Resource Type: News

Ethical Disclosures are Being Ignored: An Unchecked Security Crisis

May 31, 2021 |

Forty-seven percent of cyber security professionals are investigating only 10-20 threats per day, according to a report from Critical Start. Sixty-eight percent reported that up to three quarters of the threats they do investigate are false positives. And for so many CISOs, dealing with the nagging issue of a potential security breach and the ethical mandate to disclose and create dialogue turns instead to yet another task on the to-do list. Learn more in this Security Magazine article.

Alleged Russian SolarWinds Hack ‘Probably an 11’ on Scale of 1 to 10

Featured on Newsweek

A cybersecurity expert warned that the alleged Russian hack of SolarWinds software, which affected top government agencies, is “probably an 11” in terms of seriousness on a scale of one to 10.

The U.S. Department of Homeland Security warned on Sunday that users of SolarWinds should disconnect or disable the software after it was discovered hackers had compromised an update from the company earlier this year. Unidentified sources told Reuters and the Associated Press that Russian hackers were believed to be behind the cyberattack, which hit federal government agencies and many of the nation’s top companies.

“It’s been said on a scale of one to 10 this is probably an 11 for the type of attack, the magnitude and the potential damage it’s done,” cybersecurity analyst Mark Wright, the chief security adviser at California-based cybersecurity startup Sentinel One, told Fox News on Monday morning. “Not from an infrastructure standpoint like going after the energy grid or taking things down. But simply from the loss of information, the stealing of secrets, especially very sensitive information and the fact that this was going on for months.”

“We have yet to even understand how big the damage assessment will be. But I guarantee you, by the time it’s done, it will be far worse than what we think it is right now because we still haven’t uncovered all of the people who have been attacked by this campaign,” Wright said.

Randy Watkins, the chief technology officer of Texas-based cybersecurity firm CRITICALSTART, said in an email to Newsweek that the goals of hackers can be financial as well as theft and data destruction.

“The primary motivation for cyber attacks are monetary, theft, and destruction. While many news cycles have covered the more consumer-facing monetary impacts of ransomware, campaigns for theft and destruction of data are still being heavily waged,” Watkins said.

The cybersecurity expert added the incoming administration of President-elect Joe Biden “will have to recognize the growing threat of cyber attacks from prominent world powers and terrorist nations alike.”

The new hack has affected Treasury Department and Commerce Department emails, and SolarWinds software is used by many other federal agencies including the Pentagon, the White House and NASA. Reuters reported Monday that the Department of Homeland Security was impacted as well. SolarWinds’ website says that “more than 425 of the U.S. Fortune 500” companies use its software as well. NBC News reported Monday that thus far, there is no evidence that classified U.S. government networks were breached. The scope of the attack remains under investigation.

In a Monday update, SolarWinds suggested that thousands of clients had potentially been impacted by the vulnerability, which had arisen through an update in the spring. “SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” the company said.

Russia has denied any involvement in the cyberattack. But Moscow’s efforts to interfere in government and private systems around the world have been well documented and reported by U.S. and allied intelligence agencies. It is typical for Russia—or other nations—to deny involvement with such attacks when they are accused. China and Iran have also recently been accused of carrying out cyberattacks against the U.S.

“I reject these statements, these accusations once again,” Dmitry Peskov, a spokesperson for Russian President Vladimir Putin said Monday, Russia’s Tass news agency reported. Peskov added: “It is wrong to groundlessly blame Russians right away. We have nothing to do with this.”

FireEye Breach to Have Big Impact on Cybersecurity Industry

Featured on Channel Futures | December 9, 2020

This week’s FireEye breach is distressing for the cybersecurity industry as a whole and could have wide-ranging impacts on providers.

That’s according to cybersecurity experts who weighed in on the FireEye breach. The attacker has stolen assessment tools used to test FireEye’s customers’ security.

Kevin Mandia, FireEye’s CEO, reported the attack, saying it’s by a “nation with top-tier offensive capabilities.”

“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” he said. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

The attackers are highly trained in operational security, and executed with discipline and focus, Mandia said. Moreover, they operated clandestinely, using methods that counter security tools and forensic examination.

“And they used a novel combination of techniques not witnessed by us or our partners in the past,” he added.

The FireEye breach is being investigated by the company in coordination with the FBI and other key partners, including Microsoft.

Stealing Assessment Tools

The attacker targeted and accessed certain Red Team assessment tools. These tools mimic the behavior of many cyber threat actors. They also provide diagnostic security services to FireEye’s customers.

None of the tools contain zero-day exploits. FireEye is releasing methods and means to detect the use of its stolen Red Team tools, Mandia said.

“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them,” he said. “Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.”

There’s no evidence that any attacker has used the stolen Red Team tools, Mandia said.

“We, as well as others in the security community, will continue to monitor for any such activity,” he said. “At this time, we want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools.”

Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers, Mandia said.

“While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems,” he said. “If we discover that customer information was taken, we will contact them directly.

Everyone Is a Target

Randy Watkins is CRITICALSTART‘s CTO. He said the FireEye breach highlights major concerns in the security industry.

“First, everyone is a target,” he said. “Attackers continue to leverage less secure third parties to access information that is interesting to them. Second, attackers are advancing. Even FireEye is vulnerable to well-orchestrated, well-funded and persistent attacks. Though the Red Team tools compromised do not contain any zero-days, many organizations lack proper patching protocols, and could likely be vulnerable to some of the attacks from older exploits.”

A third and final lesson learned is that security organizations, private industry and government agencies must work together and find a common enemy in the attackers to “create a country more resilient to cyberattacks,” Watkins said.

Mike Puglia is chief product officer at Kaseya. He said the FireEye breach is troubling for the security industry for two reasons: how the attacker accomplished it and what they obtained.

“This was a very customized, almost surgical strike by nation-state actors against a specific private entity that provides security for some of the world’s most sensitive information, including U.S. national defense assets,” he said. “This is a major escalation of the nation-state cybercrime crisis. And it indicates that this already pernicious problem is still ramping up. This breach also allowed bad actors to obtain extremely valuable, cutting-edge technologies used to stop cybercriminals and spies from accessing critical secure systems and data. Unfortunately, not only does snatching those tools give them the opportunity to learn precisely how to beat them, but it also gives them an advantage in beating future defensive solutions built with similar technology.”

Nation-State Cybercrime Rising

Nation-state cybercrime has been a major cybersecurity topic in 2020, Puglia said. That’s because it’s consistently becoming more common and more dangerous.

“While insulating your business against this exact attack type isn’t feasible, there are several long-term and short-term precautions you can take to make your business safer against more common types of nation-state attacks,” he said. “Insist that all of your clients add a secure identity and access management solution that includes multi-factor authentication (MFA) to throw up a roadblock between hackers looking for a quick win and your client’s data and systems. Also, strongly suggest that your clients add both secure backup capability to make their data quickly restorable in the event of an incident and dark web monitoring to guard against dark web threats like nation-state hacking through credential compromise.” Kevin Beasley is CIO of VAI, a midmarket enterprise resource planning (ERP) software developer.

“This breach will probably have a significant impact on the security industry,” he said. “For how long is unknown. Hackers used novel methods unfamiliar to FireEye and many other companies. This presents a unique challenge as the security industry will have to innovate and develop new solutions and software to combat and prevent breaches as hackers are advancing their methods and as they’re utilizing FireEye stolen tools. Many security tools and software solutions monitor for suspicious activity. But if new techniques are being utilized that are not detected by the current security tools set in place, then IT teams won’t be notified and efforts to breach the system can go unnoticed until it’s too late.”

The Scariest Part

“The scariest part of the FireEye breach is that the hackers used FireEye-developed tools as a weapon,” Beasley said. “Cybersecurity providers must work hard to protect internally developed tools that could potentially later be compromised and used for harm rather than good.”

Additionally, providers should take note of FireEye’s response to the breach, Beasley said.

“Even though bringing the news to the public caused the company’s shares to drop, the disclosure of the event will help mend FireEye’s reputation going forward, and maintain public trust,” he said. “Also, the company releasing countermeasures is a huge testament to its determination to stop the hackers and prevent future breaches. In the unfortunate case that another company or business experiences a breach, responding to the event in a similar manner is a good route to take.”

Scammers Target Consumers on Record Day of Online Shopping

Featured on Fox News 13 Tampa | December 1, 2020

This holiday season is set to shatter online shopping records, as the pandemic pushes consumers online and shoppers are scoring deals from the safety of their homes.

The traditional Thanksgiving weekend shopping spree turned into a long lineup of digital deals this year.

“So it’s no longer just Black Friday to Cyber Monday, it’s two weeks before Thanksgiving and three weeks after Thanksgiving,” said Randy Watkins, chief technology officer for CRITICALSTART.

He says the convenience of shopping from the sofa also comes with serious threats. Usually, the hackers get into your accounts through your email.

The scammer’s goal is to get you to open an attachment that could install malicious software, or persuade you to enter private data like credit card information, usernames and passwords so they can steal your hard-earned money.

“An attacker does not care about your Walmart account, your Target account, your Amazon account, what they care about is that you probably use that same username and password for your Chase account, your Wells Fargo account, your Bank of America account,” Watkins said.

With all the deceptive ads and phishing attacks, it is tough to know what to trust. Experts say to be on the lookout for fake websites and emails that look like the real thing. Instead of clicking links, navigate to the website on your own and only shop with reputable retailers.

“If it seems too good to be true, it probably is. You’re not gonna get the $5,000 TV for $400,” said Watkins.

In the Tampa Bay area, scammers trick people out of millions of dollars every year, which is why you need to be vigilant and skeptical when loading up your shopping cart online.

“The tricky thing about this is it’s really hard to catch the people who perpetrate these,” explained Hillsborough County State Attorney Andrew Warren. “It’s hard to identify them, it’s hard when they don’t live in this country, and it’s really hard to prosecute them.  That’s why the best response to this is trying to protect yourself before the fraud ever occurs so that the scammers never end up taking your money.”

Tips to Guard Against Attackers: https://www.criticalstart.com/how-retailers-can-be-ready-for-black-friday-and-cyber-monday/

Here’s How You Can Protect Yourself From Scams This Black Friday

Retail stores should be taking heightened security measures during the holiday season to protect their customers against cyberattacks, according to a cybersecurity company.

Black Friday may be more prone this year to cyberattacks as more consumers are choosing to shop online due to the coronavirus pandemic, cybersecurity company CRITICALSTART said recently.

Experts like Randy Watkins with CRITICALSTART, a Managed Detection and Response company that monitors cyber-attack detections, says extra caution is necessary when you’re digging for deals.

There are several ways to watch out for your personal information while you surf the internet to ensure your holiday shopping is “hacker free.”

“They don’t even really have to hack, they just have to convince you to give them your information,” Watkins said.

The first thing he says is to always be skeptical.

“Unfortunately, we have to live in a world of skepticism and vigilance when it comes to our security,” he added.

For all you online shoppers, he says, steer clear of site impersonations.

“An attacker will attempt to look like a large retailer and they will approach the user and convince them to log in to that website to capture the username and password,” Watkins said.

Hackers and scammers may use the large window of deals that retailers have created to lure potential victims to provide their sensitive information.

“A flood of aggressive advertising via social media and email may prompt consumers to dismiss red flags, making them even more susceptible to credential-harvesting phishing scams, account takeover and fraud,” the company said.

Consumers can protect themselves from having their information stolen from criminals in the following ways:

  • Inspect “appointment shopping” offers online closely
    Many stores will be offering “appointment shopping” this year to avoid hectic crowds and limit the spread of COVID-19. Before reserving an early spot you see on social media to get that deep discount, be sure to check the store or vendor’s official website to see if the offer is legitimate.
  • Be cautious of QR codes
    QR codes, those scan-able black and white squares have also seen a rise during the pandemic. While this is time-efficient, cybercriminals can create malicious QR codes to redirect users to fake websites and steal personal data or to install malware on personal devices, CRITICALSTART said.
  • Distance yourself from fake accounts
    Cybercriminals often use social-media scams to steal people’s data by impersonating other people’s or companies’ accounts. These types of attacks are becoming harder to spot as scammers are now using visual security questions to bypass normal safety features.

Featured on 12 News Phoenix | November 23, 2020

Ransomware Attack on Plano Tech Firm Highlights Key Issue Companies Need to Understand

By Brian Womack
Dallas Business Journal | November 15, 2020

Plano’s Tyler Technologies was hit by an attack that’s become increasingly common today.

The software company, which assists local and state governments, in September announced it was hit by a ransomware attack, and its corporate website was taken down. The Web page would come back up, but the impact to revenue would be about $4 million between late September and October, CEO Lynn Moore said during a call with analysts earlier this month.

The incident was another reminder of the growing issue around ransomware. A mid-year report by Bitdfender, a cybersecurity firm, said global ransomware reports increased by 715 percent. Also, through Sept. 1, ransomware was the most observed threat year to date with over one-third of all cases, according to the intake of cyber incident responses at Kroll, a risk-management company.

“Ransomware is a huge deal,” said David Deering, CEO at Leo Cyber Security, noting he wasn’t speaking about Tyler Technologies’ case in particular. “It is a significant risk to businesses.”

The incentives for such attacks aren’t abating – it’s something that more companies are focusing on, or should be, observers say.

Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid, according to the Cybersecurity & Infrastructure Security Agency. It typically spreads through phishing emails or via an infected website.

“While ransomware started as a broadly deployed attack against consumers, attackers have begun to weaponize it in targeted attacks on companies and government entities,” said Randy Watkins, CTO at Plano’s CRITICALSTART, which provides assistance around cybersecurity. “Initially, encryption of the information was the goal, and ransom was paid for decryption, but new attacks also leverage data theft, or exfiltration, to increase the ransom amount over the threat of disclosure.”

At Tyler, an investigation indicated the incident was solely directed at the internal corporate environment and not the separate environment where it hosts client systems.

“Multiple resources have verified our ability to resume safe file sharing activities, connection to our internal networks, and normal operational interaction with clients,” the company said in an updated statement on its website recently. “All indications are that the impact of this incident was solely directed at our internal corporate network and phone systems – not Tyler client systems.”

Targets of ransomware can be broad. Kroll notes particularly hit areas include professional services, healthcare, and technology and telecommunications. And then there’s governments and schools, including Athens’ school district, according to a recent report.

Ransomware is becoming more of an issue, according to Toby Ryan, chief data scientist at Cysiv, a North Texas provider of security operations center (SOC)-as-a-service.

“It’s very easy to do,” Ryan said. “Ransomware is almost a commodity. The majority of ransomware ransoms are small, you know, $500,000.”

It can all lead to some nice pay-outs to cybercriminals, Deering said.

“It’s a very lucrative way for individuals to make money,” he said. “It causes a significant amount of concern inside of businesses — and one of the easy ways to do it is to pay them. There are pros and cons and arguments on both sides on whether or not you should pay …. but because it’s such acute pain, it is a way to monetize the softness of someone’s cybersecurity program.”

The attackers tend to be careful in who they attack, Deering said. They’re not just blindly sending out some emails, hoping something sticks. They focus on those who have access to real money – so small companies with a handful of employees may not be hit.

Companies need the right tools to protect themselves. A key issue: Getting buy-in from top folks in an organization.

“It’s a leadership problem,” Deering said. “Most people think it’s a technical problem. The programs that I’ve seen that are immature inefficient because of for poor business leadership.”

Prevention is important, and goes a long way, Ryan said, along with “understanding the behavior of malware, ransomware specifically, will help you find it.”

Ransomware isn’t a new issue – and it’s something more folks are likely to grapple with, observers said.

“With all things, it’s going to course-correct over time,” Ryan said.

“As long as the attackers are incentivized with the prize — as long as companies are paying it — then I think it’s going to keep going until something happens.”

“Adaptability” With Douglas Brown & Tera Davis

An interview with Douglas Brown of Thrive Global and Authority Magazine.

As a part of my series about “Lessons From Inspirational Women Leaders in Tech”, I had the pleasure of interviewing Tera Davis. She applies more than a decade of sales and technical experience to cultivate mutually beneficial relationships with CRITICALSTART’s strategic business partners. Her expertise spans a broad range of cybersecurity technologies including threat prevention, mobile security, next-generation firewall, and threat intelligence. Throughout her career, Tera has had the opportunity to work with hundreds of manufacturers, distributors and clients.

Brown: Thank you so much for joining us in this interview series! Before we dive in, our readers would love to learn a bit more about you. Can you tell us a story about what brought you to this specific career path?

Davis: I entered network security from the industrial controls industry. My fiancé at the time worked for a cybersecurity company, and they seemed to be having fun in a lucrative field. I got an interview at a network security reseller, and the rest is history. I never looked back. It is an exciting, ever-changing industry.

Brown: Can you share the most interesting story that happened to you since you began at your company?

Davis: As one of the founding members of CRITICALSTART, I can honestly say that navigating a global pandemic has been the most interesting thing in the last 8 ½ years. Like many others, we had to quickly shift to having everyone work from home. We navigated that beautifully, allowing a seamless transition for our customers. Our ability to quickly change and adapt during a global pandemic, and many other times along the way, is one of the reasons we continue to grow so quickly. We abide by our founding principles: 1. Do what’s right for the customer. 2. Don’t do things that suck. 3. Do what’s right for the employee.

Brown: Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

Davis: Well, I regret to say this has happened more than once — but sending an email to the wrong person can be funny or horrific! Luckily, mine have been good for a laugh on occasion. I’ve learned to slow down and always double-check that the email address didn’t automatically populate, but isn’t the one you wanted.

Brown: Can you tell us a story about the hard times that you faced when you first started your journey? Did you ever consider giving up? Where did you get the drive to continue even though things were so hard?

Davis: Having started a business, it was definitely waiting for the sales to come in to balance the outflow of cash paid to vendors. We would pay bills from our personal account and reimburse when we got payment from the customer. It was a passion for the way we were entering the market that kept everyone going. About 18 months into the journey, sales started coming in at a rate that turned things around. It hasn’t stopped yet!

Brown: None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful to who helped get you to where you are? Can you share a story about that?

Davis: I have been in sales for most of my working days. I worked for someone early on that was very focused on customer follow up. He taught me to follow up with the customer even if I didn’t have an answer — just to let them know I was still engaged in the process. I adopted that, and it has helped me be very successful. People want to feel like they haven’t been forgotten. It’s a small detail that makes a huge difference.

Brown: Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life? 

Davis: Life is like a box of chocolates — you never know what you’re gonna’ get.” I love this because it’s true in so many ways. If you expect things to turn out a certain way, you will almost certainly be disappointed. Having wonder about what you might find along the way keeps things more interesting and positive. And, in case you think I’m just pulling a quote from a famous movie, I literally use this phrase as my status message in Microsoft Teams!

Brown: Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. We’d love to learn a bit about your company. What is the pain point that your company is helping to address?

Davis: CRITICALSTART is a world-class Managed Detection and Response company. We resolve every security alert and alleviate the pain point of alert fatigue for security analysts.

Brown: What do you think makes your company stand out? Can you share a story?

Davis: We have a proprietary software platform that allows end-users to select from multiple vendors that plug into our service. That, along with our Trusted Behavior Registry (allowing us to automatically resolve what is known-good) put us in front of the competition.

Brown: Are you working on any exciting new projects now? How do you think that will help people?

Davis: COVID definitely put a damper on it, but we have a Women in Technology group that meets quarterly to discuss things that are challenges specific to women in this industry. Through those meetings, we raise funds to aid the Treasured Vessels Foundation. This organization helps teens in our community get out of sex trafficking.

Brown: Let’s zoom out a bit and talk in more broad terms. Are you currently satisfied with the status quo regarding women in Tech? What specific changes do you think are needed to change the status quo?

Davis: I actually think there are some very powerful women making huge strides in Tech right now. From my perspective, things are moving in the right direction and organizations like this that bring awareness help move the needle.

Brown: In your opinion, what are the biggest challenges faced by women in tech that aren’t typically faced by their male counterparts? What would you suggest to address this?

Davis: We have actually had this topic at one of our Women in Technology happy hours. While I think things are improving, there are some challenges that women may always face. One is coming back to a career after maternity leave. I am seeing increased numbers of men taking paternity leave, so that is encouraging. Women seem to inherently struggle more with a work-life balance. Neither of these is specific to the tech industry. At CRITICALSTART, I feel that we do an amazing job of empowering women in the workplace. Having been there for the last 8 ½ years makes it difficult for me to see the major challenges that some others might face.

Brown: What would you advise to another tech leader who initially went through years of successive growth, but has now reached a standstill. From your experience do you have any general advice about how to boost growth or sales and “restart their engines”?

Davis: Change your methodology. If you have a program or set of guidelines you’ve been using, read something new and give it a try. There are constantly evolving sales strategies out there — might just be time to shake yours up.

Brown: Do you have any advice about how companies can create very high performing sales teams?

Davis: Hold them accountable and make their compensation plan easy to understand. I have never heard more complaints and seen a more unmotivated sales team than one who cannot decipher how they are going to get paid. Good salespeople are motivated internally by the desire to make more money.

Brown: In your specific industry, what methods have you found to be most effective in order to find and attract the right customers? Can you share any stories or examples?

Davis: Honesty. That sounds simple, but so many people out there are trying to sell customers another service or another tool/product. Sometimes, doing nothing is the right answer. If you are willing to turn away a deal and show unabashed honesty, the net of that is usually a loyal customer. In the early days of CRITICALSTART, our CEO told a customer in a meeting that they shouldn’t buy the particular tool that was being pitched. Trust me, we needed those sales, but the sentiment was that the customer would end up irritated that they didn’t have the time and resources to fully utilize the tool in the long run. When they had completed some recommended tasks to get in a better place, they returned and became a happy customer.

Brown: Based on your experience, can you share 3 or 4 strategies to give your customers the best possible user experience and customer service?

Davis: For our MDR — it is all about ease of use, which is why we created a mobile app.

  • Customer Service — ALWAYS get back with a customer within 24 hours. Even if your update is just to say you are still working on something, at least let them know you haven’t forgotten.
  • Stand up for the customer — if there ever is a situation where a vendor isn’t being forthcoming or fair in negotiations, always fight for your customer’s best interest.

Brown: As you likely know, this HBR article demonstrates that studies have shown that retaining customers can be far more lucrative than finding new ones. Do you use any specific initiatives to limit customer attrition or customer churn? Can you share some of your advice from your experience about how to limit customer churn?

Davis: Keep them happy — it isn’t always easy, and sometimes a situation is outside your control, but that is the simplest answer. Do customer satisfaction surveys and pay attention to the answers. Make changes where necessary. A happy customer may not always say something to a colleague, but an unhappy customer almost certainly will.

Brown: Here is the main question of our discussion. Based on your experience and success, what are the five most important things one should know in order to create a very successful tech company? Please share a story or an example for each.

Davis:

  • Integrity — If you don’t have integrity as the backbone of what you do, things will come crashing down like a house of cards. This goes back to my previous example of telling a customer not to buy something knowing that was the right thing to do.
  • Culture — Build a business that has a culture that makes people want to work there. At CRITICALSTART, we have had countless employees hired that is a referral (and sometimes even a relative!) of a current employee. That speaks volumes about the culture we have.
  • Adaptability — Don’t be too set in the ways behind how you started the business. At CRITICALSTART, we have pivoted many times with our business. We could see that a managed service would be the direction things were moving in, so we created that component to our business. We have also created many other service revenue streams seeing that selling products wasn’t going to continue to be the highest margin generator for the company.
  • Honesty — This ties in with integrity, but can go a bit further. One example at CRITICALSTART is the pivot to work from home, and navigating a global pandemic. We made the promise not to cut jobs due to COVID, and we kept that promise.
  • Teamwork — If you have teams of people inside the organization working against each other, you cannot achieve your goals. At CRITICALSTART, all of our teams align and work toward the common goals of the company.

Brown: Wonderful. We are nearly done. Here are the final “meaty” questions of our discussion. You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.

Davis: Honestly — I would just say that people need to spread more kindness — can we get behind that? I read something once that said “kindness is free, sprinkle that sh*t everywhere” . . . I couldn’t agree more. Do something kind for a coworker, a neighbor, a stranger — watch how it changes their demeanor . . . . and probably the rest of their day.

Brown: We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch, and why? He or she might just see this if we tag them.

Davis: Well, I did dance on stage once with FLORIDA — and I think it would be nice to have a follow-up conversation from that.

Brown: Thank you so much for this. This was very inspirational, and we wish you only continued success!

Unknown Election Outcome Benefits Cybercriminals

Without a clear winner, there is a big opportunity for disinformation campaigns.

Cybercriminals are “relishing in the madness” of those trying to sow further discord as the presidential election outcome remains unknown.

That’s according to Jerry Ray, SecureAge‘s COO. He and other cybersecurity experts were anxious to weigh in Wednesday as efforts continue to determine the election outcome.

“The higher the temperature of those defending or defaming the election results, the lower their awareness of the multitude of attacks awaiting them,” Ray said.

Those attacks include phishing emails, fraudulent websites and other tactics to exploit the “highly distracted,” he said.

“As the votes continue to be counted, the most inevitable and effective cyberattacks will be subtle, unnoticed, unattributable and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished,” Ray said. “With only a fraction of 1 percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

No Voting Machine Hacks Reported

Allyn Lynd is Critical Start‘s senior digital forensics and incident response (DFIR) adviser/manager.

“There are currently organizations reporting what they believe are irregularities in voting-polling rolls, but no actual voting machine hacks,” he said.

There are credible reports of uncounted votes stemming from someone else registering for an absentee ballot to a bogus address.

“Again, this is not an issue with the voting machines, but an issue with the voting ecosystem,” Lynd said.

This adds to the confusion as results remain uncertain, he said.

Brandon Hoffman is NetEnrich‘s CISO. He said there’s a big opportunity for disinformation campaigns to continue to erode confidence in the election process.

“Sowing discord will help future campaigns with a more malicious intent,” he said. “As they foment unrest, people are more likely to click on emails and sites that echo their own sentiments that have been stoked by these information warfare exercises.”

Hacking Democracy

Joseph Carson is chief security scientist and advisory CISO at Thycotic. He said attackers continued to focus cyberattacks at the election campaigns. Furthermore, they focused on creating disinformation on social media, all focused at generating distrust in the system.

