Posts

Lessons Learned from Data Breaches

Data Breaches 2022 Humans tend to move on to the next big thing quickly, and with rapidly changing security and regulatory environments, CISOs are no different. We all face new challenges daily, but as we focus on the latest priority in front of us, we must also remember to look back and revisit previous events to ensure we’re practicing hard lessons learned.

Thousands of hacks and data breaches have been reported this year, with victims ranging from public and private companies to local governments and school districts. However, several breaches stand out to me, and now that the dust has settled on them, I think they warrant a deeper dive to uncover what lessons can be gleaned from them.

In this post, I’ll share the story of three data breaches and highlight the salient details you need to know to protect your organization in this age of cybercrime.

Three Significant Data Breaches in 2022

  1. The Okta Breach

Okta works with several partners to help manage its enterprise. Hackers targeted an employee of one of these partners, the Sitel Group, who had privileged access to provide customer service to Okta clients and data. That account was empowered to reset passwords and reset multifactor authentication.

The Sitel Group serves many more customers than Okta. To perform their jobs, support staff often need administrative privileges in their customer’s environment. The attack highlights the increased risk of outsourcing access to your organization’s internal environment.

  1. The Microsoft Breach

In March, Microsoft revealed that an employee account was compromised, which granted hackers “limited access” to Microsoft’s systems and allowed the theft of the company’s source code. Microsoft referenced the hackers’ use of “social engineering and identity-centric tactics” in a blog post detailing the breach. This attack illustrates why training employees about phishing and other social engineering tactics is so important.

  1. The Nvidia Breach

Nvidia, one of the world’s largest graphics processing unit (GPU) manufacturers, was breached in a cyberattack that resulted in the theft and release of over a terabyte of proprietary data and over 71,000 employee credentials. In a statement after the breach, an Nvidia spokesperson did not disclose how hackers were able to gain access, only referring to the attack as a “cybersecurity incident,” but a well-known hacking group quickly took credit for the attack.

What Do These Attacks Have in Common?

It is no coincidence that I am looking back at these three cyber events. The hacks were all claimed by a hacking group known as the Lapsus$ group. Lapsus$ claimed responsibility for the Okta breach, the Microsoft breach, and the breach of Nvidia, among other high-profile targets. The most surprising piece of information about that group is it’s allegedly run by a group of teenagers.

Lessons to be Learned from Teenagers?

The tactics used by the Lapsus$ group are wholly unsophisticated but have still proven time and time again to be effective. The good news is that because their tactics are easily thwarted, organizations have plenty of opportunities to avoid getting hacked by following best practices.

  • Lesson #1: Lapsus$ primarily relied on social engineering schemes to gain access to a target directly or seek access via an organization’s supply chain or service providers. The group claimed that its goal was financial and that it had no political agenda; however, its chaotic approach caused just as destruction in its pursuit of exploiting data.
  • Lesson #2: The Lapsus$ group’s attacks should be a reminder that even the most robust cyber defenses can be circumvented if attackers exploit weak links in the chain. These weak links can be found in both the technical and human domains, but the likeliest way for hackers to gain access is via end-users. As a result, organizations need to be vigilant in educating employees about cyber threats and how to identify and avoid them.
  • Lesson #3: Third-party risk management is also critical in protecting against the type of supply chain attack used against Okta. Companies need to vet their service providers and have security protocols in place to prevent attackers from exploiting these relationships to gain access to sensitive data.

Related Content →  What’s a Supply Chain Attack? Watch the video to learn more.


  • Lesson #4: Additionally, the Lapsus$ group’s attacks show that even small groups of relatively primitive attackers can cause much damage. This fact should be a reminder that organizations must be prepared for all threats, not just those from well-funded and well-developed cybercriminals.

It is important to remember that breaches can and will happen, whether perpetrated by Lapsus$ or other sources, and your company’s response can make all the difference in whether it will survive unscathed. The risk of lost revenue, fines and penalties, and reputational damage require that your company set and follow disaster response and recovery plans.

Reduce Your Risk from Data Breaches?

There are a variety of actions your firm can take to reduce your risk of being hacked, but here are a few key points to keep in mind:

  • Employ multifactor authentication.
  • Review all critical users’ access levels.
  • Perform due diligence for service providers and third-party vendors.
  • Conduct tabletop exercises to identify possible gaps in controls and training. For example, if an internal employee shared their credentials with an attacker, how could you tell?
  • Take care of your employees. Disgruntled employees are more susceptible to bribes.

Data Breaches 2022


Related Content →  Evaluate your security readiness with our  Cybersecurity Checklist.


Next Steps

Lapsus$’s attacks are a reminder that cyber defenses can be circumvented if attackers can exploit the weakest links in the chain. The best defense is to employ a multilayered cybersecurity solution that includes end-user training, comprehensive security policies and protocols, incident response planning, regular security audits, and more.

In today’s digital world, data is the new currency. And like any other type of currency, it needs to be protected from those who would exploit it. Unfortunately, the Lapsus$ group is just one example of the many cyber criminals out there looking to profit from the data of others.

