Insights

As cybersecurity threats continue to pose significant risks to businesses and organizations, staying updated with regulatory changes is crucial. On November 1, 2023, the New York State Department of Financial Services (NYDFS) introduced amendments to its cybersecurity regulation, 23 NYCRR 500, also known as Part 500. These updates come with a structured timeline for compliance, affecting a broad spectrum of entities, including Small Businesses, Class A Companies, and Covered Entities. Here's what you need to know about the changes and how to stay compliant. Key Compliance Dates and Requirements Immediate Changes and Reporting Duties As of December 1, 2023, all entities covered by the regulation are mandated to report cyber incidents, such as ransomware attacks, to NYDFS. This new requirement underscores the need for enhanced incident response strategies and transparent communication with regulatory bodies. Upcoming Compliance Deadlines Looking ahead, a significant deadline looms on April 15, 2024. By this date,…

Critical Path Security is thrilled to announce the launch of our comprehensive Office/Microsoft 365 Hardening Audits. By integrating multiple advanced security frameworks and tools, we are dedicated to bolstering your organization's cloud environment against emerging threats, ensuring compliance, and enhancing overall security posture. Our Enhanced Audit Approach: Our innovative approach to security audits combines several leading technologies and methodologies to provide an in-depth examination of your Microsoft 365 ecosystem. Here's what sets our service apart: Comprehensive Automated Security Tests: Leveraging a combination of advanced testing tools, we perform extensive automated checks across your Microsoft 365 setup. This approach allows us to identify vulnerabilities swiftly and efficiently, ensuring your setup adheres to the latest security best practices. Tailored Security Assessments: Recognizing the uniqueness of each organization, we offer customizable testing options. This flexibility allows us to tailor our audits to match your specific security policies and requirements, providing a more targeted…

As the NASCAR Whelen Euro Series roared into action this 2024 season, the opening races at Circuit Ricardo Tormo were nothing short of dramatic, filled with the thrill and spills that racing fans adore. Amidst the adrenaline-pumping action, our very own Ryan Vargas, proudly sponsored by Critical Path Security, showcased resilience and skill, navigating through a chaotic event marked by a significant incident that disrupted the race proceedings. The race weekend was a rollercoaster for all drivers, with Sunday concluding in a spectacular fashion as Liam Hezemans clinched a victory, his first in nearly a year. However, the standout story from the weekend was the resilience shown by drivers like Ryan Vargas, who found themselves amidst an early race melee. The Big One Strikes Dubbed "the Big One," a ten-car pile-up on the track resembled scenes typically associated with the high-intensity Talladega races. Ryan, caught in the thick of it,…

Cybersecurity and Infrastructure Security Agency (CISA) is spearheading a response to a recently identified security breach impacting Sisense, a leading provider of business intelligence and data analytics services. This incident, initially detected by independent security researchers, poses potential risks to Sisense customers across various sectors, including critical infrastructure. Details of the Incident Sisense is well-known for its comprehensive analytics platforms that empower organizations to make data-driven decisions. However, this incident highlights the vulnerabilities that can exist even in advanced technological environments. CISA, in collaboration with private industry partners, is actively working to mitigate the effects of this compromise, which involves potential exposure of sensitive credentials and secrets. Immediate Actions Recommended by CISA CISA has issued specific recommendations for all Sisense customers to ensure they can protect their networks and data effectively: Reset Credentials and Secrets: Organizations using Sisense services should immediately reset any credentials and secrets that were potentially exposed…