“Hacking an election is not about influencing the outcome, it is about hacking democracy,” he said. “It is always important to see the ultimate motive. And hacking democracy is about dividing people, creating distrust in both your government and your fellow citizens.”

Tim LeMaster is senior director of systems engineering at Lookout.

“There was a lot of work going on behind the scenes to coordinate election security issues, both in terms of threats, but also best practices and security guidance,” he said. “There was a significant focus this year on recognizing and removing disinformation from social media. With so many Americans using those platforms, it’s important to have some amount of monitoring in place to limit foreign attempts to spread misinformation that would further divide the citizens.”

Coordinated Efforts Needed

Moving forward, there will be a growing need for coordinated efforts around sharing threat data and government guidance, LeMaster said.

“Organizations like the U.S. Election Assistance Commission (EAC) will play an even larger role in coordinating some of that activity,” he said. “The emergence of groups like Defending Digital Campaigns is an encouraging sign that things are headed in this direction.”

Mark Kedgley is CTO at New Net Technologies (NNT). He said as society becomes more automated, ensuring the integrity of democratic processes needs “serious care and attention.”

“As the Hall County, Georgia, case indicates, voting machines are connected to distributed databases, which expands the attack surface to the IT infrastructure of each county or state where such a connection is in place,” he said. “Vulnerability management, secure configuration baselines and change control are all now non-negotiable.”

The 4 Threats Facing Voters This Election — and How You Can Beat Them

By Faith Karimi, CNN  –  October 20, 2020

As the US grapples with an election season rampant with mistrust and conspiracy theories, federal officials are warning Americans about threats to undermine the integrity of the vote — and how to avoid them.

Mail-in ballots, massive turnout and the pandemic could combine to delay the outcome of this year’s presidential election, providing a wide window for scammers and others to spread false information.

Social media is again populated by false election claims. Adding to the confusion, Microsoft says Russian, Chinese and Iranian hackers have targeted people and organizations involved in the election.

“A significant number of Americans appear susceptible to believing unproven claims,” Daniel A. Cox, director of the Survey Center on American Life and co-author of a report on US conspiracy theories, said in a statement. “Politically motivated conspiracy theories find a receptive audience among both Democrats and Republicans.”

Both the FBI and the Cybersecurity and Infrastructure Security Agency, which protects the nation’s infrastructure, have reassured voters that they’re working to protect the election’s integrity.

But the two agencies are urging Americans to keep an eye on the following threats:

False reports of leaked voter data

The stakes in this year’s election aren’t just high in the US. “Foreign actors” and cybercriminals may try to discredit the results by spreading disinformation, the FBI and CISA say. These false claims could include reports of ballot fraud, cyberattacks targeting election infrastructure, and other related issues that could make voters question whether the election is legitimate, federal officials say.

Hackers may also spread false reports that they obtained and leaked US voter registration data. But don’t worry, the feds say.

Hackers from Russia, China and elsewhere have tried to disrupt the US election, Microsoft says.

“In reality, much US voter information can be purchased or acquired through publicly available sources,” both federal agencies say. “While cyber actors have in recent years obtained voter registration information, the acquisition of this data did not impact the voting process or the integrity of election results.” Public leaks of voters’ information do occasionally happen. In 2017 the personal information of almost 200 million registered US voters was accidentally exposed online by a Republican analytics firm.  

Misleading online journals

Foreign governments have used pseudo-academic online journals to spread false information in the past. And they may use them again to try to influence the outcome of the election, the FBI says. Such fake online journals could express support for specific candidates, allege voter suppression, amplify reports of real or alleged cyberattacks on election infrastructure and assert voter fraud, federal officials say. Foreign actors employ social media and other online platforms to increase the journals’ global reach and give them credibility. “Such sites could be employed … to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process and undermine confidence in US democratic institutions,” the FBI and CISA say.  

Fake websites and email accounts

Cybercriminals have mastered the art of spoofing email domains. During elections, they use that to fool people into thinking that websites or emails are legitimate, federal officials warn. “Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI says.

A federal agency conducts testing and certification of voting machines in the US.

These crooks set up fake domains by making small changes to words (“electon” instead of “election”). Or they masquerade as official government sources but use an alternative domain, such as a dot.com instead of dot.gov site. Even so, “if cybercriminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised,” the FBI and CISA say in a joint report.

Cyberattacks that slow election systems

Criminals also have tried to target election systems, federal officials say. While that can slow a system or make it temporarily inaccessible to election officials, it does not prevent voting or the reporting of results. “The FBI and CISA have no reporting to suggest cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies say in a statement.

An election worker feeds ballots into voting machines during an accuracy test at the Miami-Dade Election Department headquarters on October 14, 2020, in Doral, Florida.

“Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated,” the agencies say. Federal officials say such attempts would be difficult to conduct undetected. And even if hackers did succeed in affecting voting, election officials say they have multiple safeguards and plans in place. They include provisional ballots so registered voters can cast ballots and paper backups.  

How to thwart these threats

The federal agencies are providing tips on how to beat these scams:

  • Ensure reports about election irregularities are from a credible source such as the media, state and local election officials. Always be aware of who’s sharing the information and their potential intent.
  • Before sharing reports on social media, where they can take a life of their own, make sure they’re from reliable sources.
  • Most social media platforms have ways to report suspicious posts and false information. Make use of them.
  • Report anypotential election crimes — such as false information about where to vote — to the FBI.
  • Double-check web and email addresses to make sure they’re not imitations of legitimate election sources.
  • Update your anti-malware and anti-virus software, along with your operating systems.
  • Don’t open unknown emails or attachments, and avoid clicking on questionable files or links.

 While voters should be concerned about election threats, they should not be worried about the integrity of their vote, said Allyn Lynd, a senior adviser at CRITICALSTART, a cybersecurity company in Texas. “The US Election Assistance Commission — a federal agency that serves as a resource for election administrators and vendors — conducts testing and certification of voting machines,” he told CNN. But if anyone believes their vote has been tampered with, they should notify election officials at their polling place and report it to federal agencies such as the FBI. “The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” Lynd said. The best protection to ensure a vote is correctly recorded, counted and tabulated is a paper trail showing all those steps, he said.  See the CNN article

Arkansas’ Colleges and Universities Bolster Security Posture by Partnering with CRITICALSTART

FAYETTEVILLE, Ark., Sept. 22, 2020 /PRNewswire/ — CRITICALSTART, a leading cybersecurity provider of Managed Detection and Response (MDR) services, announced Tuesday it is now providing enhanced security services to all of Arkansas’ public colleges and universities by partnering with the Arkansas Research and Educational Optical Network (ARE-ON). ARE-ON is a member of the Quilt, a non-profit national coalition comprised of 38 of the country’s most advanced regional research and education institutions.

ARE-ON and its members comprise a community of thought leaders focused on collaborative learning and innovation through advanced networking, technology, and research in Arkansas. ARE-ON is a not-for-profit consortium of all public degree-granting institutions in Arkansas and other selected higher education organizations.

In 2019 alone, there were seven well-publicized cyber-attacks made against higher education institutions in the state of Arkansas. While a small security breach can have an economic impact of around $250,000, breaches on average cost nearly $7,000,000 to address and mitigate. With most security teams in the higher ed. space being comprised of small numbers, just one successful attack can cripple the network of an entire university system.

As a result of the CRITICALSTART and ARE-ON partnership, colleges and universities under the ARE-ON umbrella will now be protected by a standardized, 24/7 managed service for threat detection and prevention that is resolving every alert and significantly reducing response times.

“Hackers and malicious online actors both in the US and overseas are increasingly seeking to exploit large organizations like those in the higher ed. space for financial gain,” said Alan Bain, CRITICALSTART Chief Revenue Officer. “It is imperative that colleges and universities in Arkansas and across the United States take these threats seriously and strengthen their security postures to guard against being held hostage by a breach.”

“Knowing that just a single breach can cost upwards of $7,000,000 to mitigate, it was an easy decision to take immediate steps aimed at helping strengthen the security of Arkansas’ many public colleges and universities,” said Robert Nordmark, Executive Director, Arkansas Research and Education Optical Network. “This partnership will benefit scores of students and researchers in our state both now and in the future.” 

About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn or Facebook.

ABOUT ARE-ON
The Arkansas Research and Education Optical Network (ARE-ON) organization and its members comprise a community of thought leaders focused on collaborative learning and innovation through advanced networking, technology, and research in Arkansas. ARE-ON is a not-for-profit consortium of all public degree-granting institutions in Arkansas and other selected higher education organizations.

A Hospital Ransomware Attack May Have Caused a Death in Germany

State authorities in North Rhine-Westphalia are investigating whether a hospital ransomware attack resulted in negligent homicide, according to a report by the German public broadcaster DW.

Media reports say this may be the first time that a hospital cyberattack has caused a death, even if it was indirectly.

Düsseldorf University Clinic had to redirect a woman needing life-saving treatment to another hospital in Wuppertal on the night of Sept. 11; a ransomware attack had crippled the hospital’s IT system. The state Justice Ministry, according to DW, claims the delay resulted in her death.

The Associated Press reported yesterday that the hospital’s systems remained disrupted a week later. With no access to data, emergency patients have to go to other hospitals, and Düsseldorf University Clinic has postposed scheduled operations.

“This may well mark the first time that a human casualty has been linked to a ransomware attack. It’s an incredibly grim possibility that cybersecurity experts have been warning about for quite some time,” said Forbes contributor Lee Mathews.

CRITICALSTART (Plano, Texas) offers a managed technology platform and consulting to protect organizations from cyberattacks. The company’s CTO Randy Watkins described ransomware attacks on hospitals as terrifying.

“While some attackers have sworn not to target hospitals, others see it as a guaranteed payout with the ultimate hostage, human life,” Watkins said in a statement shared with MassDevice‘s sister site Design World. “To defend against these attacks, hospitals need to evolve their cybersecurity posture by ensuring computer hygiene and proper protection across the organization.”

Featured National Cybersecurity News | September 18, 2020

CRITICALSTART Names New CMO, Continues 2020 Growth

PLANO, Texas, Sept. 10, 2020 /PRNewswire/ — On Thursday, Dallas-based cybersecurity firm CRITICALSTART – a leading provider of Managed Detection and Response (MDR) Services – announced it has elevated its VP of Product Marketing, Carrie Kelly, to serve as the company’s new Chief Marketing Officer. As a result of the promotion, Carrie will now oversee both the product and corporate marketing teams to ensure the promotion of a singular, unified marketing strategy that will play a key role in helping CRITICALSTART achieve its aggressive goals for growth and expansion.  

The need for an expanded, all-encompassing marketing capability is being driven by CRITICALSTART‘s rapid growth in 2020. Over the past 12 months, the Company has nearly doubled its revenue, with growth of 94.7%.  In its second fiscal quarter this year, the Company had its largest sales quarter-to-date for its Managed Detection & Response business and continues to add to the 60 partners in its channel program. In addition, the organization recently moved into a new 33,000 square foot office space to support its growth. These numbers are a continuation of 2019’s trajectory when CRITICALSTART grew its MDR portfolio by more than 100 percent.

“This year has resulted in unprecedented challenges for the US and global economies, but we have been able to continue growing by focusing on our customers’ needs and helping them navigate the current security landscape,” said Rob Davis, CRITICALSTART‘s founder and CEO. “I am proud of the work our growing team has done, and we all look forward to meeting the next wave of security challenges that arise by continuing to build and grow our team both internally and externally.”

Under the new marketing team structure, Stacie Bon will continue serving as Vice President with a focus on field marketing and Sarah Mutscheller will lead digital and demand generation as Senior Director. The marketing team will continue growing under this leadership to bolster product marketing, product launches, and to support CRITICALSTART‘s channel sales model.

The promotion of Kelly to the role of CMO is just the latest in a number of executive level promotions and hires at CRITICALSTART. Others include:

  • John Murray – Hired as the Head of Product Management to build and grow the product management team.
  • Alan Bain – Promoted from Vice President of Sales to Chief Revenue Officer to support the company’s rapid growth and expansion across operational and sales functions.
  • Vasu Nagendra – Promoted from Vice President of Engineering to Chief Product Officer to drive product expansion and alignment with organizational goals.

Miami-Dade Public Schools Virtual Learning Disrupted by Teen

A 16-year-old student was able to disrupt the Miami-Dade Public Schools e-learning system earlier this week and cause chaos across the district, including the platform virtual-only students have been using, called K12.

Police say David Oliveros attends South Miami Senior High.  He was arrested during the early morning hours on Thursday and will face a judge in October.

Investigators say this was the work of the tech-savvy teen and they say others were likely involved, their hunt for the other suspects continues.

“Really what I think this highlights is the actual level of ability involved to launch an attack of these sorts. It’s very very easy,” said Randy Watkins, a cybersecurity specialist for the company CRITICALSTART

Watkins says other school districts in Florida need to take what happened in Miami-Dade as a lesson, to ask lots of questions about what security measures third-parties use.

Could a similar attack happen in Central Florida?

The Brevard County Schools Communications Team sending FOX 35 News a statement in response to the developments in South Florida.

“Brevard Public Schools has several layers of security protecting our infrastructure, network, and systems.  The safety of our students and staff is our top priority and we will continue to provide all protections possible to ensure the continuity of education for our students, teachers, and all stakeholders within our organization.”

The need to keep virtual learning platforms secure is critical in Brevard County.  Since re-opening, 18 schools have seen COVID-19 cases and one of them had to close down entirely — all 580 students at that school are virtual learning again.

“I could go out onto the internet and say ‘I would like to bring down this website’ you put in your credit card information pay 20, 50, or 100 dollars, and it immediately targets the website and does damage,” Watkins said.     

A K12 spokeswoman sent FOX 35 News the following statement,

“DCPS was the target of the DDoS attack, not K12. K12 was not the cause of the DDoS attack and was not responsible for the M-DCPS network. Also, note that the K12 network was not directly impacted and data was not compromised. However, as the curriculum and platform provider to M-DCPS, the network disruption and outages did impact K12’s delivery of service.” 

We contacted other school districts in the region to find out about their cyber-security. 

Seminole’s school system responded with this statement:

“School districts work hard to prevent cybersecurity threats on a year-round basis and work with our service providers to implement preventative measures to minimize risks.  We’ve experienced Denial of Service threats in our district in the past and in each instance, developed further measures to secure and enhance any potential vulnerabilities.  This is something our technical teams focus on year-round as new threats emerge.”

Other districts have yet to respond.

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device.

The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched.

The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web management interface, which by default is accessible on all network interfaces. Some of the vulnerabilities can allow an unauthenticated, remote attacker who has access to this web interface to take complete control of the targeted router.

Some of the critical vulnerabilities can be exploited to authenticate on a device using hardcoded or weak credentials. Mirch also uncovered undocumented backdoors that can be abused to gain root access to a device.

The researcher also found that a router can be rebooted remotely by sending it a specially crafted HTTP GET request, and that an unauthenticated attacker can obtain sensitive information, including passwords, from a device.

Mirch says the vendor has patched the critical issues he reported initially, but those fixes introduced new backdoors and other weaknesses that are currently unpatched.

“The initial critical vulnerabilities have been patched,” Mirch told SecurityWeek. “However, they introduced new undocumented backdoors which inadvertently created a new critical unauthenticated remote command injection vulnerability. The vendor has not patched the backdoors or the new RCE.”

The researcher says the vendor has released roughly 10 firmware updates since he reported the vulnerabilities, which has led him to believe that the company does not plan on fixing them. He pointed out that MoFi Network has stopped communicating with him.

SecurityWeek has reached out to MoFi Network for clarifications and will update this article if the company responds.

On June 25, Mirch identified more than 14,000 MoFi routers with an exposed management interface using the Shodan search engine. That number dropped to roughly 7,100 by September 1, which may be a result of US-CERT also being notified. US-CERT was informed about the vulnerabilities on June 10 and it may have asked some ISPs to prevent remote access to their customers’ routers.

Featured in Security Week | September 8, 2020

What to Know About Possible Cyberattacks as Students Return to School

Ransomware attacks are usually more common early in the school year.

Cybersecurity experts are concerned about attacks on Michigan schools ramping up early in the school year, especially with many students learning remotely.

Last year, more than 500 schools across the country were hit by ransomware, cybersecurity experts said. To make matters worse, the attacks usually picked up in the first few weeks of school when students, parents, and teachers had their guard down.

Security experts told the Local 4 Defenders that ransomware attacks are on the rise, targeting schools and colleges across the nation. Your home laptop could also be targeted.

As Michigan students return to school in the next few weeks, some will be handed Chrome books and others will use their own laptops. All of them need to be on the lookout for cyber attacks.

“There are two fronts where the attacks are going to happen,” said Randy Watkins, chief technology officer for CRITICALSTART. “One is toward the students, and the other is toward the school.”

CRITICALSTART is a cybersecurity company. Watkins said he continues to see an increase in ransomware, especially when schools first start back up.

“Attackers are going to make a lot of fake sites to distribute malware,” Watkins said. “Sometimes it’s an attacker that is trying to steal information for identity theft. It just depends on the motivation of the attacker.”

Parents should make sure children are looking at reputable web sources and not just anything that comes up on Google.

“Now we are looking at school starting and they are starting to come around with remote registration links and URLs,” Watkins said. “They are coming around with a syllabus that looks like a syllabus attachment, but it is actually a piece of malware. If you click on that syllabus, it infects your machine.”

Experts said parents should also reach out to schools and ask what they’re going to protect their students’ information.

“The school bears the brunt of the responsibility for implementing controls to ensure the safety of the students’ information,” Watkins said.

Another attack target on the rise is parents, he said.

“Attackers targeting the parents of students by sending them fake report cards that are really just pieces of malicious software,” Watkins said.

If a home computer is compromised, there are fewer options.

“With a lot of the ransomware that is going around, that is where an attacker will encrypt your files and demand money for it,” Watkins said. “Unfortunately, in a lot of cases, the only remedy is to pay the ransom.

“Everyone should have a properly patched computer. When Windows or Microsoft releases a patch, you are going to apply those.”

You should also maintain some level of antivirus on your machines to prevent malicious items from installing.

Parents are well within their rights to ask if their school has an instant response program and whether parents will be notified if the school computers are attacked.

Featured in WDIV Detroit News | September 1, 2020

Router Vendor Has Patched Some Zero-Days, but Leaves Others Wide Open

Written by Sean Lyngaas of CyberScoop

In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch.

Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code.

But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CRITICALSTART ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys.

“Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday.

The research points to a longstanding yet unresolved issue: how to incentivize security among vendors who sell routers in a market that prizes affordability and convenience. It’s not just MoFi: in the last three months, security experts have found critical bugs in routers made by other vendors that have struggled, or even declined, to provide patches for them. The issue has only gotten more pressing as the pandemic caused by the coronavirus has enforced an indefinite work-from-home routine for countless corporations.

In MoFi’s case, the remediation process is not yet complete, according to Mirch. The company initially fixed some of the vulnerabilities, but it also introduced new bugs when it updated the firmware, he said. Those includes a vulnerability that could allow an attacker to remotely inject code on a device. In correspondence with Mirch reviewed by CyberScoop, a MoFi engineer argued that the remote access features the company introduced were necessary for customer support.

MoFi did not respond to phone calls, emails and Facebook messages seeking comment. As of this writing, four of the vulnerabilities that Mirch found haven’t been addressed, he said.

MoFi also argued that the routers were configured in a way that did not expose them to the public internet. But as of Wednesday, Mirch had found 6,800 MoFi devices in Shodan, the search engine for internet-connected devices. That number had been as high as 14,000 in June, Mirch said, before the device owners apparently began quietly addressing the issue.

Our TEAMARES:

CRITICALSTART’s TEAMARES is comprised of professionals with more than a decade of experience conducting offensive and defensive security services. Our team has expertise in a wide array of industries, including oil and gas, healthcare, app development firms, hospitality, technology, and more.

Follow us on Twitter @TeamAresSec and @CRITICALSTART to stay up to date on vulnerability discoveries and cybersecurity news.

Featured in CyberScoop | September 2, 2020

DDOS Attack Takes New Zealand Stock Exchange Market Off-Line

The New Zealand Stock Exchange (NZX) has been under attack for several days now as a DDOS attack (distributed denial of service) crippled trading on the exchange. NZHerald claimed that Russian cybercrooks were behind the attack.

On August 26, the NZX issued the following statement:

Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform. As such, NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX. NZX will resume normal market operations today, Wednesday 26 August.

Trading was actually said to have been reinstated today (August 28).

It has been reported that the New Zealand government has enlisted the country’s spy agency, the GCSB, to assist the NSX in uncovering the perps but it also raises questions as to why the exchange was so ill-prepared for such a type of an attack. Speculation is the NZX is the target of an extortion attempt, perhaps paid out in crypto like Bitcoin, but the exchange has remained quiet on the subject.

CRITICALSTART, a cyber-defense firm, shared a statement with Crowdfund Insider. A spokesperson said that as attacks enter their 4th straight day on NZX, the national government is starting to involve its spy agencies to find additional information about the source of the attack that while currently being disclosed as  “offshore”, the attention and resource delegation to the attack is a strong indicator of the level of seriousness.

“The attack itself isn’t exceedingly complex or difficult to launch. Distributed Denial of Service attacks involves overwhelming a site’s resources with traffic, rendering it unavailable for legitimate use. These types of attacks are difficult to prevent, and have long been used to attack the availability of applications. The suspected attackers in this scenario are Fancy Bear and the Armada Collective, who appear to be targeting other financial institutions like MoneyGram, PayPal, Venmo, and others. While it hasn’t been confirmed, the suspected motivation is extortion, demanding a ransom to return the availability of their services. Based on the success of these attacks, sights could turn to point towards larger, more valuable targets, up to and including the NYSE.”

The NZX is not the first target of a DDOS attack and will not be the last. Amazon was famously assaulted by the “largest ever DDOS” attack back in June that reportedly experienced an attack of 2.3TBS. The previous record was said to be 1.7TBS.

Cloudflare, and other services, offer DDOS protection and the NZX was said to have migrated is the platform to Akamai to disrupt the attacks but it may be a while until the dust settles and we know more.

Newshub quoted Professor Dave Parry from Auckland University stating the attacks were quite sophisticated:

“Unfortunately, the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual,” said Parry.

Featured in Crowdfund Insider | August 28, 2020

Cybersecurity Threats Grow as Virtual Learning Continues

NASHVILLE, TENN. (WSMV) – As schools are back in session, so are hackers and cyber-criminals looking to take advantage while students and districts continue to adapt to a new style of learning and teaching.

 “There wasn’t anything that they necessarily did wrong, it’s just something they weren’t prepared for,” said Randy Watkins, chief technology officer for cybersecurity company CRITICALSTART.

Watkins is trying to make sure schools are prepared for potential hacking attempts like some experienced in the Spring.

One thing he’s seen is attempts to overload school district computer systems.

“Essentially they’re giving the platform more traffic than it can handle, which makes it unavailable for legitimate traffic,” Watkins said. “So it’s actually preventing the students from logging-in and preventing them from getting their education.”

But why would anyone want to do that?

Watkins says there could be several different reasons.

 “There’s a lot of different motivations for an attacker, sometimes it’s notoriety. Sometimes it’s a prank,” Watkins said. “In this instance, it was actually a student at the school to be funny or prevent themselves from having to go back to school.”

While many districts have been working with cybersecurity teams to protect their networks, families at home may be more vulnerable.

“Microsoft and other applications on your computer release regular security updates, so make sure you’re keeping up with those,” Watkins said. “Maintain proper antivirus coverage. You should have an application on your machine that’s meant to stop malicious software from being installed.”

Most importantly, in this digital era, it’s best to encourage everyone in your household that’s using a computer to have a critical eye, even youngsters.

“Unfortunately yes, we are putting more responsibility on them to be responsible stewards of security,” Watkins said.

In addition to protecting their systems, school districts are also responsible for protecting your child’s personal information.

Watkins suggests parents reach out to their students’ schools to ask what they’re doing to protect that information.

Featured in News 4 Nashville | August 27, 2020

Tech Expert: Ways to Protect Your Student From Hackers During Online Learning

How you can protect your computer and how school districts are protecting your information.

With so many kids doing school online, there’s a new concern that parents may not be thinking of… computer security. Not only at home, but with the school district having your child’s personal, sensitive information. 

Just imagine your 9-year-old child, who barely knows how to use a computer, much less email. They open an email that looks to be from a teacher with a link inside that says ‘click to get homework’. They click it and suddenly your computer is infected with a virus. It’s a hypothetical situation but could happen and destroy any pictures or documents you have on that computer. 

Randy Watkins is the chief technology officer at a company called CRITICALSTART that helps businesses and organizations detect and defend themselves from cyber threats. “With schools having so much attention right now with school starting back up. They’re on all online platforms and they’re collecting more information about users, attackers see them as having more valuable information that they’ll pay a higher ransom for so they are absolutely targeting schools with ransomware.”

He says there are several things we can do at home to protect ourselves and our kids. First, make sure your computer’s operating system is properly patched or updated. “Organizations and software companies like Microsoft, they release security patches pretty regularly.’

Maintain any antivirus software already installed. “That will help prevent some of the ransomware from executing on your computer.”

And teach your kids about the culture of computer security. “Teach them to only look at reputable sources on the internet. Don’t open emails they aren’t expecting to open. Don’t open attachments from those emails if they haven’t verified that they should have an attachment.”

School districts also have a responsibility to protect your child’s information. We asked several Tampa Bay area school districts how they are doing that. 

Pinellas County: “The district has many safety systems in place to protect computers from being hacked including anti-virus software to a top-rated firewall.  We lock down the student computers meaning students don’t have administrative rights. They can’t load any applications or software to the device. 

The district loads only approved software and the applications needed. Students are allowed to receive and send only internal emails such as to their teachers. They cannot email other students. The district has a TIS Security Council that meets twice a month to review security manual, security protocols, vulnerability and penetration tests, and train staff on cybersecurity.”

Hillsborough County: “As for our own security systems, our district deploys a managed Fortinet nextgen firewall service with content filtering for the devices. 

