I sat in the parking lot watching employees walk in the corporate office.  Ready with my five dozen donuts, I waited until the perfect moment to see if I could infiltrate.  It’s like the start of a great superhero movie - except starring Kevin James and not Christian Bale.

I had been hired by the company for a physical social engineering assessment.  Only a few people (stakeholders and managers) within the company knew that this was occurring that day.  The goal was to see if I could gain entry into the building unnoticed and once in, what I could access.

OWASP - is it something we don’t want to get stung by, or is it here to protect us?  In cybersecurity, we’ve all heard the term, but what is it really?

There are many frameworks and security models to refer to when working to secure your organization.  Sometimes it can prove to be overwhelming.  Today I’m going to talk about three action items that will make a significant difference in your overall security posture.  Keeping in mind that there is no silver bullet to securing an organization, these three will certainly gain a great return.

People carry less cash in their wallets than they used to.  Even when going to the ice cream stand in the middle of summer, a debit or credit card is swiped instead of cash being tendered.  The reason for this is simple - it’s easier to swipe a card than it is to carry a load of cash in your wallet.  This has become an extremely convenient option over the years when making purchases.  However, as is often the case, convenience comes with risk.

Ransomware – The What, Where, and Why

Everyone has heard stories by now of an organization getting hit by ransomware.  From individuals to small and enterprise-level organizations, it can pop up anywhere and cause havoc.  What is it?  Where does it come from? Why isn’t it going away?  Today we’re going to break it down.

Not a single day goes by that we don’t either hear the word security or read the word security.  See?  You’ve already read it twice!  The internet is full of so much noise that it sometimes can be hard to filter out information that pertains to you and your organization, as well as what is credible.  Today I thought I’d take a moment to give you some great sources for security news.  These are sources that are very accurate and trustworthy.

Humans are the smartest beings on earth.  So why is it that they are the number one cause for breaches that cost millions of dollars?  It’s because they are kind.

Because of the kindness of human beings, they are easily manipulated by bad actors to give up private information or even hold a door.  This is the foundation of Social Engineering.

Let’s face it.  Security is expensive.  Many organizations think of security as an unwanted expense when budgeting for the next fiscal year.  However, no matter what industry an organization is in, security IS its business too.

Let’s face it.  If you haven’t had a security incident within your organization, you will.  Are you prepared?  An IRP is a plan or playbook that needs to be established and practiced on a normal basis.  When a breach happens, this is your playbook of who, how, and what steps to take to protect your organization and minimize impact. Let’s break down the steps of an Incident Response Plan (IRP). 

Your company has been proactive in having a penetration test performed and you have the report in hand - so now what do we do with it?

If you are an organization with digital assets to protect, you’ve most likely heard the term Penetration Testing, also known as Pen Testing.  Penetration testing is the process used to find vulnerabilities and leverage them to hack an organization.

Secure your Organization with the NIST Blueprint

Breaches are at all time high.  Over 50 billion devices are connected to the internet.  Some of them are secure, and some of them are not.  Which category does your organization fall into?

The year is 2021.  We don’t have flying cars or robot maids, but nearly 5 billion souls worldwide are now connected to the Internet and to each other.  This is a beautiful thing and a remarkable feat of human ingenuity.  However, every rose has its thorn (to borrow from the great post-modern philosopher Bret Michaels) and to us who work in cybersecurity, 2021 was thornier than ever. 

Here is Appalachia’s 2021 Cybersecurity Year in Review!

What is MDM?

Mobile Device Management is software that allows companies to administrate mobile devices like smartphones or tablets. Many people are familiar with desktop PCs connected to a local domain. MDM is based on a similar idea, but MDM allows settings, apps, and content to be managed across different operating systems (like iOS or Android) and devices do not need to be connected to a local domain controller. Essentially, it allows companies to manage phones and tablets no matter where those devices are located.

Even organizations with solid cybersecurity programs will have findings from a security assessment.  After all, cyber attacks and attackers continue to learn and evolve, always trying to be one step ahead of their prospects.  Through our years of performing security assessments, here are the Top 5 areas that we have found to need remediation work post-assessment.

Appalachia is proud to be a member of The ASCII Group, a community for managed services providers, IT service providers, and managed security service providers.  Recently Jason McNew, Senior Engineer, Cybersecurity Risk & Compliance, was invited to contribute his experience and knowledge of ransomware, along with a few select members to help the ASCII community.

Adapting...with a smile!

It’s early March 2020, and seemingly out of the blue, our personal and professional lives began to feel the subtle, and not-so-subtle effects, of COVID. Our personal lives aside and from a professional lens...things certainly looked and felt different. Nineteen months later, we’ve adapted, but we continue to feel the impact. Is this the new lens through which we’ll view our professional worlds? Time will tell, but the business lessons we’ve learned are more important than ever.

I’d like to take a minute and share the effects COVID has had on Appalachia Technologies...and how we continue to persevere and get better despite it!

In a previous blog post, we discussed how to calculate your SPRS (Supplier Performance Risk System) score in support of your CMMC (Cybersecurity Maturity Model Certification) efforts.  In that same blog, we also provided a free tool to help you calculate your SPRS score automatically.

In this follow-on blog, we’ll talk about how to provide your SPRS score to the DoD, which is a whole other chore once you’ve actually determined what your score is.  In order to access the part of the SPRS website where your score is uploaded, we first need a CAC (Common Access Card) or a DoD approved medium assurance ECA (External Certification Authority) certificate.  The primary purpose of this certificate is to ensure that the individual person entering the score is who they actually claim to be (non-repudiation), in addition to ensuring the confidentiality of the data.

The day after Thanksgiving, widely referred to as Black Friday, has marked the start of the Christmas shopping season since 1952.  Surprisingly, it wasn’t until 2012 that the Black Friday buzz was adapted to further stoke the shopping fire by promoting Cyber Monday.  Whether shoppers choose to chase the deals in person or from the privacy of their own homes, personal information is being shared in the form of email addresses, home addresses, and credit card numbers.  As the stores are preparing by stocking shelves and bulking up employee headcount, cyber criminals are also preparing to capitalize on the shopping frenzy, hoping to catch consumers with their guards down.

This month’s release of the much-anticipated CMMC 2.0 left many of us in the world of cybersecurity shaking our heads.  We have been working diligently with the defense industrial base for several years now, even before the CMMC was created, to stop the bleeding of our defense secrets to our adversaries.  As a veteran and a Patriot, I, along with many other Americans, take this very serious problem personally.