Whether you work with an internal team or outsource your IT functions, employing robust cybersecurity solutions and regularly reviewing them against your risk profile is critical. Reach out to our security professionals for help evaluating your cybersecurity program to find gaps and areas that need improvement. Implementing security controls is not “set it and forget it” but must routinely be assessed to match the needs of your business and the external challenges of today’s cyber landscape.


JasonAbout Jason

Jason Martino is passionate about the intersection of security and compliance. He is responsible for Coretelligent’s internal cybersecurity programs, governance, risk, compliance activities, and educating staff and customers on an ever-evolving threat landscape.

Multifactor Authentication

Multifactor Authentication

Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from distinct categories of credentials to verify a user’s identity. It is a crucial component of a robust multilayered cybersecurity posture to help mitigate the risk of a cyberattack. It is also considered a best practice for organizations of all sizes and across all sectors to meet compliance standards—especially in highly-regulated sectors like financial services and life sciences.

Multifactor Authentication Explained

The multifactor authentication method should be familiar to all readers at this point. Companies from Apple and Google to Facebook and Amazon utilize (or require) multifactor authentication to reduce risk. Many more will follow in their footsteps as the threat landscape intensifies from cyberattacks and data breaches and as more regulatory agencies require the process.

When MFA is implemented, systems require users to present a combination of two or more qualifications to verify their identity for login. The first authentication consists of a password, which is all that’s required with single-factor authentication. The second verification can vary but often involves asking for a code sent via text or email to a device or account that has previously been verified.

MFA increases security because even if one credential becomes compromised, unauthorized users will not be able to meet the second authentication requirement and will not be able to access the device, network, or database. MFA prevents the unauthorized access of data—including personally identifiable information, intellectual property, and financial assets—by a third party who may have discovered a single password through illegal channels or via a phishing attack.

Multifactor authentication is an element of identity and access management, which consists of policies and practices designed to manage access to enterprise resources and keep systems and data secure. Additionally, Privileged Access Management (PAM) is a subset of IAM that allows for an even more granular distinction between users and access to more sensitive data.



Two-Factor vs. Multifactor vs. Adaptive

  • Two-Factor Authentication (2FA) is the simplest and most common form of multifactor authentication. With 2FA, users must supply two distinct proofs of identity for access. In nearly every case, two-factor authentication is a massive improvement over single-factor.
  • On the other hand, 2FA might not be flexible or robust enough for certain situations and specific industries. With MFA, more than two factors are required for authentication, enabling more variables and security. To elaborate, MFA can grant degrees of access across a broad spectrum of possibilities depending on various data points and multiple factors obtained from the login.
  • Adaptive Authentication is yet another certification tool that uses contextual information and business rules to determine which authentication factors to apply to a particular user, at a certain time, and in a specific situation. It combines user authentication with AI and is an effective tool for balancing security requirements and the user experience. Adaptive MFA also makes access decisions based on data, such as: consecutive login failures, geo-location, geo-velocity (or the physical distance between consecutive login attempts), device type, time of day, and 3rd party intelligence data.

MFA and Multilayered Cybersecurity

While MFA can help strengthen your security, it is still best employed as part of a multilayered cybersecurity program based on a defense-in-depth strategy. Defense-in-depth is a cybersecurity model that employs continuous multilayered security for real-time, holistic protection. The reality of today’s cyber threats is that no one cybersecurity practice is enough to protect on its own. Instead, overlapping layers of cybersecurity protections are recommended. A layered defense helps security organizations reduce vulnerabilities, contain threats, and mitigate risk.

It is also important to note that it is still critical to practice good cyber hygiene, even with MFA. Organizations should set password management policies and educate end-users about best practices. Such policies should include requirements for unique passwords and review the frequency of password rotation, among others.


Related Content →  Evaluate your cybersecurity posture with our  Cybersecurity Checklist.


What is Right for Your Organization?

The answer to this question depends on the specific needs of your business. However, in general, as the threats faced by organizations have become more sophisticated, it has become clear that single-factor authentication is no longer enough to protect data and systems.

Organizations must implement additional layers of security, and MFA is an essential part of that process. Therefore, when selecting an MFA solution, it is important to consider your firm’s needs and choose a solution that will be easy to use and manage by both your IT team and your end-users.

Reach out to our security experts for help in determining which is the right solution for your business and security needs. We can help you assess your risk exposure, determine any compliance requirements for your sector, and evaluate the ease of deployment and implementation necessary, along with other factors.


About Chris

As Chief Technology Officer at Coretelligent, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Click here to learn more about Chris.

Year-End IT Planning

Year-End IT PlanningAs we move into the last quarter of the year, it’s time for the annual review and realignment of your IT planning and strategy. Of course, you have actively been implementing your IT roadmap throughout the year, but a year-end IT planning and review is an opportunity to evaluate its effectiveness and update it for the upcoming year. Here are some things to keep in mind as you plan for the end of the year.

Year-End IT Planning and the IT Road Map

An IT roadmap is a strategic plan that outlines how your business will use technology to achieve its goals. A well-planned roadmap can help your business scale, improve ROI, reduce risk, and increase productivity.

Utilizing an IT roadmap ensures that your IT investments drive value and growth. In addition, a comprehensive plan can help identify areas of your organization’s IT infrastructure that need improvement and prioritize addressing them.

