Loading...

Follow GRA Quantum on Feedspot

Continue with Google
Continue with Facebook
or

Valid

The Internet of Things (IoT) is creating a need to progress cellular capabilities to provide necessary support to currently 14 billion IoT devices connected globally and growing to between 20 and 50 billion devices by 2020 (Gartner and Cisco). This includes current mobile devices, computers, smart speakers and televisions, and will include more items like digital locks, security cameras, vehicles, and household appliances. Currently, the IPv4 address space is sparse and the Internet Engineering Task Force (IETF) ratified IPv6 as an Internet Standard in July 2017. The growth of connected devices requires a larger IP scheme and network infrastructure that supports the connectivity of billions of devices at high speeds.

The next iteration for robust infrastructure is 5G, providing bandwidth up to 20 gigabits per second.  This will be implemented this year, but a complete transition will take many years, which Huawei, a Chinese Corporation, is currently leading in technology. Huawei is the second largest provider of cellular phones worldwide and the largest manufacturer of network equipment.

The U.S. Government has taken a decided stance to block the use of Huawei in the United States, filing a complaint that bans all government agencies from engaging in purchasing from Huawei and bars third parties who use the company’s equipment (BBC). Huawei is currently suing the United States because of the ban. The U.S. is not the only country taking a cautious stance with Huawei, however. They’re joined by Germany, Great Britain, Australia, Canada, and Japan, all of which are citing major security concerns with the company (MIT Technology Review).

Security Concerns with Huawei dominating the 5G space: 1.  Security Vulnerabilities in Reconfiguring Networks

The first concern is that newer 5G network equipment is almost entirely software and constantly reconfigures, challenging security agencies, who examine equipment and software for vulnerabilities and security flaws or backdoors (FreshAir). When an organization is unable to identify weaknesses in devices with constantly changing software, it becomes impossible to implement security controls to limit vulnerabilities to an acceptable level, making an organization’s or state’s data accessible.

2.  Espionage & Interference

The second concern is the possibility of China using Huawei to conduct espionage or disrupt communications. A seven-month investigation into China’s Intellectual Property (IP) theft, led by the United States Trade Representative, estimates Chinese theft of American IP has cost the U.S. between $225 billion to $600 billion annually (CNN).

China has also used the Internet to enable rampant government oppression within their borders and is now focusing on other countries and foreign businesses. China is blocking and changing data, both coming into the country and going out of the country, using what Weaver, a network security expert at the International Computer Science Institute, has coined the Great Cannon (MIT Technology Review).

It is also concerning that China will likely continue to use the Internet to control narratives, as they did when Marriott listed Tibet and Hong Kong as separate countries from China, forcing an apology from the hotel chain. Chinese officials are also going after other companies that “misidentify” Taiwan (MIT Technology Review).

3.  Foreign Nation-State Controlled Networks

The third concern, and biggest security concern for the United States, is the vastness of a network controlled by a foreign company and potentially adversarial government. As Sanger (2019) reports, “classified intelligence reports from the U.S. have warned that China would one day use Huawei to penetrate American networks for cyber-espionage or cyberattacks.” Chinese private industry and the State are tightly tied with companies being answerable to the government. Current Chinese laws state that any Chinese telecom companies would have to participate in Chinese intelligence operations (BBC).

If Huawei controls the 5G network infrastructure, the company and the Chinese government have a tremendous advantage to collect, disseminate, and control data and critical infrastructure. With IoT expanding the attack surface it is important for countries and companies to advance their security.

Because of the persistent threat environment, companies require an adaptive security program.  Hiring a Managed Security Service Provider (MSSP) to implement a security solution would help U.S. companies prepare for current and future threats by monitoring, analyzing, encrypting, and assisting in security strategies against adversarial entities.

The post Top Cybersecurity Concerns with Huawei 5G Dominance appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Big data is the new toy in town—a technological commodity that is driving development, but is also a major point of contention between companies, users, and governing entities. But despite the name big data, it is often in the possession of small businesses, who have not taken the appropriate measures to secure this data.  When such large amounts of information are on the line, a breach of this data can be extremely detrimental.

