BLOG

Last week we kicked-off our two-part series “The Why & How of Cybersecurity Risk Management.” This series is intended to review how small to medium-sized businesses (SMBs) can reduce exposure to cyberattacks through Cybersecurity Risk Management. Part one looked at practical ways to address and measure acceptable risk. In part two, Erik Thomas, Leader of Advisory Services at Systems Engineering, walks through a framework for addressing and reducing cybersecurity risks and vulnerabilities in your organization.

Did you know that 66% of Small to Medium Businesses (SMBs) have experienced a cyberattack in the past 12 months? With SMBs facing increased, targeted, and harmful cyberattacks, we wanted to provide some useful guidance on this topic. We are presenting a two-part series reviewing how SMBs can reduce exposure to cyberattacks through Cybersecurity Risk Management. In part one, Brad Sprague, Leader of Account Management at Systems Engineering, reviews practical ways to address and measure risk.

Cisco released a collection of 12 Security Advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. The collection includes High Risk Vulnerabilities that could give an attacker unauthenticated access to the affected device’s file system. This vulnerability can also cause a Denial of Service (DoS). This means a firewall would be incapable of passing through internet traffic and require a system reboot.

For many businesses today, the programs and applications used to increase productivity, reduce risk, and control costs are evolving faster than adoption strategies can occur. When this happens, productivity may decrease, while costs and risks may increase; the exact opposite of what they are trying to accomplish.

Updated June 2020

Beginning July 6, 2020, Systems Engineering will adopt a new help desk process to enhance customer service and respond to recent client feedback. We have been collecting customer responses since early January through a closed ticket customer satisfaction survey. This survey gives our customers the opportunity to provide positive, negative, or neutral feedback regarding our service, and any suggestions they may want to put forward.

Many companies have made the unprecedented decision to close their doors or keep essential staff in-house temporarily. Others have instructed the entire organization to work from home (WFH) due to the COVID-19 pandemic. Now, an entirely new set of pressures is pulling for your attention: 

Like many of you, we are working remotely as a company following the declaration of the COVID-19 national emergency. As previously stated, Systems Engineering is well prepared to continue working and supporting our customers during this time. As expected, the morning began with higher than usual support request volume. Many customers began their work from home experiences for the first time, and we were able to get them up and working along with our regularly scheduled services.  

Recently, Cisco released a series of ‘High Severity’ vulnerabilities that relate to the Cisco Discovery Protocol (CDP), which is Cisco’s proprietary mechanism used by their devices to broadcast identities to one another across private/secured networks. For example, accessories such as VOIP Phones will use CDP to determine which VLAN the switch is using for voice traffic.

Yesterday Microsoft announced and delivered a fix for a serious vulnerability in Windows 10 cryptography function (CVE-2020-0601). The NSA had previously discovered and notified Microsoft to develop a solution. Microsoft also stated that they had seen no exploit of this vulnerability to date. The vulnerability would allow an attacker to disguise their malicious software as a valid and certified piece of code; thereby spoofing the Windows 10 PC or Windows Server 2019 into thinking it is legitimate code that can be trusted and therefore executed.

The time for planning has ended. Microsoft will no longer provide extended support for Windows 7. While Extended Security Updates (ESU) may be available for Professional and Enterprise editions of Windows 7 (for a maximum of three years from January 14, 2020), this option will come at an increasing cost to organizations.