As with any plan, a strategic IT roadmap is only effective if you use it. A high-level annual review offers an opportunity to evaluate successful goal completion, realign with business goals, re-examine key initiatives, acknowledge and implement a plan for gaps, and provide valuable data for setting future KPIs.

What Should a Year-End Review Encompass?

As with other company activities, the year-end technology review reflects what you put into it. So don’t regard it as a meaningless exercise; instead, see it as an opportunity to get valuable information about your company. While results vary from firm to firm, there are certain aspects that all year-end reviews have in common.

1. Review the Current Technology Roadmap

Appraise the initiatives, tactics, and timelines of the current IT strategic plan to evaluate successful completion and future updates.

Reassess the technology of the organization, including:

  • Cybersecurity practices and policies
  • Technology infrastructure
  • Cloud storage and applications
  • Processes and data governance
  • Due diligence, compliance requirements, and risk management

2. Review Business Goals

The review process should also start with refreshing yourself with your company’s mission, vision, and values. Then, this is an opportunity to assess business functions and realign with these foundational pillars.

Of course, a review would not be complete without the inclusion of the business goals for the year you are looking back over. These business objectives can help you formulate a list of questions that can be answered through your review.

Review current business objectives, initiatives, and IT needs across the organization to determine IT initiatives. SWOT analysis can help identify gaps in IT needs across the organization. Key elements to include in the plan include proactive cybersecurity, compliance requirements, business drivers, expected growth, risk management, and identifying opportunities.

3. Assess Key Performance Indicators and Results

Determining success by reviewing metrics is key to establishing the effectiveness of any plan, and an IT roadmap is no exception. Beyond assessing whether goals were completed, there’s also plenty of insight to be gleaned from evaluating the objectives you did not reach. Undergoing this exercise is where the work of developing next year’s IT roadmap through identifying gaps and deficiencies, goals out of alignment, and new technology needs begins.

4. Putting IT All Together for Next Year

The outcome of this exercise is to use these findings from this strategic year-end IT planning process to set initiatives and develop strategic goals for your organization for the upcoming year.

Additionally, business leaders should look externally and evaluate business drivers and market forces, apply competitive research, and assess technology disruptors when determining upcoming IT priorities and business goals to include in next year’s plan.


Download our e-book Paving the Road to Success with Strategic IT Planning to learn more about how developing and implementing an IT roadmap can steer your firm towards success.


Chris Messer, Chief Technology Officer at Coretelligent, HeadshotAbout Chris

As Chief Technology Officer at Coretelligent, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Click here to learn more about Chris.

Four Tools to Evaluate and Improve Your Cybersecurity Posture

 

Cybersecurity ResourcesCybersecurity Awareness Month is recognized every October. Now in its 19th year, this month is a collaborative effort between Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) to ensure that individuals, organizations, and businesses have the cybersecurity tips and resources they need to be safe and secure online.

Cybersecurity headlines often focus on breaches or attacks, but this month highlights available resources and strategies to maintain security all year long and avoid the headlines.

To do our part and help raise awareness, Coretelligent has put together a list of various digital resources to utilize to better evaluate, understand, and improve your cybersecurity posture.

What Cybersecurity Resources Can You Utilize Today?

  1. Cybersecurity Checklist

    To help you appraise your cybersecurity readiness, the experts at Coretelligent have created a Cybersecurity Evaluation Checklist. This checklist is a jumping-off point to help your enterprise determine its ability to mitigate the risk of cyberattacks before it is too late.

    This checklist can help you identify initial cybersecurity successes and opportunities for growth in your existing security measures to help you develop an IT roadmap that minimizes risk while supporting growth.

  1. Risk Mitigation Case Study

    This risk mitigation case study looks at Coretelligent’s partnership with client Courier Express to establish a comprehensive cybersecurity solution and can help you better understand partnering with an MSP.

    As one of the largest courier companies in the nation, Courier Express has round-the-clock operations that rely on a continuous flow of transactional data. Understanding that cyberattacks pose a significant threat to their operations, Courier Express works with Coretelligent to mitigate those threats.

    This study illustrates how an MSP partnership can help you defend against cyber threats, elevate your IT game, and free up your in-house staff to focus on growth and innovation.

  2. Best Practices for Safeguarding Against Critical Cyberthreats

    Looking for ways to increase your cybersecurity posture today but not sure where to start? Watch this video to learn ways to protect yourself and your organization from cyber threats.

    In 2021, ransomware attacks increased by 105%, and the current geopolitical situation has led to an even higher level of risk for businesses of all sizes and across all industries. This heightened cyber threat landscape requires robust security solutions to protect against cyberattacks, data breaches, malware, ransomware, and other critical cyber threats. Learn more about what steps you can take today and how to stay proactive into the future.

  3. Multilayered Cybersecurity with Defense-in-Depth Video

    Maybe you already have some cybersecurity solutions but want to build more robust protection. That’s where defense-in-depth comes in. It is a system of continuous and overlapping security layers that range from simple controls to complex security tools. These layers are designed to create an interlocking barrier that is continuously monitoring and protecting your assets. With multilayered security, if one layer of defense is breached, there are additional layers in place to mitigate any exposure. This model is designed to handle sophisticated cyber-attacks and delivers a more robust cybersecurity solution that is necessary for today’s volatile cyber landscape.

