing the public of this practise:

Because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information

So why should you care? A government could force Apple or Google to hand over data related to push notifications to show how you interact with your phone and the apps on it, as well as give them access to a notification’s complete text and disclose some unencrypted content. All of which is bad of course.

Apple said in a statement published by Reuters the following:

Now that this method has become public, we are updating our transparency reporting to detail these kinds of requests.

True to their word, Apple has now updated its Legal Process Guidelines document to reflect this new reality. Google for its part said this:

Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

But beyond that, I haven’t seen Google update anything. And the thing is that beyond the US who clearly has been using push notifications to spy on people, it isn’t clear who else is doing it. And it is likely that we won’t get a straight answer on that. Thus it might be wise for Apple and Google to rework how push notifications work so that this sort of spying isn’t a possibility.

Leave a comment »

EnGenius Adds New SD-WAN Cloud Gateway

Posted in Commentary with tags on December 7, 2023 by itnerd

EnGenius, a leading provider of intelligent connectivity solutions for enterprises, proudly announces the expansion of its SD-WAN Gateway portfolio with the launch of the EnGenius ESG620 Gateway, that will be shipping this month. This new device combines innovative technology with exceptional performance to deliver secure, efficient, and effective networking solutions for SME’s (Small & Medium-Sized Enterprise) that simplify network deployment and management.   

The EnGenius ESG620 Gateway is a powerful, rack-mountable, and versatile solution that provides network engineers with effortless setup, high-performance, and enterprise-level security solutions. With features like Auto-VPN with healing, Auto-NAT traversal for multi-peer SD-WAN setup, and EnGenius’ new client VPN feature (SecuPoint), it assures enhanced security and simplified business connectivity. Designed with advanced cloud management, it’s compatible with various environments and consolidates everything under a unified and intuitive interface. The enhanced cloud interface allows users to oversee and control every aspect of their network seamlessly. From power distribution units to access points, switches, and gateways, each device can now be explored for detailed visibility and a myriad of options. 

Key Features   

  • Effortless control with the easiest enterprise-level cloud management platform in the industry.  
  • Dual-WAN, fiber SFP+ and 2.5 GbE with USB 3.0 port for max performance, load balancing, and cellular failover.   
  • WAN failover preference for enhanced flexibility and reliability.
  • Eight 2.5 GbE PoE+ ports and one SFP+ port for multi-gigabit switching and powering up Wi-Fi 7 access points, IP cameras, or IP phones.     
  • Effortlessly maintain network connections with self-healing Auto VPN   
  • Streamlined, seamless, and secure VPN Client support, SecuPoint to ensure hassle-free remote connections.  
  • Sleek rack mountable compact design.    
  • No licensing or subscription fees needed.   

Leveraging the capabilities of EnGenius Cloud, all SD-WAN gateways, ESG510, ESG610 and ESG620 benefit from seamless system maintenance, automatic updates, and the integration of new features. 

The ESG620 is scheduled to be available for purchase this month, December 2023 through authorized EnGenius resellers and distributors. For more information about the ESG620, visit https://www.engeniustech.com/engenius-products/cloud-managed-sd-wan-security-gateway-with-quad-core-2-2ghz-and-8x-2-5g-ports/     

Leave a comment »

WARNING: A Dangerous New Text Message Targets Freedom Mobile Users On Android With Malware

Posted in Commentary with tags , on December 7, 2023 by itnerd

If you’re on Freedom Mobile here in Canada, and you have an Android phone, there is a super dangerous text message that you need to be aware of. Here’s the text message in question:

Now what’s dangerous about this message is if you click the link, you will be prompted to download and Android .APK file and give it all sorts of permissions. If you do that, it will not end well for you because the .APK file in question looks like this on Virus Total:

In short, a lot of the antivirus sites detect this as malware that likely does all sorts of nasty things to your Android phone. And what’s really crafty about this is if you try to access this website from anything other than an Android phone, it will not download the payload as it checks the browser that you’re using. Thus it evades detection for a longer period of time.

