Cyber Security

  • Intro to IAMBy Scott Smith
    Security Practice Lead

    Four years ago Target suffered a data breach that caught the attention of consumers and executives everywhere. By starting with a stolen dormant login from an HVAC contractor who was no longer working with Target, attackers were able to gain root access directly into Target’s data center. Once in, they found a web application vulnerability and managed to use this to steal the PII (personally identifiable information) for over 70,000 people, and seize the data for over 40 million credit and debit cards from a Point of Sale system that was not directly connected to the internet.

  • Cybersecurity PlanBy Scott S. Smith
    Security Practice Lead

    Given the dramatically negative impact that a cybersecurity failure can have on your business, implementing a cybersecurity plan is mission critical. In my last article I talked about some of the business-driven needs that might drive your cybersecurity plan. Today I will address some of the steps you need to take to get a cybersecurity plan in place.

  • Cybersecurity On A BudgetBy Christopher Barron
    Associate

    As the CIO you’ve been tasked with ensuring that your organization’s IT systems are more secure. You’ve got a budget (although it’s tight). You’ve got mandates (“Don’t let us get hacked!” “Increase our perimeter strength!” “Make it a ‘Top 3’ initiative for the year!”). But if you’re like many CIOs, what you don’t have is an understanding of the basic premises and precepts of cybersecurity.

    To get appropriate cybersecurity controls in place, where in the world should you start?

  • 7 Key Cybersecurity TacticsBy Scott S. Smith
    Security Practice Lead

    Given the fact that many organizations experience near-continuous cyberattack attempts, if you have not already done so, getting a robust cybersecurity plan in place is a must. This plan needs to be tailored to address your organization’s business requirements, culture and risk tolerance around cybersecurity. It also will need to ensure compliance with applicable regulations and laws, and include plans for how to respond if, in spite of your best efforts, a security breach takes place. You don’t want to be in Equifax’s situation, where a hacker’s ability to exploit what was most likely a known weakness has now put millions of consumers’ identity and financial security at risk. The government, your customers and the general public are all losing their tolerance for disasters that happen when known problems are ignored.

  • Leading practices in identity and access managementBy Scott Smith
    Security Practice Lead

    Whether talking to people at large companies or small companies, when we bring up the topic of Identity and Access Management (IAM) we often hear a lot of the same comments…

    • “I am concerned that we have employees who have been here 10 years, and have access to everything, but I don’t know how to control that risk.”
    • “Of course we have password policies…but I’m not sure they’re being enforced.”
    • “I recently discovered an account for someone who left the company 14 months ago.”
    • “Half the people in our IT department have global permissions—they can access anything.”
  • Why Businesses Needs CybersecurityBy Scott S. Smith
    Security Practice Lead

    The recent data breach at Equifax is just one of the latest in a long string of high-profile cybersecurity failures. In this particular case, the Social Security numbers and other sensitive information of up to 143 million Americans were exposed. In another case, the NotPetya attack very quickly spread to, then severely hobbled operations in, corporations around the world, including the giant shipping company Maersk.

    These and other recent cybersecurity failures in the news have resulted in intellectual property loss, disclosure of embarrassing communications, loss of business, massive public relations nightmares, and more. And that’s just for the high-profile cases!

  • Ransomware & Business Continuity PlanningBy Stephen McGrady
    Principal

    Those responsible for Business Continuity Planning (BCP)—i.e. having plans in place to keep a business running after disaster strikes—understand that the world really can be a dangerous place. Although hacking, malware and ransomware aren’t really “new” threats per se, they have certainly grown in frequency and impact.

    As some recent high-profile situations have shown, terrible things can and do happen to organizations everywhere. Case in point: Disney was recently hit with a ransom demand by hackers who claimed to have stolen the latest “Pirates of the Caribbean” movie. A few weeks before that, hackers stole the latest season of “Orange is the New Black” from Netflix, and leaked episodes when the firm refused to meet their ransom demands. And then there’s the widely-publicized “WannaCry” ransomware attack, which affected over 200,000 computers in 150 countries in May.

CIO Professional Services LLC is a top-rated IT consulting firm, based in the San Francisco Bay Area, specializing in strategic IT consulting and business / IT alignment. Companies come to us seeking assistance with their information technology strategy as well as to source interim CIO / CTO employees or fractional CIO / CTO's. Our IT experts can assist with integrating IT into your business processes - better - up to and including 'project rescue' in areas such as ITSM / ITIL, IT service strategy, and IT outsourcing. Business / IT strategy projects we have worked on include upgrading ERP systems, cybersecurity and IT consulting, IT assessment and organizational change. Cloud computing and business IT remain critical in today's business systems, and beyond that to the migration to the cloud of business IT. Our IT consultants can assist with all aspects of business / information technology alignment. Contact us today for a free phone consultation - we service clients not only in San Francisco or San Jose, but throughout the United States.

Copyright 2018. CIO Professional Services, LLC. All Rights Reserved.