    In watching this video, you’ll learn more about the goal of defense-in-depth and how it benefits your company. Creating multiple barriers slows down attackers and sends out intrusion alerts before significant damage is done. Multilayered cybersecurity will also satisfy many compliance standards for industries like financial services and life sciences.

Build a Balance of Business and Security

Balancing business initiatives with security and technology can seem challenging, but Coretelligent can help. After reviewing these resources, we encourage you to contact our cybersecurity experts. Protect your business and learn more about our enhanced managed cybersecurity services designed specifically for small-to-mid-sized companies. Reduce your risk from security incidents – contact us today for help responding to your cybersecurity gaps.

Looking for more cybersecurity tips? Check out our list of 7 Security Tips for Practicing Good Cyber Hygiene.

Data Loss Prevention

We are all aware of the anxiety losing something can cause. If you’ve ever misplaced your wallet, you are aware of the lasting impact it has. First, you have to get in touch with your bank, then request a new license, and then update all your existing accounts with the new information when it arrives. Even after handling the seemingly endless immediate effects of the loss, the fear of what happened to your personal information may last a while.

Now imagine if you were an organization that lost hundreds of thousands of records containing personally identifiable information (PII) or intellectual property (IP). In 2022 alone, several major companies such as Uber and Rockstar Games have been affected by data breaches that have compromised large quantities of their stored PII.

Numerous factors, including internal and external threats, system flaws, or even human conduct, can lead to data loss. Whatever the source, your company can take steps to stop data loss, shorten the duration of the incident, and lower the overall cost to your organization. The SEC’s Office of Compliance Inspections and Examinations (OCIE) notes data loss prevention as a critical area in their Cybersecurity and Resilience Observations report.

What is Data Loss Prevention?

Data loss prevention (DLP) involves having systems, tools, policies, and training to prevent data from being misused, lost, or accessed by unauthorized users. Preventing data loss is especially crucial for businesses that handle sensitive information like personally identifiable information (PII), intellectual property (IP), and personal health information (PHI). IBM’s 2021 Cost of a Data Breach Report found that PII was the most common type of record lost, included in 44% of breaches. PII is also most costly type of stolen record costing businesses up to $180 per record.

For those in highly regulated industries, like financial services and life sciences, data loss prevention is required. Data management and security are crucial elements in FDA Title 21, CFR Part 11, HIPAA, Sarbanes-Oxley Act (SOX), FINRA, and SEC rule 17a-4. Keep in mind that many of these regulations require preventative measures, specific actions, and documentation in the event of a data breach.

The Cost of Data Loss

Whether you experience a data breach from an inside user or permanent data loss from a malicious attack, there are long term consequences. Decreased productivity, loss of consumer and investor confidence, legal fees, and remediation expenses are only a few of the costs. For many organizations, it can take years to recover from the damage. Unfortunately, some businesses don’t survive these costs and are forced to close.

Even if you experience a breach, having a data loss prevention strategy can reduce the costs. The average cost of a breach is $4.24 million. Data loss prevention can reduce the overall cost of a breach by $136,992, according to IBM’s 2022 Cost of a Data Breach Report.

Developing a Strategy

To meet compliance standards and secure your data, your organization needs to have a comprehensive security plan that includes preventative and responsive actions.

Develop Comprehensive Policies

When we think about cybersecurity and data protection, we often think of technology. Although technology is a significant factor in security, policies set the tone for the organization and provide guidance on which technology solutions are needed. A lack of policies and procedures can undermine even the best technologies.

Create an Asset Inventory

You can’t protect your data if you don’t know where it is. Develop an asset inventory that lists all your data, where it lives, and how it’s currently being protected. Be sure to note your critical assets and systems that would affect your business operations.

Assess and Treat Vulnerabilities

To understand how your organization could experience data loss, you need to be aware of what vulnerabilities exist in your environment. Establish regular, comprehensive vulnerability assessments and penetration tests to stay on top of your current weaknesses.

Create and implement treatment plans for discovered vulnerabilities, e.g., patch management schedule, awareness training, and comprehensive policies.

Implement Access Control

Determine paths of ingress and egress for sensitive information. Determine who has access to sensitive data and implement the principle of least privilege to ensure that access is restricted to only those that should have it. Ensure access and usage are audited. Implement appropriate restrictions and logging at all points of egress.

Conduct Security Awareness Training

Since human error remains among the top causes of data breaches, it’s essential to conduct quarterly or semi-annual security awareness training. Users who have received training are better equipped to spot harmful emails and phishing schemes. It also teaches them what steps to take if they have received this type of communication.

Implement Perimeter and Endpoint Security

Remote work is here to stay, and as such, the perimeter of your network is no longer limited to the boundaries of your office or data center. You need to ensure that you have total visibility into all incoming and outgoing network traffic, including endpoints. Implement firewalls, endpoint protection platforms, and email security. These tools will give your IT team or MSP the visibility they need to detect and respond to threats straight away.

Having a dedicated security team to actively monitor your environment around the clock allows them to respond quickly to suspicious activities occurring on your network.

Properly Dispose of Legacy Systems

Remove software that is no longer receiving security patching from the vendor. Ensure that all sensitive data is removed when disposing of outdated software and hardware. Use disposal or recycling vendors that provide a certificate of destruction.

