Cybersecurity Blog

Expanding the Cybersecurity Talent Pipeline: 2023 CIO Marathon Each year, the CISE Education Fund hosts its most important fundraising event of the year: the CIO Marathon. The 2023 CIO Marathon is slated for Oct. 5 and 19 – and presentation slots are already filling early. Employers across the Bay Area continue to struggle with shifting cybersecurity workforce readiness, availability, and geographic concerns. As consistently reported by the U.S. Bureau of Labor Statistics, roles like information security analyst will have a growth rate of 31 percent over the next decade compared to the 4 percent average growth rate for most other occupations. While the data is daunting, there is a resource dedicated to preparing the next generation of great talent right in the heart of Oakland, California – the Merritt College Cybersecurity Program. The Consortium of Information Systems Executives (CISE), a non-profit and professional community of current and former Chief Information Officers, works closely with Merritt College to raise funds to improve and develop the capabilities of the next generation of technology professionals in the Bay Area – preparing great talent ready for internships and entry-level positions. The CIO Marathon Each year, the CISE Education Fund hosts its most important fundraising event of the year: the CIO Marathon. The 2023 CIO Marathon is slated for Oct. 5 and 19, hosted at Merritt College – and presentation slots are already filling early. This event helps raise funds to support top cybersecurity talent by bringing together top technology leaders from Bay Area companies to provide feedback to presenters who have reserved pitching slots. Perspective presenters can reserve their spot for $9,500. All proceeds go to fund scholarships. To date, CISE has had more than 10 CIO Marathons, has heard 100+ company pitches, sponsored more than 110 students and raised more than $1 million to fund student scholarships. StrataFusion Partner Mark Egan has been involved from the start as a member of CISE and the Merritt College Cybersecurity Program, helping students prepare for the workforce. “With the collective cost of data breaches expected to reach $5 trillion by next year, Cybersecurity is more crucial to business resiliency, and we must ensure we have the talent ready to meet the challenges ahead,” Egan says. “The Merritt College Cybersecurity program provides the talent pipeline and CISE ensures students have a viable path to success.” As your cybersecurity needs grow, be sure to connect with Merritt College to hire some of the best (and most prepared) young professionals entering the cybersecurity workforce. Take action! Reserve now! CISE is now accepting corporate presenters for the 2023 CIO Marathon ! Prospective presenters can email Mark.Egan@stratafusion.com . The CIO Marathon also includes “Selling to CIO training” and two presentation dry runs. Networking dinner Oct. 19 for all participants. Each company can have up to two guests at the CIO Marathon dinner. Learn how you can strengthen your cybersecurity bench by hiring Merritt College graduates and interns https://community.stratafusion.com/merritt-job-seekers

Zero-day attacks are some of the most stress-inducing events a security team can face. A zero-day event is when hackers take advantage of a software security flaw (known only to hackers) to launch a cyberattack before a patch is ready.  That’s bad enough, but it’s not just one zero day that you have to defend against. Chaining attacks are a zero-day event methodology that turn the stress of one flaw into an all-out assault by combining multiple vulnerabilities. What does this mean to your enterprise? Hackers gather numerous zero days and chain them together to move undetected across your IT environment with a goal of gaining code execution privilege. Their goal is to keep unsuspecting IT teams running in circles while attackers wreak havoc. The Cybersecurity & Infrastructure Security Agency ( CISA ) says most times attackers use lower score vulnerabilities to first gain a foothold, then exploit additional vulnerabilities to escalate incrementally. Jen Easterly, director of CISA, warns that a new vulnerability -- Log4j, a snippet of open-source code widely used in internet applications to track user activity -- could likely open the door to hundreds of millions of computer hacks around the world. How can you prepare? Early detection, asset management, incident response, segmentation/enclaves and privilege access management are critical to a rapid response and recovery. Make sure your teams are on top of vulnerabilities across your enterprise software and application landscape and are ready to deal with zero-day attacks, which includes keeping software obsessively patched and updated. If a chaining attack occurs, ensure everyone knows what to do -- divide and conquer to close doors with a practiced world-class rapid incident response. Now more than ever a strong foundation of cybersecurity is crucial for business. Start with the core components to ensure the trust and confirm paradigm, MFA and security posture. We can help you get started, or help you accelerate your cybersecurity journey. Contact us today

