JTEKT corporation is a global manufacturer of automotive components, bearings, and machine tools. They also operate in aerospace and industrial manufacturing. They are a company that supports and builds things for these industries. JTEKT North America recently got hacked and hit with Ransomware. Almost 900GB of data was taken, including data from companies such...
Continue reading
CMMC 2.0 Update
I recognize that a host of others are writing about CMMC and its ever-changing guidelines while in development. What I would like to do is present a simple view - where we are in the process and development stages and how they can potentially impact your business. First a few disclaimers, one, the development...
Continue reading
CrowdStrike
Everyone has seen the recent news of the outage caused by a bad update to the CrowdStrike Agents. This is a good time for everyone to take stock of their own IT systems, disaster planning, and security configurations. First, if you follow Sher-Tech you know that we are generally don’t recommend companies use services...
Continue reading
Benefits of a vCISO
A virtual Chief Information Security Officer (vCISO) is an external expert contracted by your organization to provide CISO services. These services include designing, overseeing, and managing your organization’s overall security strategy. These are high-level, organization-wide strategies, though larger organizations may have different security strategies for different business units. Providing Risk Assessments and Risk Management...
Continue reading
We All Live in a Bad Neighborhood
Back in the Stone Age (Late 90’s/Early 00’s) people referred to the internet as a Superhighway. It was a way of connecting to far off places without interacting with the points in-between. While the way the internet works hasn’t changed, our understanding of its interconnectedness has. When it comes to the internet superhighway, it’s...
Continue reading
Protecting Critical Infrastructure, Large and Small
Critical infrastructure is mentioned in the news by politicians and many other agencies who oversee or work within an industry that is considered critical to the United States and its daily functions. The Department of Homeland security labels critical infrastructure as the following and it “includes the vast network of highways, connecting bridges and...
Continue reading
Secure or “Secure Enough”?
When we talk about security, it is often not clear what the end goal is beyond an unspecified "secure state." Which begs the question, when is security good enough? I almost never hear business leaders or security professionals begin a security conversation from this perspective, but this is precisely the conversation business leaders should...
Continue reading
Software Whitelist or Blacklist?
Today I am writing on the subject of a security control known as whitelisting/blacklisting, or sometimes seen as “deny all, permit by exception”. This control is usually seen as part of cybersecurity compliance efforts, or when organizations have reached the maturity level to begin formalizing their security standards. This can refer to software, applications,...
Continue reading
Surviving Below the Cybersecurity Poverty Line
Recently an article came out titled “How to Survive Below the Cybersecurity Poverty Line” which raised some interesting points for small to mid-sized businesses. The cybersecurity poverty line is defined as the point at which an organization does not “have the means and resources needed to achieve and maintain a mature security posture and...
Continue reading
The Future of Cyber-Insurance Policy Security Requirements
As Cyber Attacks continue to escalate, more and more businesses are looking to Cyber Insurance Policies to protect against financial losses. As cyber insurance becomes more popular, we at Sher-Tech are seeing changes to the underwriting process. Currently, when seeking an insurance policy, the insurance company will send you a questionnaire seeking information on...
Continue reading