Create a Backup and Disaster Recovery Plan

Unfortunately, even with the best security measures in place, data loss is still a possibility. That’s why you need to have regular and tested backups along with a comprehensive disaster recovery plan. A plan will help your organization maintain business continuity and compliance while addressing a disaster or breach.

Staying Compliant and Protecting Your Data

Data loss can have a significant and irreversible impact on your business. Data loss prevention is an essential component of your overall security posture. To maintain compliance, your organization must secure and monitor your data continuously. As the threat of cyber-attacks continues to grow, it can be challenging to balance security, compliance, and day-to-day support. Coretelligent can help to strengthen your cybersecurity posture and protect your data. You can learn more about what we offer, including cloud-based solutions, backup and business continuity services, IT planning and strategy, compliance solutions, and more here.

IT Security and Compliance

IT Security and ComplianceSecurity and compliance are often used interchangeably in IT, but that is actually a misnomer as they are not equivalent. So, just what are the differences between IT security and compliance?

Security and compliance are equally important but for varying reasons. Whereas security drivers are related to mitigating business risks, compliance drivers are regulatory or legal in nature. Compliance and security have similar objectives around managing risks and securing sensitive data and systems but have different processes and workflows to accomplish these goals.

Compliance involves applying regulatory standards to meet contractual or third-party regulatory requirements.  In contrast, security constitutes the implementation of adequate technical controls to protect digital assets from cyber threats.

 

IT Security and Compliance

Still, again, they are similar but not equal. So why is the distinction between security and compliance important? It is significant because implementing one without the other could lead to devastating consequences for your company.

Cybersecurity

Ask yourself, “Would it be a significant hardship if company assets are stolen, compromised, misused, or destroyed?” The answer is, “Of course.” That’s the motivation behind implementing cybersecurity—the desire to protect the confidentiality, integrity, and availability of company assets through security controls and best practices.

IT security is unique to each organization—the measures set by one entity may be entirely different from those of another. Security focuses on comprehensively mitigating any risk that may threaten an organization’s data confidentiality, availability, and integrity—it relates to all the electronic and physical data of an organization and not just those covered by compliance.

We don’t walk around with our bank account or social security numbers on our foreheads—that would be reckless. Instead, we do our best to secure sensitive information from individuals who want to steal it because securing valuable data is a prudent action to reduce the associated risks of identity theft and drained bank accounts.

Cybersecurity acts the same way. Recognizing the risks, smart business leaders choose to secure assets to protect their business from harm and keep their business. The fallout from inadequately securing business assets can lead to loss of business revenue, costly lawsuits and settlements, theft of intellectual property and proprietary information, reputational loss, inability to operate, and business shutdown.

IT Compliance

The confusion between the two functions arises because the outcomes from implementing compliance measures often overlap with implementing security measures. However, the motivation behind organizational compliance is to ensure that obligations and requirements are satisfied to avoid negative consequences and ensure business viability.

These external compliance requirements and standards include a range of often intersecting and complicated networks of government, industry, financial, and even customer requirements. Cybersecurity is often a small part of a greater set of requirements. Examples include:

  • Self-regulatory organizations like PCI Security Council (PCI DSS) and Financial Industry Regulatory Authority (FINRA)
  • Governmental bodies like the U.S. Securities and Exchange Commission (SEC)
  • Government regulations, including Gramm-Leach-Bliley Act (GBLA), FTC Safeguard Rule, Sarbanes-Oxley (SOX)
  • Privacy standards, including HIPAA/HITECH, GDPR, CCPA
  • Technical Standards and Certifications, including ISO27001, SOC2
  • Control frameworks, including NIST CSF, CIS Critical Security Controls
  • Client SLAs
  • Due Diligence requests (DDQ)
  • And more depending on your industry and other factors.

Looking at the worst possible outcomes, the legal and financial ramifications of non-compliance with these and other standards would lead to your organization paying hefty fines and penalties, facing costly lawsuits, being blocked from working in certain locations and industries, not being able to take payments, loss of financing and investors, not being able to acquire insurance, and more.

The Big Picture

The reality is that neither IT security nor compliance lives in a vacuum. Instead, they are complementary—symbiotic even. They successfully function from a mutually beneficial association that enhances and reinforces the benefits of each other. One without the other would be like trying to make water without oxygen or hydrogen.

Being compliant with a specific set of standards is not the same as having an effective and robust information security system. Compliance simply measures whether your security protocols meet a given set of one-size-fits-all security standards at a given point in time.

A robust security system makes it easier for an organization to meet compliance standards since most of the needed controls will already be in place. All that would remain, to attain compliance, would be documentation work and adhering to industry-specific policies.

It’s All About Managing Risk

The real question every business leader should be asking is how to leverage both security and compliance to reduce exposure and risk. Compliance establishes a comprehensive baseline for covering an organization’s overall posture. At the same time, security practices build on that baseline to ensure that the business is protected from every angle.

It’s all about risk. Or, more accurately, reducing risk. And security combined with compliance is the one-two punch every business needs to minimize risk and protect assets.