With continual scandals being aired concerning poor privacy protections, it is even more important for your data to be protected. Consider these three things when securing big data: your specific configurations, what access you give out, and how to monitor your data.

1.  Configurations 

It was June of last year that the Exactis leak was revealed. Exactis, a Floridian marketing data broker, had a misconfigured Amazon ElasticSearch server that exposed close to 340 million records on both American adults and businesses. This included incredibly specific details such as pets, gender of children, and smoking habits. This leak has crippled Exactis; there is little chance that Exactis will bounce back from this event.  Beyond the effect that this leak has had on the business, Exactis CEO, Steve Hardigree, has also been open about the stream of inquiries, threats, and constant stress this has had on his personal life.

The root of this crippling leak lies in a misconfiguration and shows us just how configurations can make or break your business.  When you are planning out your big data space, you need to double, and triple check your configurations.

Tips for checking your configurations:
  • Security is a multi-layered beast and your data is unique, which in turn means that your approach to security must be customized. This could mean using security software in an unconventional manner or utilizing a third-party security company.
  • Think of the little things. Do you trust all of the programming interacting with your data? If not, how can you make it a trusted resource?
  • Consider getting a third-party Network Security & Architecture Review of your environment. This allows you to have an outside opinion of exactly how secure your data is. If possible, it is beneficial to get this review at least annually.
2.  Access Granted

As you are deciding on configurations, you need to take into account who will be granted access and to what.

If the data is meant to stay completely internal, you need to decide what kinds of users are allowed what permissions. For example, who is allowed to pull data? Is anyone? If it’s not a part of the daily workload, under what circumstances is it allowed? By who?

If you are going to share your data with third parties, there is another host of questions to consider.  Do you allow them unlimited access to your data? Who do you allow access to?

Tips for Granting Internal & External Access:
  • Limit the amount of external access you allow; if possible, do not allow it at all. This will lessen your attack surface and your inherent risk.
  • External resources likely don’t need to access everything your internal resources can. Restrictive groups are a great organizational way to separate who has access to what within your environment.
  • Not all internal resources are equal and therefore should not be given the same access. You will need to evaluate how you give out access and document your process of escalating and deescalating access.

As it has become evident with Facebook’s admittance of leaving data connections open even after deals had been closed, it is also important to think about what happens when access has been revoked. What are you going to put in place to prevent access when it should no longer be allowed?

Take the access you grant seriously so you don’t end up scrambling to make changes after an incident.

3.  Monitoring & Alerting

For everything that can be done to your data, there should be a way for you to monitor it. That is not to say that you have to micro-manage every aspect of your big data. But if an incident were to occur, or more realistically when an incident occurs, you should be able to construct an image of what was going on at the time of the event. For this to be possible, you need a way to monitor your data and receive alerts on the incidents.

Tips for Monitoring & Alerting:
  • Adversaries do not keep normal business hours, so be sure you are monitoring your data at all hours. One way to easily achieve 24/7/365 monitoring is by outsourcing this function to a Managed Security Services Provider (MSSP).
  • When setting up alerts, it can be challenging to find a balance between “alert on every single possible event” and “I only want to see important alerts”. What if an uptick on those seemingly harmless alerts is the only tip-off to an insider threat? And on the other hand, if you are constantly on edge from alerts, you will easily fall into alert fatigue. An MSSP can act as the filter between you and your alerts, only notifying you after an alert is investigated and confirmed to be legitimate.

When you are in possession of big data, there is a lot on the line to secure.  When a breach of this magnitude can destroy your business, it’s critical you take into consideration these factors.

The post 3 Factors to Consider When Securing Big Data appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

While most large enterprises have recognized the value in taking a proactive approach to security, many smaller organizations may not yet realize that they are also a target for cybercriminals.  As a result, these organizations’ primary security strategy consists of waiting until an incident occurs to react, with minimal to no preventative security measures in place.

This makes small organizations a prime target for cyber criminals, with 58% of cyberattacks targeted at small businesses, according to the Verizon DBIR.

The problem is that this reactive approach often results in severe remediation and forensics costs, as well as substantial brand and reputation damage.

This has a significant effect on any business that is breached, but unlike larger organizations, smaller businesses often have a harder time recovering from the damage caused.  Many of these small businesses don’t recover at all, with 60% of small organizations going out of business within six months of suffering a cyberattack. 