Also when the device is taken home, we currently have Lightspeed Relay filtering deployed for content filtering. We deploy Symantec EndPoint Protection on all Windows devices district-wide. Our software allows for application control as well as other controls.”

Featured in WTSP Tampa Bay News | August 27, 2020

Hackers Increasingly Targeting Online Learning

Most schools and universities are back in session virtually. 

While online learning is the best option during this ongoing COVID-19 pandemic.  It is also the perfect opportunity for hackers to strike. 

Randy Watkins, Chief Technology Officer for CRITICALSTART, a cybersecurity company, says hackers are increasingly targeting online learning tools and e-classrooms.

“Most attacks are delivered by email not just in these attacks but of all attacks. It’s easy for an attacker to send out emails that contain attachments or links to download malicious software that can do everything from giving them a back door into your computer to encrypt all your files and hold them for ransom,” said Watkins.

Watkins says education is key and encourages all parents to talk to their kids about the risks. He adds that parents should be on the lookout too.

“So if you are expecting from your student’s school district it should come from a Gmail,” said Watkins. “So look for that domain mismatch also look at links. You can do a link preview where you hover over a link and I’ll show you where it’s going to take you and if that doesn’t match your expectations, then don’t click on it.”

Watkins adds that school systems have also been the victims of these cyber-attacks. 

“A notable attack that was launched by a student where they essentially overwhelmed the application with traffic and took it offline and what that does is it takes it away from other students. So they see it as a prank they see it as a joke when it’s actually a pretty serious offense,” added Watkins.

Featured in KSEE 24 News | August 21, 2020

IT Pros Warn of Potential Cyberattack Dangers

RALEIGH, N.C. (WNCN) — School is in session, but instead of heading into the classroom many kids are logging onto their computer, and IT professionals are warning that could cause serious problems.

“With every school going into this new realm I just don’t think we’re prepared,” said Quentin Rhoads-Herrera, Director of Professional Services at Critical Start. “Especially since a lot of them kind of quickly had to stand up this new technology, and quickly buy into these vendors. There hasn’t been a lot of attention placed into security in the educational space.”

Cyber-attacks are nothing new for many colleges and universities.

“Universities actually get breached a lot,” said Rhoads-Herrera. “If they are research universities we see them get hit by nation-states quite a bit.”

However, Rhoads-Herrera believes hackers may have found a new target.

“We’re going to see a lot of attackers hit up schools in a way to disrupt services by causing chaos or outages,” said Rhoads-Herrera. “Others may go after them for data such as addresses or any type of sensitive information.”

“How prepared do you think we are as a nation for e-learning,” asked CBS 17’s Holden Kurwicki.

“I don’t think we’re very prepared,” said Rhoads-Herrera.

The good news is that there are ways to protect yourself by updating your computer’s security, strengthening your password, and using only verified WiFI devices.

“Whatever we deliver we have to make sure we’re at least doing our due diligence enough to say we’re securing our students’ data, our faculties data,” said Rhoads-Herrera. “When a breach does happen we need to be transparent about it and do everything in our power to follow up on it and prevent it from happening ever again.”

Experts Warn At-Home Learning Could Attract Hackers

So many students are starting classes this week and cyber experts warn that your child’s e-classroom could be a target. Cyber experts with CRITICALSTART said it’s time to be proactive to stop hackers in their tracks and not reactive after something happens.

There are a number of concerns when it comes to children and the internet.

“Kids are going to be on the internet more than ever with everything being online. They always have the internet at their fingertips,” said Randy Watkins, CRITICALSTART Chief Technology Officer.

Now more than ever, with kids of all ages taking on learning from home, experts said they’ve already seen what could happen. They said hackers could disturb your student’s class time.

“A lot of folks want to know why are people doing this at all. We’re all going through this pandemic and why would you stop children from learning,” Watkins said.

Watkins said hackers usually attack for one of two reasons; fun, like pulling a prank, or destruction, like stealing private information.

“Kids don’t even have to be technologically inclined to attack at school,” Watkins said.

Experts also said the best thing parents can do is teach kids to not click on questionable links or pop-ups and only use recognizable websites for research. Cyber experts also recommend checking with your child’s school to see what their plans are to keep students safe while learning at home.

Featured in KOAT 7 Action News | August 13, 2020

CRITICALSTART Named a 2020 Inc. 5000 Fastest-Growing Private Company in America

PLANO, TX – August 12, 2020 – CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced that it has been named to the 2020 Inc. 5000 list of the fastest-growing private companies in America.

The company’s growth can be attributed to the escalation in cyberattacks, which is driving demand for CRITICALSTART’s MDR solution. As a result, CRITICALSTART’s MDR business has exploded, with growth of 101% in 2019, compared to the previous fiscal year. This rapid growth is driven by mid-size firms and enterprises looking for help combatting today’s complex and rapidly evolving human and machine-generated security threats.

Additionally, in 2019, the company raised $40 million in a Series A and was valued at $150 million. In less than a year and a half, the company has more than doubled its number of employees, with plans to double in size again in the next 16 months. To accommodate the increased business, CRITICALSTART expanded its headquarters by adding nearly 100 new employees and an additional 33,000 square feet of office space.

“We’re honored to be recognized by Inc. as one of the fastest growing private companies in America,” said CEO Rob Davis. “While the rate at which cyberattacks and breaches occur is skyrocketing, CRITICALSTART stands ready to meet the needs of enterprises as we scale our growth to stay ahead of customers’ cybersecurity needs.”

About CRITICALSTARTCRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn, or Facebook.

CRITICALSTART® Ranks 58th on the 2020 CRN® Fast Growth 150 List

PLANO, Texas, Aug. 4, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, is proud to announce that CRN®, a brand of The Channel Company®, has named CRITICALSTART to its 2020 Fast Growth 150 list. Each year, CRN® recognizes the fastest-growing technology integrators, solution providers, and IT consultants across North America for the substantial growth and performance they’ve achieved over the previous two years. The elite group of companies named to this year’s list have generated a combined total revenue of more than $37.8 billion between 2018 and 2019.

The company’s growth can be attributed to the escalation in cyberattacks, which is driving demand for CRITICALSTART‘s MDR solution. As a result, CRITICALSTART‘s MDR business has exploded, with growth of 101% in 2019, compared to the previous fiscal year. This rapid growth is driven by mid-size firms and enterprises looking for help combatting today’s complex and rapidly evolving human and machine-generated security threats.

“We’re honored to be named to the CRN 2020 Fast Growth 150 list,” said CEO Rob Davis. “While the rate at which cyberattacks and breaches occur is skyrocketing, CRITICALSTART stands ready to meet the needs of enterprises as we scale our growth to stay ahead of customers’ cybersecurity needs.”

Today’s solution providers vie for market share within the highly competitive, fast-paced IT channel, making sustained growth and profitability noteworthy achievements. Ranking within the top 150 requires companies to continuously evolve with the seismic shifts taking place within the marketplace. The 2020 Fast Growth 150 list recognizes these companies’ extraordinary accomplishments and dedication to the IT channel.

“Evolution within the IT ecosystem is occurring at breakneck speed. The CRN® 2020 Fast Growth 150 list highlights the achievements of elite industry-leading companies in the IT channel and their ability to innovate in an ever-changing market,” said Bob Skelley, CEO of The Channel Company®. “The extraordinary group of companies on this year’s list serve as an inspiration, setting an exemplary level of excellence for us to follow. We are excited to honor these industry leaders and wish them continued success in the years to come.”

A sampling of the 2020 Fast Growth 150 list will be featured in the August issue of CRN® Magazine. You can view the complete list online at www.crn.com/fastgrowth150.

About CRITICALSTART

CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn ,or Facebook.

About The Channel Company®
The Channel Company® enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com 

Follow The Channel Company®: TwitterLinkedIn, and Facebook

Copyright ©2020. CRN is a registered trademark of The Channel Company, LLC.  All rights reserved.

Can Your Car Be Hacked?

With the recent household device hacks in the news, CRITICALSTART’s VP of Professional Services, Sanjay Parikh, sat down with Brandon Butcher and Sarah Sager of WSAZ Studio 3 News to discuss the big question: can your car also be hacked?

Transcript:

BB:  Welcome back, y’all. Sure, your computer can be hacked. We’ve all seen that kind of threat, of course. Even your phone, but there’s some new tech out there. What about your car, doorbell, fridge? I mean, how crazy is these things?

SS:  Crazy! Ok, so I caught up with an expert who is breaking everything down for us.

SS:  Smartphones, smart homes, smart cars. Internet-connected and enabled devices are continuing to skyrocket in popularity, but are buyers of these new technologies considering the security threat posed by these purchases?

SS:  Vice President of Professional Services at CRITICALSTART, Sanjay Parikh, is joining us today in Studio 3. Good morning, Sanjay. How are you?

SP:  Good morning. I’m doing fine, thank you.

SS:  So first, I want to ask you, it seems unimaginable that a hacker could remotely control your car, but is it possible?

SP:  It is possible. The likelihood today is less possible right now. But the ability to access certain components of your car, such as, in 2016, in the Nissan Leaf, they were able to identify changes in the climate control and the ability to track your trip data. So knowing where you’re going and how you’ve been there. So, things like that. They did, in 2015, identify where they could control a Jeep, but these are not very likely because of the ability to purchase a car and the amount of cost it takes and the time to perform the hack.

SS:  But it’s still just as scary to think that someone can know where you’re going, track when you’re going there and how long you are staying there.

SP:  Absolutely and the same thing for your house, as well.

SS:  It is. Are there some cars that more vulnerable to this kind of hacking than other cars?

SP:  No, it’s pretty much across the board. It’s more about the IoT devices because there’s no security regulations or standards around these devices, hardware, or software. It’s just based upon the ability to try these different applications or hardware and seeing if somebody can exploit the vulnerabilities.

SS:  You mentioned earlier household appliances. We’ve all talked about smart homes. Are these also vulnerable to being hacked?

SP:  100%. We had the recent story around the ring camera where people were getting into the ring camera and spying on the people as they performed their daily functions. So the ability for consumers to change their default passwords and make it a little bit strong of a password or make sure that there is two-factor authentication, similar to when you receive a code on your phone and you put it in so that it’s not just a general user ID and a password, would make it a little stronger.

SS:  We’ve all heard about cellphone breaches. They’ve been very well-publicized. We’ve heard about doorbells like you were mentioning the ring camera, other household connected appliances, and items being compromised. One thing that sticks out to me is also baby monitors. We’ve seen videos where those have also been compromised, people talking to your children. At CRITICALSTART, is there something that you guys recommend beyond just changing the password to keep your house, even your car, safe?

SP:  Like I said with the configuration, so changing the default. Don’t just set it up and accept all the default settings. Make sure you set it up with a stronger password, multi-factor authentication that will change most of the time. And also, make sure that any of your devices that don’t need internet access, because basically everything that you are purchasing today, such as your fridge, potentially your stove, TVs, anything like that can get access. So only the items that you want to get access to the internet, those are the only ones that you want to enable.

SS:  Ok, any other tips for our viewers today, Sanjay?

SP:  No, just stay educated on these different devices, and usually they will provide updates in the news or on the internet, and then if you can update them with the different patches then that will help you try to stay ahead of the times.

SS: Ok, thank you for this enlightening information. We appreciate you being here today.

SP:  Thanks, Sarah.

Experts Warn Lack of Discussion Impeding Cybersecurity Preparedness

Website Login Screen Macro Closeup Capture Pale Blue, computer web security concept, password and username fields

Despite the recent hacking of high-profile users’ Twitter accounts, and reports that Russia continues its attempts to penetrate U.S. institutions and government entities, cybersecurity remains something that campaigns are thinking about only when there’s an issue. 

“Campaigns do not talk publicly about the precautions they’re taking,” said Brian Franklin, co-founder of Campaign Defense, a cybersecurity training firm. “But while I think state parties are making slow progress, most campaigns seem to be ignoring the issue and addressing only when a problem comes up. The lack of discussion about it is concerning and will likely be an increasing problem as we get closer.” 

Some experts are advising political professionals to operate with an “assume breach mentality” from now until Election Day.

It’s advice they’re offering not just to campaign professionals but also to advocates and reporters covering the national horserace and even think tanks.

“As we’re entering this period between now and November, I think it’s absolutely to be expected that there will be a higher level of activity,” Jan Neutze, who heads Microsoft’s Defending Democracy Program, told C&E in a recent interview. 

Practitioners need to have the mindset to be constantly monitoring and investigating their own and their organization’s digital protections, Neutze said. 

While cyber threats had decreased early on during the pandemic, they’ve spiked back up, he said. “We’re seeing a constant drumbeat of nation-state activity.”

He added: “One of the things that is so challenging is the combination of cybersecurity threats and then exploiting that for disinformation purposes.” 

In terms of specific threats, Neutze said domain spoofing remains a popular avenue of attack, one that involves hackers creating a fake domain that looks like an organization from which the recipient would expect to receive emails. Another is “password spray attacks.”

“They try in large volumes to essentially crack passwords,” he said, noting that multi-factor identification deployed across your entire digital ecosystem “can really help secure yourself against these types of attacks.”

Campaigns remain a prime target, but if hackers or cyber criminals don’t have luck with the organization itself, they’ll start to target its vendors and advisors.

“Security is only as good as its weakest link,” Neutze said. “That’s why it’s imperative that campaigns are very intentional about what technology they use and the minimum baselines they set for folks they have to share files with and so on.” 

As part of its Defending Democracy Program, Microsoft recently made available patches for Windows 7, which was released in 2009. The company had pledged to support the software for a decade but extended that because “a relatively small but still significant number of certified voting machines in operation [are] running on Windows 7,” it said in September.  

“We didn’t want there to be any reason whatsoever why folks wouldn’t have access to these security patches,” said Neutze. “Some [elections officials] have the challenge that due to budget limitations they’re running some legacy applications and software where patches don’t exist anymore.” 

In fact, some cybersecurity experts view voting infrastructure as possibly a bigger target for countries like Russia that are bent on electoral interference. 

“The biggest problem that makes this threat real, is it’s not impossible for nation-states to gain access to these [voting] devices even a year before the election happens,” said Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, a cybersecurity services provider.

He advised elections officials to use network monitoring services and industry-standard encryption when data is at rest and when it’s sent. 

“If I vote for person X and that becomes a data point that’s sent to another device, it’s signed before it’s sent,” said Rhoads-Herrera. “That just confirms that data hasn’t been altered. That’s a common practice in things like banking apps.”

The recent HBO documentary “Kill Chain: The Cyber War on America’s Elections,” highlighted the vulnerability of many voting systems in America today. 

Rhoads-Herrera echoed that, noting that most companies don’t want their machines tested by outside experts for fear that the vulnerabilities could be shared publicly. 

“These developers of voting machines, they’re not looking for widespread testing of their machines,” he said. “It’s an extremely real risk.”

Featured in Campaigns and Elections | July 24, 2020

China Vows Retaliation After U.S. Ordered Its Houston Consulate Closed Within 72 Hours

China vowed to retaliate Wednesday after the United States abruptly ordered the closure of its consulate in Houston, a move that further inflamed tensions between the two superpowers. 

Wang Wenbin, a spokesman for China’s foreign ministry, said China was notified on Tuesday that it must close the consulate within 72 hours. In a regular daily news briefing, he described the action as an “unprecedented escalation” and said China would “react with firm countermeasures” if the U.S. does not revoke the decision. 

State Department spokesperson Morgan Ortagus said in a statement that the closure was “to protect American intellectual property and American’s private information.” 

“The United States will not tolerate the (People’s Republican of China’s) violations of our sovereignty and intimidation of our people,” Ortagus said. It is unusual but not unprecedented for the U.S. to close another country’s consulate.

Secretary of State Mike Pompeo declined to explain what triggered the decision when pressed on the matter during a news briefing in Copenhagen, where he was meeting with Danish officials. But he raised long-standing U.S. accusations that China’s government is stealing American intellectual property.

He also brought up the Department of Justice’s indictment Tuesday of two Chinese hackers charged with stealing trade secrets from hundreds of global targets and, more recently, probing for vulnerabilities in U.S. companies involved in the development of COVID-19 treatments and vaccines. 

“President Trump has said, ‘enough,’” Pompeo said. “We’re not going to allow this to continue to happen.”

Pompeo did not elaborate on the allegations of spying over treatments and vaccines, nor did he say whether the closure of the Houston consulate had anything to do with that case.

Sen. Marco Rubio, R-Fla., who chairs the Senate Select Committee on Intelligence, said in a tweet that “#China’s Houston consulate is a massive spy center” and added that “forcing it to close is long overdue.”

Rubio said China’s consulate in Houston “is not a diplomatic facility” and suggested it is staffed with spies. “It is the central node of the Communist Party’s vast network of spies & influence operations in the United States … This needed to happen.”

The U.S. move marked “a major escalation” in U.S.-China tensions, said Scott Kennedy, an expert on China with the the Center for Strategic and International Studies think tank. 

Tuesday’s decision was “nearly unprecedented,” he said, noting the only other similar incident came in 2017, when the Trump administration closed two Russian compounds in retaliation for Moscow’s interference in the 2016 presidential election.

“All governments engage in spying from home and via their diplomatic facilities abroad … including the United States,” Kennedy added. “So the question is, was the Houston consulate doing things that are beyond the typical type of intelligence gathering that is standard practice.” 

So far, he said, the Trump administration’s statements have not addressed that.

Sen. Mark Warner, the top Democrat on the intelligence committee, questioned whether the consulate closure would have any impact on China’s malign behavior, and he criticized the Trump administration for taking an erratic approach to China’s aggression.

“I do not believe for an instant that this action will stop that threat, but hopefully the Chinese Communist Party will take it as a signal that their actions have consequences,” Warner said in a statement to USA TODAY.  “I am equally hopeful that the White House will finally take this issue seriously and work to address it with smart and thoughtful policies, instead of engaging in escalatory actions and intermittent failed trade wars followed by interludes of admiration for the Chinese authoritarian regime.”

Wang said the consulate was operating normally

Local media in Houston reported Tuesday that documents were being burned in a courtyard at the consulate. Texas fire and police officers responded to the reports of a fire. It was not clear if they were permitted to enter the property in Houston’s Montrose neighborhood. 

“You could just smell the paper burning,” a witness at the scene told KPRC 2, an NBC-affiliate television station.

China’s consulate in Houston could not immediately be reached for comment.

In an interview with Fox News, Rubio said its normal procedure to start destroying documents when an embassy or consulate is closed.  

“For us, the Marines are in charge of doing that if someone closes our embassy. So they’ll burn documents and shred documents and destroy computers and so forth,” he said. He said he expects China to close a U.S. diplomatic facility in China in retaliation. 

U.S.-China relations have been battered by a rift over the coronavirus pandemic, strained trade relations and Beijing’s move to assert more authority over Hong Kong. In recent weeks, both nations have slapped sanctions on each other’s officials.

In addition to its embassy in Washington, D.C., and the consulate in Houston, China has consulates in Chicago, Los Angeles, New York City and San Francisco. 

“The U.S. has far more diplomatic missions and staff working in China. So if the U.S. is bent on going down this wrong path, we will resolutely respond,” Wang said. 

The U.S. has consulates in Chengdu, Guangzhou, Shanghai, Shenyang and Wuhan. .

The U.S. Embassy is located in Beijing. 

Rob Davis, CEO of Texas-based CRITICALSTART, a cybersecurity firm that monitors threats from state-aligned actors, said the Trump administration’s ordered closure of China’s consulate in Houston could lead to more hacking against American interests. 

“It is no secret that Chinese state actors have long been suspected of engaging in espionage on U.S. soil, including those serving in official roles. The Houston consulate is no different, and it is possible that this is just the tip of the iceberg,” he said.

Feature in USA TODAY | July 22, 2020

Who’s Going to Derail the U.S. Presidential Election? The Culprit May Be Close to Home

WASHINGTON – Fearing nightmare scenarios such as attacks on voter registration databases and state websites tallying results, U.S. officials are leading simulated training exercises to get ready for Nov. 3.

The “tabletop exercises,” to be held virtually because of coronavirus, will include thousands of state and local election officials in addition to intelligence and cybersecurity officials in Washington amid concerns about threats from Russia, China, and other countries.

“We try to make it a pretty bad day,” said Matthew Masterson, an adviser with the Cybersecurity and Infrastructure Security Agency, or CISA, part of the Department of Homeland Security. CISA is charged with helping to protect the nation’s critical infrastructure from cyber and physical attacks, including its election systems.

Still, Masterson and other experts say the U.S. is now far better prepared to weather potential election meddling by Russia or other foreign adversaries than in 2016 when the Kremlin hacked into Democratic Party emails and orchestrated a sophisticated disinformation campaign designed to help elect then-candidate Donald Trump.

CISA officials have worked with state and local election authorities to identify vulnerabilities in voter registration databases, dispatched cybersecurity experts to look for intrusions, and improved communication among states, campaigns, and U.S. intelligence officials about the threat landscape. The training exercises will game out scenarios, including foreign disinformation campaigns, cyberattacks on election infrastructure, or simply overwhelmed and understaffed polling places across the country.

Yet the threat has also morphed, with adversaries such as China, Iran, and North Korea joining Russia to meddle in U.S. politics and using ever-changing tools and tactics. Meanwhile, some fear the U.S. political climate is so polarized – due to coronavirus and tensions over police violence and other divisive issues – that America’s enemies will have a lot of fodder to work with as they seek to stoke discord.

“They don’t need to make any fake news this time around because there’s just constant disinformation all across the political landscape,” said Clint Watts, a research fellow with the Foreign Policy Research Institute, a think tank. “It’s free ammunition.” 

Here’s who could mess with the 2020 presidential election. 

Russia

Russia remains the most concerning foreign actor in terms of U.S. election interference, although there is a growing focus on China and Iran as well, according to a U.S. intelligence official who was not authorized to speak on the record.

Intelligence officials told lawmakers in the House of Representatives in February that Russia was already interfering in the 2020 campaign to try to get Trump re-elected, according to the New York Times and other outlets.

In a recent analysis, Watts noted that last year, Facebook took down accounts associated with a Kremlin’s troll farm that was promoting Trump, denigrating his Democratic opponent, Joe Biden, and boosting Bernie Sanders, one of Biden’s primary opponents. And in March, Facebook closed another Russian troll farm operation that appeared to be trying to infiltrate American minority groups on Facebook and Instagram, “presumably hoping to divide the political left and influence voters headed into Election Day,” he said.

Rob Davis, CEO of CRITICALSTART, a Texas-based company that monitors security breaches from nation-states and advises its clients about defensive measures, said that Moscow, in a re-run of 2016, will most likely use aggressive social media campaigns and targeted cyber operations to try to smear candidates and aggravate social tensions on issues such as race and immigration. Russian hackers could also renew attempts to hack voter databases and compromise U.S. election infrastructure. 

“Russia’s goal is to be disruptive. Often it has no agenda beyond that,” Davis said. 

China

China insists it has no interest in meddling in the U.S. election despite repeated accusations from Trump that Beijing prefers Biden and that “China will do anything they can do to have me lose this race.” 

Google disclosed in June that hackers based in China sought to infiltrate the email accounts of staffers working on Biden’spresidential campaign. But there is little further concrete evidence that China is waging a sophisticated operation aimed at backing a specific candidate or wants to remove Trump, even though Washington and Beijing have drifted toward a new Cold War amid tensions over the coronavirus pandemic, trade, territorial disputes in the South China Sea and human rights. 

China doesn’t like Trump, said Watts of the Foreign Policy Research Institute, but because Trump has overseen a U.S. retreat from the world stage, that has given Beijing a freer hand to extend its own influence. And China’s President Xi Jinping is more interested in crushing Chinese dissidents, stealing intellectual property and expanding the reach of its 5G network than in influencing the U.S. election, he said.

“China’s battle plan is more about espionage to access information and spying on political parties to get a potential preview of U.S. policy changes or shifts regarding the military and planning for different outcomes,” said CRITICALSTART‘s Davis. 

Iran

Google also said in June that Iran-based hackers tried to gain access to Trump campaign accounts, and Microsoft said late last year that Iranian hackers, with apparent backing from the government in Tehran, had made more than 2,700 attempts to hack into the email accounts of current and former American government officials, journalists covering political campaigns and accounts associated with a presidential campaign.

The earlier hacking attempts coincided with a period when the Trump administration was imposing additional sanctions on Iran after the U.S. pulled out of a nuclear deal with Tehran and world powers, dealing a major blow to Iran’s economy. 

But Iran, according to Watts, has “very limited reach” when it comes to spreading misinformation. “They can’t sustain the content the way the Russians and the Chinese do,” he said, adding that in terms of cyberattacks “they’re kind of reckless and silly, and they get caught a lot, which is why we keep hearing about it.”

One example: 

In early January, the Federal Depository Library Program’s website was briefly taken offline after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied Trump being punched in the face.

The website was also modified to say: “Hacked by Iran Cyber Security Iranian Hackers: This is only (a) small part of Iran’s cyber ability!”

Homegrown Disputes and Problems

“Whether it’s threats of Chinese interference, Iranian interference, Russian interference, or North Korean interference, any country – or even non-state actors who now have capabilities to try to meddle in our elections – know that this administration takes seriously its responsibility to make sure every American’s vote is counted, counted properly and that foreign influence is minimized in its ability to impact an outcome of an American election,” Secretary of State Mike Pompeo said during a forum on the future of national security hosted by The Hill newspaper on July 15. 

But Trump continues to play down Russia’s malign role in the 2016 election. And rather than focusing on possible foreign interference, he has blasted Democrats for trying to expand mail-in voting amid the coronavirus pandemic, alleging without evidence that it is an invitation to fraud.

“RIGGED 2020 ELECTION: MILLIONS OF MAIL-IN BALLOTS WILL BE PRINTED BY FOREIGN COUNTRIES AND OTHERS. IT WILL BE THE SCANDAL OF OUR TIMES!” the president tweeted last month. 

Voting experts and officials have characterized Trump’s allegations as a bogus conspiracy and noted safeguards that states use to protect the authenticity of absentee ballots and envelopes.

