Insights

Credit - Joan Gamell As we continue to learn more about the recent SolarWinds Orion supply-chain attack conducted by nation-state actors, and subsequent targeting of private and government sector organizations, Critical Path Security felt it imperative to share some guidance on what we are tracking. This guidance reflects information from industry counterparts as well as recommendations derived from internal experience. At this moment, a little over 18,000 organizations around the world have downloaded network management tools that contain a backdoor built into the SolarWinds Orion product. The disclosure from Austin, Texas-based SolarWinds, came a day after the US government revealed a major breach hitting federal agencies and private companies. The US Department of Treasury, Commerce, and Homeland Security departments were among the federal agencies on the receiving end of the attacks that provided email and other sensitive information to attackers. The backdoor infected customers who installed an update from March…

The Cybersecurity Maturity Model Certification (CMMC) (Web Resource) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected against cyber-attacks. The CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. This certification program is intended to replace the process of self-attestation to NIST SP 800-171 that many defense contractors and subcontractors performed over recent years. This program will significantly impact how a large portion of future defense contracts are awarded. The program requires external audits to be conducted by external parties such as Critical Path Security. Failure to comply and can lead to serious penalties. Therefore, many organizations in the Defense Industrial Base (DIB) are actively working to understand what the CMMC means for them. To alleviate some of the ongoing concerns, we are providing a short list of items. 15…

As an active and devoted contributor to the CTI League, the first Global Volunteer Emergency Response Community, Critical Path Security is providing its Threat Intelligence feeds to help combat the growing incidents of cybercriminal activity targeting the COVID 19 vaccine initiatives. Critical Path Security aligns its efforts with the CTI League in providing key security feeds, free of charge, to the medical services and emergency life saver organizations who are on the front lines combatting the pandemic. One of the CTI League Founders, Nate Warfield sent an email of appreciation to Critical Path Security's Founder, Patrick Kelley for the work toward the cause. "I'm Nate Warfield, one of the four founders of CTI League and I'm confirming that Patrick Kelley of Critical Path Security is an active member of CTI League. He & other colleagues from Critical Path donate their time, expertise and experience to the group, pro-bono, to defend…

Work From Home (or Anywhere) Our Response to Staying Cyber Safe Dec 8, 2020 12:00 PM Eastern Time (US and Canada) At Sentinel Benefits and Critical Path Security, we believe effective data security starts with awareness, training, and risk assessment. Today's world - often referred to as the "information age"- has seen people generate, store and exchange information at an unparalleled rate of frequency and volume. In light of the rapid expansion of remote working: How has this conversation changed? Are your employees exposed to greater risks by working from anywhere. How can organizations stay vigilant? Cyber experts, Todd Larson from Sentinel Benefits and Patrick Kelley from Critical Path Security, will answer crucial questions like: · What are the new risks as firms allow their employees to work remotely? · What are the best practices for onboarding people securely in a virtual world? · How are the "bad guys" looking…