720-891-1663

Federal Civilian Agencies May Have to Comply with CMMC-Like Security Requirements

If you sell to the federal government – any agency – you need to pay attention to this. Until now only DoD contractors were going to have to comply with CMMC or NIST SP 800-171. The standard requires 100% compliance with 110 controls; some of them pretty straight forward like having each user having their […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News Update for April 7th, 2023

FDA Will No Longer Approve Digital Medical Devices That Are Vulnerable Starting last month, the FDA will REJECT all new applications for any cyber medical device that does not include a cyberattack protection plan. Of course this won’t be perfect, but at least manufacturers will have to make an effort at it. Given that the […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Do You Think Your Customers Care WHY it Took You 2 Years to Tell Them Their Data was Breached?

This is a secondary problem of vendor cyber risk. The first problem is that you are dependent on a lot of vendors. You have to depend on those vendors. If they screw up, you get sued. And you lose customers. To make matters worse, when one of your vendors gets breached, you are only one […]

Continue reading → [DISPLAY_ACURAX_ICONS]

This is Why the Feds are Very Scared About Supply Chain Attacks

Last week it was revealed that VoIP communications company 3CX was compromised and was distributing a malicious version of their desktop software to hundreds of thousands of paying customers. This is not an attack where users go to find sketchy websites and download “free” software that should be paid for. Rather, this is licensed software […]

Continue reading → [DISPLAY_ACURAX_ICONS]