Lawrence Norden, director of the Election Reform Program for the Brennan Center for Justice at the New York School of Law, called Trump’s assertion “nonsense” and noted that mail-in ballots must be returned in secrecy envelopes created by local election authorities. He said the envelopes are bar-coded in many states with a unique identifier that ties the ballot to the voter.

“(Trump’s) rhetoric is right out of the Russian playbook” and “designed to cast doubt about our democratic processes and about the integrity of elections,” said Elaine Kamarck, an expert on American electoral politics and a senior fellow in governance studies with the Brookings Institution, a left-leaning think tank.  

“I can’t imagine what a foreign adversary can do that the U.S. isn’t already doing to itself” in terms of fueling division and churning out disinformation,” Watts said.

Less than four months to the vote, there are signs of the different forms this disorder could take on Election Day: 

  • In early July, armed right-wing activists flocked to fake Antifa protests in Pennsylvania and other places – planning to confront left-wing activists and anarchists at events that never materialized and were falsely trumpeted online.
     
  • On Wednesday, a major breach in Twitter’s security allowed hackers to break into the accounts of leaders and technology moguls, damaging trust in a platform used by politicians and corporate leaders to communicate directly with the public. The hack was related to a Bitcoin scam, but it nevertheless spotlights the potential for nefarious actors to sabotage high-profile voices to meddle in the political process. 
     
  • Primary elections in Wisconsin, Georgia, and other states have exposed major problems with holding an election during the coronavirus pandemic, which has sparked stay-at-home orders and social distancing rules. Among the issues: long lines, a shortage of polls workers, and faulty voting machines. Tech problems played a role throughout a botched Democratic primary caucus in Iowa in February. 

Robby Mook, who ran Hillary Clinton’s 2016 presidential campaign and now works on a Harvard University project to develop strategies and tools to protect U.S. elections against foreign attacks, said he was less worried about Russian hacking than about massive logistical problems on Election Day exacerbated by the pandemic. 

“We’re hacking our own election by not resourcing it well,” Mook said in an interview with Campaign HQ, a political podcast. Local election officials “don’t have what they need to be robust when trouble comes.”

Perhaps most worrying of all – what CRITICALSTART‘s Davis described as “terrifying” – is if either the American public or the candidates themselves don’t believe the official results are accurate. In an interview with “The Daily Show” host Trevor Noah last month, Biden warned that military officers could remove Trump from the White House if he loses the vote, but refuses to leave. 

“I promise you, I’m absolutely convinced they will escort him from the White House with great dispatch,” Biden said. The Trump campaign responded to Biden by saying: “President Trump has been clear that he will accept the results of the 2020 election.”

Featured in USA TODAY | July 17. 2020

CRITICALSTART joins Microsoft Intelligent Security Association

PLANO, Texas, July 16, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, announced Thursday that it has become a member of the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software vendors and managed security service providers that have integrated with Microsoft Security to better defend against a world of increasing threats. Earlier this year, CRITICALSTART incorporated Microsoft Azure Sentinel, a cloud-native security information and event management (SIEM) system, into its MDR platform.

Because of an increased demand for a closely interwoven security ecosystem, MISA is growing, and it is launching an invitation-only pilot program in July of 2020 for select managed security service providers, including CRITICALSTART.  

MISA members are comprised of organizations from across the cybersecurity industry, unified by the common goal of putting customer security first. Each new member brings their own valuable expertise, making MISA even more effective with each expansion. By including MSSPs in MISA, Microsoft hopes to further enable collaboration between leading security technology companies so that together, Microsoft and MISA members can deliver better protection to joint customers.

“We are thrilled to expand our collaboration with Microsoft by joining the Microsoft Intelligent Security Association so that we can reach an even broader audience with our MDR services,” said Rob Davis, CRITICALSTART founder and CEO. “As part of this ecosystem, we are well positioned to continue leading in the fight against malicious online actors and increased cyber threats.”

Mandana Javaheri, Global Director of Business Development, Cybersecurity Solutions Group at Microsoft said, “Due to the growing number and sophistication of security threats proliferating across the globe, we see great value in achieving strength through numbers. By adding proven partners like CRITICALSTART to the Microsoft Intelligent Security Association family of security solutions, we are helping to better combat threats to customers worldwide.”

About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn or Facebook.

Why Security Alert Fatigue Matters and How to Address It

An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences.

Most organizations have a variety of defensive cybersecurity measures in place, including firewalls, intrusion detection systems/intrusion prevention systems, antivirus and other endpoint security tools that record, analyze and report on thousands of events every hour. This results in a nonstop flood of alerts that security teams must prioritize and investigate to discern whether the threats are serious.

Each alert requires a significant amount of qualified human resources that, for most security teams, are in short supply. This leaves those tasked with the job overloaded and enables true attack alerts to get lost in the noise of false positives.

Nearly half of respondents to a 2019 CRITICALSTART survey reported that 50% of alerts or higher are false positives. To address this alert fatigue, 57% of respondents tune specific alerting features or thresholds to reduce the alert volume, while another 39% simply ignore certain alert categories.

These approaches can produce disastrous consequences. One notable example of what happens when alerts are ignored is the Target data breach of 2013, where 40 million card records were stolen. Despite numerous alerts warning of the unfolding attack, Target did not react in time because similar alerts were commonplace and the security team incorrectly classified them as false positives.

As organizations’ data and IT infrastructures spread out across the cloud, the number of alerts is only going to increase and exacerbate the situation. It’s a difficult problem for CISOs, as the only plausible option is to reduce the number of alerts their team is required to inspect.

How to address security alert fatigue

Triggering thousands of alerts daily that are never investigated or are casually dismissed as false positives add no value to security operations. It only creates opportunities for important alerts to be missed because there is not enough time to review them.

Reducing the number of alerts lowers the chance of false positives and improves alert accuracy: Any alerts that are generated will contain actionable insight to help the security team investigate them, including details on the chain of events that lead to an alert.

However, it is exceedingly difficult to create rules that narrow down anomalous events and threats to a manageable number of alerts, especially in security systems that cover all user activities. Machine learning and AI have long been touted as the future of detecting patterns of behavior that deviate from the norm, even in subtle ways. However, until recently, these technologies have struggled to stem the tide of alerts. New cloud-based approaches to offset alert overload are coming to the market that concentrate on producing less — but more significant — alerts based on their context.

CRITICALSTART, FireEye and Palo Alto Networks offer services that prioritize and present a contextualized alert. These alerts include details such as the root cause, the entire attack chain, the entities involved and a damage assessment that includes easy-to-digest graphics. With information about a potential problem presented in this format, security analysts can properly analyze and correctly respond to alerts.

Why preventing security alert fatigue matters

Of course, it’s not just an organization’s security teams that must deal with daily security alerts. On an average day, employees at all levels are likely to receive some sort of alert to avoid opening a suspicious email attachment, to not click on a potentially malicious website, or to not share their passwords.

It’s important that employees pay attention to these warnings and reminders, but perimeter defenses should prevent most malicious inbound traffic from reaching the end-user to reduce the number of warnings their antivirus program needs to generate. Security awareness programs can help educate the user about how to evaluate and utilize the information received in the email or text notifications they regularly receive.

Security alert fatigue is so challenging because technology cannot eliminate human error entirely. But eliminating useless alerts and making the necessary ones more meaningful can prevent security teams from being overwhelmed with alerts that ultimately are overlooked or ignored altogether.

Feature in TechTarget Security | July 16, 2020

Taxes Are Due, But Beware of Scams Targeting Last-Minute Filers

LOS ANGELES (CBSLA) — The federal income tax deadline is Wednesday, after being postponed from its typical April 15 date due to the coronavirus pandemic.

The IRS says it has a huge backlog of paper tax returns because so many IRS employees have been working from home. Millions of taxpayers who filed paper returns have not yet received their refunds, even months after sending them in. Paper returns are being processed in the order they have been received, so taxpayers should not call or file a second return, according to the IRS.

IRS’s website is encouraging taxpayers and tax professionals to file electronically because processing paper returns can take several weeks longer than usual.

Those who need more time can file for an extension, and delay filing until Oct. 15, but will still have to pay what they owe at that time or be subject to penalties and late fees.

Experts are also warning people to be on the lookout for email and phone scams targeting panicked filers.

“A lot of the scams that we see during the tax season, especially on Tax Day, are a lot of phishing attempts to both individuals as well as tax preparers,” Quentin Rhoads-Herrera, a cybersecurity expert, said.

Rhoads-Herrera, of CRITICALSTART, said scammers are usually trying to get sensitive personal information or money.

“The most common one we’re seeing currently is a phishing attempt, a fake email being sent, claiming that they’re from the IRS to the individual stating that if they don’t pay by a certain date, their social security number will be turned off or canceled,” Rhoads-Herrera said.The IRS said that if people can’t pay the full amount they owe, they should pay what they can and arrange a payment plan, apply to defer payment to a later date or request penalties be waved due to economic hardship — though people will still be on the hook for the interest.

Those who have not yet filed their taxes can do so online through the IRS website.

Featured on CBS Los Angeles | July 15, 2020

Hackers Target Contact Tracing Applications

NBC News and Boston 25’s Blair Miller interviews Quentin Rhoads-Herrera of CRITICALSTART‘s TEAMARES about the vulnerabilities associated with contact tracing and how hackers are targeting companies and individuals through these apps.

Video Transcript:

M. Davenport:  Health officials want to know how people are contracting the Coronavirus, who they are catching it from, but one of the methods for finding out is coming under fire and it could be exposing you to hackers. Blair Miller found what has some people so worried and why you could be at risk.

B. Miller:  Contact tracing is a way for states to identify who’s had the virus and then figure out who has had contact with that person. It’s supposed to help figure out how the virus is spreading and prevent it, but it’s also raising a lot of red flags for cybersecurity experts.

B. Miller:  State health officials are pushing for communities to trace the virus from person to person in an effort to know how widespread it is.

M. Sudders:  Answering the call and sharing information about your close contacts helps us track the spread of the virus and keeps us all safe.

B. Miller:  Contact tracing involves people giving their information through web-based apps or through a phone call so that health groups can then pinpoint the spread, but cybersecurity groups are warning that hackers are using them too.

B. Miller:  How widespread do you think this could be and the kind of problems that it leads to?

Q. Rhoads-Herrera:  I think it could be very widespread.

B. Miller:  Quentin Rhoads-Herrera researches cybersecurity problems and found that there is no single contact tracing method that health departments are using. A recent study of 17 government-sponsored apps found that less than a third had the kind of encryption methods needed to protect sensitive information.

Q. Rhoads-Herrera:  We’ve seen, for the most part of this year, contact tracing phishing attempts at companies and people trying to trick them into giving bank account information, social security numbers, things of that nature.

B. Miller:  As the Coronavirus cases climb in some states, the tracing will too. Rhoads-Herrera believes the attempts hacks will only get worse.

Q. Rhoads-Herrera:  That’s the most critical piece. If you understand what’s going to be implemented, you can avoid all of those other shady applications.

B. Miller:  If you are asked to be part of the contact tracing, make sure your health department is involved when doing this and make sure that you’re using the tools they suggest.

The Need for State Data in Contact Tracing Apps

Leslie Toldo of NBC 25 Mid-Michigan Now News interviews CRITICALSTART‘s CTO, Randy Watkins, on the potential impact COVID-19 contact tracing apps on your cybersecurity.

Video Transcripts:

LT: With all of this going on and all of this in mind, it’s hard to know if you’ve already been exposed to coronavirus. There are some contact tracing apps available, but a tech expert from the security firm CRITICALSTART warns that if an app doesn’t use state data, it won’t be reliable. He says it’s vital to pay attention to alert exposures, like the ones we told you about this morning, and report symptoms and test results to loved ones and your employer right away.

RW: If you miss a common link, there is a potential that the actual origin of that outbreak could be entirely missed. The other big risk there is if you aren’t contacted because you don’t have these applications or you are not a part of this contact tracing method, you could be infected or you could be a carrier of the virus without knowing and unknowingly, unfortunately, spread it to more vulnerable family members.

LT: The state health department is doing contact tracing by phone and ask people to take any call that comes from the My COVID help number or your local health department.

COVID-19 Contact Tracing Apps and Your Privacy

As COVID-19 cases rise, some people and government agencies are turning to contact tracing apps to help monitor the spread of the virus.

So how exactly does that work, and how much information do they get?

Carnegie Mellon University Professor Po-Shen Loh led a team developing NOVID, a contact tracing app designed to notify users when someone who self-reports testing positive for COVID-19 comes near them.

“As you’re walking around in public if you happen to be near somebody else who also has the app installed, the 2 apps communicate with each other through Bluetooth,” Loh said.

The NOVID app also uses ultrasound to improve accuracy. “We don’t just use only Bluetooth because it might accidentally miscategorize people as being together when they were separated by a wall,” Loh said.

The contact tracing app being developed in a joint effort by Google and Apple also uses Bluetooth, but neither uses GPS.

Both apps’ creators say the information collected remains anonymous.

“As soon as you install the app it generates random user ID that has nothing to do with you. It doesn’t tell your name or your phone number,” Loh said.

If you search contact tracing in the app store, a multitude of different apps some up, so you need to be careful what you download. Cybersecurity experts say to especially avoid the ones that use GPS.

“I’d be concerned about all the info that could be available for a hacker to get, personal info, location, where you’ve been, have you had a positive test for COVID-19, those are things that should be kept private,” said CRITICALSTART CEO Rob Davis.

Recent polls show 60% of Americans are wary about using these apps.

“There’s a lot of people because of distrust of government or Apple or Google and concerns about privacy are not using these apps,” Davis said.

Loh said more than 40,000 people have downloaded the NOVID app, and Pennsylvania’s State Health Department said it is working on an app to use the Apple-Google platform.

“The biggest problem is getting enough people to utilize these applications so the automatic contact tracing becomes useful,” Davis said.

Overcoming that hurdle will be necessary to make these apps truly effective.

Featured in WPIX-TV 11 | July 2, 2020

Critical Start Recognized as Best Place to Work by the Channel Partner Insight MSP Innovation Awards 2020

PLANO, Texas, June 25, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced that it has been recognized as a Best Employer and Place to Work in the Channel Partner Insight MSP Innovation Award. CRITICALSTART was selected for this award based on its track record of attracting and retaining top talent.

Cybersecurity is a highly competitive industry with scarce talent. Accordingly, CRITICALSTART‘s priority is keeping talent on board and happy with the work they are doing. Beyond perks and incentives such as equity in the company, unlimited PTO, matching 401K, and workout and nap rooms, CRITICALSTART was recognized for its unique culture based on three core principles: do what’s right for the customer, do what’s right for our employees, and don’t do things that suck. The company delivers on these principles through open, two-way communication with the team and a culture of caring that starts at the top. Employees value and see these principles in action every day with employee events like chili cook-offs, spontaneous barbecues, birthday celebrations each month, and more.

“The war for talent will play – and is already playing – a critical role in the workplace culture of the future, especially in the cybersecurity industry, which currently has a 0% unemployment rate,” said Rob Davis, founder and CEO of CRITICALSTART. “Our hiring profile is geared towards hiring internally motivated people with a drive for excellence. Our culture is what initially attracts phenomenal candidates to CRITICALSTART. My job as CEO is to create a workplace environment and culture that allows these talented employees to thrive.  It’s energizing to be part of a team where you are confident that you can count on the people around you. Beyond that, we’re staying ahead of the competition by offering creative perks and equity to incentivize our team.”

About CRITICALSTARTCRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn oFacebook.

CRITICALSTART Named to CRN’s 2020 Solution Provider 500 List

PLANO, Texas, June 2, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, announced today that CRN® a brand of The Channel Company, has named CRITICALSTART to its 2020 Solution Provider 500 list. Each year, CRN releases its list of top 500 solution providers, a ranking of the leading IT channel partner organizations across North America by revenue. CRN’s Solution Provider 500 list serves as the industry’s benchmark for recognizing the top-performing technology integrators, strategic service providers, and IT consultants, and as a valuable resource for technology vendors looking to partner with top solution providers.

With evolving cyberattack methods and legacy models of accepting risk, enterprise organizations are left exposed to breaches at significant risk. Every alert needs to be resolved. CRITICALSTART‘s MDR solution solves this problem by resolving every alert to stop breaches, leaving nothing to chance.

We offer our MDR service through our nationwide network of channel partners. By expanding our role as trusted advisor, we’re able to deliver solutions that fill a critical vulnerability left by the shortage of headcount, alert overload and limited security resources.

“Being named to CRN’s 2020 Solution Provider 500 List symbolizes a year of growth and achievement at CRITICALSTART, and this success is due to the dedication and commitment of our employees to deliver excellent service to our customers,” said Rob Davis, CEO at CRITICALSTART.

“CRN’s Solution Provider 500 list showcases the top IT channel partner organizations across North America,” said Bob Skelley, CEO of The Channel Company. “This year, companies on this list represent a combined revenue of $393 billion, a data point that underscores the impact and influence these solution providers have on the IT industry. On behalf of The Channel Company, I’d like to congratulate these companies for their outstanding contributions to the growth and success of our industry.”

CRN’s complete 2020 Solution Provider 500 list is available online at www.CRN.com/SP500 and a sample from the list will be featured in the June issue of CRN Magazine.

About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on TwitterLinkedIn or Facebook.

About The Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com

Follow The Channel Company: TwitterLinkedIn and Facebook

Copyright ©2020. CRN is a registered trademark of The Channel Company, LLC.  All rights reserved.

Accuracy in AppSec Is Critical to Reducing False Positives

According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the U.S., the report highlights the need for more advanced and accurate security solutions to help reduce alert-wary cybersecurity teams overwhelmed by massive alert volumes.

Alert Fatigue and Its Causes

Following are some of the key highlights from the report:

More than 41% of organizations experience over 10,000 alerts a day. That said, many of them are not critical. Teams need to be able to quickly differentiate between low-fidelity alerts that clutter security analysts’ dashboards and those that pinpoint legitimate potential malicious activity. This expanding volume of low-fidelity alerts has become a source of “noise” that consumes valuable time — from developers to the security operations center (SOC). Thousands of hours can be wasted annually confirming if an alert is legitimate or a false positive.

While security tools may trigger alert notifications, this doesn’t mean the activity is malicious. Security configuration errors, inaccuracies in legacy detection tools, and improperly applied security control algorithms can all contribute to false-positive rates. Other contributing factors include:

  • Lack of context in the alert generation process.
  • Inability to consolidate and classify alerts.

Another reason for the deluge in alerts is the fact that many companies deploy multiple security controls that fail to correlate event data. Disparate events may not be linked, with the tools used by security analysts operating in separate silos with little consolidation. Log management and security information and event management (SIEM) systems can perform a correlation between separate products, yet they require significant customization to accurately report events.

Tools like these often require a security analyst to confirm the accuracy of the alert—namely, if it’s a true legitimate alert or false positive. While these types of solutions can coordinate and aggregate data to analyze alerts, they don’t address the challenges posed by high rates of false positives.

Further complicating matters are intrusion detection and prevention systems (IDS/IPS) that cannot accurately aggregate multiple alerts. For instance, if a single alert shows that an internal system attempted but failed to connect to an external IP address 50 times, most tools will generate 50 separate failed connection alerts, versus recognizing it as one repeated action.

Security Alert Overload Introduces Risk and Inefficiencies

The time it takes to investigate and validate a single alert can require a multitude of tools just to decide if an alert should be escalated. According to a report by CRITICALSTART, incident responders spend an average of 2.5 to 5 hours each day investigating alerts.

Unable to cope with the endless stream of alerts, security teams are tuning specific alert features to stem the stream of alerts to reduce volume. But this often ratchets up risk, as they may elect to ignore certain categories of alerts and turn off high-volume alert features.

As a result, one of the challenges development teams have in managing alert fatigue in application security (AppSec) is finding the right balance between setting liberal controls—that could potentially flood systems with alerts—and more stringent alert criteria that could find teams subject to false negatives.

While false positives may be annoying and burden teams with additional triage requests, false negatives tend to be more nefarious, because the functionality of an application that is tested is erroneously flagged as “passing” yet, in reality, it contains one or more vulnerabilities. For AppSec teams, the objective is having the ability to detect valid threats that provide quality alerts, supported by the context and evidence to inspect them accurately and continuously.

Reducing Alert Fatigue With Instrumented AppSec

Fortunately, technologies like instrumentation help automate security testing to reduce false positives and false negatives.

Instrumentation is the ability to record and measure information within an application without changing the application itself. Some current “flavors” of security instrumentation today include the following technologies:

  • Software Composition Analysis (SCA).SCA performs inventory and assesses all open-source libraries
  • Runtime Application Self-Protection (RASP). A RASP monitors threats and attacks while preventing vulnerabilities from being exploited.
  • Interactive Application Security Testing (IAST). An IAST monitors applications for novel vulnerabilities in custom code and libraries.

By instrumenting an application with passive sensors, teams have more access to information about the application and its execution, delivering unprecedented levels of speed and accuracy in identifying vulnerabilities. This unique approach to modern AppSec produces the intelligence and evidence necessary to detect vulnerabilities with virtually no false positives and no false negatives.

At the end of the day, your security tools need to give you less, but significant, alerts that contain the correct intelligence to best inform your security and development teams. With technologies that use instrumentation, like SCA, IAST, and RASP, you can achieve high accuracy due to the visibility into an application and its runtime environment as code loads into memory to provide enhanced security logging for analytics.

Featured in DZone | June 1, 2020

How Apps Could Change the Workplace After Coronavirus Crisis

Several apps could hold the future to a safe office after reopening.

Imagine you are going in to work. If you work in an office building, you probably have to go through the front doors, maybe past a security desk. You might even get on an elevator.

You may pick up some coffee or tea in the break room and say hello to a co-worker, before finally sitting down at your workspace.

Sounds pretty normal so far, but as many states begin the process of reopening as the novel coronavirus pandemic loosens its grip, experts say it’s time to start thinking about how to keep those workplaces germ-free.

Mark Ein, the CEO of Kastle Systems, a security company specializing in office buildings, told ABC News’ “Perspective” podcast that technology can play a role in monitoring surfaces around the building that could have the virus, starting at the front door.

“As you approach the building, the security app on your phone, which we [already] have today, will connect with the motorized door, because the app said that you’re authorized to come into the building, [and] the door will open automatically,” said Ein.

The same smartphone app can also save you from touching elevator buttons.

“[Instead of] pushing both the floor and that you need an elevator, you’ll put it in your app and the app will talk to the elevator, call the elevator and tell it where you’re going,” said Ein.

The app is part of a larger plan that Kastle has come up with called Kastle Safe Spaces. Ein said it’s designed as a framework employers can use as they start to bring workers back.

There’s even a version of an immunity passport scaled down for use around the office.

“At the point when we have widespread testing, if we also use antibody testing as a way to determine who is safe, all of those things can be entered into your health record and you can effectively get an easy pass if you’re known to be safe,” Ein said.

The easy passes can also work in reverse by tracking people who may not have symptoms, but could still be spreading the virus.

It’s a form of contact tracing, which is considered by the Centers for Disease Control and Prevention to be a key strategy in slowing the spread of coronavirus.

Apple and Google recently teamed up to develop their own tracing technology, but those strategies all address large populations.MORE: Google and Apple team up for contact tracing COVID-19 app

Howard Tiersky, the CEO of FROM, a digital marketing firm, developed an app designed specifically for the workplace by using the Bluetooth on your smartphone.

“It’s recording what we call an incident, and an incident is a period of time when you get closer than a certain threshold to another person with the app,” Tiersky told the “Perspective” podcast. “It’s generally around 7 feet and it records how long you were near that person, who the other person was and approximately how far away from them you were.”

There can be downsides to contact tracing in an office, according to Quentin Rhoads-Herrera, the professional services director at cybersecurity firm CRITICALSTART.

He told “Perspective” that it could make it easier for employees to identify sick co-workers, even if the data is anonymized.

“All of a sudden one person disappears, and now I’m getting an alert that I’ve been around somebody who has been infected with COVID-19. Well, I’m going to be able to make an assumption that was that person,” said Rhoads-Herrera.

That could have unintended consequences.

“Nobody wants to be shamed for something like COVID-19, or anything, and I think that would lead to that,” said Rhodes Herrera.

For his part, he said that it’s an employer’s responsibility to create a corporate culture where that type of shaming is not allowed, similar to anti-discrimination policies around gender, age or disability reporting.

Featured in ABC News | May 17, 2020

Are Contact Tracing Apps Putting Your Private Data At Risk?

That’s what a lot of you have asked us. So, the Q&A team reached out to Quentin Rhoads-Herrera – a security breach specialist.

In mid-April Google and Apple launched a contact tracing app model that would allow people to offer up their location information in order to help stop the spread of COVID-19. But could that decision put users’ personal data at risk?

WUSA9 reached out to Quentin Rhoads-Herrera – Director of Professional Services at CRITICALSTART to find out. Rhoads-Herrera specializes in helping companies recover after they have experienced a security breach.

QUESTION:
Does the government need permission from a citizen in order to look at their cell phone data for contact tracing purposes?

ANSWER FROM RHOADS-HERRERA:
Yes. If you look at Google and Apple’s implementation, that they started in mid-April, the government only has access to the information that individual opts in to send. And the only government agency that should technically have access are health organizations.

Before we answer more questions about security, we want you to understand how the Bluetooth contract tracing model works. Take a look at this video:

According to the security company, CRITICALSTART, contact-tracing apps like the one built by Google and will constantly broadcast unique, rotating Bluetooth codes that are derived from a cryptographic key that changes once each day.

If you’re not a techie – according to CRITICALSTART, this is what that looks like in real life.

You’re going on your daily quarantine walk, you pass by a few people that are about five feet away, maybe you wave, then you sit on a bench and watch some dogs play in the park, you stay there for at least 5 minutes.

Then you decide to pop into a grocery store to grab some food for dinner. You’re also there for at least 5 minutes. Along the way, your phone, through the Bluetooth, has been keeping track of where you’ve been and who you’ve been around just in case you or one of the people you came into close contact with test positive of COVID-19.

CRITICALSTART says that at the same time, the app is constantly monitoring other phones within a certain amount of range and time. They said the app doesn’t know the exact longitude and latitude of users, instead, it works off of the unique Bluetooth codes.

