Appalachia Technologies Blog

It's crucial to keep all software and hardware up to date to maintain optimal security. If you don’t, cybercriminals can easily infiltrate your network and the chances for downtime increase significantly. However, many businesses don't realize that expired software/hardware can actually be one of the most prominent security risks hindering their success.

We are all aware of the term “use by date.” It is regularly used when talking about food and medications and refers to the date after which the product is no longer safe to consume. However, did you know that your software and hardware can expire too?

Time flies when you’re having fun, which is an accurate depiction of the last three days at the Zero Trust World conference in Orlando, Florida. There is quite a buzz going through the air about ThreatLocker after they announced their new endeavor, ThreatLocker Ops, which is their first foray into cyber attack detection. The ThreatLocker booth is hard at work answering questions and fielding requests to beta test the product. Not to mention their cool cash machine that new clients get to spend 30 seconds in to grab as much money as possible! It has been fun to watch.

All flights, regardless of the airplane, encounter some form of turbulence. A wise person (my mother) once told me before my first flying experience that just because there is some shaking and bouncing on the flight, to not worry, because it is all part of the glory of flying. This of course came on the heels of overwhelming news coverage of a plane crash in Charlotte, North Carolina that was caused due to wind shear and turbulence. Needless to say, I was anything but calm until I got into the air and witnessed the majesty of the earth from 37,000 feet. Day two of ThreatLocker’s Zero Trust World conference had a very similar theme.

3…2…1... We have lift-off! Zero Trust World 2023 has officially launched and is coming to you from the Omni Champions Gate Resort in Orlando, Florida. Seated in a dark ballroom with a blue ambient light cascading throughout the room like the aurora borealis, I took in the events of the morning with splendor. The National Ballroom is the main stage where the morning’s activities took place. I don’t want to just bring you the information, but I want you to feel like you are here sitting beside me at the round table. No stone was left unturned at the event. As I sat at my table before the speakers even began, I was mesmerized by the exuberance and excitement pulsating through the room. If I were to close my eyes and just absorb the auditory environment, I would have assumed that I was at a trendy nightclub with upbeat music pulsating through the air.

Cyber insurance is a type of insurance that protects businesses from financial losses that can result from a cyberattack. While it’s an essential tool for businesses of all sizes, there are some facts you should be aware of before purchasing a policy.

I’m going to throw some names out at you: Target, Uber, Colonial Pipeline, Equifax, Twitter. I’m sure most, if not all of you know these household names… maybe with the exception of Colonial Pipeline. I myself had never heard of them until I was sitting in my car in line to get gas while vacationing in the Outer Banks of North Carolina. On the radio was playing the news of how Colonial Pipeline had suffered a severe network breach that allowed an attacker to launch ransomware on their systems, shutting down their fuel transmission operations to the Southeastern United States. Which by sheer luck, I happened to be in that neck of the woods and got to experience my first-ever gas shortage. All I knew was I needed gas, or I wasn’t going to be able to leave the beach! Wait… how is that a bad thing? I digress.

As I’m sitting in my office looking at the wintry precipitation fall, it makes me long for a warmer climate. Well, I happen to be in luck, as next week I will be attending the Zero Trust World Conference, presented by ThreatLocker; which takes place in sunny and warm Orlando, Florida. In the midst of packing, making lists of things to take along, and making sure I’m TSA compliant, I have had my ear to the wire about the events being announced for the conference.  Here is a preview of what is to come!

As the world becomes more digitized and cybercrime increases, the need for cyber insurance is something businesses should not overlook. If your company handles, transmits or stores sensitive data, you need to know about cyber insurance.

When looking for cyber insurance for your small business, you may find it hard to navigate technology and insurance jargon. There are even different types of cyber coverage and you might not be sure what you need because you’re not a cybersecurity expert. Plus, once you do have coverage, there’s always the risk of not receiving a payout in the event of an incident if you didn’t meet your policy’s requirements.

As the world increasingly moves online, so do the risks to our businesses. Cyber insurance is one way to help your business recover following a cyberattack. It covers financial losses caused by events such as data breaches, cyber theft, ransomware, and more.

Recently, we explored the Open Web Application Security Project (OWASP) Top 10 (Allergic to Bees? Don’t Get Stung by the OWASP Top 10) by looking at what it is and why it matters.  Then we took a closer look at one area of the Top 10 – Security Misconfiguration. Next in line for a deeper dive is Security Logging and Monitoring Failures.  This particular category is in place to help detect, escalate, and respond to active breaches.

Auto dealers may face penalties for not meeting requirements established by amendments to the FTC’s Safeguard Rule.  In 2021, the FTC amended its Safeguard Rule, originally created in 2003, to help protect the security of customer information.  The Safeguard Rule applies to any non-banking financial institution. 

P R E S S  R E L E A S E

Grantville, PA:  On Wednesday, October 19, Appalachia Technologies will be hosting a free in-person cybersecurity summit at the Hollywood Casino at Penn National Race Course for regional CIOs, CISOs, and IT Security Leaders.

Sixth-Annual List & Research Identifies Leading Managed Security Service Providers Worldwide

September 20, 2022, Mechanicsburg, PA: MSSP Alert, a CyberRisk Alliance resource, has named Appalachia Technologies to the Top 250 MSSPs list for 2022 (http://www.msspalert.com/top250).

Security Misconfiguration

Last week we touched on the basics of the Open Web Application Security Project® (OWASP) and why it should be used as a source of information for keeping your web applications secure.  This week we are going to touch on one particular vulnerability from the OWASP Top 10 Web Application Security Risks - Security Misconfiguration.

In your city or town, you know that stretch of road or highway that feels like it has been under construction for 10 years?  In many ways, the development of CMMC can feel like it too is marked with orange cones and will be underway for years.  From the most significant change of CMMC 1.0 (the OG version) to the November 2021 update to CMMC 2.0, to even the CMMC-AB name change to The Cyber AB, new information seems to keep coming with timelines shifting.  While The Cyber AB holds monthly Town Hall webinars to share updates, the DoD and various vendors are also sharing out information via webinars.  Recently, PreVeil, a DoD supplier, along with members of the Manufacturing Extension Partnership, hosted a webinar with DoD leaders Stacy Bostjanick (DoD CMMC Program Head) and Dave McKeown (DoD CISO) to review recent updates and timelines. 

I sat in the parking lot watching employees walk in the corporate office.  Ready with my five dozen donuts, I waited until the perfect moment to see if I could infiltrate.  It’s like the start of a great superhero movie - except starring Kevin James and not Christian Bale.

I had been hired by the company for a physical social engineering assessment.  Only a few people (stakeholders and managers) within the company knew that this was occurring that day.  The goal was to see if I could gain entry into the building unnoticed and once in, what I could access.

OWASP - is it something we don’t want to get stung by, or is it here to protect us?  In cybersecurity, we’ve all heard the term, but what is it really?

There are many frameworks and security models to refer to when working to secure your organization.  Sometimes it can prove to be overwhelming.  Today I’m going to talk about three action items that will make a significant difference in your overall security posture.  Keeping in mind that there is no silver bullet to securing an organization, these three will certainly gain a great return.