Have you ever seen someone on social media quip something like “I was today years old when I learned that …” That’s actually a great example of a zero day, or 0-day. For those who may not know, in the world of IT a zero day refers to the first day a vulnerability or flaw becomes known to the developer or the vendor. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. And until the vulnerability is fixed, hackers can wreak absolute havoc with networks, software or data. The name, obviously, comes from the stress-inducing fact that there are exactly zero days to fix it. The ultimate goal of bad actors in a zero-day attack is to compromise your network or apps before detection. That means the zero-day race is a never-ending effort to stay ahead of bad actors and find and fix every vulnerability before malicious action can be taken. Even with the best processes, the most talented teams, the latest technology and vigorous preparation available for your defense, there is one variable that is outside of your control --- the zero-day vulnerability. Don’t let anyone fool you into thinking that there is anything out there called “Absolute Security.” With increased high-profile security incidents unfolding across multiple Industries in 2021, the risk your team might experience increases day by day. And when you consider the growing developer landscape and the constantly evolving intrusion points – applications, APIs, SDKs – it’s only more urgent to create a culture and employee mindset of cybersecurity. SFG can help you build a strong cybersecurity foundation, especially when it comes to the zero-day mindset. Start with the core components to ensure the trust and confirm paradigm, MFA and security posture. We can help you get started, or help you accelerate your cybersecurity journey. Click here to understand and reduce risk to stop threats before a zero-day attack surprises your team. Contact us today.

When you think about what cybersecurity actually looks like, most people imagine that it’s about keeping unwanted hackers out of their systems and networks – maybe having digital safeguards posted at entry points. But it’s so much more. It’s also about the billions of IT assets around the world, which are constantly being changed, upgraded, added and connected. Take a moment and think about the multitude of phones, tablets and computers connected to a network at any given time, as well as the lightbulbs, building and environment management sensors, car components, Wi-Fi routers, medical devices, and more. And that doesn’t even include the additional things (like game consoles, TVs and appliances) that are connected to a shared home network being used for remote work.

Foundation to Blueprint – Building Your Cybersecurity Stronghold  Think about building a house. You start with a strong foundation that is engineered to support a framework, walls, and all the things that will be built upon it, as well as the things that will be brought in. And of course, protect the people who live in it. The same is true with cybersecurity – your network starts with a foundation and then you build the infrastructure (the blueprint for wiring, plumbing, walls and a roof). But everything must be built upon a strong foundation so that people can operate in the network securely. With the velocity of hacks increasing , especially as more people continue to work remotely (many without a proper security foundation or knowledge of what that even looks like), the new landscape is creating a target-rich environment for bad actors. In fact, Accenture reports that 68% of business leaders feel their cybersecurity risks are increasing. Small and mid-sized businesses (SMB) may be more at risk. SMBs are less likely to have a Chief Information Security Officer (CISO) in place and more likely to have outdated cybersecurity solutions. Many times, smaller businesses can struggle with identifying those hard-to-find vulnerabilities, simply because of the time it takes, and the expertise it requires. The following three-step roadmap can help ensure your team stays ahead of attacks and is better equipped to outpace bad actors: Threat & Vulnerability Management: This really is all about an arms race. From identification of vulnerabilities to the ability for hackers to exploit before your security team can identify the threat and fix it, or even know about it. It’s very important that your security team are threat hunters who scan and proactively check for security software for threats and basically knows how to get the most out of your cybersecurity solutions and protect against bad actors. It is crucial that you monitor the products installed across your network to ensure peak performance. Subscribing to security intelligence reports is also key to maximizing the impact of your security technology products and their patch or configuration availability. That means a consistent cycle of monitoring, understanding trending threats and patching maintenance is essential to ensure you are getting the most out of the solutions you pay for. We can help your team map out a plan. Configuration & Patch Management: This is the other side of the coin of your threat and vulnerability management program. Monthly, proactive patching, with the ability to immediately implement security patching, is absolutely mandatory! Make sure vendor security and product patches are applied expeditiously to both those IT systems that are internet facing, as well as internal. IT solutions that are no longer supported by vendors create a huge, unnecessary risk. Do you have the ability to patch your security solutions as soon as a new threat is identified? We can help. Endpoint Protection: If you have been using the same old anti-virus (AV) solution for the last couple years, it is time to upgrade your tool kit by moving away from signature-based detection (antivirus) and start using behavior-based monitoring. The AV market has converged and matured, including the integration of EPP (endpoint protection) with EDR (endpoint detect and response). EDR is based on the premise that at some point an infection is going to occur. The next generation EPP improves the ability to identify indicators of attack, investigate with real-time forensics, sophisticated visualizations and perform remediation. We can help your team identify the right upgrade or new product for your business. We can’t emphasize enough the vital importance of a strong cybersecurity foundation, which we’ve covered in recent blogs . As the average cost of a data breach is estimated to be almost $3.9 million, it only makes sense to spend a little now to invest in your cybersecurity stronghold. We can help you get started, or help you accelerate your cybersecurity journey. Contact us today .