When you take into consideration the growing frequency of small businesses that are breached and the rising costs of these breaches, it makes sense that taking a proactive approach to security can actually save you money in the long run.

So, what exactly does a proactive cybersecurity strategy consist of?

1.  Identifying your greatest vulnerabilities with Security Assessments.

The first step in proactively protecting your organization is understanding what exactly needs protecting.  This can be accomplished in a security assessment to understand and identify your greatest weaknesses ­­— before an adversary does.

These assessments could take the form of a Network Security & Architecture Review or a Penetration Test.  They are designed to find weaknesses in your security policies, network design, and device configurations and rules.

As an extra benefit, these assessments help you prioritize where to focus your budget.  This is a great way to get your executives on board, whose support is critical when gaining budget for other proactive measures.

2.  Monitoring your network continuously with a Managed Security Service Provider.

One of the best ways to proactively detect incidents is to have eyes on your network 24/7/365.  This can be done through a managed security services provider (MSSP), which will continuously monitor your endpoints and alert you when there is suspicious activity on your network.  The MSSP staff will also provide you with detailed recommended remediations so you can strengthen your network and prevent future incidents.

Although the cost of an MSSP may be comparable to hiring an internal employee, the value you receive from an MSSP is far greater than one person can offer.  Unlike a single employee, an MSSP offers you varied areas of expertise, access to technology, and around-the-clock coverage. 

3.  Reducing incidents resulting from human error with Security Awareness Training.

With human error accounting for 27% of cybersecurity incidents (Ponemon Institute), providing your staff with security awareness training is one of the most critical and budget-friendly proactive measures you can take.

This training should include secure password training, phishing campaigns, and secure travel training.  Be sure to incorporate this training into the onboarding process and include regular refreshers to ensure your staff is up-to-date and you are fostering a culture of cyber awareness.

By taking the necessary steps to implement proactive security measures, you can save money on costly breaches ­­– and possibly even save your business.

Not sure where to start? Contact us for a complimentary security assessment.

The post 3 Ways Small Organizations Can Take a Proactive Approach to Security appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

One concern that often arises when a company is considering hiring a Managed Security Service Provider (MSSP) and outsourcing their security functions is the risk of allowing a third party to monitor and take care of sensitive data.  For many companies, this can be a source of great anxiety.  Allowing a third party to access sensitive organization data and customer Personally Identifiable Information (PII) begs the question, what exactly is my MSSP monitoring?

While it is always a risk to give your data over to another entity, it is important to know that MSSPs will protect your privacy at all costs and are only interested in monitoring the security of your organization.

Let’s start to address the concerns by taking a look at what MSSPs are not monitoring:

What an MSSP is not monitoring:

A responsible MSSP places a high value on protecting client confidentiality and is primarily concerned with protecting the integrity of the client’s network infrastructure and data. As such, even if the ability is there, the MSSP staff does not review browsing activity or history, email content and recipients, or database information, ensuring full privacy for your executives.  MSSP personnel strictly adhere to confidentiality agreements and act professionally.  If sensitive information is seen, it is not discussed.

There are ways to ensure confidentiality is maintained, including detailed service level agreements (SLA) and statements of work (SOW). These are essential when transferring risk to an MSSP and can offer legal protections to a company in the event of a data breach.

What an MSSP is monitoring:

Typically, an MSSP will aggregate logs and events from multiple systems and sources within the client’s network infrastructure to a security information and event management (SIEM) system.  Those logs and events will come from infrastructure components like firewalls, endpoint security applications, and operating systems.  The SIEM will be configured with alarming rules that will generate alerts from incoming logs for the MSSP personnel to investigate and act upon.

Why partner with an MSSP? Cost Advantage

Contracting with a third party to handle your organization’s network and information security has significant advantages, especially for small and medium-sized businesses that may not have the budget for a dedicated in-house information security team.  In fact, hiring an MSSP over an in-house staff is a way to make the most of your money by gaining access to 24/7 expertise without the burden of finding and retaining staff during the massive cybersecurity skills shortage.

