Managed IT Services Blog

The trend toward remote and mobile work was already picking up steam prior to 2020. The pandemic accelerated this shift and, in many cases, organizations didn’t have time to secure their endpoints. Today, employees are using their own devices and accessing resources through the cloud more than ever, but endpoint security is still lagging behind.

The latest update to the Payment Card Industry Data Security Standard (PCI DSS) is the first since 2018. That’s an eternity in the world of industry regulations and the technology required to satisfy those regulations. As a result, it should be no surprise that the new standard, PCI DSS 4.0, brings major changes. Any organization that handles cardholder data should be reviewing it now so they can start the process of becoming compliant.

In an era of distributed computing environments, software-defined WAN (SD-WAN) has emerged as the most efficient way to manage the increased network traffic and intensified connectivity demands required to link rising numbers of people, devices and applications. The benefits are so compelling that some industry analysts anticipate triple-digit growth of the SD-WAN market over the next year.

Many organizations are looking to get out of the business of maintaining data center infrastructure onsite. However, not every workload is suitable for the public cloud. Organizations still need to host certain mission-critical applications on infrastructure they control.

Sharp increases in ransomware and other malicious cyberattacks are leading more companies to consider purchasing cyber insurance. However, the same market forces are making it more difficult to acquire such protection.

Every state in the U.S. has data breach notification laws. In Delaware, for example, if a breach requires a certain number of residents to be notified, the organization must also provide notice to the attorney general. Some states require organizations to provide credit monitoring services to those affected by a breach of financial data.

Cybercrime has always represented an existential threat to businesses — many companies go out of business within six months after a data breach. Following a record year for ransomware and other cyberattacks, organizations worldwide are reassessing their cybersecurity plans, priorities and budgets.

“Curiosity killed the cat,” goes the old warning about being too inquisitive. An unusual new mobile phone phishing scam is apparently counting on victims to be a little too curious for their own good.

Penetration testing is a critical element of modern cybersecurity practices, designed to give you a hacker’s perspective of your network security controls. More than three-quarters of IT professionals say they rely on the practice to reveal security weaknesses.

The vast majority of organizations have embraced the idea of a hybrid work environment in which employees split their time between onsite and office work — 82 percent, according to one recent study. However, many are finding the transition is more difficult than they imagined.

The notorious SolarWinds hack that compromised more than 30,000 public and private organizations in 2020 was the “most sophisticated attack the world has ever seen,” according to Microsoft President Brad Smith. However, there was nothing sophisticated about the flaw that allowed the attack — a weak password (solarwinds123) that exposed the company’s update server.

Many organizations that adopted cloud contact center solutions over the past two years did so out of simple pragmatism — pandemic-triggered restrictions required a transition to remote operations. A happy byproduct of that move has been the pronounced modernization of contact center processes.

Security threats continue to escalate. From advanced hacks engineered by nation-state actors to more prosaic attacks using “as-a-service” malware, organizations face a constant barrage of threats to their IT infrastructure and data. Hackers continue to shift their strategies as they find new vulnerabilities.

Security threats continue to escalate. From advanced hacks engineered by nation-state actors to more prosaic attacks using “as-a-service” malware, organizations face a constant barrage of threats to their IT infrastructure and data. Hackers continue to shift their strategies as they find new vulnerabilities.

In concert with its military campaign in Ukraine, Russia is also apparently conducting sophisticated cyber warfare by targeting Ukraine’s government ministries and financial institutions with multiple strains of “wiper” malware. U.S. cybersecurity officials warn that these threats may eventually spill over to public- and private-sector organizations in this country.

High-profile security breaches are being reported in the news every week. Organizations in healthcare, energy, government and many other industry sectors are constantly targeted by cyberattacks.

The Internet of Things (IoT) has captured the imagination of businesses in almost every industry. It refers, of course, to the billions of network-connected devices that are capable of monitoring systems, capturing data and automating many tasks.

All signs suggest that businesses will continue to support hybrid and remote workstyles for the foreseeable future, but most IT leaders say it will require a significant shift in their networking philosophies. In particular, they expect accelerated adoption of software-defined WAN (SD-WAN) and secure access service edge (SASE) technologies to securely connect branch offices and distributed workforces with the cloud resources they need.

IT organizations are under constant pressure to optimize resources, increase efficiency, improve security and reduce expenses, but aging technology often gets in the way. It’s estimated that outdated systems make up nearly a third of the typical organization’s IT environment, which makes it extremely challenging to achieve the potential benefits of rapidly evolving technologies.

“Trust no one.”

That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security.

“Maturity” might seem an odd word to apply to security. As attacks become more frequent and complex, organizations need the agility to respond to new forms of cybercrime. Old ways of thinking are seldom useful in the ever-changing world of IT.

Security analysts are alarmed about a bug in software few people know about — the Log4j logging utility for Java applications. In November, researchers identified a zero-day exploit that affected the Java version of the Minecraft video game. Hackers were able to trick Log4j into storing specific character strings that allowed them to take control of the compromised machine. The hackers could then execute malicious code remotely, spread malware or steal sensitive information.

Cryptojacking has surged in the last two years as the value of the cryptocurrency market has skyrocketed. There were more than 51 million cryptojacking attacks in the first half of 2021 alone, according to the SonicWall Cyber Threat Report. Many attacks go unreported.

Cybercriminals have accumulated a vast amount of personally identifiable information over the years. Almost any information you might want is available on the Dark Web, often for a relatively small fee. But according to the nonprofit Identity Theft Resource Center, fraudsters are shifting their focus from consumers to businesses.

In a previous post, we discussed five important cybersecurity lessons we learned in 2021. Growing numbers of endpoints used outside the security perimeter have created significant new risks. Cloud misconfigurations are also a leading source of security threats, and protecting data across the extended environment is increasingly difficult. Users need more effective training so that they understand their cybersecurity responsibilities, and organizations are struggling to hire enough security experts to meet their needs.