Here’s some quick facts: Freedom Mobile, nor any other carrier will ask you to download a software update of any sort to “continue to use your services”. Thus if you get a text like this, you need to delete it ASAP and not click on any links. Nor should you install anything if prompted. And if you’re on an Android phone, this reinforces that you need to be super careful of what you install. Because it doesn’t take much to get pwned by a threat actor.

Speaking of this threat actor, it’s clear that this is someone who on the surface appears to be skilled and is likely to target Bell, Rogers, and TELUS customers next when their luck with Freedom Mobile runs out. So customers of all phone carriers need to be aware of this as it is highly likely that this is coming for you next.

Leave a comment »

Former Twitter Exec Says Elon Musk Fired Him For Raising Security Concerns

Posted in Commentary with tags on December 7, 2023 by itnerd

Proving once again that Elon Musk doesn’t appear to care about anything substantial when it comes to Twitter, other than driving it into the ground that is, comes this Reuters report that presents the latest example of what a clown Elon is:

A former executive at Twitter Inc, now called X Corp, has filed a lawsuit claiming he was fired after Elon Musk acquired the company for objecting to budget cuts that would prevent the company from complying with a U.S. government settlement over its security practices.

Alan Rosa, who was Twitter’s global head of information security, filed the lawsuit late Tuesday in New Jersey federal court alleging breach of contract, wrongful termination and retaliation, among other claims.

X Corp did not immediately respond to a request for comment. 

Rosa claims that late last year, after Musk acquired the company, he was told to cut his department’s budget for physical security by 50% and to shut down software that enabled Twitter to share information with law enforcement agencies around the world. 

Rosa says he objected because the cuts would put Twitter at risk of violating a $150 million settlement it entered into earlier in 2022 with the U.S. Federal Trade Commission (FTC), which claimed Twitter had misused users’ personal information. The agreement required Twitter to implement privacy and information security controls to protect confidential data.

He was fired days after raising those concerns, according to the lawsuit. Rosa is seeking unspecified compensatory and punitive damages, and legal fees.

So in short, Elon would rather fan the flames of antisemitism, racism, Nazi behaviour, and the like rather than comply with a legal agreement that comes from a government entity who has the power to make his life miserable. That’s not a smart strategy on the part of Elon. But then, I’ve never considered him to be that smart. You have to wonder what the FTC is going to do now that this is out there. I for one hope that they use this to lower the boom on Elon. Because he really does deserve to be put in his place and found out for being the charlatan that he is.

Leave a comment »

US Agencies Constrained By Failed Incident Response Requirements 

Posted in Commentary with tags on December 7, 2023 by itnerd

In a new report published by the Government Accountability Office (GAO), 20 US federal agencies have failed to meet the deadline to implement advanced level cyber event logging and incident response capabilities required by law.

According to a 2021 Executive Order, all US federal agencies needed reach event logging tier three by August 2023. Currently, only 3 of the 23 agencies were at tier three, 3 agencies had reached the tier one level and 17 had not gone past the tier zero level.

“Until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained,” reads the GAO report.

After a recent investigation, the GAO found the critical challenges for agencies included:

  • The lack of staff
  • Event logging technical challenges
  • Limitations in cyber threat information sharing

Efforts to address these challenges include:

  • Onsite cyber incident response assistance from CISA
  • Event logging workshops and guidance
  • Enhancements to a cyber threat information-sharing platform
  • Implementation of the National Workforce and Education Strategy  
  • A new threat intelligence platform from CISA


Emily Phelps, Director, Cyware had this comment:
 
   “The GAO report findings are both concerning and indicative of broader challenges in the cybersecurity landscape, especially within the public sector. There is a critical gap in the government’s cybersecurity posture at a time when the threat landscape is increasingly complex and aggressive. These findings also underscore the urgent need for modernized cybersecurity measures and collaboration.

   “The proposed remedies are steps in the right direction, potentially enabling more real-time threat intelligence sharing and collaborative defense. To outpace adversaries, federal entities must have reliable intel sharing and security automation capabilities to defend against potential threats more effectively and efficiently.”

Hopefully someone within government is paying attention to this report as this is a pretty major alarm bell that is ringing.

Leave a comment »

« Older Entries
Newer Entries »