Business Advantage

When you partner with an effective MSSP, they will provide monthly reports that not only improve visibility into your security posture, but also act as a tool to justify and build budget for future security needs.  This allows you to map your security objectives to the greater business objectives, which in turn helps get leadership on board with your efforts.

Technology Adaptability

A quality MSSP will be technology agnostic, with the ability to adapt to your current infrastructure, technology, and existing applications that you’ve already invested time and budget into.

Access to Expertise

Perhaps the largest benefit of contracting with an MSSP is the level of security expertise the MSSP can provide.  A quality MSSP will be staffed with security experts who are highly skilled in network and information security, organized to detect, analyze, respond to, report on, and prevent cybersecurity events.

Ultimately, when you engage the services of an MSSP, you receive peace of mind knowing that not only is your data protected around the clock, but your privacy is also prioritized and maintained.

Don’t settle for any MSSP; follow our Comprehensive Guide to find the right one for your needs.

The post Why Take the Risk? Addressing Privacy Concerns with an MSSP appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

What does it take to build a security program from scratch, in a company without any existing security initiatives in place? To answer this question, we spoke with Jadee Hanson, Code 42’s CISO, whose builder mentality translates into everything she does.

 Q:  How did you first become interested in the cybersecurity industry?

A:  I was always very interested in technology in high school and I had a mentor that saw my interest.  He was the technology coordinator for our entire school district, and I worked for him a few days a week.  We would buy all sorts of different computer parts and then assemble the lab’s computers.  He taught me the basics for everything that falls under the information technology umbrella.

After graduation, I worked for Deloitte in their enterprise risk services team.  Deloitte was on the leading edge of cyber risk.  I was doing pen testing when companies didn’t know what a pen test was.  It was a great opportunity that transitioned me from IT into cybersecurity and spurred a deeper interest in the industry that never went away.

Q:  What was it about the industry that attracted you to it?

A:  What I found fascinating with cybersecurity was this notion of the bad guy—an adversary trying to do something bad to a company.  In cybersecurity, the mission is to figure out how to protect against those adversaries.

Another appeal was that at the time, people didn’t really understand what cybersecurity was.  I was the first to raise my hand for any cybersecurity engagement.

“I think I was naturally drawn to the industry because it was new, which allowed me the chance to build programs from scratch.  My mentors commonly describe me as a builder, with the ability to take something from nothing and build a robust process and program around it.”  

Q:  How did this mentality as a “builder” help you as you progressed in your career?

A:  When I worked at Target, I got to leverage many of the skills I had in building programs.  We built risk functions, security operations functions, and training awareness functions.  All of these different functions needed to be in place in order to have an effective security program.

Then, when I started at Code 42, there was a lot to do, a lot to change and a lot to build, so this was my next project, essentially.

Q:  Your ability to see gaps and build solutions seems to carry into your life outside of work.  Can you tell me a bit about how you started your nonprofit, Building without Borders?

A:  I first visited the Dominican Republic in 2004 with my husband, but then when I came home, I had kids and got busy.  In 2010, however, I went back with my sister on a mission trip.  There we built houses, met families, and ran a children’s program.  Coming home, though, I realized it wasn’t enough—I couldn’t just go there once a year and not do more.

“I realized there was this major problem, and there was something I could do about it.”

As of now, we’ve built 39 houses there and have initiated a healthcare program as well as food delivery.  It’s been really rewarding to see the change in the community and the people there.  They now feel supported and hopeful, not abandoned.

Q:  How do you think companies could encourage more people, specifically women, to enter the industry?

A:  We have to start encouraging participation at the next generation of workers.  One of the ways we do this at Code42 is through a partnership with Girl Scouts.  We house Girl Scouts here to get their STEM Badge or Cybersecurity Badge.  In fact, we’re the first company within the River Valley region of Girl Scouts to host the Cybersecurity Badge.  They’re not all going to choose a career in cybersecurity, but the thing that we’re trying to do is make sure that the younger generation knows and believes that if they do want to choose this career path, there’s a place for them.

Q:  What advice do you have for anyone interested in starting a career in the cybersecurity industry?

A:  Confidence is key.  You know your worth, and you know what you can do, so be confident in who you are and what you bring to the table.