When a user reports a positive COVID-19 diagnosis, CRITICALSTART says their app uploads the cryptographic keys that were used to generate their codes based on where they went over the last two weeks to a server.

All of the other app users that they unknowingly came into contact with would be able to download those daily keys and find out if they could possibly be at risk of infection.

According to Apple’s website, if the app finds a match in the codes, it will allow the positive user to generate an “exposure” notification to let other users know that their phones had been in the vicinity of the infected person’s phone during a given period.

CRITICALSTART says that the app can also send the potentially infected person information about self-quarantining or getting tested themselves.

QUESTION:
How many people would need to use the app in order to make it an effective tool for tracing the spread of COVID-19?

 ANSWER FROM RHOADS-HERRERA:
I’ve heard everywhere from about 70-90% in order for this to be effective across the entire united states. The main problem is that there are so many different implementations, applications being leveraged.

According to Rhoads-Herrera, applications like the one built by Google and Apple are decentralized, which means they don’t store all users’ data in one place.

The data is left on the user’s phone and only combined with the information of other users when a positive diagnosis is confirmed and that the user has allowed their information to be shared. In those cases, the information is sent anonymously through the app.

“However if you look at the UK who has decided to build their own application, they’re going with a centralized model which means everything is being stored in a centralized data set,” says Rhoads-Herrera.

There are pros and cons to a decentralized system.

Rhoads-Herrera says it is safer in terms of security and privacy because all user data isn’t stored in one central hub like in the UK, but it lacks consistency in data because there can be many apps collecting data.

And once data saved to a centralized server is breached, Rhoads-Herrera says the hacker can get access to critical information like the location and identity of the user.

Featured in WUSA9 | May 12, 2020

Tennessee Has Just 25 Percent of Recommended Contact Tracers

Tennessee has just 25 percent of the recommended amount of contact tracers, leaving the state 1,500 people short for the critical disease mitigation effort.

The National Association of County and City Health Officials is recommending just over 2,040 in Tennessee for its population. Nashville has just 75 contract tracers which needs to be tripled to become adequate.

“This contact tracing is an essential tool we have to use to get everyone back to work,” said Democrat Mike Stewart from the TN House of Representatives. “I understand sometimes we have political disputes, Republican, Democrat, but everybody recognizes contact tracing is going to be an essential part of moving forward, so I do not understand these low numbers the department has.”

The Tennessee Department of Health has defended their contract tracing efforts by pointing to the work local health departments are doing and by saying they are training more tracers.

Stewart and several other state leaders have suggested arming furloughed health care professionals with the training they need to become contract tracers in their community.

“We need to fight coronavirus like we fight wars where you put everything on the table,” Stewart continued. “And I just don’t think our Department of Health is doing that.”

Representative Scott Cepicky, a Republican from Maury County, wrote a letter to his colleagues in the state house, encouraging them to join him in an effort to stop a program that shares the information of sick Tennesseans with law enforcement.

He wrote in the letter, “an issue of great concern is the infringement of personal privacy and liberty that is happening right now in Tennessee.”

On the cybersecurity front, Apple and Google are both offering anonymous location services data to help with contact tracing in some instances, but neither company has a history of compliance with government wants and wishes.

“Location data is notoriously easy to de-anonymize and identify individuals, thus resulting in the violation of your privacy,” said Quentin Rhoads-Herrera, a cybersecurity expert working as the Director of Professional Services for the firm CRITICALSTART.

Reporter Alex Apple asked Rhoads-Herrera, “What is your advice for people that are worried about this?”

“I would advise everyone to ask all the creators and storage holders of this data and applications to be as upfront as possible about how they’re storing this data and how they’re securing it,” he finished.

Featured in The CW Chattanooga | May 11, 2020

Transparency Key to Heading Off Qualms About Contact Tracing, Experts Say

In late April, Gov. Andrew Cuomo announced the state’s partnership with Bloomberg Philanthropies for New York’s contact tracing program.

Last week, New York City started recruiting 1,000 workers to conduct contact tracing.

This week, privacy concerns about the initiative have emerged. The focus was not as much on flaws on the tracing program as it was on how little is known about who will get to see the data and how it will be protected.

In a letter sent to the governor last Friday and released to the media on Monday, Public Advocate Jumaane Williams asked Cuomo to address questions about how New York will protect civil liberties and people’s privacy. “We cannot sacrifice protections and civil liberties in the name of speed … To maintain public trust, transparency is key.”

The Public Advocate requested information about the role technology will play in New York’s contact-tracing process and how the state will ensure no third party agency will be able to access data collected through contact tracing.

Williams also asked Cuomo to clarify who will get access to the data, what systems will be used to log and monitor it, and what research will guide how long contact tracing data stays in use.

A new report from the Surveillance Technology Oversight Project released on Thursday explores the risks associated with proximity detection, which relies on Bluetooth signals from cell phones.

New York hasn’t announced any plans to incorporate this technology into its approach.

But S.T.O.P.’s report argues the discussion about privacy concerns and civil liberties cannot wait until the emergency ends.

“History teaches that privacy invasions often outlive the emergency they are intended to combat. To this day, the USA Patriot Act provisions that were supposed to expire in 2005 are being debated for renewal to 2024,” the report reads, referring to the domestic security law passed in the aftermath of the September 11 attacks.)

Through a spokesperson, the governor dismissed Williams’ concerns: “The data resides with the state, not a private foundation and this isn’t happening. There’s enough real problems fighting this pandemic, and we have no time for politicians who create fake ones in a craven attempt to get in the paper.”

Of course, to reach the tremendous scale required for contract tracing to be effective in helping control the spread of the virus, speed is an important factor.

But transparency is a success factor, too. Public health experts have repeatedly talked about how contact tracing cannot operate effectively if people distrust the program.

After all, contact tracing works best when tracers can reach as close as they can get to every single person potentially exposed to the coronavirus. For contact tracers to obtain sensitive information about people’s contacts and whereabouts, New Yorkers will need to feel comfortable speaking with contact tracers and understand how the information they share will be protected.

In his briefing on Monday, Williams highlighted the importance of explaining ahead of time the process for protecting contact tracing data, particularly for helping immigrant communities feel comfortable participating. One would expect that contact tracers would need to be able to explain how the information they collect will be safeguarded. Before the health department contacts anyone through the contact tracing program, more transparency about what New York is doing to prevent this pool of data from falling into the hands of other government agencies like ICE or private groups can help facilitate trust.

“This isn’t a question of privacy versus public health,” says Albert Cahn, executive director of the Surveillance Technology Oversight Project). “You cannot fight this virus [and] help save New Yorkers’ lives unless you have the privacy safeguards. If we try to move forward without that, it’s really just a recipe for disaster.”

Contract tracing isn’t new. But Cahn, who also serves on the New York Immigration Coalition’s Immigrant Leaders Council, says that the health department reaching out to thousands of New Yorkers, collecting their names and routines, creates a larger pool of information. It might not have been worthwhile in the past (due to a combination of legal safeguards and the far fewer number of individuals who’ve had information collected) for an agency like ICE or the NYPD to try to access data from the health department’s work on contact tracing with other diseases, he says. But, the scale of contact tracing planned to address the coronavirus is “orders of magnitude larger than anything we’ve done in our lifetimes,” says Cahn.

In 2017, New York City had to fight in court to be able to destroy personal documents collected through its municipal ID program, IDNYC. The IDNYC program was designed to especially benefit immigrants in the city, but the process for destroying documents became a major sticking point. Cahn fears a repeat of this issue if New York doesn’t develop a protocol that addresses privacy concerns from the start.

Quentin Rhoads-Herrera, a cybersecurity professional at Critical Start says it’s important to be clear about who gets access to the data in the first place because there’s always a risk of a leak originating with someone who had been granted access to the infrastructure storing the sensitive information.

For its part, the health department says it plans robust protections for the data and people’s privacy.

“The NYC Health Department has been protecting patient confidentiality in the course of its contract tracing for diseases like tuberculosis, measles, and HIV for decades. We feel strongly about our responsibility to protect patient health data in all that we do,” Stephanie Buhle, spokesperson for the NYC Department of Health and Mental Hygiene, said in a statement to City Limits. “Patient health information is also protected by various State and City laws, rules and regulations. New Yorkers are never asked about their immigration status.”

Featured in City Limits | May 7, 2020

Politico: An Unusual Hacking Threat

The education system might be overlooking an unexpected threat with the whole world moving online: SAT and ACT hacking. Unlike other hacking threats, nation-states and criminals aren’t the primary risks, said Quentin Rhoades-Herrera, director of professional services at computer security firm CRITICALSTART. “Students in the past have hacked their own universities to change their own grades,” he told MC. “This is now going to be more on a larger scale because of how much it’s going online.”

Speed has taken precedence in the education sector, he said: “Their focus was getting these students online as fast as possible. It’s going to be the same for the SATs and ACTs. Security is probably going to be in the backseat.”

Test companies vow security, but: The College Board, which administers the SAT, said last month it “would ensure that at-home SAT testing is simple, secure and fair” if remote testing is required this fall if coronavirus quarantines are still in place. ACT also announced last month it would offer remote testing this fall that “upholds critical aspects of test security and score validity.” College admissions counselors, however, are not so sure about the security and validity of at-home tests.

Featured in Politico | May 6, 2020

16 Strategies For Attracting Top Tech Talent To Your Company

In a highly competitive economy, it’s often difficult to attract and retain top talent. This is especially true in the ever-evolving tech industry. In a field that changes so quickly, it’s hard to find good workers who also have the necessary skills for the job.

When a talented candidate reaches your pool of applicants, you may need to convince them to join your company over a competitor’s. Below, 16 members of Forbes Technology Council share some strategies you can use to successfully snag top industry talent.

1. Lead With Your Mission

Lead with mission. Here in Palo Alto, we see so many tech startups and very few have considered a mission component to their company. When an enterprise has a very clear and measurable way of showing how the world is better because of its organization, it is a lot easier to attract and retain talent. – Stephen Dalby, Gabb Wireless Inc.

2. Create The Right Culture

Creating the right culture for an organization is the key to attracting, retaining and empowering employees. Company culture can be achieved by focusing on three core areas: cultivating community, celebrating individuality and embracing possibility. By prioritizing these behaviors, tech leaders can improve retention, drive recruitment and build an environment that fosters growth and innovation. – Mike Dickerson, ClickDimensions

3. Turn Your People Into ‘Superheroes’

Innovation requires diverse, top talent. To stay competitive and attract new hires, leaders must implement technologies that make jobs more dynamic and fulfilling, and allow for career growth. We invest in AI to make our people into “superheroes,” helping them augment their workflow and be better, faster and stronger at their jobs. They love how AI makes them more effective and they demand more. – Jeff Wong, EY

4. Show Them How They’re Part Of The Big Picture

It’s important to share your vision for growth and how critical new employees are to accomplishing that goal. Everyone wants to feel like they are doing valuable work, making a difference and that they are part of a bigger mission. With authentic conviction, share your company vision and how the job fits into that vision, and you will win the battle for the best candidates on the market. – Sanjeev Sularia, Intelligence Node

5. Demonstrate Your Commitment To Future-Proofing Your Work Environment

Tell them: Our work environment focuses on building employee skills to stay ahead of the game. We help you build your skills by providing you with the opportunity to juggle many digital skill sets at the same time. This allows you to think critically, do the data analysis and then perform the necessary coding to solve the problem. You learn to manage the whole process from start to finish. – Leonard Kleinman, RSA Security

6. Help Them Prepare For Their Next Job

With the industry-wide headcount shortage, most organizations are recruiting straight out of college. Most graduates understand that their first job should prepare them for their next job, so having an education and elevation plan in place to make them a more valuable asset is a great recruiting tool. It will also better the employee while they’re part of the company and may also breed loyalty. – Randy WatkinsCRITICALSTART

7. Align Your Culture With Success And Winning Together

The best companies not only have competitive pay and benefits, but also have a culture and focus aligned around helping clients succeed. People want to be a part of winning teams that are prioritized and add value, but also believe in the products and services. The best candidates seek teams designed to sustainably win together. – Jason Crabtree, QOMPLX, Inc.

8. Build Out Your Career Development Program

Lack of opportunity for career growth is a common reason good employees leave companies—and it’s key to attracting talent. If you don’t have a solid program in place, do it now. Step up in-house training,  reimburse for outside training and offer practical training opportunities to use new skills for real-world tasks. Support creative thinkers and don’t hold them back with “stay in your lane” rules. – Anna Frazzetto, Harvey Nash

9. Focus On Candidates’ Specific Expertise

Every role needs an entrepreneur-minded person, so it’s time we pivot away from the notion of finding a candidate that checks every box. To find and retain top talent, leaders should play to candidates’ domain expertise and not encourage them to be something they’re not. Candidates will prioritize companies that let their talent shine and give them the opportunity to help grow the company. – Sudheesh Nair, ThoughtSpot

10. Find The Overlap Between Their Goals And Your Job Opening

One strategy I use is to get a good fit between their career growth goals and the role I am working to fill. If the job is one that I need filled and at the same time, meets the immediate career goals of the candidate, they will be more likely to choose to come. – Linda Apsley, capitalone.com

11. Show Them What You’re Working On

What gets people interested? Provide them with interesting work where they can show they know their field better than anyone else. So, actually show them the projects you’re working on. Can you offer that kind of unique experience? Then you don’t need to convince them. They’ll convince themselves. – Vaclav Vincalek, Future Infinitive

12. Help Bring Their Vision To Life

Any hire will always do their due diligence on the company’s culture before they accept a job. Breathe growth and focus on the potential hire’s aspirations—every person is a CEO in their own heart. Understanding their vision is important. There will always be competition; however, if what a potential hire wants from their professional life can coincide with the company’s goals, it’s a win. – Bhavna Juneja, Infinity, a Stamford Technology Company

13. Invest In Your Managers

The key to recruiting great people into your company is to have a great company. Invest in your managers with the right development and empowerment to create the right culture. As those managers recruit new talent, their authenticity will show through. – Steve Pao, Hillwork, LLC

14. Lay The Groundwork For Their Future

The new hires are most concerned about their future, both within and out of your company. The employers need to appeal to this concern. Ensure that they will be working and learning not only for the present moment and position, but also laying down the grounds for the future too. The more you are going to give, the more comfortable your potential hires will be with choosing you. – Daria Leshchenko, SupportYourApp Inc.

15. Demonstrate A Cultural Alignment

High salaries, good benefits and many perks are all great at attracting talent, but none are as good as company culture. What is the point of making 10-20% above market if you hate coming into work every day? Being surrounded by like-minded people that respect, encourage and motivate you is far more valuable than anything else a company can offer. – Abishek Surana Rajendra, Course Hero

16. Make Your Best Offer Up Front

For candidates, the right job is about more than just good pay. There’s the work schedule, remote work possibilities, health benefits, training budgets, wellness programs and more. Present your offer up front and avoid getting ghosted for someone else. Without it, they might never come back to you and you’ll have lost out on a great candidate. – Thomas Griffin, OptinMonster

Assessing Your Cyber Risk Impact: Intent vs. Opportunity

Cybersecurity is no longer just a concern for large corporations and government entities. One of the largest attack surfaces today is healthcare where facilities rely on ease of access and fast sharing of data to facilitate immediate and effective care.

Breaches in healthcare are occurring more frequently than ever before. According to HIPAA Journal, an estimated 494 data breaches of more than 500 records were reported to the HHS’ Office for Civil Rights in 2019. Additionally, more than 41 million records were stolen, and/or disclosed without permission last year. As of November 2019, the healthcare industry accounted for four out of five data breaches, with predictions that 2020 could be a record-breaking year. The financial impact also hurts the healthcare industry, with costs from those breaches estimated to reach approximately $4 billion in 2020.

Given these escalating stats, there is no such thing as out of bounds businesses in the cyber threat world. The only real question is whether your organization is a target of opportunity or intent. A target of intent is one that an attacker is seeking to cause notable impact, while a target of opportunity is one that an attacker is simply exploiting in order to get to their real target.

Attackers, especially those driven by geopolitical motives, are looking for disruptive impact and notoriety. While healthcare is an obvious target of intent for attackers looking to cause tangible impact, they typically will not attack these entities directly due to the higher risk of detection. This is where the targets of opportunity come into play.

An attacker looks for existing trusted connections with their end targets. For example, an experienced thief may not attempt to rob a bank directly through the front doors, but rather looks to see if there is a way in through a trusted connection such as a connected building that shares a ceiling or some other form of less visible entry. In the digital world, this means observing who their end targets are connected to and how those connections are implemented, monitored and leveraged.

Companies rely heavily on digital connections with their vendors, partners, service providers and customers. These connections present potential risks on all sides. A supplier who has a connection to a medical facility for billing may serve as an optimal target of opportunity for an attacker to gain access to the facility’s patient information, details of upcoming procedures and scheduling, supply orders and even physical power and/or HVAC capabilities.

Small to medium-sized businesses are frequently targeted by phishing attacks. The attacker’s intent is to set up a presence on their network to gain access to larger businesses with whom they may have connections. Alternatively, larger entities need to assess not only how they connect with these other businesses but also how their network is designed to prevent these attacks from moving forward should a partner connection be compromised. This means taking a holistic approach to reviewing their network visibility, how it’s constructed, segmented and used. Simply purchasing a new security tool will not improve your security risk posture if you have abundant faults in your IT implementation and utilization.

To assess your risk and impact, here are some questions your organization should consider:

  • Is your network segmented properly?
  • Do you have the right controls in place to limit permissions?
  • Are you able to detect and respond to attacks?
  • Can you enforce the policies you have written and do those policies make sense?
  • Have you built the right security culture within your company to prevent the exploitation of your people?
  • What do you have that would be of value to an attacker?
  • Do you know what activity is normal for your network?

These are just some of the questions that must be asked when assessing your risk and impact. If you are not pursuing answers to these questions, then you are exposing your business and those you do business with to unnecessary risk. To mitigate risk, every organization should be breaking down silos and self-centric thinking and considering the world outside your business to determine what impact we have on each other.

Author: Joshua Maberry | Director of Customer Success, CRITICALSTART

Featured in TechNation | April 30, 2020

16 Smart Project-Management Strategies Every Tech Leader Can Use

Task and project management is a must-have skill in the technology industry, especially for tech leaders. Most are handling multiple projects and demands on their time, so it’s important to be able to prioritize and get everything done.

As some of the top professionals in the field, the members of Forbes Technology Council have spent years cultivating their project-management skills. Below, they share their go-to project-management strategies.

1. Let your team own the projects they’re passionate about.
One management strategy is to create an organization where people apply or sign up for the projects that they are passionate about. This requires that leaders end centralized management and disperse responsibility, creating a self-managing organization. Those who are passionate about a project manage it from beginning to end, often completing projects faster and with better results. – Sergei Anikin, Pipedrive

2. Set milestones and goals as a team.
A lot of tasks we end up focusing on are more related to activity than productivity. To make sure our focus is on productive tasks, the entire organization must be aligned on the organization’s goals and the tasks everyone must do to contribute to those goals. Once everyone understands their function, setting and focusing on milestones to accomplish larger tasks leads to better progress. – Randy WatkinsCRITICALSTART

3. Have a central communication tool.
The first and most important step is to define the goal of the project and clarify expectations. All modern project management comes down to managing expectations. The circulatory system of modern management is communication channels. The key communication tool is a task-management system combined with a knowledge base—something like Jira with Confluence. – Dennis Turpitka, Apriorit

4. Create an Eisenhower Matrix.
I look to Eisenhower for inspiration, and I utilize an Eisenhower Matrix daily. I make four boxes with “Urgency” on the x-axis and “Importance” on the y-axis. This allows me to bucket tasks into four categories: “Urgent/Important,” “Urgent/Not Important,” “Not Urgent/Important” and “Not Urgent/Not Important.” It’s a powerful way to figure out what needs to be done when. – Michael Zaic, Wild Sky Media

5. Hold regular standup meetings.
Quite a few principles fall under the agile project-management framework, but the one I find the most useful is having regular standups. In these meetings, team members go over what they’ve done and what they’re going to do, as well as if any roadblocks are in their way. This allows employees to go over every project they’re working on to give regular updates. – Kison Patel, DealRoom

6. Manage customer expectations.
Customers are notorious for adding to the scope or making changes to what they want. One of the best ways to deal with it is by managing the customer’s expectation of what they will get. This may mean that, as a manager, you will need to tell customers that their request is out of scope and requires a modification to the contract that may affect cost and/or timelines. – Michael Hoyt, Life Cycle Engineering, Inc.

7. Treat your days like sprints.
Time management is essential. I treat my days as sprints with specific time blocks for each activity. I leave two blocks in the afternoon to return to what I need to for additional review or followup. I set specific times for emails, phone calls, meetings, etc. And, importantly, I do not let them interfere with each other. – Wesley Crook, FP Complete

8. Monitor and address positive and negative risk.
Organizations with agile projects should realign their risk perceptions. Although negative risk must be carefully managed, teams should embrace positive risk to maximize business value. Risk matrices, risk burndown charts and risk-modified user story maps should be included on agile walls and must be adjusted to help teams identify, monitor and address both positive and negative risk. – Christopher Yang, Corporate Travel Management

9. Hire smarter people and nurture new leaders.
There is no greater joy as a leader than seeing those you have nurtured surpass you in talent and success. That is your lasting legacy. Hire people smarter than you and nurture their leadership abilities. There is the old adage of, “If you want to go fast, go alone, but if you want to go far, go together.” Develop a robust team of leaders and allow them to succeed. – José Morey, Liberty BioSecurity

10. Prioritize projects that move the needle.
Tech leaders are constantly juggling multiple projects and initiatives at once. But you need to select and prioritize projects that will make the biggest difference. Nonessential projects can actually result in productivity loss. Selecting the right projects is actually a skill that comes from an understanding of business strategy combined with a data-driven approach that will impact key performance indicators. – John Shin, RSI Security

11. Leverage managed services.
If you lead an engineering or development group and your tasks include maintaining toolsets, managed services can be a godsend. The same is true if you’re a systems or application administrator. Any service provider worth their weight can take things off your plate like admin and implementation, user training, troubleshooting, support issues, and the like. – John McDonald, ClearObject

12. Maintain a culture of accountability.
Even before specific task- or project-management skills come into play, it is important to maintain a culture of accountability. Start with yourself. Meet your own commitments and admit mistakes. Define your expectations. Ask for commitments. Be open to feedback. Coach people on how to be accountable and to hold others accountable, and understand what the consequences should be for poor performance. – Steve Pao, Hillwork, LLC

13. Lay out the details ahead of time.
Describe all the details and lay down all the plans even before the project is launched. This move is often underestimated, but it can really go a long way. Laying a solid foundation for projects will ensure that you are not going to need to manage them daily. If your team knows what to do, the process will be smooth and successful. – Daria Leshchenko, SupportYourApp Inc.

14. Stop micromanaging your team.
Let your team members take full ownership of their areas of responsibility. Keep them loaded at 70% to 80% to reduce stress levels and enable creative thinking. To ensure effective delivery, avoid any kind of micromanagement and tactics control. It’s ruinous for both sides. All in all, make sure your team always understands your “what” and can bring you their “how.” – Aleksandr Galkin, Competera

15. Limit distractions during your ‘focus time.’
Multitasking is a myth. To do deeper work, you need to limit distractions. To do that, you need cultural and individual practices that allow people to go offline for chunks of time and that respect that time so that folks feel comfortable turning off distractions and digging deep. This singular and serial focus allows you to “multitask” more because you are not constantly switching tasks. – Amith Nagarajan, rasa.io

16. Implement good status-reporting practices.
As a tech leader, I need to know the high-level details of the project (schedule, timeline, whether it’s on track, if anyone needs my help removing an obstacle, etc.). That way I stay updated, know when I need to get involved and can keep my schedule moving forward. We use the Entrepreneurial Operating System to keep our status reports and meetings on track. – Thomas Griffin, OptinMonster

Cybersecurity During a Pandemic: An Interview With CRITICALSTART

Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic.

In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure networks, and far removed from their typical IT support structure, an increase in cybersecurity threats has reared its head during the COVID-19 crisis.

I recently spoke with Quentin Rhoads-Herrera of CRITICALSTART to discuss trends they have recently witnessed, how the company is helping during the crisis, and cutting through some cybersecurity jargon. You can hear the full interview above.

Disinformation
I spoke with Quentin several weeks ago, and in the weeks since, the disinformation has increased, especially as the crisis took its hold in Europe and the US. During our interview. He mentioned that his team had noticed a rapid ramping up of domain purchases relating to COVID-19 and Coronavirus, and increased Twitter (frequently bot or spoof accounts) activity, spreading incorrect information as fast as the virus itself.

This is not the first time Quentin and his team have had to respond to increased activity, and major events typically trigger a flurry of activity in those corners of the web that many of us live in blissful ignorance of.

For example, when the US announced Space Force there was a rush to register similar domains to cause confusion. Whenever there is a mass of information on a particular topic, there will be an equal amount of disinformation. The announcements of various stimulus packages around the world added to the disinformation campaign, if there is a lot of money involved, you can guarantee that others will attempt to trick people into parting with it, even in a time of crisis.

Though Quentin took pains to point at that with the COVID-19 pandemic, the modern world has never seen a crisis of such a global scale. Equally, the cybersecurity community has never seen a reaction to that at such a scale either.

Phishing Attacks
Many of these fake domains are also used for targeted or mass attacks using Phishing techniques. Many of these phishing attempts promise cures, masks, or “official” information from government bodies, such as the CDC. While the human factor has always been the easiest route for any hack, the added factors of stress, distraction (from working around family members, etc.), and insecure work environments, as I mentioned above, have made it an easier play. Google also recently announced how many (18 million)c false emails they are blocking EVERY day.

Practice Safe Security
Cybersecurity doesn’t change so much in a time of crisis, just that the potential attack vectors change. As with any other time, you should treat any email that isn’t from someone you know (or looks different than it typically does) as potentially malicious. You should make sure you’ve changed the default admin account details on your router, use a VPN, or PGP signing, multi-factor authentication, etc. But we all know that these are not always the easiest tasks for everyone to understand and implement, and even then, malicious parties can lead them astray and cause even more harm.

