Cybersecurity incidents are on the rise and not slowing down. This year, the nation has seen malicious cyberactivity against private sector companies such as SolarWinds, Microsoft Exchange, and most recently, the Colonial Pipeline. Cybercriminals also took advantage of the chaos brought on by the pandemic.

Cloud is becoming the preferred way of operating business, with 90% of businesses using cloud computing in one form or another. This fact is not surprising given the numerous benefits a company can realize such as hybrid work flexibility, increased collaboration, scalability, and so much more. While many organizations embrace this major shift to the cloud, one thing that must be a priority is your cloud security posture. But what is cloud security exactly?

Last spring, many of us went through the unprecedented process of moving to remote work. The migration was largely a lift and shift exercise of office gear and technology. For many, this meant tweaking underlying security and connectivity technologies to enable seamless remote work.  As an IT managed service provider, we observed first-hand

Data breach attacks are only getting more sophisticated and gaining more traction. They're happening to individuals at home, employees within organizations who click on the wrong link, CEOs who are targeted in a  Business Email Compromise, and the list goes on. What's even worse is that small- to medium-sized businesses are more of a target than the large corporations. According to Verizon's 2017 Data Breach Investigations Report, 61% of all data breach victims are businesses under 1,000 employees. 

In a recent presentation to business leaders, Kent Goodrow, a Systems Engineering client Account Manager, spoke about the evolution of identity and access management (IAM). He noted the increasing business exposure to modern threats due to work-from-anywhere, cloud-first environments. Kent detailed how IAM has evolved over the last few years and how it now works to protect access to corporate resources. Below is an outline of his presentation on implementing IAM as your organization's first line of defense.

On April 13, Microsoft released its monthly patches for vulnerabilities found within their products. In their release announcement, Microsoft strongly recommends prioritizing the CVE 2021 28481 security update which affects Exchange servers 2013, 2016, and 2019. This vulnerability allows hackers access to mailboxes to read or even exfiltrate sensitive information.

Systems Engineering is aware of the FBI and CISA joint security advisory indicating threat actors are potentially using multiple Common Vulnerabilities and Exposures (CVE) to exploit Fortinet operating systems, known as FortiOS. The advisory calls out three vulnerabilities that may be used to gain access to business networks to begin data exfiltration or data encryption attacks. Vulnerabilities include;