To learn more about or donate to Building Without Borders, click here. And be sure to check out our Women in Cybersecurity Series for more great advice.

The post Moving Up: An Interview with Jadee Hanson appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

What does it take to build a security program from scratch, in a company without any existing security initiatives in place? To answer this question, we spoke with Jadee Hanson, Code 42’s CISO, whose builder mentality translates into everything she does.

 Q:  How did you first become interested in the cybersecurity industry?

A:  I was always very interested in technology in high school and I had a mentor that saw my interest.  He was the technology coordinator for our entire school district, and I worked for him a few days a week.  We would buy all sorts of different computer parts and then assemble the lab’s computers.  He taught me the basics for everything that falls under the information technology umbrella.

After graduation, I worked for Deloitte in their enterprise risk services team.  Deloitte was on the leading edge of cyber risk.  I was doing pen testing when companies didn’t know what a pen test was.  It was a great opportunity that transitioned me from IT into cybersecurity and spurred a deeper interest in the industry that never went away.

Q:  What was it about the industry that attracted you to it?

A:  What I found fascinating with cybersecurity was this notion of the bad guy—an adversary trying to do something bad to a company.  In cybersecurity, the mission is to figure out how to protect against those adversaries.

Another appeal was that at the time, people didn’t really understand what cybersecurity was.  I was the first to raise my hand for any cybersecurity engagement.

“I think I was naturally drawn to the industry because it was new, which allowed me the chance to build programs from scratch.  My mentors commonly describe me as a builder, with the ability to take something from nothing and build a robust process and program around it.”  

Q:  How did this mentality as a “builder” help you as you progressed in your career?

A:  When I worked at Target, I got to leverage many of the skills I had in building programs.  We built risk functions, security operations functions, and training awareness functions.  All of these different functions needed to be in place in order to have an effective security program.

Then, when I started at Code 42, there was a lot to do, a lot to change and a lot to build, so this was my next project, essentially.

Q:  Your ability to see gaps and build solutions seems to carry into your life outside of work.  Can you tell me a bit about how you started your nonprofit, Building without Borders?

A:  I first visited the Dominican Republic in 2004 with my husband, but then when I came home, I had kids and got busy.  In 2010, however, I went back with my sister on a mission trip.  There we built houses, met families, and ran a children’s program.  Coming home, though, I realized it wasn’t enough—I couldn’t just go there once a year and not do more.

“I realized there was this major problem, and there was something I could do about it.”

As of now, we’ve built 39 houses there and have initiated a healthcare program as well as food delivery.  It’s been really rewarding to see the change in the community and the people there.  They now feel supported and hopeful, not abandoned.

Q:  How do you think companies could encourage more people, specifically women, to enter the industry?

A:  We have to start encouraging participation at the next generation of workers.  One of the ways we do this at Code42 is through a partnership with Girl Scouts.  We house Girl Scouts here to get their STEM Badge or Cybersecurity Badge.  In fact, we’re the first company within the River Valley region of Girl Scouts to host the Cybersecurity Badge.  They’re not all going to choose a career in cybersecurity, but the thing that we’re trying to do is make sure that the younger generation knows and believes that if they do want to choose this career path, there’s a place for them.

Q:  What advice do you have for anyone interested in starting a career in the cybersecurity industry?

A:  Confidence is key.  You know your worth, and you know what you can do, so be confident in who you are and what you bring to the table.

To learn more about or donate to Building Without Borders, click here. And be sure to check out our Women in Cybersecurity Series for more great advice.

The post From the Ground Up: An Interview with Jadee Hanson appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The popularity of Internet of Things (IoT) devices is steadily on the rise.  In fact,  IoT Analytics projects that there will be 22 billion active IoT devices by the year 2025. What does this mean for the office, and more specifically, the IT or security team? In short, these teams can expect a growing challenge of securing these devices as they become more commonplace in the office.

It’s no wonder that these devices are becoming a popular fixture in the workplace- they make everyday tasks easier which in turn makes employees happier and more efficient. For example, many offices may implement smart vending machines that communicate when they are getting low on an item and can request a restock from the mothership.  We’re also seeing an increase in smart conferencing setups, TVs, and even smart desks.  Add this to the existing well-known IoT infrastructure devices, such as HVAC and alarm devices, and you’ve got an entire office full of IoT devices.