Lend a Technical Hand
Now, at least a few weeks into the crisis for most countries, I’m sure IT support staff have had many a VoIP call with staff members attempting to help them get set up as securely and simply as possible. This task is made even more difficult by pressures on home internet performance, and other external pressures. I’m sure many of you reading this have helped out relatives, colleagues and friends with IT issues over the past few weeks, and this continues to be a great way tech-minded folks like us can help those around us who are struggling to cope with a lot of unknowns right now.

Another place we can help is by using our know-how and computing power to contribute to projects, such as [email protected] (for protein model simulations) or a multitude of hackathons (some specific open source ones too) in local and global areas.

CRITICALSTART has dedicated a proportion of their hash cracking machines that are normally used to test password encryption security to the [email protected] project, and even Blockchain miners are starting to switch some of their machines to help.

At the moment, one of the best skills (as developers and other tech-minded folks) we can learn to help others through this crisis is a large dose of patience and understanding.

A Cybersecurity Primer
While we’re on the topic, here are some key terms and concepts.

Team Structure
Cybersecurity companies tend to divide themselves into different teams, loosely around offensive actions (sometimes called a penetration tester) called a red team to find vulnerabilities, and defensive team, called a blue team, to help fix those vulnerabilities.

Managed Detection and Response (MDR)
A newer approach to security practices, where a team helps a client manage their security infrastructure by collecting logs from endpoints such as antivirus and threat detection systems, matching them to a registry of known “good” and “bad” alerts and actions to detect real issues.

This analysis can become quite nuanced, for example, allowing some users to run scripts, such as Powershell or bash scripts, but raising an alert if another user trues the same.

Zero-day
A zero-day is a vulnerability that the world does not know about yet. A vendor may know about it because someone told them about it, a client may know about it because it was found during a client engagement, but nobody else in the world knows about it. Generally, a team helps a vendor patch the issue and ensure that their clients have applied the patch. If the vendor never responds, then a team helps the client work around the patch as much as possible.

Featured in DZone | April 22, 2020

NFL Draft Via Social Media Offers Insights Into Online Security

For the first time in National Football League history, draft day is going remote and online. Social media will play a big part in that transition, and teams have to work in that world securely.

In recent years, the NFL turned the day its teams pick their stars of tomorrow into as big an event as any regular-season game. Thousands of fans showed up in cities across the country just to see what college kids their favorite teams would tap for their rosters. Coronavirus made that mega-event impossible, so draft war rooms dispersed from Green Bay to L.A. will send in their picks via video conferencing and keep fans updated via Twitter and other platforms.

In this first (and hopefully only) virus-limited NFL draft night, online security is paramount. Not only are teams afraid of being hacked by third parties ranging from plain old troublemakers to gamblers looking for tips, but they also have to consider the worst-case scenario — another NFL franchise trying to snoop into another team’s personnel plans.

The first pick is now hours away, and the cybersecurity firm CRITICALSTART is offering five tips NFL teams can follow to guard against their draft plans being exposed via vulnerable social media and video networks.

The security steps come off as basic, yet sensible:

  1. Leverage both strong passwords and multi-factor authentication for meetings channels.
  2. Scrutinize every email.
  3. If using Zoom, follow corporate best practices.
  4. Tightly manage your social media channels.
  5. Scrutinize all your communications.

More importantly, the minds behind  CRITICALSTART insist any home internet user can adopt those same ideas for a household network.

With “stay at home” quarantine orders for the Coronavirus still in effect, locked down individuals and families are using social media to contact the outside world at unprecedented levels — and therefore exposing themselves to hacks just like the NFL. They can make those social media hours safer by taking a good look at the same safety guidelines football’s best brains employ tonight.

Featured in Forbes | April 23, 2020

Virtual Draft Makes NFL Teams Potential Targets for Hackers

A hacker could provide entertainment value by disrupting the virtual NFL draft that begins Thursday. Desperation for any sports entertainment shouldn’t make us forget that these things are boring. The few moments of suspense as picks and trades are announced are drowned out by incessant chatter by talking heads and nonstop loops of player highlights.

This draft broadcast with commissioner Roger Goodell announcing picks from his home would be more fun if a hacker interrupted it to make mischief. Just please don’t shut it down completely. It already takes too long.

Such an infiltration would embarrass the NFL but wouldn’t compromise the integrity of the draft itself. There are other potential hacks outside the broadcast that wouldn’t be so harmless for the league.

What if teams, or third parties working for them, remotely hack into the videoconference platforms used by rival teams or even the computers of their personnel? Team officials aren’t allowed to congregate in one room, like usual, so they are scattered about and communicating virtually.

A team that digitally eavesdrops on what’s being said in the virtual draft rooms of other teams obviously would gain an illicit advantage this week. Gaining access to the computers of rival teams would be an edge that keeps paying off. The history of espionage in sports shows that teams are willing to cheat if they think they can get away with it.

The virtual nature of the draft provides hackers an opportunity to cheat without detection. And the popular Zoom videoconference platform that’s used by NFL teams and other businesses has been a target of such attacks.

Vice recently reported that brokers are offering for sell “exploits” that take advantage of vulnerabilities in the Zoom platform. The attack allows hackers to leverage what’s known as “Zoombombing” to infiltrate meetings and possibly access the target’s entire computer system. According to the report, the exploit requires the hacker to be on a call with the victim.

Quentin Rhoads, director of professional services for the cybersecurity firm CRITICALSTART, cautions that so far there’s no proof that the Zoom exploit exists.

“But in security, we are going on the perspective that it might be real, so we have to take it seriously,” Rhoads said. “If somebody were to (use the exploit) they could potentially gain access to all these Zoom meetings without being invited if the meeting I.D. were leaked and Zoom security best practices weren’t being followed. If victims are running Windows, (hackers) could gain local access to machines without the victim knowing it.”

Vice, citing an anonymous source, said the asking price for the Zoom window application exploit is $500,000. The market isn’t hackers looking to snoop on Zoom calls among friends and family. Hackers would be interested in intercepting sensitive conversations and information that businesses want to keep private.

NFL teams have a lot of that. For obvious reasons, the NFL isn’t offering specifics about what security measures it will use for the virtual draft. However, the league said the Microsoft Teams platform, not Zoom, will be used for its communication with teams and vice versa. CRITICALSTART said there have been fewer issues with Teams, but that it’s still possible to hack the platform.

Rhoads’ firm posted tips for NFL teams to safeguard their communication and information. One of them is requiring strong passwords and multifactor authentication to gain access to meeting platforms. An example of the latter is the platform sending users a text message with a code that’s required to gain entry.

“If an attacker decides they want to gain access to your password, they need to kidnap you or find your phone or steal it,” Rhoads quipped.

No NFL team would resort to kidnapping. But we’ve seen how far sports teams will take espionage to gain an advantage.

The NFL punished the Patriots in 2007 for violating NFL rules by taping the Jets’ defensive signals from the sidelines during a game. ESPN reported that New England had a secure room at its facility that contained videotapes of opponents’ signals going back seven seasons. Goodell ordered that evidence be destroyed.

MLB found that the Astros broke the rules by using a video camera sign to steal signs during the 2017 and 2018 seasons. The Astros used the scheme during the 2017 postseason when they won the World Series. MLB fined the Astros $5 million, took away draft picks and suspended general manager Jeff Luhnow and field manager A.J. Hinch.

The schemes executed by the Patriots and Astros required team personnel to be physically present at games. That made those cheating plots relatively easier to detect compared with remote hacking.

NFL teams, like all sports franchises, are paranoid about rivals stealing their information. With the draft now going fully virtual, they have to look out for hackers.

Featured in  Atlanta Journal-Constitution | April 22, 2020

Experts Warn of Tax Scams With Delayed Deadline

The tax deadline came and went and now is the time when scammers see confusion and opportunity.

“It’s like Christmas for scammers right now. This is as good as it’ll ever get for them,” said Rob Davis, the founder and CEO of Critical Start, a cybersecurity firm. He told Channel 2 Anchor Wendy Corona with a trillion dollars out there for individuals and companies, scammers are out for their share.

“They’re preying on the instincts of good people that maybe are a little bit confused, that doesn’t want to confront the government. If you’ve ever had one of these calls happen to you, they can be pretty intimidating,” said Davis.

His best advice — do not engage. You may get calls, texts, social media messages all aimed at getting you to make contact or click a link and that’s when they strike and steal your information. It’s especially rampant around the normal tax deadline date of April 15th. Some scammers will even send you fake checks.

“It’ll say, ‘Hey if something is wrong on this check call this number.’ The whole goal is to use the check as mechanisms to get you to call somebody so they can steal your information,” Davis said.

Davis warned that the IRS will not text you or aggressively force you to take urgent, immediate action. He also said avoid clicking any links and instead check everything against the IRS.Gov website. “Pause. Take a deep breath. Get some help. Come back to it later. There’s nothing wrong waiting a day. Always be suspicious,” he warned.

The new tax deadline is July 15th and you are not required to file an extension or pay anything until that date.

Security Versus Convenience

Zoom has become nearly synonymous with office meetings and socializing as people around the world have adapted to life at home amid the Coronavirus outbreak. That has put the roughly 9-year-old company in the spotlight more than ever before — for both the good and the bad, as an onslaught of security issues have come to light.

The biggest hurdle for Zoom moving forward, according to some security experts, isn’t just fixing those issues. It’s doing so in a way that enables Zoom to maintain the convenience that has made it so popular in the first place.

“There are different security measures that you can implement, but again it comes back to this pendulum of security versus usability,” said Etay Maor, chief security officer at cyber threat protection firm IntSights. “Where do you feel comfortable and where do your users feel comfortable?”

Zoom’s security troubles

The teleconferencing app has surged in popularity over the last month, as it’s hosted 200 million chat participants throughout March, compared with its previous all-time high of 10 million as of December 2019.

That has made the platform a ripe target for internet trolls. A new form of harassment known as Zoom-bombing has emerged in recent weeks, which is when intruders infiltrate a Zoom meeting and bombard participants with offensive content. The FBI has said that it received two reports of such incidents occurring in Massachusetts schools.

But that’s just one of the security woes that have troubled Zoom over the past month. The company was hit with a class-action lawsuit over accusations that it shared analytics data with Facebook without properly alerting users. Zoom also said that some calls were mistakenly routed through China as the company beefed up its server capacity in the country at the start of the outbreak.

The list of companies and organizations banning Zoom has continued to grow along with the security issues. Schools in New York City, the Taiwanese government, and Google have suspended usage of the popular video service. Singapore also recently told teachers not to use the service.

Security versus convenience

Enhancing Zoom’s security while keeping the service as frictionless and accessible as it has been could be a particularly challenging balance for the company to strike. Joining a Zoom meeting can be as simple as clicking a link from your email or calendar invite. But adding layers of security often means implementing more steps for the user.

“There’s always a trade-off between ease-of-use and usability,” said Rob Davis, CEO of cybersecurity firm CRITICALSTART.

Two-factor authentication, for example, adds more security but also means the user needs to take that extra step of typing in the code sent to his or her phone. Enforcing tighter controls around how participants join a meeting could also make the process of adding colleagues or friends at the last-minute slightly longer.

Stronger end-to-end encryption could also make it harder to maintain high call quality, one of the characteristics that makes Zoom so appealing, according to Satya Gupta, chief technology officer at web application security company Virsec.

“I suspect that this is going to be a serious problem for Zoom to be able to solve because, you know, when you encrypt and decrypt, it introduces lag and latency into a call,” Gupta said.

For its part, Zoom has been quick to react to the myriad of issues that have emerged. It outlined a 90-day plan to make Zoom a security- and privacy-first product. As part of that plan, it’s committed to freezing the development of new features to focus on increasing security, publishing a transparency report with information about data requests, and bringing in outside experts to evaluate its security practices among other measures.

The company recently tapped Alex Stamos, Facebook’s former security chief, as an external consultant to help it ramp up its security. It has also made security settings easier for users to access, and now requires additional password settings for users on basic, free accounts and accounts with a single licensed user.

Still, Zoom could be more transparent about the measures it’s taking, which makes it easier for other security professionals to assess the company’s approach to security, Davis said.

“That allows other people to more easily ascertain, ‘Have you taken the right steps?’ Davis said.

Zoom has said it will consult external security experts and form a council of chief information security officers from across the industry to discuss best practices when it comes to security.

But the experts seem to agree that trading some conveniences for security is worth it. And juggling the two, especially within 90 days, will be a challenge.

“It’s a hard balancing act that has to be performed,” said Maor. “It’s not an easy task.”Featured in Business Insider |  April 11, 2020

5 Things IT Teams Can Learn From Initial Weeks of Telecommuting

In the wake of the ongoing coronavirus pandemic, we have witnessed a surge in telecommuting as more companies transition to remote work. Over the last couple of weeks, we’ve seen a spike in web traffic (including a record-setting number of Zoom calls) as companies make the switch. Initially, there was even concern that this massive onslaught in web traffic might even break the internet, but, for now, it looks as though we’ve avoided this particular calamity. Nonetheless, the Great Telecommute Experiment of 2020 is well-underway.

The challenges involved in this overhaul are daunting for many companies and IT teams to say the least. Fortunately, this process doesn’t have to be all trial and tribulation by any means, even if organizations are a bit late to the game with their preparation. To assist, we’ve curated a series of tips from tech pros across the industry to help iron out some of the wrinkles as teams around the country make this clunky transition en masse.

Have policies in place for failure and business continuity

On the security side, this chaotic transition is certainly ripe for failure and breaches. With more teams working remotely, there are sure to be enhanced endpoint vulnerabilities. Additionally, more companies will increase the number of third-parties with network access during this transition.

“Organizations need to understand that more sensitive data will be stored and available via a remote workforce. You don’t want intentional or unintentional data leakage, which might require new controls on remote endpoints and cloud applications,” explained CRITICALSTART founder and CEO, Rob Davis.

As a result, more companies are looking to VPNs to beef up network security. One such provider recently reported worldwide use of its VPN technology had recently increased more than 160%. Although, as CRITICALSTART noted in our correspondence, there are other basic measures companies can adopt such as establishing multi-factor authentication and single sign-on protection. Regardless, even with the most comprehensive security measures in place, companies should also have a response strategy in the event of a breach.

“Plan for failure. Most breaches are caused by human error, and the best-intentioned people still make mistakes. Have an incident response plan that is updated to work in this new environment,” Davis said.

READ MORE

Featured in TechRepublic | April 7, 2020

A researcher found zero-days in one city’s software. Then he realized the problem could be bigger.

For Quentin Rhoads-Herrera, this was not a typical security test.

A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects.

He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software.

The product, known as CIPAce, has been used by public and private sector organizations to collect invoices and manage contracts and budgets, according to CIPPlanner Corp., the company that makes it. 

“If one attacker happens to exploit this city, then they can look and see, easily, every other city that’s using this … and attack them using the same methods,” said Rhoads-Herrera, a penetration tester at CriticalStart, a Texas-based cybersecurity company. He tried to contact another municipality to warn it about the issue.

Rhoads-Herrera says he hasn’t seen any malicious hackers exploit the vulnerabilities in CIPPlanner’s software. Zero-days in important software can be big problems for any organization, but for municipalities, the effects can be magnified. City governments are often cash-strapped and struggle to upgrade the technology on which they depend. A deluge of ransomware attacks has only served to expose how vulnerable public-sector agencies can be.

Reached by phone, Wayne Xie, a principal at CIPPlanner, said it was an “ongoing battle” to safeguard any software from hackers. “We continue to update the software and do penetration tests,” Xie said. He declined to discuss CIPPlanner’s clients or how many people work at the company.

Parts of CIPPlanner’s website don’t appear to have been updated in years. Two of the listed clients contacted by CyberScoop said they had stopped using the software. The company does have active contracts with an agency at a U.S. city government and with a county government in another state, according to data from those localities.

Getting the vulnerabilities fixed

After months of working with his client to mitigate the vulnerabilities, Rhoads-Herrera said he’s raising awareness about them through a report released Thursday. The report does not name the cities affected. CyberScoop has shared the findings with the MS-ISAC, the threat-sharing body for states and municipalities, which is investigating.

Rhoads-Herrera’s client, he said, has worked with CIPPlanner to address the issue.

The vulnerabilities found by CriticalStart could allow a hacker, without even authenticating on the network, to disclose information on internal databases or upload a malicious “web shell” to manipulate data. CriticalStart deemed two of the bugs “critical” because they could allow a hacker to inject malicious code into the software platform.

“Every single vulnerability we found in this application was unauthenticated,” said Rhoads-Herrera, who was skeptical of CIPPlanner’s claim that it does independent penetration tests. “And leaking passwords is definitely a critical issue, especially since I used it to VPN into their environment with ease.”

Rhoads-Herrera said he was encouraged by the fact that the municipality was “so involved in trying to actually secure their infrastructure.” The city IT team would email him during the penetration test to say they had noticed his activity on the network, he said.

That proactive approach to security is all the more important with people across the country working remotely during the coronavirus pandemic. Knowing who should and shouldn’t be remotely logging into your network can be the difference between properly managing a workforce and having corporate data stolen.

Featured in CyberScoop | April 3, 2020

AI’s Great, but It Still Takes Humans to Enforce Cybersecurity

When it comes to protecting computers and information systems from cyber attack, artificial intelligence and machine learning can help — but they’re no cure-all for a growing problem.

Notwithstanding the current excitement over AI and its increasing ability to best humans on numerous fronts, it’s no magic bullet for shoring up cybersecurity, says Randy Watkins, chief technology officer with CRITICALSTART.

AI excels at managing massive amounts of data, including alerts about possible security breaches. The problem lies in how it interprets that information.

Alerts are addressed in the order in which they arrive. Then they’re prioritized and assessed for the appropriate level of threat. Human analysts, with deep knowledge and experience of the business, are good at placing each alert in its proper context. Machines, not so much. An AI-driven system can detect anomalous user activity, but it’s less effective in determining whether the event involves malicious intent.

“I am not a naysayer of everything AI,” Watkins says, “but AI and machine learning don’t have the capability to apply an abundance of reason to what they’re doing.”

Machines aren’t especially good at minimizing false positives. Take Microsoft’s PowerShell, a popular framework for task automation. A machine can’t accurately determine whether a given user of that tool should be executing a command at a particular time. The anomaly may or may not be the result of a malicious attack.

The term “machine learning” implies that the system gets better with experience, but Watkins says that ability is limited. Training the algorithm to respond in the proper manner requires feeding in large numbers of previous examples, both good and bad. And it still doesn’t solve the problem of false negatives — actual attacks that the system misses. “You have to be able to strip back the outliers that are going to skew your data,” Watkins says.

Figuring out whether or not an event is malicious doesn’t always amount to a yes-or-no answer. For one thing, companies must determine how sensitive they want the system to be. Should it raise the alarm for 100% of seemingly anomalous events? How about 80%? Too much, and you’re inundated with alerts and potential system shutdowns. Too little, and breaches are likely to slip by undetected.

“When you introduce more variables, you require additional data sets, more context about the subject and the behavior [of the system],” Watkins notes. “Once you start to introduce those questions, the machine falls apart.”

Effective detection of cyberattacks depends on cumulative risk scoring, something that humans do well. “Every time we look at an event, we’re deciding whether it’s suspicious,” Watkins says. “But you can also apply reason and previous knowledge about security that algorithms don’t have.

“A machine can crawl through tremendous amounts of data quickly,” he continues. “But give it an abstract concept like least privilege and apply it to the alert set — is it going to recognize a privilege escalation? There’s a lot of benign activity that looks malicious.”

There’s no doubt that machine learning will evolve, even as cyber thieves come up with new ways of avoiding detection. Microsoft has made strides toward improving the sophistication of automated detection systems, as has Palo Alto Networks, a global leader in cybersecurity. “But at the end of the day,” Watkins says, “you still need a human to say, ‘Yes, knock this domain controller offline.’” Companies strive constantly to minimize the cost of system downtime caused by erroneous alerts.

That said, there aren’t enough human experts to fill the need for cybersecurity across all sectors. “There’s definitely a lack of talent in the industry,” says Watkins. Hence the turn toward outside support, in the form of managed detection and response.

The talent shortage isn’t new. “It has existed since security has existed,” says Watkins. Only in the last 10 years have companies and universities begun to awaken to the need for better training and education of future cybersecurity experts.

Both humans and machines have a ways to go if they’re to collaborate in securing vital systems against the ever-growing threat of cyber attack. “We started at zero when we needed to be at 60,” Watkins says. “Now we need to be at 90, and we’re at 60.”

Featured in SupplyChainBrain | March 30, 2020

Interview: 2020 Election Security and the Future of Online Voting

Jordan Mauriello, SVP of Managed Security, shares his thoughts with Steve Gruber of the Steve Gruber Podcast on election security and the vulnerabilities associated with polling places in light of the coming 2020 elections.

Full Video Transcript:

SG: It is six states going to the polls today, and critical states. Bernie Sanders would like nothing more than to repeat his upset victory that he claimed in Michigan four years ago when he beat Hillary Clinton, who was supposedly up by 20 points – 27 points one poll had her up before the primary in Michigan. And Bernie Sanders came in and pulled it off.

What about the vulnerability of polling places when it comes to online impacts, cyber impacts, cyberattacks? Jordan Mauriello here, CRITICALSTART‘s VP of Managed Security. Jordan, welcome to the program.

JM: Thank you very much, Steve. Happy to be with you this morning.

SG: So my understanding Jordan, is that most of these election machines, the tabulation machines, the computers themselves are not connected directly to the internet. But then I talk and hear from people who say, “Now wait a second, we’re gonna make it possible to vote online.” Well, obviously, if you’re voting online, you’re connected to the internet directly. What should be my concerns? Where are the vulnerabilities?

JM: So there’s definitely a lot of confusion about what the technology actually does in voting machines these days and the reason for that is it is, actually, different state to state in a lot of places. We see places like Iowa, which set a precedent for, oh, there’s an app, and online technology for voting that is being used, and clearly had significant technological issues, not to mention the lack of proper security assessment that was actually done there. So there were vulnerabilities that were introduced and significant problems as a part of the election.

But mostly what we’re actually seeing is a move towards an upgraded ballot marking device, or a device which eventually transfers votes through some, kind of, centralized system that is online, but then uploads those votes for a digital count mechanism. That’s where a lot of times we see the vulnerability mechanisms are actually introduced, is when we centralize this. But there’s always some way that they’re being connected to a network and being tabulated.

SG: So, the vulnerabilities, in your line of work, then, you go through and you say, “Okay, I see a weakness here, I see a weakness here.” Is that how you approach your job?

JM: Yeah. And that’s, often, what organizations bring us in to do, is to attempt to find what are the mechanisms to which something might be compromised. And, so, when we’re looking at election security specifically, you know, if we’re looking at in ballot marking devices, a good example of this is, the new devices they purchased in South Carolina, right? It’s like, “Oh, great it’s a ballot marking device.” And so you’re gonna use a screen, a touch screen to make your selection, and it’s gonna print out a ballot, it’s marked it for you. But then when it reads back in, what it actually reads is the bar code at the bottom.

And so, if you were a malicious activist, especially with someone with the kind of resources that a foreign nation-state would have that want to disrupt elections, well, you could certainly compromise that machine. As it prints out the proper results, when you’re validating, look it printed, “Oh, yes, I voted for Joe Biden. Yes, I voted for Bernie Sanders.” But then the bar code, well none of these humans that can read a bar code right now. So, you would feed that back in and not know what the bar code might actually register back to the device itself and that is a vulnerability.

SG: Yeah. Jordan, I know enough people that have enough difficulty reading period. Barcodes, I mean, let’s talk about that’s a little bit tougher.

Jordan Mauriello here, CRITICALSTART‘s VP of Managed Security.

So, let me ask you this. When you go in and vote yourself, I assume you vote-

JM: Yes sir.

SG: Do you have concerns about the security of your vote? Do you, do you have much security concerns overall when it comes to the reliability and accuracy of elections across this country?

JM: I think we saw, based on the 2016 elections, and what happened both at the campaign level and with evidence that’s come out from Durham County, North Carolina, that there definitely are problems and there are concerns that I have.

As a security expert, I look at the process they plan on. I’m definitely gonna go in, I’m gonna double-check my vote. I’m gonna look at the printout and make it sure it matches as best I can. I’m gonna feed it back in the device and make sure it says what I actually did, as being registered on the screen again. But I also had concerns at the campaign level.

And we saw the detriment that the cybersecurity problems were, like Hillary Clinton’s campaign in 2016. And those are very, very real issues. When you’re talking about the resources and capability that a foreign nation-state has in cyber warfare and applying that against not just election infrastructure, but even campaigns. There’s definitely significant concerns that both at an information and disinformation level, and an election security equipment level, that things could be compromised or disrupted.

SG: Well, and that’s a big concern obviously. I’m more concerned, honestly, in the way they’re tryin’ to do it in an old-fashioned way. What I mean by that is, you look at mail-in ballots. I think they’re more susceptible to fraud, potentially, the way it’s set up. Certainly in California with ballot harvesting and so forth. But, as you look forward then, Jordan, do you see a better situation? Are you more confident, more optimistic as you look at the future with more technology, more safety standards and protocols put in place? What do you make of it?

JM: So, I think we’ve made some very strong decisions in the last four years now to help improve election security, but it’s a slow process. It’s not happening overnight. We created the cybersecurity infrastructure and security agency in 2018, but there’s still a lot of things that have to be accomplished as a part of that.

And I think, Homeland Security, the committee and subcommittee on cybersecurity and privacy are moving in the right direction, being led by a lot of the right people, but there are a lot of things that we have to train election officials on. Have to educate, have to put the right equipment in place.

There are problems with even hard ballots and mail-in ballots that need to be approached from a process perspective, but then the technological issues and even the desire for some states to move to electronic voting introduces a whole new level of vulnerability that genuinely we are not prepared for from an election infrastructure perspective yet, and that has to be approached with the right mindset.

And I know a lot of people have asked, “Hey, are we moving to online voting?” and the real answer is, I hope not, because we are not ready, in the election infrastructure to actually do that yet.