For companies of any size, Governance, Risk, and Compliance (GRC) is about aligning cyber and information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Therefore, an effective GRC strategy is essential because it pulls together the complexity of various risk, compliance, and governance functions into a single strategy.

Successful companies address cyber risk in a business context. From that point of view, avoiding fines and data breaches are preferable. In establishing and implementing compliance and security, smart leaders treat them as a risk-management concern and just not an “IT problem.” Integrating your security and compliance teams into your risk assessment program will lead to mutually assured success.

Additionally, certain industries, like financial services and life sciences, have overlapping requirements originating from a variety of sources which can make fore a complicated matrix to follow. Working with an IT vendor who specializes in your particular industry is ideal to ensure compliance across all regulations.

Choosing the right security and compliance solutions is also critical. Operating with a “checkbox” approach to either compliance or security will lead your organization towards a rocky future. Instead, focus on developing and adhering to robust policies and choosing the right solutions based on your industry needs, risk assessment, and business goals to satisfy and streamline your compliance and security activities.


JasonAbout Jason

Jason Martino is passionate about the intersection of security and compliance. He is responsible for Coretelligent’s internal cybersecurity programs, governance, risk, compliance activities, and educating staff and customers on an ever-evolving threat landscape.

Espionage Threat

The heads of the FBI and MI5, Britain’s domestic security service, have warned business executives about threats posed by Chinese digital espionage, the goal of which is often to steal Western companies’ intellectual property.

During the joint appearance on July 6, 2022, Christopher Wray, director of the Federal Bureau of Investigation (FBI), and Ken McCallum, director-general of MI5, reiterated a need for digital caution and ongoing vigilance because of the scale of Beijing’s operation.

“The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market,” Mr. Wray told the audience in attendance. “They’re set on using every tool at their disposal to do it.”

China is engaged in “a coordinated campaign on a grand scale” that represents “a strategic contest across decades,” Mr. McCallum emphasized. “We need to act.”

The Chinese government utilizes state-sponsored hacking to exploit known cybersecurity vulnerabilities in order to establish a more extensive web of compromised infrastructure. Over the last few years, it has exploited several high-severity vulnerabilities that have given these attackers the opportunity to gain entry to many vulnerable devices.

Once the attackers have access to these devices, they assess the critical users and seek to gain further credentials. Utilizing these and other methods, these attackers are continually evolving and adapting their practices to bypass existing defenses, so maintaining a proactive and defensive cybersecurity posture for your business is imperative.

CISA Recommended Best Practices

The US Cybersecurity & Infrastructure Security Agency (CISA) is recommending a variety of best practice actions for combating this threat, including, but not limited to:

  • Applying patches as soon as possible
  • Disabling unnecessary ports and protocols
  • Replacing end-of-life infrastructure
  • Implementing a centralized patch management system

Additional recommendations from Coretelligent’s security experts include:

Remain vigilant

  • Implement multifactor authentication
  • Think before you click a link or open an email attachment.
  • Be wary of new social media requests.
  • Limit the attack surface on all Internet-facing infrastructure

Ensure readiness to respond to a cyber incident

  • Review policies and procedures around incident response.

How to Protect Your Organization?

If you are concerned that your organization’s current cybersecurity posture is not robust enough to sufficiently handle the growing threat, reach out to learn more about Coretelligent’s multi-layered cybersecurity solutions.

Five Topics to Cover in Your Next IT Strategy Meeting

Discussing IT StrategyIn-house IT departments are often forced to take on a break-fix methodology instead of working proactively due to the large volume of work they are responsible for. To prioritize the achievement of business goals, organizations need to look beyond the day-to-day transactional IT and toward long-term strategy.

This need is why Coretelligent offers clients Virtual CIO (VCIO) sessions which provide an organization’s in-house IT with the leadership and guidance needed to make critical IT decisions. VCIO sessions are an opportunity to discuss the state of your IT infrastructure and how to make improvements so that it’s proactively supporting your operations.

Like all strategies, your IT strategy is not a set it and forget it process. To ensure your IT roadmap is aligned with your business initiatives, you should reevaluate it at least once a year. At Coretelligent, we regularly evaluate our clients’ IT infrastructure and make proactive recommendations to keep them secure, compliant, positioned for growth, and aligned with their business goals.

Here are five topics that you should address with your IT Partner in your next strategy session:

1. Cybersecurity

Year-over-year cybersecurity attacks and incidents continue to increase and with more companies shifting to a permanent hybrid or work-from-home policy, more vulnerabilities are uncovered every day. Without the proper infrastructure, remote work environments can present substantial security risks. Coretelligent stays abreast of cyber threats and compliance regulations in our client’s industries. We make recommendations to address these threats as well as client-specific vulnerabilities.

Endpoint security is critical with the transition to a remote workforce. Your IT partner should be monitoring your infrastructure including your endpoints for cybersecurity incidents and running regular vulnerability assessments. During your strategy meetings, they should make recommendations on how you can improve your endpoint security with tools like endpoint detection and response (EDR) platforms and security awareness training. If your IT partner is providing user security awareness training, ask if they are validating the effectiveness of that training with phishing testing.