While these devices can improve the quality of a work environment, they have the opposite effect on the security of this environment.

IoT Vulnerabilities

Oftentimes, these devices will have a camera, microphone, or some other way of recording information. If one of those devices is breached, an attacker can essentially spy on your organization and record loads of valuable and potentially sensitive information.

The biggest concern, though, lies in many of the infrastructure devices mentioned above being poorly configured. When these poorly configured devices are then connected to the same network as the rest of the business, they are creating a backdoor for hackers to easily access your sensitive data.

How to Secure IoT Devices

So how can we ensure that our office, whether it be a home office or a corporate office, isn’t at risk because of an IoT device? While there’s no easy solution, there are steps you can take to secure these devices and reduce the chance of an incident: 

1. Create an IoT device policy for the office.

In this policy, address what devices employees can and cannot bring into the office and whether or not they can connect them to the office network. Include a password strategy in your IoT policy, in which you require all passwords are changed from the default and encourage strong passwords or multi-factor authentication.

It’s also a good idea to include in the policy a way to ensure that any IoT devices in the office are regularly patched and updated.

2. Connect IoT devices to a separate network.

Perhaps the best way to reduce risk from IoT devices in the office is to connect these devices to a separate network. If they are compromised, the damage can be contained within a smaller network rather than the whole company’s network.

If you are unsure of your network configurations or need advice on how to segment these devices onto their own network, consider engaging experts for a Network Security & Architecture Review.  This will reveal any possible vulnerabilities in your network and map out the best way to secure your network.

3. Monitor all IoT device activity.

 Once you decide who, what, where, and how the devices will be connected, it’s a good idea to keep an eye on the devices’ activity. Monitor the devices and how they are interacting with your network, either in-house or through a third party Managed Security Service Provider (MSSP).  This allows you to be proactive if a device has been compromised.

The increase of popularity in IoT devices undoubtedly creates a problem for IT administrators.  But with the tips above, you can still take advantage of the conveniences IoT devices provide without drastically increasing the vulnerability of your organization.

The post Three Tips to Help You Secure IoT Devices in the Workplace appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Many leaders in security feel some degree of uncertainty when they see the price tag that accompanies Managed Security Service Providers (MSSPs). While the hesitation is understandable, it’s not necessarily logical.  When the options are narrowed down to hiring an MSSP or hiring a single employee, the costs end up being roughly the same.  The difference, though, lies in what you are getting for your money. For instance, when you hire a single employee, you are limited in ways that an MSSP is not.

Consider, what will you do when your employee wants to take time off, or gets sick? How many different areas of expertise can this employee cover? Will they work around the clock? If not, how will you stay secure outside of business hours?

Keep these questions in mind as we take a look at what exactly you are paying for when you hire an MSSP:

At any one time, most MSSPs are staffed with at least four analysts.  And I mean any time.  Don’t forget that a key component of MSSPs is that they are operating around the clock- 24/7/365.  This doesn’t include the threat hunting experts or incident response specialists that many MSSPs have on staff in case of an incident.  To achieve protection similar to what an MSSP provides, you would need a dedicated staff of at least 4-6 employees.

Now take into consideration that your employees will be expecting benefits and paid time off.    You must also account for the unexpected circumstances- family emergencies, illness- that will undoubtedly arise as they do in any staff.  An MSSP, however, already has these factors accounted for and will be appropriately staffed to ensure around-the-clock security coverage.

And, because of the significant amount of employees you have access to, you will naturally have access to a wide variety of skills- a much larger range of expertise than a single employee, or even two or three employees for that matter- could cover.  Not to mention, you will have a hard time finding employees that are willing to work swing shifts.  With a cybersecurity skills shortage of 2.9 million employees, you may have a hard time finding employees at all.  And, if you do find a talented employee, you can bet it’ll be a constant struggle keeping them around with the sheer amount of recruiters knocking at their doors.

But it’s not only the talent and expertise you are paying for when you hire an MSSP.  With an MSSP you are also getting access to the best-in-class technology as well, including SIEM, endpoint monitoring, and reporting tools.