SG: And I think we should leave it right there. We are not ready for that, and yet they keep pushing ideas ahead. Jordan Mauriello, CRITICALSTART‘s VP of Managed Security.

Jordan, greatly appreciate your insight in the conversation today.

JM: Thank you, Steve. It was a pleasure to be with you, sir.

Using Password Crackers to Analyze the Virus

In addition to helping doctors provide care, technologists are helping researchers find a vaccine for the coronavirus. White hat hackers are using crowdsourced simulations to understand how the virus behaves. The red team at CRITICALSTART found that the company’s password cracker Cthulhu can be used to run computer simulations that mimic the same complex protein folding that occurs in viruses. By using computational algorithms that simulate protein folding, doctors and healthcare professionals can better understand the virus and potentially identify an effective vaccine. Cthulhu can brute-force all combinations of upper case, lower case, space, number, and symbols from a single character to eight-character passwords iteratively in roughly six hours. Analyzing the molecular makeup of a virus takes similar levels of computing power.

CRITICALSTART is sharing its work with [email protected] This volunteer effort is a distributed computing project for disease research that simulates protein folding, computational drug design, and other types of molecular dynamics. The project uses the idle resources of personal computers owned by volunteers around the world.

Read More

Featured in TechRepublic | March 17, 2020

The Cost to Defend: Automation is Key in Combatting Cybercrime

As organizations find themselves short on budget and talent, security automation that supplements the work of security experts can reduce discovery costs.

It’s no secret: cybercrime is skyrocketing. Security breaches in the last five years grew by 67 percent for public and private sector organizations, according to Accenture and Ponemon Institute’s 2019 “Cost of Cybercrime Study,” with the average cost of cybercrime for an organization increasing from $11.7 million in 2017 to $13 million in 2018—an increase of 12 percent in one year.

Compounding the problem is a global cybersecurity talent shortage, with roughly two million open positions, reports ISACA as part of their State of Cybersecurity 2019 Survey. Organizations find it increasingly difficult to retain qualified cybersecurity professionals, with nearly70 percent reporting their cybersecurity teams are understaffed. Additional insights from the ISACA survey revealed that:

  • 87% of respondents say they need up to 50% more cybersecurity budget
  • 53% of organizations experience delays up to 6 months to find qualified security candidates
  • 89% say their cybersecurity function does not fully meet their organization’s needs
  • 84% of organizations believe half or fewer security job applicants are qualified
  • 12% feel it is very likely they would detect a sophisticated cyber attack
What’s Changed?

Surprisingly, attacker tactics haven’t changed much in the past 10 years – phishing, malicious files, unpatched vulnerabilities, and privilege escalation are still alive and well. What has changed is the reduction in time from finding a vulnerability to being able to launch an attack using that vulnerability. A robust cybercriminal marketplace allows unsophisticated attackers to quickly launch attacks against organizations. Additionally, the size of the attack surface has exploded, with targets that now include cloud and hybrid infrastructures, IoT and Internet-connected everything, increased connections to Industrial Control Systems (ICS/OT), use of mobile devices, and a higher number of employees working remotely. As a defender, you not only have to protect this larger attack surface but do so with the same IT security budget and smaller cybersecurity talent pool.

The good news is cybersecurity is evolving. Twenty years ago, incident response teams did not have a centralized method for managing security alerts. Then Security Information and Event Management (SIEM) came along, allowing security teams to centralize and prioritize security alerts. Incident orchestration was then bolted on top of a SIEM to reduce investigation time, but that is still a drop in the bucket when most organizations receive over 5,000 security alerts per day.

Whether or not an organization has a Security Operations Center (SOC), it’s critical to ensure proper triage of security alerts and swift response to threats. This takes time and money. Ideally, organizations would have an overarching security strategy driven by a risk-based decision-making process. This approach would fund the resources required to investigate and respond to all security alerts based on risk versus limited headcount.

Instead, most companies are raising alert thresholds, ignoring entire categories of security alerts, and creating artificial incident categories to reduce alert volume. This is not a risk-based decision but an arbitrary headcount decision, in many cases driven by a lack of budget.

Organizations need to optimize their approach to security with one that doesn’t require additional budget or ignoring security alerts, regardless of the alert category. The inability to resolve massive amounts of false positives from security tools is drowning security practitioners.

Security Automation is Key

Security automation can help combat the rising cost of attack discovery,with savings of approximately $2.09 million, according to Accenture/Ponemon, factoring in investment costs. Yet adoption is still relatively low, with just 38 percent of the Accenture/Ponemon respondent sample saying they leverage automation. Automation could begin to address the shortage of skilled security staff by supplementing existing skills and capabilities. Automation that triages generic security alerts frees up time for cybersecurity professionals to invest in the business and focus on the smaller percentage of security alerts that require cybersecurity expertise.

While cybersecurity is slowly moving out of the IT basement into a cross-functional role within the organization, there is still a long way to go. As more organizations invest in security, business leaders need to improve the economic value of their cybersecurity strategies. Discovery costs will continue to escalate as cyberattacks increase. Organizations that take advantage of automation and advanced analytics to supplement the work of security experts, whether in-house or as a service, will help reduce these costs to drive positive bottom-line results.

By Rob Davis | CEO, CRITICALSTART

Featured in SecurityInfoWatch.com | March 9, 2020

Super Tuesday: Election Cybersecurity Survey

recent survey by computer security firm CRITICALSTART showed 66 percent of Super Tuesday voters said they fear the elections aren’t secure — with many believing one of the campaigns would seek to influence the election and others concerned a foreign power, like Russia, might try to interfere.

Jordan Mauriello, CRITICALSTART Senior Vice President of Managed Security, warned that cyberattacks — like denial of service attacks that seek to slow voting computers and other infrastructure through increased traffic — are simple for attackers to pull off and can be difficult to discern from common technical difficulties or other errors.

“Outside of getting honesty from the people who run the infrastructure, there is no way to tell the difference between a technical issue, a bug, an outage, something that is intentionally being disrupted,” he told UPI.

The survey found almost half of voters said paper ballots would make them more confident in the accuracy of elections — and Mauriello acknowledged electronic voting machines, which print bar codes as a mark of accuracy, can be manipulated.

“There’s no way for a human to really validate that a bar code is accurate, so if somebody were to compromise that system and manipulate what it actually writes on the bar code, people would never know the difference.”

Read More

Read Our Survey

Featured in UPI | March 3, 2020

Q&A: How Firms Can Stop Wasting Time Pursuing ‘Cyber Ghosts’

In an increasingly connected and digital world, no company or industry is safe from the growing threat posed by malicious online actors. How can companies attempt to manage this? Rob Davis of CRITICALSTART provides some advice for businesses.

For many firms, as cyberattacks are increasing in number and sophistication, there are still countless hours wasted in the war to secure data by chasing after false positives. CRITICALSTART’s report “The Impact of Security Alert Overload”, details the challenges false positives are creating for the cybersecurity industry.

By surveying Security Operations Center professionals across enterprises, Managed Security Service Providers, and Managed Detection Response providers, the survey found that 70 percent of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45 percent reported investigating double-digit alerts each day.

Within this, the false-positive rate is 50 percent or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.

CRITICALSTART founder and CEO Rob Davis tells Digital Journal more about this issue and what businesses can do to address the challenge.

READ MORE

Featured in Digital Journal | February 29, 2020

Interview: Online Scammers Are Taking Advantage of Typos to Steal Your Personal Information

How many times have you typed in the wrong URL? If you’re like us, it happens a lot — but typing the wrong address in your browser and hitting enter can cost you big time.

We all use sites like YouTube and Google, but now, more than ever, criminals are using fake URLs that look like the real ones to steal our identity and more.

“It’s giving them the ability to redirect the large following that these individuals have to their malicious sites. Then they can spread malware phishing campaigns to capture credentials,” said Quentin Rhoads, director of professional services at CRITICALSTART.

READ MORE

Featured in NBC WPIX Pittsburgh | February 26, 2020

First in MC: Super Tuesday Hack Safety Confidence Low

Two-thirds of voting-age adults in Super Tuesday states believe the election is vulnerable to foreign interference, a poll by cybersecurity company CRITICALSTART discovered. While most believe their states are trying to address the problem, about half the respondents said they feel more confident with in-person paper ballots, and those who believe their state is secure are 2.3 times more likely to say they would vote on Super Tuesday. Tennessee voters were the most confident, while California and Texas voters were the least.

Read More from Politico

Read Our Report

Featured in Politico Morning Cybersecurity | February 27, 2020

New Survey: 66% of Super Tuesday Voters Fear Elections Aren’t Secure

New Survey: 66% of Super Tuesday Voters Fear Elections Aren’t Secure

With less than one week to go before voters in 13 states cast their Presidential Primary Ballots, two-thirds of voting-age adults in Super Tuesday states do not believe their state’s election is secure from hacking or other technological threats. 44% believe one of the campaigns would be responsible for an election hack, while 37% say a foreign government would be the most likely culprit. Other key findings from the survey include:

  • 64% believe our elections are vulnerable to foreign interference
  • 62% believe their state is at least making an effort to protect against hacking or other technological threats
  • 49% say in-person paper ballots would make them more confident in the accuracy of elections
  • Voters who believe their state election is secure are 2.3X more likely to vote this Super Tuesday

The survey was conducted on February 24, 2020 and included 1,067 respondents across all 13 Super Tuesday states.

Data Breaches and Their Main Causes

data breach is an incident in which a victim’s sensitive information is accessed without permission.

According to a recent article by FOX Business, the main causes of data breaches are the lack of employee cybersecurity training, the tendency for vulnerable users’ to click on malicious links, unsecured and out-of-date company computer networks, and weak passwords without multifactor authentication.

Jordan Mauriello, SVP of Managed Security at CRITICALSTART, shared his thoughts on the challenges facing cybersecurity and the benefit of utilizing additional security tools to strengthen your networks.

“Good, basic security hygiene is still a key to good defense,” Mauriello said. “Proper password policies and removal of local administrator accounts. Implementation of proper network segmentation. Good patch management and remediation process.”

“However, for many organizations, this is still not enough to prevent all of these threats and organizations must look beyond traditional controls and onto next-generation technologies to help detect and prevent these kinds of attacks and the associated business impacts they can have,” he said

READ MORE

Featured in Fox Business | February 25, 2020

HOT TOPIC: 2020 Election Cybersecurity

CRITICALSTART CEO, Rob Davis, discusses the security of digital versus paper voting in the 2020 elections in his February 16th interview with FOX5 News – KVVU.

Full Video Transcripts:

They are reminding people there are three more days to vote ahead of the caucus and the Dems says that, so far, over 11,800 people took part in the early vote. Now, we won’t see results from early voting until the 22nd, which is the day of the caucus itself. The party says they’ll be using a “caucus calculator” on digital devices and a phone hotline to figure out the results. We’re told that only precinct chairs will use the calculator.

This week, we talked to the CEO of CRITICALSTART, a company that helps identify potential cyberthreats. The man we talked to maintains that digital voting can be just as secure as paper voting, as long as it’s planned out correctly. If there’s not enough planning though, either method can lead to inaccurate results.

“Using a Google app, it can be secure, but what we don’t know is: say you are using a Google app, how are people getting access to it? How are they authenticating? To me, the concern I would have is this seems rushed again in an attempt to do something. So I’ll be curious to how that goes out.” – Rob Davis, CEO of CRITICALSTART

Ransomware Is Back: Tips for Avoiding the Growing Context-Based Ransomware

Cryptojacking is so 2019. Ransomware is reemerging as the top cybercrime of choice, with attacks expected to increase in 2020.

The pivot back to ransomware can largely be attributed to the attacker’s ability to contextualize the malware and weaponize it in targeted attacks. These enhanced capabilities are exacerbated by the ease of access through ransomware as a service, which enables script kiddies to launch formidable attacks.

As predicted in a blog I published back in 2016, ransomware campaigns are evolving to target specific organizations and leverage context to drive demands. As seen in the highly publicized ransomware attacks against various Texas government agencies, attackers are targeting organizations such as state and local government offices, healthcare facilities, financial services, and others.

Based on contextual knowledge of what data and assets they have encrypted, they use that information to make their demands context-sensitive. Hackers who encrypt basic corporate documents charge a lesser rate, but when they have county tax records or patient health records, the ransom goes up. A more recent attack targeted currency exchange company Travelex. The cyberattackers demanded a $3 million ransom while encrypting customer data and disrupting business operations.

Evolutions of ransomware have seen not just the encryption of information, but also exfiltration, presenting both business disruption and potential disclosure of PCI or PII data, or IP theft. Gaining in popularity, the Maze ransomware is growing its business of leaking parts of exfiltrated data, ultimately leading to full disclosure if a ransom isn’t paid.

Given these challenges, what can be done to protect against these attacks? Looking at the attack kill chain, we can identify potential points for disruption:

Delivery

  • Implement email and web filtering to prevent attacks from getting to users. With most email attachments being scanned or blocked, having a correlation between links embedded in the email and subsequent URL access means attacks that leverage redirects can also be prevented.
  • Implement effective user awareness training to maintain vigilance at the point of click. Design a training program that is engaging and interactive to keep security at the forefront of employee thought.

Installation

  • Assume infiltration is imminent. Properly deployed EPP solutions can be effective in quarantining malicious payloads before they’re able to execute.
  • Patch operating systems and software to prevent exploitation for installation or automated spread.
  • Ensure proper restriction of user permissions, which could prevent the installation of malware, or at least limit the potential damage.

If all else fails…

  • Maintain and regularly test backups and backup procedures. I’ll say it again: Regularly test. Assume paying the ransom isn’t an option, or someone cuts the blue cable and hoses the data. I’ve consulted with a number of companies that “have backups … just not from this month,” or don’t know how to restore their backups.

With the ease and effectiveness of ransomware attacks, don’t expect attackers to abandon what works. Variants of ransomware number in the thousands, with modifications in the exploit, effect or lateral movement capabilities. Advancements in toolkits for ransomware now allow for drag-and-drop customization, with point-and-click delivery on a fully hosted cryptocurrency payment system. While these threats continue to evolve, the best defense is a look back to the foundation of security.

By Randy Watkins | CTO, CRITICALSTART

Featured in Forbes | February 11, 2020

AI Stats News: 35% Of Workers Worldwide Expect Their Job Will Be Automated

The Life of Data, the fuel for AI: Security

Recent surveys, studies, forecasts and other quantitative assessments of the progress of AI highlight anxiety about AI eliminating jobs, the competition for AI talent, questions about employees AI preparedness, and data quality, literacy, privacy, and security.

70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day; survey respondents report a false-positive rate of 50% or higher; 78% said it takes more than 10 minutes to investigate each alert, a significant increase from 64% who said the same in 2018; 41% believe their primary responsibility is to analyze and remediate threats, opting instead to reduce investigation times and alert volumes, a dramatic decrease from 70% in 2018 [CRITICALSTART survey of more than 50 Security Operations Center (SOC) professionals]

Forbes Contributor, Gil Press, outlined the recent cybersecurity industry trends and statistics in his recent article. Read more to see how CRITICALSTART‘s 2019 Impact of Security Alert Overload survey report factored into his findings.

READ MORE

Featured in Forbes | January 30, 2020

Threat Overload: IT Feels the Security Burnout

How can enterprises and IT professionals combat the increasing IT security threats without feeling burnt out?

With the number of security attacks that enterprises are facing, it’s no wonder why some IT security professionals are feeling burnt out. In addition to an overall increase in attacks, dealing with security alerts require lengthy investigations. This is further compounded by the advent of the GDPR in Europe and CCPA in California, which imposes substantial fines on enterprises that don’t abide by security and privacy regulations.

In a report titled “The Impact of Security Alert Overload,” Critical Start spells out just how bad the situation is. The report was developed from surveying 50 security operations centers (SOC) in Q2 2019. The report concludes that “SOC analysts continue to face an overwhelming number of alerts each day.” The report also found that it’s taking longer to investigate and resolve security issues raised by alerts.

No Jitter Contributor, Gary Audin, outlines the recent cybersecurity industry trends and statistics in his recent article.

READ MORE

Featured in No Jitter | January 24, 2020

Iran Conflict Could Shift to Cyberspace, Experts Warn

Hackers linked to Iran are probing American companies for vulnerabilities, cybersecurity researchers and U.S. government officials say.

The warnings suggest that the next phase of hostilities between the U.S. and Iran, following the Jan. 3 killing of a top Iranian general in an American drone strike, is likely to play out in cyberspace.

The Iranian regime is accused of being behind some high-profile online operations against American targets in recent years.

“Right now what we’re seeing instead is a huge increase in reconnaissance activity,” Jordan Mauriello, SVP of Managed Security at CRITICALSTART, said in an interview with NPR. “Specifically looking for potentially vulnerable servers, data gathering. …They’re kind of preparing the battle plan in the cyberspace.”

READ MORE

Featured in NPR | January 21, 2020

Avoiding Risk Acceptance With Security Alerts

As the shortage of security professionals grows, most organizations struggle to attract and retain the talent necessary to mitigate risk. Though analysis efficiency in investigating security alerts is improving with automation advancements, organizations still face an overwhelming number of false positives generated by activity that is not malicious.

When managing false positives, there are three primary methods traditionally used:

  1. Resource-oriented: This approach adds headcount so there are more analysts to investigate alerts.
  2. Input-oriented: This approach disables inputs or alters correlation logic that generates alerts.
  3. Priority-oriented: This approach prioritizes security alerts into critical, high, medium and low. It targets the highest-priority alerts for triage and response until resources are exhausted.

The resource-oriented approach isn’t an option for most organizations due to the high cost and long implementation timelines. Those who have the budget will face the challenge of finding talented analysts and avoiding turnover.

Input-oriented and priority-oriented are both methods of controlling false positives by accepting unquantified risk. Modifying inputs and correlation logic to lessen false positives may prove effective but introduces the risk of missing malicious activity (false negative). Reducing the number of security alerts by ignoring lower-priority alerts or modifying a security product’s alert thresholds doesn’t reduce false positives enough to justify the risk of missing cybersecurity attacks. To address the shortcomings of resource-oriented and input-oriented false positive management, the priority-oriented approach remains prominent and is delivered as a feature by most security products.

Focusing resources on critical alerts at first seems intuitive. However, most security products lack the business context necessary to assign criticality. While some security products integrate with knowledge sources like asset lists and Active Directory to contextualize alert subjects, there is not a scalable way to provide context to the activity generating the alert. The priority-oriented approach accepts risk by ignoring lower-priority alerts that are never resolved. While this decision may have been made by the organization to reduce the number of alerts, it is unlikely diligence was performed to quantify the risk involved. As highlighted by the Target breach, even less “exciting” alerts determined to “not warrant immediate follow up” can lead to a significant breach.

Resolving alerts without accepting risk requires resolving every alert without crippling the effectiveness of security tools by changing alert thresholds or ignoring security events. Because none of the methods of managing false positives above will result in a no-accepted-risk outcome, three principals must be adopted:

  1. Priority is irrelevant until both the subject and action are reviewed by an analyst.
  2. Every false positive must be listed in a registry for trusted behavior.
  3. Every alert should be compared against this trusted behavioral repository to allow automated resolution of false positive (known good events).

The concept of “unprioritizing” is a unique challenge. Prioritization itself isn’t the problem; rather, it’s how prioritization is applied.

By aggregating every alert with the same priority, every alert must be resolved in the order of arrival. During triage, analysts with knowledge of the business and its processes provide the required context for proper prioritization.

Until this context is added, the intent of the alert’s action is unknown. Machine learning (ML) and artificial intelligence (AI) claim to provide value during this step, detecting anomalous user activity, but anomalous does not mean malicious.

Additionally, ML and AI typically rely on cumulative risk scoring, requiring actions to meet a specified level of anomalous activity before triggering a detection, adding the risk of missed detections when malicious behavior doesn’t meet that threshold.

ML and AI may also exacerbate the problem of false positives with environment changes like new domain administrators or employees changing roles. ML and AI increase detection capabilities, but those detections also require triage by analysts.

Though an approach to resolve every alert regardless of priority requires a large initial investment, it does scale over time. Resolving every alert represents the only solution to manage security alerts without accepting unnecessary risk. While risk acceptance is a business decision, previous methods of false-positive reduction fail to present a reasonable alternative that detects attacks before a breach occurs. Resolving every alert provides an alternative to legacy approaches and moves the conversation to reasonable risk acceptance focused on stopping breaches versus controlling budgets.

By Randy Watkins | CTO, CRITICALSTART

Featured in Forbes | January 17, 2020

False Positives Plague Cybersecurity Professionals

Automation is helpful in reducing the time to investigate alerts.

Cybersecurity providers are being bombarded with alerts, many of which turn out to be false positives, creating challenges for the industry.

That’s according to CRITICALSTART‘s latest report, The Impact of Security Alert Overload. MSSPs, Managed Detection and Response (MDR) providers and Security Operations Center (SOC) professionals were surveyed for the report.

CRITICALSTART found that 70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day. And respondents reported a false-positive rate of 50% or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.

READ MORE

VIEW THE REPORT

Featured in Channel Futures | January 16, 2020

Cyberattacks Are an ‘Immediate’ Challenge for Businesses Following Iran Strike


Cyberattacks, already seen as the top risk of doing business by executives, are likely to receive renewed attention — and spending — as tensions between the U.S. and Iran escalate.

Last weekend, a group claiming to be Iranian hackers defaced a federal government library website with a violent image depicting President Donald Trump. The White House and FBI haven’t confirmed or commented on the library hack, but if it is Iran’s work, it’s only a hint of what Iranian’s cyber army is capable of.

In a terror alert following the Soleimani strike, the Department of Homeland Security warned of Iran’s long history in cybercrime and ability to target critical infrastructure.

“In today’s cyber threat landscape, it’s not just the military-industrial and defense industries that have a legitimate reason to be concerned about cyber terrorism and state-sponsored cyber attacks. Attacks from state-sponsored sources have significantly increased over the past few years for businesses, too,” Jordan Mauriello, SVP of Managed Security at cybersecurity firm CRITICALSTART told CNBC in an email.

“From financial services and healthcare to even retail services, targeted attacks against any number of organizations could occur in an attempt to disrupt the U.S. economy,” Mauriello said.

READ MORE

Featured in CNBC | January 7, 2020

12 Essential Questions to Ask CTO Candidates

Technology is ever-changing, and it’s important for every business to keep up with new gadgets and trends. That’s why many businesses look to their chief technology officers for guidance on creating a tech strategy that serves their company.

When hiring a CTO for your business, you’ll want to look for someone with the right knowledge and experience to get the job done. CRITICALSTART‘s Randy Watkins joins his fellow Forbes Technology Council members to weigh in on what questions you should ask when interviewing candidates.

“When interviewing candidates for any technical position, I drill them on their sources of information and updates. I’ll ask them to explain the last interesting article they read to understand the effort they put into maintaining knowledge relevance,” said Watkins.

READ MORE

Featured in Forbes | January 6, 2020

Tips for Building Camaraderie in a Remote Tech Team

With an exclusively remote tech team, there may be fewer opportunities for team building. However, with a bit of extra effort, it’s possible to build extraordinary camaraderie within a remote group. Forbes Technology Council surveyed Randy Watkins, CTO for CRITICALSTART, and 13 other council members for their best tips for tech executives looking to build a strong team culture among their remote staff.

“Communication is essential for teams to perform whether they’re local or remote, but keeping a remote resource engaged goes beyond better communication,” said Watkins. “The camaraderie built with internal teams comes from personal connections built over time. I try to make that something that remote resources experience by sending small trinkets of interest and inclusion.”

READ MORE

Featured in Forbes | December 19, 2019

Getting the Most out of Endpoint Security Solution Evaluations

The endpoint security market has evolved over the last decade from a “one agent to rule them all” approach, to “best of breed,” to today’s “Platformula” model. The evolution of endpoint security companies has driven innovation in machine learning (ML), user and entity behavior analytics (UEBA), root-cause analysis (RCA), and managed detection and response (MDR). Numbering at times in the dozens, this highly commoditized space is a constant target for merger and acquisition, expansion of legacy antivirus suites and VC-backed startup companies to take a piece of the near-$20 billion market opportunity.

With so much attention from endpoint security manufacturers — and the frequency of change — it can be difficult for organizations to choose the best product to fit their business requirements. While most organizations build out a requirement matrix for a proof of concept, it’s not always feasible to evaluate those requirements against every player in the space.

Randy Wakins, CTO of CRITICALSTART and Forbes Technical Council member, shares his thoughts on how to get the most out of your endpoint security solution evaluations and the importance of understanding what goes into vendor comparison before making a technology investment.

READ MORE

Featured in Forbes | December 12, 2019

Critical Start’s Randy Watkins Joins Forbes Technology Council

Critical Start CTO, Randy Watkins, was recently tapped for membership in the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives.

Watkins was selected by a review committee based on the depth and diversity of his experience. Criteria for acceptance include a track record of successfully impacting business growth metrics, as well as personal and professional achievements and honors.

“We are honored to welcome Randy into the community,” said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Technology Council. “Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world.”

“I’m honored to join this exclusive group of technology executives to offer my expertise as a resource to the rest of the council,” said Watkins. “My participation will help CRITICALSTART further cement our leadership role in cybersecurity, a growing challenge facing every organization today.”

Forbes Councils is a collective of invitation-only communities created in partnership with Forbes and the expert community builders who founded the Young Entrepreneur Council (YEC). In Forbes Councils, exceptional business owners and leaders come together with the people and resources that can help them thrive.

November 27, 2019

Data Breaches: Safeguarding Your Healthcare Organization

Breaches are increasing – a proactive approach to data protection can help you safeguard your organization’s data.

2019 has not been a good year for healthcare data. HIPAA’s Healthcare Data Breach Report, says the first six months of the year saw 9,652,575 Americans exposed to breaches. Factoring in the American Medical Collection Agency data breach (24.4 million patient records exposed in a June breach) – 2019 could see more breaches in one year than the previous three years combined.

Despite this, healthcare organizations can take proactive steps to protect their data. Callie Guenther, CYBERSOC Data Scientist at CRITICALSTART, outlines the challenges healthcare organizations face and the proactive steps they can take to help stave off a breach.

