Test

Cybersecurity: A Primer

The cumulative annual costs to counter cybercrime is now around $1 trillion, which is roughly about 35 times more than it was a decade ago. After all, there has been a sharp spike in all types of cybercrimes — espionage, financial crimes, identity thefts, and the list goes on.

In fact, over a trillion dollars were lost due to cybercrime in 2020. The most neglected reason for cybercrime is the lack of minimum security standards being laid down for IT businesses involved in the creation or operation of social media platforms, chat applications, and other network-connected apps and devices.

Unfortunately, everything from your favorite chat engine to your IoT devices can be exploited by hackers. So, before your cherished apps and devices turn into attack vectors, make sure to get their security level reviewed. That is the only way out because digital technologies make it impossible for businesses to eliminate threats entirely, so the focus must be on limiting the damage.

That is easier said than done because keeping a network secure involves a series of activities that need to be planned well in advance. These efforts must be focused on segregating and protecting data or infrastructure that is critical for the smooth functioning of a business. For an IT consulting firm, this could mean protecting customer data while for an e-commerce business, it could mean preventing DDoS and ransomware attacks.

None of this is easy for small and midsized businesses that cannot afford an in-house cybersecurity team. Therefore, at iVisionNet, we offer everything from Insider Threat Program development to Critical Infrastructure Situational Awareness. For more details, get in touch with our experts and they’ll let you know how best you can protect your business from security threats.

Cyber Supply Chain Risk Management: An Introduction

Digitization has become the key to survival for any organization you can think of — government agencies, businesses, schools, or healthcare service providers. However, digitization is a two-edged sword — although it brings along convenience, opportunities, and all the good stuff, it can result in breaches. The only way out is by planning an IT infrastructure capable of identifying and responding to security threats without any delays.

Now, this can be tricky because most organizations work with third parties like suppliers, service providers, vendors, etc… who can access at least some of their data. For example, a payroll management service provider is likely to have access to bank details, social security numbers, etc…Likewise, an IT Consultant may have access to project-related data such as IPs and other confidential corporate information.

By compromising the security of such third parties, cybercriminals gain access to confidential data and use it to launch supply chain attacks. Therefore, it makes no sense to solely focus on strengthening your fortress. You might have the best security measures in place, but what about those who access your organizational data? The only way to ensure 360-degree protection is by compelling third parties to adopt the necessary cybersecurity measures.

This has become the focal point for Federal agencies since the SolarWinds attack, which was by far one of the worst supply chain attacks. The malware injected into the update compromised the security of nine Federal agencies and over a hundred companies. So, what makes supply chain attacks successful? The passive attitude towards threat, vulnerability, and risk analysis and the absence of regular penetration testing opens the floodgates to this type of attack. You should be able to manage this with a powerful first line of defense and a sound threat response mechanism. Get in touch with our experts and we will devise one that is appropriate for your business.

Cybersecurity Funding and what makes it necessary

Over the past decade, there has been a significant increase in the number of cyberattacks launched on civilians, businesses, and government agencies worldwide. While some are individual attacks launched on unsuspecting citizens to steal their financial data, others are state-sponsored attacks geared towards Federal agencies.

In fact, this is why President Biden gave Prime Minister Putin a list of 16 critical infrastructures at Geneva, which must remain off-limits from local hackers in Russia. Apart from the Russians, the Chinese and the North Korean hackers also need to be controlled. For this reason, the Biden government has allocated $9.8 billion for the year 2022, which is a $500 million increase from the year 2021. Additionally, $650 million from the $1.9 trillion American Rescue Plan (ARP) has been dedicated to protecting civilian Federal networks.

This move was necessary because the nation has been incurring huge losses due to cybercrime. In 2019, 791,790 cases of cybercrime were reported to the FBI with losses exceeding $4.2 billion dollars. Now that is just the tip of the iceberg because much more has been lost due to economic espionage. This refers to stealing well-guarded intellectual property and trade secrets. As a matter of fact, the US lost over $400 billion in 2018 because of Chinese hackers.

So how did this happen? Any agency you name has been under siege the US Energy Department to the NSAID which was attacked this very year by the Russian group Nobelium. In fact, even the defense contractors, banks, and other financial institutions have not been spared.

While the infrastructures of some agencies are compromised directly, others are attacked through one or more service providers. This indirect approach often involves supply chain attacks which have increased by 42%. That is worsened by the fact that it now takes an average of 197 days to identify a breach and at least 69 days to contain it.

Why? Because organizations do not adequately invest in cybersecurity. To identify and manage risks in a prompt manner, businesses need a proactive infrastructure protection plan and expert risk management capabilities. At iVisionet, we provide comprehensive cybersecurity solutions for businesses of all types. For more information on how you can protect your business, get in touch with our experts before it is too late.

Legislation and Policy Background on Cybersecurity

Over the past decade, there has been a significant increase in cybercrime, and this is likely to continue in the near future. According to Expert projections, by 2025, the annual losses incurred due to cybercrime could be as high as $10.5 trillion dollars.

You might wonder what the lawmakers are doing about it. While there are numerous measures being implemented to curb cybercrime, there is a lot that needs to be done.  The gap is largely due to the absence of a single consolidated and comprehensive legislation that penalizes all acts of cybercrime.

Currently, cyber laws are scattered across several enactments — while some breaches qualify as “unfair” trade practices, others are prohibited under sector-specific enactments like the HIPAA Act for medical data and the GLBA Act for financial data.

Yet, there is hope because of the National Infrastructure Protection Plan (NIPP) provides a framework to protect critical infrastructures and their physical and virtual assets. Moreover, President Biden recently handed over a list of sixteen critical infrastructures to the Russian Prime Minister. With that, the US President insisted those infrastructures be off-limits for Russian Hackers. This clearly highlights the proactive measures being adopted by the current administration. Besides lawmakers, other regulators like the PCI Standards Security Council has also laid down guidelines to protect the integrity of online transactions.

Apart from the US, several other nations have been working on cybersecurity laws — Australia’s encryption laws, Canada’s privacy protection laws, the EU’s GDPR, and so on. These guidelines must be duly followed as non-compliance can result in dire consequences. At iVisionNet, we know what it takes to remain fully complied. Our legal and compliance services include everything from analyzing Security Policy Standards to FISMA Reporting and Compliance, and everything in-between. For more information, get in touch with our experts.