Appalachia Technologies Blog

Appalachia Technologies team is comprised of a diverse mix of IT professionals, some of whom have been on the forefront of IT since the industry’s inception. Through the years, our team has developed a wide array of experience in understanding individual needs and how they relate to your business.

The Future Is Flying High - Zero Trust World Day 2

All flights, regardless of the airplane, encounter some form of turbulence. A wise person (my mother) once told me before my first flying experience that just because there is some shaking and bouncing on the flight, to not worry, because it is all part of the glory of flying. This of course came on the heels of overwhelming news coverage of a plane crash in Charlotte, North Carolina that was caused due to wind shear and turbulence. Needless to say, I was anything but calm until I got into the air and witnessed the majesty of the earth from 37,000 feet. Day two of ThreatLocker’s Zero Trust World conference had a very similar theme.

Continue reading

3 Technology End-of-Service Myths

It'3 Common Myths about Tech End of Lifes crucial to keep all software and hardware up to date to maintain optimal security. If you don’t, cybercriminals can easily infiltrate your network and the chances for downtime increase significantly. However, many businesses don't realize that expired software/hardware can actually be one of the most prominent security risks hindering their success.

Continue reading

Top 5 Security Assessment Findings

Top 5 Security Assessment Findings narrow smallest

Even organizations with solid cybersecurity programs will have findings from a security assessment.  After all, cyber attacks and attackers continue to learn and evolve, always trying to be one step ahead of their prospects.  Through our years of performing security assessments, here are the Top 5 areas that we have found to need remediation work post-assessment.

Continue reading

2021 Year in Review - Significant Cybersecurity Events

2021 Year in ReviewThe year is 2021.  We don’t have flying cars or robot maids, but nearly 5 billion souls worldwide are now connected to the Internet and to each other.  This is a beautiful thing and a remarkable feat of human ingenuity.  However, every rose has its thorn (to borrow from the great post-modern philosopher Bret Michaels) and to us who work in cybersecurity, 2021 was thornier than ever. 

Here is Appalachia’s 2021 Cybersecurity Year in Review!

 

Continue reading

What is Penetration Testing – Finding Vulnerabilities Before the Bad Guys Do (appTECH TALK Ep. 2)

If you are an organization with digital assets to protect, you’ve most likely heard the term Penetration Testing, also known as Pen Testing.  Penetration testing is the process used to find vulnerabilities and leverage them to hack an organization.

Continue reading

Social Engineering: How Kind Humans Can Cause Big Breaches (appTECH TALK Ep. 6)

Humans are the smartest beings on earth.  So why is it that they are the number one cause for breaches that cost millions of dollars?  It’s because they are kind.

Because of the kindness of human beings, they are easily manipulated by bad actors to give up private information or even hold a door.  This is the foundation of Social Engineering.

Continue reading

Top 8 Sources for Cybersecurity News

Not a single day goes by that we don’t either hear the word security or read the word security.  See?  You’ve already read it twice!  The internet is full of so much noise that it sometimes can be hard to filter out information that pertains to you and your organization, as well as what is credible.  Today I thought I’d take a moment to give you some great sources for security news.  These are sources that are very accurate and trustworthy.

Continue reading

The ABC's of Ransomware

Ransomware – The What, Where, and Why

Everyone has heard stories by now of an organization getting hit by ransomware.  From individuals to small and enterprise-level organizations, it can pop up anywhere and cause havoc.  What is it?  Where does it come from? Why isn’t it going away?  Today we’re going to break it down.

Continue reading

The OWASP Top 10: Security Logging and Monitoring Failures

Recently, we explored the Open Web Application Security Project (OWASP) Top 10 (Allergic to Bees? Don’t Get Stung by the OWASP Top 10) by looking at what it is and why it matters.  Then we took a closer look at one area of the Top 10 – Security Misconfiguration. Next in line for a deeper dive is Security Logging and Monitoring Failures.  This particular category is in place to help detect, escalate, and respond to active breaches.

Continue reading

Did You Know Hardware and Software Expire Too?

We are all aware of the term “use by date.” It is regularly used when talking about food and medications and refers to the date after which the product is no longer safe to consume. However, did you know that your software and hardware can expire too?

Continue reading

Zero Trust World is Clear to Land - Day 3

Time flies when you’re having fun, which is an accurate depiction of the last three days at the Zero Trust World conference in Orlando, Florida. There is quite a buzz going through the air about ThreatLocker after they announced their new endeavor, ThreatLocker Ops, which is their first foray into cyber attack detection. The ThreatLocker booth is hard at work answering questions and fielding requests to beta test the product. Not to mention their cool cash machine that new clients get to spend 30 seconds in to grab as much money as possible! It has been fun to watch.