So, yes, hiring an MSSP is comparable in cost to hiring one security professional. But, if you’re paying the same amount, why not get the most out of your money?  The benefits that an MSSP provides you with that a single employee cannot are immense:

  • 24/7 coverage without the worry of finding and retaining talent during the cybersecurity skills shortage
  • Relief from the burden of staffing and accounting for PTO, sick time, or overnight staff
  • Security protection from diverse areas of expertise
  • Access to the best-in-class technology

Keep in mind that in order to reap the many benefits of an MSSP, you must be deliberate when choosing your security partner.

Find the right MSSP for your needs with our Comprehensive Guide.

The post Get More Bang for your Buck: Hire an MSSP vs. an In-House Expert appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We’re excited to welcome Filaree Way to our GRA Quantum team as Project Manager.  Filaree has 10 years of project management experience in diverse companies with the primary focus being IT, eCommerce and Cybersecurity.

As a Project Manager, Filaree is responsible for communicating the value of our programs to clients and ensuring security projects are delivered on-time and on-budget. A large part of this is identifying security risks and building a program to mitigate these risks, including training programs, regular security assessments and implementing secure IT equipment.

Since most of this work is done behind the scenes, Filaree will be faced with the challenge of helping clients realize the many benefits of these programs after kick-off.

Filaree eagerly takes on this challenge, though.  “I love how dynamic the cybersecurity industry is,” explained Filaree.  “Not only is it constantly changing, but its importance is growing all the time.  There is an unlimited amount of work, and while there are foundational security practices, each business has unique needs that need to be addressed.”

When not at work, Filaree spends her time in the mountains, snowboarding in the winter and hiking and camping come summertime.  She also has a great love of animals and growing plants.  Originally from California, she has learned to appreciate her garden even more now, living in Utah’s cold climate.

We are grateful to have Filaree on our team while we continue to grow.  As the need for GRA Quantum’s services increases, so will the need for Project Managers with her expertise to support the implementation of these services.

The post GRA Quantum Welcomes Project Manager appeared first on GRA Quantum.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

If you’ve decided to outsource your security to a managed security services provider (MSSP), you may now be on a mission to find the right one. The bad news is that not all companies that call themselves MSSPs have the same capabilities or processes.   How can you be sure you aren’t signing a contract with an MSSP that will fade into the background, only passively monitoring your network and sending vague alerts?

The good news is that there are a few indications that can signal an ineffective MSSP. Be on the lookout for these red flags:

1. A promise of a 5-minute deployment solution.

While it may be appealing to hire an MSSP that can be ready in no time at all, this isn’t feasible. It takes time for an MSSP to understand and incorporate into your existing environment.  If an MSSP advertises 5-minute deployment solutions, they aren’t taking the time needed to tailor alerts to your unique environment.

Instead, look for an MSSP that understands the value of custom solutions and takes the time to get to know and understand your needs.

2.  A provider that doesn’t assign you a clear point of contact or take the time to understand your communication style.

This could indicate an unorganized and impersonal relationship with the MSSP after hire.

Instead, look for an MSSP that provides you with a designated point of contact, ideally someone who understands your needs, from both a technical and business perspective. Your point of contact needs to be able to recognize what is required to resolve technical issues but is also comfortable negotiating service or contract issues.

Your initial interactions with an MSSP often set the stage for communication styles after hire. Does the MSSP jump on a call with you or just send a scoping questionnaire your way? This will give you an idea of the kind of customer service you will receive throughout your entire time working with the MSSP. Make sure your communication styles match and that they will be available when you need them.

3.  An MSSP that boasts their technology above their people and expertise.

This may be a sign that they’re lacking the critical human element.

It could also indicate that the MSSP can’t incorporate into your existing technology stack, which could end up costing you more money in the long run.  Instead, look for an MSSP that’s technology agnostic and staffed with experts from different backgrounds.  After all, technology is only half of what makes an effective MSSP effective.

Don’t wait until you’ve signed a contract to find out the MSSP is not the right fit for you.  Avoid this mistake by keeping these red flags in mind throughout your search.

Want to learn more? Get the Full Guide to Choosing an MSSP

The post 3 Red Flags to Look Out for When Choosing an MSSP appeared first on GRA Quantum.

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview