Community is a cultural cornerstone here at Systems Engineering. As a 100% employee-owned company, we are committed to making a difference in the communities in which we work and live. We continually seek creative ways to partner with our community by sharing technical expertise, engaging in mission-driven work, and promoting social responsibility. Our most recent opportunity was with the Girls Who Code summer camp pilot program hosted at the University of Southern Maine (USM) in downtown Portland.
UPDATE: On 11/4/2021, the Department of Defense launched CMMC 2.0, which announced changes to the CMMC program. CMMC 2.0 maintains the original goal of safeguarding sensitive information while streamlining previously released requirements.
The DoD is in the process of ongoing rulemaking and internal resourcing as part of the implementation, and as such, the CMMC 2.0 program details are forthcoming.
We will update the content below as CMMC 2.0 content is released. Check back here for updates.
The increasing theft of intellectual property and sensitive information is at an all-time high and a growing threat to our national security. The recent ransomware attacks on the largest gasoline pipeline and meat producer in the US are clear evidence of this reality. Cyberattacks targeting the commodities industry, federal networks, and commercial software have sent a ripple effect throughout our nation’s supply chain.
Does it ever feel like the programs and applications put in place to increase productivity, reduce risk, and control costs evolve and change faster than adoption strategies can occur within your company? In fact, it may even be that productivity decreases, causing costs and risks to increase; the exact opposite of what you are trying to accomplish.
As cloud service consumers, we have become accustomed to downloading productivity applications or using cloud storage repositories to help us in our daily activities. With the recent rise of remote working, it was not uncommon for an employee to use apps and tools that helped them be productive and fill a need in their workday. Their good intentions were honorable, however, this type of activity can create cybersecurity risks for an organization. The practice of employees deploying tools and services without the knowledge or proper vetting from IT management is known as Shadow IT.
The July 2021 Microsoft Patch Tuesday updates were released on July 13. One of those patches addressed a publicly disclosed but unexploited, zero-day vulnerability classified as CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability. This vulnerability affects on-premises Exchange servers 2013, 2016, and 2019, and was assigned a severity of critical.
It has been well over a year since the shift to remote work began, and now many companies are planning a move back to the office. Before the transition is made, a major point to consider is that the traditional workplace may no longer fit the needs of a post-pandemic workforce.
UPDATE: July 27, 2021
In a Friday, July 23, 2021 announcement, the Kaseya Incident Response team reported no reports or issues with their remediation efforts for customers impacted by the July 2nd localized ransomware attack against their VSA on-premises product. Due to this positive report, Systems Engineering has resumed the use of the two unaffected Kaseya modules we were monitoring as a result of the original VSA attack.