Continue reading

Zero Trust World - Day 1

Omni3…2…1... We have lift-off! Zero Trust World 2023 has officially launched and is coming to you from the Omni Champions Gate Resort in Orlando, Florida. Seated in a dark ballroom with a blue ambient light cascading throughout the room like the aurora borealis, I took in the events of the morning with splendor. The National Ballroom is the main stage where the morning’s activities took place. I don’t want to just bring you the information, but I want you to feel like you are here sitting beside me at the round table. No stone was left unturned at the event. As I sat at my table before the speakers even began, I was mesmerized by the exuberance and excitement pulsating through the room. If I were to close my eyes and just absorb the auditory environment, I would have assumed that I was at a trendy nightclub with upbeat music pulsating through the air.

Continue reading

Explaining “Zero Trust,” Why You Need It, and the Best Way to Bring It to Your Organization

I’m going to throw some names out at you: Target, Uber, Colonial Pipeline, Equifax, Twitter. I’m sure most, if not all of you know these household names… maybe with the exception of Colonial Pipeline. I myself had never heard of them until I was sitting in my car in line to get gas while vacationing in the Outer Banks of North Carolina. On the radio was playing the news of how Colonial Pipeline had suffered a severe network breach that allowed an attacker to launch ransomware on their systems, shutting down their fuel transmission operations to the Southeastern United States. Which by sheer luck, I happened to be in that neck of the woods and got to experience my first-ever gas shortage. All I knew was I needed gas, or I wasn’t going to be able to leave the beach! Wait… how is that a bad thing? I digress.

Continue reading

Don’t Fall for These Cyber Insurance Myths

Social Ads Cyber Liability InsuranceAd 13 AEL cropAs the world increasingly moves online, so do the risks to our businesses. Cyber insurance is one way to help your business recover following a cyberattack. It covers financial losses caused by events such as data breaches, cyber theft, ransomware, and more.

Continue reading

The OWASP Top 10: Security Misconfiguration

Security Misconfiguration

Last week we touched on the basics of the Open Web Application Security Project® (OWASP) and why it should be used as a source of information for keeping your web applications secure.  This week we are going to touch on one particular vulnerability from the OWASP Top 10 Web Application Security Risks - Security Misconfiguration.

Continue reading

Social Engineering: A Story About How Breakfast Treats and Human Nature Led to Full Network Access

I sat in the parking lot watching employees walk in the corporate office.  Ready with my five dozen donuts, I waited until the perfect moment to see if I could infiltrate.  It’s like the start of a great superhero movie - except starring Kevin James and not Christian Bale.

I had been hired by the company for a physical social engineering assessment.  Only a few people (stakeholders and managers) within the company knew that this was occurring that day.  The goal was to see if I could gain entry into the building unnoticed and once in, what I could access.

Continue reading

Allergic to Bees? Don’t Get Stung by the OWASP Top 10

OWASP - is it something we don’t want to get stung by, or is it here to protect us?  In cybersecurity, we’ve all heard the term, but what is it really?

Continue reading

3 Actions for a Better Security Posture

There are many frameworks and security models to refer to when working to secure your organization.  Sometimes it can prove to be overwhelming.  Today I’m going to talk about three action items that will make a significant difference in your overall security posture.  Keeping in mind that there is no silver bullet to securing an organization, these three will certainly gain a great return.

Continue reading

PCI - The Credit Card Industry's Answer to Consumer Data Protection

People carry less cash in their wallets than they used to.  Even when going to the ice cream stand in the middle of summer, a debit or credit card is swiped instead of cash being tendered.  The reason for this is simple - it’s easier to swipe a card than it is to carry a load of cash in your wallet.  This has become an extremely convenient option over the years when making purchases.  However, as is often the case, convenience comes with risk.

Continue reading

Everything That Is Wrong With CMMC 2.0

This month’s release of the much-anticipated CMMC 2.0 left many of us in the world of cybersecurity shaking our heads.  We have been working diligently with the defense industrial base for several years now, even before the CMMC was created, to stop the bleeding of our defense secrets to our adversaries.  As a veteran and a Patriot, I, along with many other Americans, take this very serious problem personally. 

Continue reading

News & Updates

PRESS RELEASE Mechanicsburg, PA, July 11, 2024 - Appalachia Technologies is excited to announce that Terri Black-Bendl, Vice President, Sales & Marketing, has been nominated for the Women in Technology Awards, presented by Technology Council of Central PA.  Terri’s nomination category, Impact Award – Private Sector/Entrepreneur to Small Business, spotlights women who have made contributions in technology in the Entrepreneurial/Small Business (under 50 employees) category.

Contact Us

Learn more about what Appalachia Technologies can do for your business.

Appalachia Technologies
5000 Ritter Road Suite 104
Mechanicsburg, Pennsylvania 17055