2. Compliance

In an ever-changing regulatory and security climate, firms that attempt to meet the obligations set forth by regulators by utilizing manual processes can quickly cause inconsistencies that are not easily discovered without a full audit of systems and processes. However, Coretelligent’s VCIO sessions provide strategies for aligning your policies, procedures, and systems with regulatory standards.

Proper access management is the foundation of cybersecurity and compliance. Your IT partner should regularly evaluate your current IT strategy and create a plan to close any compliance gaps. This includes reviewing and updating your data governance policies and procedures.

3. Cloud Strategy

There is no one-size-fits-all when it comes to cloud strategy. Many organizations take a multi-cloud approach, having a combination of public and private cloud solutions. Depending on your business needs, you may need a hybrid cloud model with some systems on the cloud while others remain on-premise. With a variety of combinations, how do you know which cloud strategy is right for you?

Ultimately your cloud strategy will depend on your operations, data, business goals, and budget. Coretelligent’s consultative approach to cloud solutions ensures that client’s cloud strategies and solutions are built around their current and future business goals. If you have questions about scalability, mobility, and availability, the cloud is a topic you will want to discuss with your IT partner.

4. Collaboration Platforms

Daily operations rely on employees’ ability to communicate efficiently. Coretelligent provides clients with recommendations for collaboration tools that will optimize workflows. In some cases, clients may be able to reduce costs by consolidating to one collaboration platform.

Your IT partner should make recommendations that increase productivity while maintaining security and compliance. Is your firm subject to compliance standards requiring communications archiving? Having an IT partner familiar with your industry and compliance standards helps ensure that you are securely archiving emails and video conferencing communications.

5. Business Continuity

In addition to optimizing your IT infrastructure for security and operational efficiency, Coretelligent uses time during your VCIO session to discuss business continuity. We evaluate the systems and procedures you have in place in the event of a breach or disaster and then make recommendations on how to improve them.

When was the last time you reviewed your disaster recovery plan? Have you tested it? Your IT partner should help you review and update your disaster recovery plan. They should ensure your backups are secure and accessible even during a disaster. Does your IT partner regularly maintain an asset inventory? Maintaining an accurate list of your assets and their locations is often required by regulatory agencies.

A Comprehensive IT Strategy

Not all IT teams or MSPs have the expertise to provide meaningful recommendations for your IT infrastructure. Too little experience could result in purchasing unnecessary or insufficient tools which can cost your business money. Organizations looking for long-term success must move away from the break-fix methodology.

At Coretelligent, strategy comes standard. We have years of experience developing IT roadmaps for firms in highly regulated industries like financial services and life sciences. Looking to improve your security, migrate to the cloud, or need support with IT planning and strategy? Coretelligent is here to help! Contact us to learn how Coretelligent can help your business.

Cybersecurity for Broker-Dealer Firms

Cybersecurity for Broker-Dealer FirmsAs a broker-dealer firm executive, you know that one of FINRA’s key mandates is to help prevent cyberattacks against its regulated firms. The Financial Industry Regulatory Authority, or FINRA, is, of course, a not-for-profit regulatory organization authorized by Congress to protect investors and ensure market integrity in the United States. This post will explore some of the most common cybersecurity threats faced by FINRA firms.

What are the Most Common Cybersecurity Threats for Broker-Dealer Firms?

Now more than ever, broker-dealer firms rely on their technology infrastructure the cyber landscape presents a regular number of security challenges requiring robust preparedness for brokerages and other financial services firms.

1. Imposter Websites

According to FINRA, member firms routinely report phony websites posing as FINRA members and using registered names and company data to establish fraudulent sites that market investment services and products. These sites attempt to steal both personal information and money by leading visitors to believe they are interacting with a bona fide business.

2. Customer And Firm Employee Account Takeovers (ATOs)

Email account takeovers can occur with both customer or firm personnel accounts and begin with a comprised email account. Cybercriminals can gain unauthorized access to email accounts through data breaches, phishing emails, or websites that trick users into clicking on malicious links allowing them to execute unauthorized transactions in financial accounts, firm systems, bank accounts, and credit cards.

One of the dangers of an ATO for an employee account includes criminals creating fake identities to establish accounts for automated clearing house (ACH) or wire fraud.

3. Malware and Ransomware

Malware is malicious software and can take many forms, including viruses, spyware, and ransomware. These malevolent programs can steal data, encrypt it, delete it, and even hold it for ransom by infiltrating and taking over computing operations. Phishing is one of the most common ways that malware is introduced. Ransomware is a type of malware that, when launched, can encrypt data and prevent access to networks until a ransom is paid to the attacker.

4. Data Breaches

A data breach is a security incident in which hackers gain unauthorized access to confidential data like financial records or personally identifiable information (PII). Data breaches can lead to financial losses, reputational damage, lawsuits, and fines and penalties.

What Can FINRA Firms do to Prepare?

Core Cybersecurity for Broker-Dealer FirmsEarlier this year, FINRA, along with the SEC, Homeland Security, and other agencies, alerted members to the increased likelihood of cyber attacks as part of the invasion of Ukraine with a Sheilds Up warning.

In a recent op-ed, written by Jen Easterly, the director of CISA, and Chris Inglis, the national cyber director, the pair consider when the Sheilds Up warning might be lifted:

When will we be able to put our shields down? In today’s complex, dynamic, and dangerous cyberthreat environment, the answer is that our shields will likely be up for the foreseeable future.

