Save the Date: Information Security Summit 2017

Click here for more information & to register!

Please save the date and plan to  join us for this timely forum on what you need to know about the latest security issues, threats, and technologies that will help you protect your business!

 

10 Things I Know About … Legal weed

10) Adult use

A key legislative issue for both opponents and supporters. Only those 21 and over can legally consume, possess and grow marijuana. Some legislators are advocating for a higher age limit.

9) Possession

Massachusetts residents can now legally possess up to 10 ounces of marijuana in their primary residence.

8) Growing

Massachusetts residents can legally grow their own plants within limits: 6 plants per individual and up to 12 plants per household.

7) No smoking allowed.

Users cannot consume marijuana in public places such as bars, restaurants, parks or anywhere on the street.

6) Some gray zones

Despite legalization, selling marijuana outside of a registered marijuana dispensary remains a crime punishable by up to two years of imprisonment and up to a $5,000 fine.

5) Closed for business

Although adult-use recreational marijuana has been legalized in Massachusetts since Dec. 15, stores will most likely not open until 2019.

4) Office matters

Employers have the right to terminate employees who show up to work under the influence.

3) Best policy

For concerned business owners, treat employee use of pot the same as you’d treat alcohol or other substance abuse.

2) Gifting

Adults can legally give the gift of bud or a seedling, but it still remains illegal to sell it.

1) Rule of thumb

Follow rules that apply to alcohol, and you should be in compliance; especially as it pertains to driving under the influence, which also applies to marijuana use.

 

This article was originally posted in the Worcester Business Journal. Read here >

5 Cybersecurity Trends to Watch for 2017

Fresh and familiar threats to concern IT departments.

 

As we embark on 2017, it’s time to reflect on a year where cybersecurity has played a major role. Even presidential campaigns haven’t been free from hacking scandals and data leaks. The average cost of a data breach for companies grew from $3.8 million last year to $4 million in 2016, according to the Ponemon Institute.

Companies of all sizes have embraced the cloud and open source has become the standard for infrastructure software. Both pose their own blend of benefit and risk. A major datacenter attack or failure could be problematic for many companies, and we can certainly expect an increase in the number of cyber-attacks based on open source vulnerabilities.

What else does 2017 hold in store? Let’s take a look at five trends we’ll be talking about in InfoSec this coming year.


ddos-attacks-on-iot-devices

1. DDoS attacks on IoT devices

Cybercriminals will increasingly target all manner of internet-connected endpoints such as surveillance cameras and employ them in DDoS attacks. In the rush to roll out all manner of IoT devices, security has taken a back seat. That means more serious incidents such as the denial of service attack on domain lookup service Dyn, are highly likely. The Mirai botnet was cited as the culprit, exploiting 50 to 100 thousand IoT devices.

Worldwide spending on IoT security reached $348 million this year, Gartner predicts it will climb to $434 million in 2017. But that won’t be enough, because Gartner analysts still think that, by 2020, more than 25% of all identified attacks in the enterprise will involve IoT.


hackers-dont-need-experience

2. Hackers don’t need experience

The tools that hackers and cybercriminals use are readily available and easily within reach of anyone who wants them and has the money to pay. It’s possible to buy dangerous hacking tools and use them with little to no knowledge of how they actually work. This trend will continue to spark the rapid growth of cybercriminals in the wild. Whether someone is politically motivated, disgruntled about something, or a career criminal, off-the-shelf hacking tools make it easier for them to make their mark and will cost companies millions in 2017.


third-party-vendors

3. Third-party vendors can be a gateway to their connected customers

Businesses can build an excellent security system and put all of the right policies in place, but until they subject all of their third-party partners to the same level of scrutiny, customers will be at risk. Just look at Wendy’s, where over 1,000 franchised locations were compromised by a Point-of-Sale (PoS) malware attack last summer. There will be more incidents like that until companies rise to the challenge of third-party risk management. Policies need to be tightened up with proper oversight to ensure that sub-standard security measures and systems don’t lead to major exposures.


ransomware

4. Ransomware

The specter of ransomware, which also appeared on last year’s list, continues to rear its ugly head. In fact, with Trend Micro predicting 25% growth in 2017, ransomware looks likely to spread into IoT devices, PoS systems, and ATMs. If you want your files back after a successful ransomware attack you’re probably going to have to pay the ransom, which is what the FBI actually suggests you do. It will be a lot cheaper to take preventative precautions. If you don’t want to end up held to ransom and out of pocket, then you need to act to mitigate the risk. Start by taking a look at our advice on how to guard against ransomware.


skilledit

5. Shortage of skilled IT security workers

This has been a long-standing problem. When 775 IT decision-makers involved in cyber-security were interviewed for a report entitled Hacking the Skills Shortage82% of them reported a shortage of cybersecurity skills, and 71% agreed that the shortage of skills does direct and measurable damage. With more than a million vacant positions worldwide, there have never been more jobs available in cybersecurity. We must work out why college graduates are shunning these openings and find a way to tempt them in.

In the meantime, hiring talent on a temporary basis is often the only route available for understaffed companies. That’s why the CISO-as-a-service or virtual CISO model is taking off and we expect it to grow more popular in the year ahead.

Whatever 2017 has in store for us, we can all boost our chances of success by taking a moment to review our cybersecurity planning and systems to ensure they’re the best that they can be.

IoT Could Be Our Downfall

We need to secure the internet of things.

This article was originally posted in NetworkWorld. >

Image credit Think Stock >