For broker-dealer firms, this means continuing to follow the guidance provided by FINRA as well as cybersecurity professionals with experience within the financial services sector. There are cybersecurity controls that can mitigate the risk of cyber attacks.

To learn more, download our Guide to Effective Cybersecurity Controls for Broker-Dealer Firms.

Additionally, our Cybersecurity Threats and Effective Controls for FINRA Firms Infographic provides a quick overview of the threats faced by FINRA firms, as well as the controls to implement to reduce the risks from those threats.

Combining Cybersecurity Controls and Expertise

Balancing business initiatives with security and technology can seem challenging, particularly for broker-dealer firms without an internal team of cybersecurity experts, but Coretelligent can help. We offer our expertise and robust cybersecurity solutions to solve the challenges of the highly regulated financial services industry. In addition, we have years of experience working with broker-dealer firms and other firms like hedge funds, venture capital, and family offices. As a result, we understand the pain points these firms face in the digital world and have the solutions—from compliance and cybersecurity to growth and business transformation—to solve them.

Life Sciences Industry Innovation is Where Business & Technology Intersect

Life Sciences Industry Innovation is Where Business & Technology IntersectThe life sciences industry is experiencing a period of rapid growth. Not only does the sector produce life-saving and life-enhancing treatments, but it is fueling investment across the globe. For example, 78 startups went public in 2020 in the biotech sphere, representing a 77% increase from the previous year. Additionally, the first half of 2021 saw already seen 62 biopharma companies progress to IPO status. With the increased demand for innovative drugs, medical devices, and other therapies in the wake of the ongoing COVID-19 pandemic and vaccine development, various trends within the industry (like changes to clinical trials), and increased levels of investment, 2022 is shaping up to be a big year for the sector.

Innovation is the driver of the current expansion within the life sciences market. However, the key to maximizing this ROI, or Return on Innovation, requires that business and technology synchronize. This imperative calls for a carefully planned IT roadmap that enables companies to achieve a competitive advantage and improve business outcomes throughout the development, startup, growth, and expansion stages.

To help executives better understand the timeline, Coretelligent has developed a chart outlining the technology and business needs of the life sciences ecosystem throughout their life cycle. Download our datasheet Innovation is Where Business & Technology Intersect outlining how to plan your company’s IT strategy as you move through funding phases.


To dive deeper, download our data sheet → Innovation is Where Business & Technology Intersect.


In an earlier post, we shared some of the IT challenges faced by early-stage life sciences organizations. With this post, let’s take a deeper look at later-stage companies and what their IT strategy should be focused on as they scale.

What are the main IT priorities of life science firms as they move into their growth and expansion stages?

 

→ Employ technology for data management

As biotech, biopharma, and other life science enterprises grow, managing data increases in scale and complexity. As a result, cloud-based solutions and SaaS applications must align to ensure that enterprise data is available, usable, consistent, reliable, and secure. Employing the right technology solutions, including cloud-based services, backup and recovery, and others that store, manage, and protect data are critical at this stage.

→ Leverage technology to drive innovation

Not only has innovation come to the life sciences space, but it’s also bringing emerging technological trends with it. Advances in Artificial Intelligence (AI), Robotic Process Automation (RBA), Machine Learning (ML), Cloud/Big Data, and other developing technologies are evolving as disrupters to the sector. Successful life science companies will envision how to capitalize on these tools.

→ Optimize technology to grow operations

Even as innovative technology trends shift the landscape, IT becomes more integral to the core business operations as companies scale. While some may be using a managed IT model, most companies likely employ co-managed solutions during the later stages. A co-managed service provider empowers internal IT staff to drive technology delivery at scale and focus on strategic priorities. A technology partner can lighten the load by fulfilling tech support, plug critical skill gaps, and complement in-house capabilities with specialized technology services.

→ Utilize technology to ensure security and compliance

As a life science firm grows, compliance requirements increase in size and scope. At the same time, these companies have become more attractive targets for cybercriminals. As a result, life science firms must prioritize implementing robust cybersecurity tools and compliance processes to keep pace with evolving regulations while protecting sensitive data from bad actors.


Related Content → GxP and FDA 21 CFR Part 11 Compliance with Egnyte for Life Sciences.


Developing IT Growth Strategy for the Life Sciences Industry

The life sciences industry is booming, and the future looks even brighter. But the key to success involves more than just innovation—effective growth also depends on how well your life sciences company can leverage IT capabilities throughout your life cycle. In building out an effective IT strategy for startups, begin by understanding where your organization stands today, followed by preparing for those IT areas that will require digital transformation. Furthermore, leveraging new technologies like AI, RPA, ML, and Big Data, can help accelerate your progress and open up new opportunities in the journey towards achieving your goals.

To sum up, you need to understand what’s possible before embarking on any journey. By taking stock of current practices, planning ahead, prioritizing initiatives based on pain points, incorporating new technologies, and teaming up with a technology partner, you’ll be well-positioned to meet future growth. Coretelligent is an industry leader with extensive experience in the life sciences sector. To learn more about how Coretelligent can help your company successfully scale so that growth doesn’t stifle innovation, talk to one of our technology experts today.