READ MORE

Featured in Health IT Outcomes | November 8, 2019

The Last Watchdog Talks to CRITICALSTART About Quantifying Risk

“Security is really the art of handling risk” – Randy Watkins, CTO of CRITICALSTART.

It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small-to-medium-sized businesses (SMBs) and small-to-medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.

CRITICALSTART is making some hay in this space — by striving to extend the roles traditionally played by MSSPs. The company has coined the phrase managed detection and response, or MDR, to more precisely convey the type of help it brings to the table.

Recently our CTO, Randy Watkins, spoke to Byron Acohido of The Last Watchdog about the difference between ‘risk-oriented’ versus ‘controlled-based’ security and how quantifying risks is the first step to defending network breaches.

Read Acohido’s blog and listen to the full podcast interview

The Last Watchdog | October 4, 2019

Protecting Your Agency Against Ransomware Attacks

Ransomware attacks are not going away. Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems.

Callie Guenther, CYBERSOC Data Scientist for CRITICALSTART, outlines the step organizations can take to help stave off an attack, protect vital data in the process, and potentially save organizations millions of dollars.

READ MORE

Featured in Government Computer News (GCN) | September 20, 2019

READ MORE

Featured in American City&County | September 18, 2019

The Importance of Password Managers and MFA in Your Security Stack

The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It’s a subject as old as information security and will not be going away any time soon.

Cory Mathews, Offensive Security Technical Lead for CRITICALSTART‘s TEAMARES, outlines the importance of proper password management and the steps you can take to increase your security against potential malicious actors.

READ MORE

Featured in infoTECH | September 13, 2019

What’s the Real Role of AI and ML in Cybersecurity?


Artificial intelligence (AI) and machine learning (ML) are being heralded as a way to solve a wide range of problems in different industries and applications, such as reducing street traffic, improving online shopping, making life easier with voice-activated digital assistants, and more.

Jordan Mauriello, Senior Vice President of Managed Services at CRITICALSTART, discusses the real value that artificial intelligence and machine learning play in the cybersecurity process, versus the value that humans bring.

READ MORE

Featured in Security Magazine | September 5, 2019

Managed Services and Risk: Mitigation or Inherent Acceptance?

With the evolution of cybersecurity over the last decade, it’s easy to forget what security is; the art of dealing with risk. The flood of funding into the space has created a host of marketing buzzwords that pollute the board room and pull the attention from the “why?” of security. What is the reason cybersecurity exists? What is the problem we’re trying to solve?

Randy Watkins, Chief Technology Officer at CRITICALSTART, discusses common risky decisions and the steps organizations can take to assess and address those risks.

READ MORE

Featured in CPO Magazine | August 15, 2019

Network Security: Keys to Adopting Zero-Trust, Micro-Segmentation

Adoption of zero-trust and micro-segmentation as core design principles can help improve the security posture of your network and the attached systems. However, it is important to understand how we got to our current state to understand how these principles can help us.

Chris Yates, Senior Security Architect at CRITICALSTART, discusses the keys to adoption and how to move past two of the core challenges organizations face.

READ MORE

Featured in Security Boulevard | August 7, 2019

Radical Transparency and Zero Trust: Putting Concept into Practice

Enterprise CIOs, CSOs, and VPs of security need business outcomes and a positive ROI from their MSSP. One way to achieve this level of trust is with radical transparency with zero trust, as it gives in-house security teams the ability to view details around their security events, triage decisions and analyst notes to help them better operate and secure their business.

Jordan Mauriello, Senior Vice President of Managed Security at CRITICALSTART, explains that while this approach might be “new” and “radical” now, it is quickly becoming the industry standard demanded by enterprise organizations seeking MSSPs.

READ MORE

Featured in Infosecurity | July 17, 2019

What a Plano Cybersecurity Firm’s $40M Capital Raise Tells Us About the Region’s Ecosystem

A Plano cybersecurity firm will open offices in Los Angeles and New York in a national expansion fueled by its first outside investment.

CRITICALSTART said it’s raised $40 million from New York private equity firm Sagemount to accelerate its expansion. The company’s software detects and investigates computer security alerts.

It’s the latest Dallas-Fort Worth technology company to score a sizeable private investment this year. Earlier this week, Plano digital banking firm Alkami raised $55 million to continue its growth.

“As an employee-owned company, CRITICALSTART was looking for a capital partner that understood the market opportunity and valued our culture and focus,” CEO Rob Davis said in a statement Wednesday. “Sagemount proved to be the perfect fit.”

Sagemount partner Michael Kosty described CRITICALSTART as a profitable company that was “successfully attacking the market … on its own but sought to accelerate product development and partnership opportunities.”

READ MORE

Featured in The Dallas Morning News | June 13, 2019

Managed Detection and Response: Critical Start Raises $40M

Critical Start, a Top 100 MSSP with managed detection and response (MDR) cybersecurity services, has raised $40 million to expand nationwide across the United States. The funding involves a minority investment from Sagemount, a growth equity firm.

Among the Plano, Texas-based company’s latest moves: Opening field service offices in New York City and Los Angeles, California to support enterprise customers and channel partners.

READ MORE

Featured in MSSP Alert | June 12, 2019

Data Breach Threats in the Real World: How MSSPs Can Help Mitigate Them

The U.S. Customs and Border Protection said this week that travelers’ images and personal data such as driver’s license info were compromised in a breach. While the threat of identity theft is very real, the real-world implications of one or more data breaches like this one will likely far exceed this expectation.

“It does no good to have people well-trained in the technical aspects of security if they forget that their clients are real, feeling people who are fearful in a world of the unknown,” said Callie Guenther, cybersecurity expert at CRITICALSTART.

READ MORE

Featured in Channel Futures | June 12, 2019

Plano Cybersecurity Company Gets $40M in First Outside Investment, Has Valuation of $150M

Critical Start is looking beyond itself to fuel fresh growth.

The Plano cybersecurity company raised $40 million in its first outside investment, it said in a statement on Wednesday.

The funding will help the company bolster its sales and marketing in North America and potentially Europe, according to Rob Davis, Critical Start’s chief executive. In addition, there will be hiring on its software development team. The company got a valuation of $150 million, he said.

READ MORE

Featured in Dallas Business Journal | June 12, 2019

Equifax Breach, Two Years Later: Lessons for the Financial Services Industry

Nearly two years after the Equifax breach, the fallout is far from over. As detailed in the 96-page Senate Committee on Investigations report, serious flaws in the financial systems’ consumer data security framework were exposed. Sen. Elizabeth Warren (D-Mass.), a vocal critic of Wall Street and its many entities, echoes the Reuters report, stating that Equifax “failed to implement an adequate security program to protect this sensitive data, and as a result, Equifax allowed one of the largest data breaches in U.S. history.”

Callie Guenther, CYBERSOC Data Scientist for CRITICALSTART, discusses the serious flaws in the financial systems’ consumer data security framework and the impact of such an event.

READ MORE

Featured in Credit Union Times | June 10, 2019

AI and Machine Learning Make Data the New Source Code

The role of data in today’s business world cannot be overstated. Competitive intelligence is inextricably linked to the speed at which valuable data can be consumed and analyzed to yield important business insights. While the artificial intelligence and machine learning industry are on an upward trajectory, limiting factors such as data storage and networking bottlenecks must be addressed to assure the maximum benefit from these technologies.

Callie Guenther, CYBERSOC Data Scientist at CRITICALSTART, outlines the importance of fully optimized storage solutions for AI and ML training and understanding the connection between your data and the problem you are striving to resolve.

READ MORE

Featured in Information Management | May 6, 2019

Next-Gen Firewalls: Key Considerations to Make the Most of Your Investment

You’ve purchased a next-generation firewall. You understand the why, but how do you make the most of your investment? What’s next?

When it comes to next-generation firewall technology, determining the best implementation methodology can be a bit daunting, from trying to determine which features to enable first or how to enable new capabilities without impacting users or critical business functions.

Chris Yates, Senior Security Architect for CRITICALSTART, offers his step-by-step approach on how to minimize the impact on end-users and critical business processes, while drastically improving the security posture of your network, providing increased visibility and enforcement capability.

READ MORE

Featured in TCMnet InfoTech Spotlight | May 30, 2019

Protect Your Enterprise Against Social Media Hoaxes

In an era of fake news and constant misinformation, Facebook/Instagram/WhatsApp hoaxes have become a prime vector for malicious actors to take information from users who are willingly handing it over in the hopes of gaining goods or services in return. Gone are the days of the Nigerian Prince emails, welcome to the new age of social engineering.

Moez Janmohammad, a cybersecurity engineer at CRITICALSTART, discusses how to protect your organization given the evolving sophistication of cybercriminals.

READ MORE

Featured in Retail IT Insights | May 2, 2019

CRITICALSTART Announces Managed Detection and Response Services with Palo Alto Networks Traps Management Service

Industry’s only Zero-Trust Analytics Platform with full transparency and MOBILESOC app now integrated with Palo Alto Networks cloud-based endpoint security, and detection and response service

Plano, TX – February 27, 2019 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has integrated Palo Alto Networks Traps Management Service as part of the advanced technology stack of its Managed Detection and Response (MDR) service. Palo Alto Networks Traps Management Service stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyber attacks.

Palo Alto Networks recently introduced Cortex, the industry’s only open and integrated AI-based continuous security platform. CRITICALSTART will host managed services for Cortex, starting with Cortex XDR, the first-of-its-kind detection, investigation and response product that natively integrates network, endpoint and cloud data to stop sophisticated attacks.

CRITICALSTART will improve the visibility and contextual view of critical events in the organization through the addition of Palo Alto Networks Traps and Cortex XDR data as part of their Zero-Trust Analytics Platform (ZTAP). This offering dramatically reduces alerts by 99% to enable CRITICALSTART’s CYBERSOC analysts to focus only on unknown events using high-fidelity information all while ensuring customers have complete transparency into the MDR alerts, responses and actions.

“As we continue to extend our collaboration with Palo Alto Networks, the integration of Traps and Cortex XDR with our MDR service provides the ideal zero-trust defense for enterprises facing a dramatic increase in malware, exploits, ransomware, and other endpoint attacks,” said Rob Davis, CEO at CRITICALSTART. “As we expand our MDR technology stack and differentiate through our ZTAP, customer transparency, and mobile-first workflow, we’ve seen the resulting impact on our business as our MDR service has grown nearly 300% in the past year.”

“Palo Alto Networks Cortex XDR, in combination with managed security services from partners, like CRITICALSTART, delivers round-the-clock monitoring, analysis and coordinated response across network, endpoint and cloud environments to secure our customers’ most critical assets,” said Karl Soderlund, SVP, Worldwide Channel Sales. “Our collaboration will provide more holistic security outcomes delivered through an even simpler managed model.”

A trusted cybersecurity partner to hundreds of enterprise and mid-sized customers across a variety of industries, CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and Zero-Trust MDR services to help customers achieve a mature security posture that meets their specific needs. CRITICALSTART’s CYBERSOC, expert security analysts and Zero-Trust Analytics Platform (ZTAP) allows the company to provide MDR services delivered in a transparent process using a mobile-first approach through the company’s MOBILESOC app, untethering security personnel from their desktops.

CRITICALSTART’s MDR service with Traps is available now to customers. The company will be rolling out Cortex XDR functionality in the near future.

About CRITICALSTART

CRITICALSTART is leading the way in Managed Detection and Response. Our mission is simple: protect our customers’ brand while reducing their risk. We do this for organizations of all sizes through our award-winning portfolio, from the delivery of managed security services to security-readiness assessments using our proven framework, the Defendable Network, professional services, and product fulfillment. CRITICALSTART has achieved the Service Organization Control (SOC) 2 Type II compliance certification and was recently named a CRN® 2018 Triple Crown Winner. Visit www.criticalstart.com for more information.

Critical Start Takes “Radical Transparency” for MDR Customers to New Level with SOCREVIEW

Automated and audited process integrated into the MDR provider’s Zero-Trust Analytics Platform ensures the quality and consistency of security alert analysis in full view for customers

Plano, TX – February 7, 2019 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced SOCReview, the world’s first automated and audited process for measuring the subjective nature of security alert analysis. Committed to full transparency for its Managed Detection and Response (MDR) service, CRITICALSTART’s SOCReview takes it to the next step in “radical transparency” by integrating quality control and two-person integrity directly into the Zero-Trust Analytics Platform (ZTAP) that powers the company’s MDR services for hundreds of enterprise and mid-sized customers.

Historically, Managed Security Services Providers (MSSPs) have touted policies or service level agreements around forwarding security events to customers in less than five minutes. In a cybersecurity market overrun with alerts and a shortage of qualified staff, forwarding events does not deliver the real value of careful investigation and simply shifts the analysis burden to customers. MDR services replace the legacy MSSP approach by investigating security events and providing the analysis needed to properly respond. However, real analysis is subjective, requires human judgment and takes time, raising questions for customers about their quality and efficacy if hidden behind the typical “black box” MDR approach.

CRITICALSTART is the only MDR provider that recognizes the importance – and subjective nature – of human analysis and created SOCReview to add a layer of quality assurance with full customer transparency. Based on machine learning technology, SOCReview samples a subset of alerts for review and scoring based on the quality and completeness of the investigation and then automatically adjusts the number of alerts reviewed per analyst based on their ongoing analysis scores. In addition, all automation playbooks created or modified to eliminate false positives require a second analyst to conduct an audited review that is available to our customers.

“One of our founding principles is that customers come first, so SOCReview is another example of our ‘radical transparency.’ We provide MDR customers access to everything we do, so they can verify the high quality of our services,” said Rob Davis, CEO at CRITICALSTART. “As a high-growth, independent MDR, we are not beholden to outside investors or boards and can take the time to invest in our SOC personnel, SOC technology automation, and continuous DevOps improvements that add value and make our customers more secure.”

CRITICALSTART makes significant investments in its SOC team to maintain the industry’s highest level of expert security analysis and recommendations. Each of the company’s SOC analysts receives 160 hours of training before they ever work in a customer’s environment as well as 40 to 80 hours of additional training each year. As a result, CRITICALSTART’s MDR service grew more than 300% last year and maintains a 99% customer retention rate.

Announcing Beta MDR Program for Windows

CRITICALSTART is the fastest growing MDR service in North America, and we are expanding our service offerings and integrations with new technologies that increase our capabilities for our customers.

CRITICALSTART has partnered with Microsoft to build a strong integration between Windows Defender ATP and our ZTAP Security Orchestration Automation and Response MDR service. WDATP solution provides excellent visibility to the endpoint, strong response capabilities for analysts, and advanced hunting features. We are currently at a point where we are validating our final phase of development and ensuring that we deliver our expected high-quality service for production customers.

We are asking for YOUR help! We need up to three beta customers who currently have Microsoft Defender ATP deployed as a part of their current production environment and using the Security Center. We will provide configuration and policy assistance at no cost. The beta includes access to our MOBILESOC application that allows you to triage WDATP events, kick off scans, and isolate endpoints directly from our native iOS and Android applications. We will provide free MDR SOC services for three months to the customers involved in this beta. Our MDR service includes 24×7 monitoring from the CRITICALSTART CYBERSOC based in Plano, TX, where our top-tier analysts will provide monitoring services for all of your Defender ATP events and incidents for the entire beta.

This offering is limited to the first three customers who reply depending on the size of the environment and the fit for the testing.

Critical Start Recognized by Palo Alto Networks as a NextWave Diamond Partner

Plano, TX – December 4, 2018 – CRITICALSTART, today announced it has become a Palo Alto Networks® NextWave Diamond Channel Partner. CRITICALSTART joins a select group of channel partners who have met the Diamond Partner performance, capabilities and business requirements of the Palo Alto Networks NextWave Channel Partner Program.

“CRITICALSTART invested in technical resources to deliver professional services and assist pre-sales architecture and design around Palo Alto Networks continuously evolving and innovative portfolio,” said Rob Davis, CEO at CRITICALSTART. “The strategic alignment between CRITICALSTART and Palo Alto Networks provides customer value by combining our holistic approach to security program design with their best-of-breed offerings to create a strong security posture to defend against new and emerging threats.”

“As the cybersecurity industry evolves, our NextWave partners play a vital role in helping our mutual customers implement the products they need to prevent successful cyberattacks,” said Karl Soderlund, senior vice president of Worldwide Channels at Palo Alto Networks. “As a NextWave Diamond Partner, CRITICALSTART has the proven expertise to deliver, manage and integrate with our Security Operating Platform to make threat prevention a reality.”

The NextWave Channel Partner Program provides partners with the pre-sales, sales and post-sales capabilities to successfully deliver and install the Palo Alto Networks Security Operating Platform, which empowers customers to confidently automate threat identification and policy enforcement across cloud, network, and endpoints. These capabilities are instrumental in ensuring the optimal customer experience. As such, partners’ achievements in the program are proactively monitored and annually assessed.

To learn more about CRITICALSTART, visit: criticalstart.com

About CRITICALSTART
CRITICALSTART is leading the way in Managed Detection and Response. Our mission is simple: protect our customers’ brand while reducing their risk. We do this for organizations of all sizes through our award-winning portfolio, from the delivery of managed security services to security-readiness assessments using our proven framework, the Defendable Network, professional services, and product fulfillment. CRITICALSTART has achieved the Service Organization Control (SOC) 2 Type II compliance certification and was recently named a CRN® 2018 Triple Crown Winner.

###

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

CRITICALSTART Named to Aggie 100 List by the Texas A&M Mays Business School

List Recognizes the Fastest-Growing Aggie-Owned Businesses in 2018

Plano, TX – November 13, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced that it has been selected by the Texas A&M Mays Business School’s McFerrin Center for Entrepreneurship for the 14th Annual Aggie 100 list. The honorees were announced on Friday, November 9th during a private, invitation-only awards ceremony at the Hall of Champions at Texas A&M University. Rob Davis ‘90, CEO, and Tera Davis ‘94, Managing Director, are both graduates of Texas A&M University and attended the ceremony to accept the award for CRITICALSTART.

The Aggie 100 program identifies, recognizes, and celebrates the 100 fastest-growing Aggie-owned or operated businesses throughout the world. To be considered for the Aggie 100, companies (corporations, partnerships, sole proprietorships) must meet specific criteria and operate in a manner consistent with the values and image of Texas A&M University.

“As an alum, being honored on the Aggie 100 list is especially rewarding and reflects a year of strong growth and achievement at CRITICALSTART, and I would like to thank our customers for their support and our employees for their commitment and effort,” said Rob Davis. “The knowledge, skills, and experience we acquired at Texas A&M laid the foundation for the success of CRITICALSTART since its inception in 2012. Tera and I are honored to be a part of the Aggie 100.”

“The amazing companies on the Aggie 100 list demonstrate the strong technology, engineering and entrepreneurial programs and culture that Texas A&M fosters,” added Tera Davis. “In fact, we regularly recruit and hire Texas A&M graduates based on their ability to immediately make an impact in helping to continue growing CRITICALSTART’s business.”

CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and Managed Detection and Response (MDR) services, making it well positioned to protect important data and customer brands. The company increased year-over-year (YoY) revenue by 87 percent in the first seven months of 2018, and its MDR business has grown 300 percent YTD in 2018 when compared to all of 2017.

A complete Aggie 100 list can be viewed at www.aggie100.com.

CRITICALSTART Names Chief Technology Officer

Randy Watkins to Lead Strategic Technology Initiatives for Fast-Growing Leader in MDR Services, Cybersecurity Solutions, and Threat Intelligence

Plano, TX – November 9, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has appointed Randy Watkins as Chief Technology Officer (CTO), effective immediately. In this role, Watkins will be responsible for designing and executing the company’s strategic technology initiatives, which includes defining the strategy and direction of CRITICALSTART’s Managed Detection and Response (MDR) services delivered by the Zero-Trust Analytics Platform (ZTAP).

Previously, Watkins served as CRITICALSTART’s Director of Security Architecture, where he set the strategy for emerging vendor technologies, created the Defendable Network reference architecture, and set product direction for the company’s internally-developed Security Orchestration Automation and Response platform. Watkins was employee number five when he joined CRITICALSTART in 2012.

Watkins is a respected author and speaker on cybersecurity trends and is well-versed in applying security technologies, in practical and meaningful ways, to improve vulnerability management and security infrastructure for enterprise customers. He holds numerous security certifications in data analysis, data science, computer science, and leadership. Watkins earned a bachelor’s degree in Information Systems Security and an associate degree in Computer Networking Systems, both from ITT Technical Institute.

“Randy has excelled in every position since starting at the company,” said Rob Davis, CEO at CRITICALSTART. “He has keen insight into the functionality required by solution offerings to deliver customer value. His new focus will speed the development of features and integrations required to support the fastest growing MDR service in North America.”

CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and MDR services, making it well positioned to protect important data and customer brands. The company increased year-over-year (YoY) revenue 87 percent in the first seven months of 2018, and its MDR business has grown 300 percent YTD in 2018 when compared to all of 2017.

CRITICALSTART Named CRN® Triple Crown Award Winner

Fifth Annual Award Program Recognizes Standout Solution Providers

Plano, TX – October 10, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced that CRN®, a brand of The Channel Company, has recognized CRITICALSTART for earning its 2018 Triple Crown Award. This year 46 solution providers in North America reached the qualifying revenue, growth, and technical expertise to be named on three of CRN’s prestigious solution provider lists, earning them the Triple Crown Award this year.

Each year CRN announces lists and rankings to distinguish solution providers who are outshining their peers in the IT channel. It is a great accomplishment for a solution provider to make any one of these lists; so being named in three, as this year’s Triple Crown winners have been, deserves special acknowledgment. This year’s CRN Triple Crown Award winners rank among the largest IT solution providers by revenue in North America on the Solution Provider 500 list; are among the fastest growing organizations in the channel today on the Fast Growth 150 list; and have made the Tech Elite 250 list by receiving the highest level certifications from leading vendors.

CRITICALSTART was selected based on its growth over the past year and its commitment to serving partners, as mid-market and enterprise organizations continue to look for more assistance to combat today’s complex and rapidly growing security threats. The company offers channel partners Managed Detection & Response (MDR) services based on innovative technology featuring a mobile-first, Zero-Trust security analytics platform delivered in a completely transparent process. And, the CRITICALSTART MOBILESOC app allows users to investigate, escalate, comment on, respond to, and remediate security incidents. The company recently announced that it increased year-over-year (YoY) revenue by 87% in the first seven months of 2018, and opened a new facility to support current and future growth.

“Earning the Triple Crown Award from CRN symbolizes a year of growth and achievement at CRITICALSTART, and this success is due to the dedication and commitment of our employees to deliver excellent service and support for our partners,” said Rob Davis, CEO at CRITICALSTART. “Being recognized on three different award lists from CRN demonstrates our commitment to customer service, technical innovation and building a strong business.”

“Each Triple Crown award-winner has simultaneously generated high enough revenue to be ranked on the Solution Provider 500 List, achieved double- or triple-digit revenue growth for recognition on the Fast Growth 150, and devoted significant time and effort to top certifications to attain Tech Elite 250 status,” said Bob Skelley, CEO of The Channel Company. “Congratulations to each one of these high-achieving companies who continue to raise the bar for success in the IT Channel.”

The 2018 Triple Crown Award winners will be featured in the October issue of CRN and can be viewed online at www.crn.com/triplecrown.

Tweet This: @TheChannelCo honors @CriticalStart with @CRN Triple Crown Award #CRNTripleCrown crn.com/triplecrown

CRITICALSTART Achieves Soc 2 Type II Compliance Certification

Certification Validates CRITICALSTART’s Adherence to Higher Industry Security Standards for a Service Organization

Plano, TX – September 20, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has achieved the Service Organization Control (SOC) 2 Type II compliance certification, confirming the company’s commitment to security best practices based on the standards defined by the American Institute of Certified Professional Accountants (AICPA).

CyberGuard Compliance, an independent, third-party auditing firm, verified CRITICALSTART’s process and controls met the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. As part of the Type II certification, CyberGuard Compliance tested both the design and operational effectiveness of CRITICALSTART’s controls and processes. This certification solidifies the company’s resolve to provide its customers with industry-leading controls and processes to protect the confidentiality and privacy of their data.

A trusted cybersecurity partner to hundreds of mid-size and enterprise customers across a variety of industries, CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and “Zero Trust” Managed Detection & Response (MDR) services to help customers achieve a mature security posture that meets their specific needs.

“As a cybersecurity company, we understand how important it is to have clear controls, processes, and policies for protecting customer data and the systems that process it for our MDR services,” said Rob Davis, CEO at CRITICALSTART. “This certification assures our prospective and existing customers that we use a rigorous, multi-faceted approach to securing their critical business assets.”

CRITICALSTART Named to Top 100 Managed Security Services Providers of 2018 by MSSP Alert

Second Annual List Honors Leading MSSPs & Cybersecurity Companies That Safeguard Customers’ Digital Assets.

Plano, TX – September 19, 2018 – MSSP Alert, published by After Nines Inc., has named CRITICALSTART, a leading provider of cybersecurity solutions, to the Top 100 MSSPs list for 2018. The list honors the top 100 managed security services providers (MSSPs) that specialize in comprehensive, outsourced cybersecurity services.

The Top 100 MSSP rankings are based on a combination of MSSP Alert’s 2018 readership and aggregated third-party research. The research recognized these MSSPs to proactively monitor, manage and mitigate cyber threats for businesses, government agencies, educational institutions and nonprofit organizations of all sizes.

“We are excited to be named a 2018 Top 100 MSSP and believe that it is further recognition of the unique technology platform that drives our Managed Detection and Response services – the zero-trust platform gives customers full transparency while the MOBILESOC app allows customers to investigate, escalate and remediate issues from anywhere,” said Rob Davis, CEO at CRITICALSTART. “The 300% growth we have experienced in our managed security business over the last year reflects the growing market need for a better approach to managed security services. The legacy model of simply trying to hire more SOC analysts to manually review every alert isn’t sustainable in today’s market.”

Building and operating a true MSSP requires major financial, technical and business commitments. Fully 63 percent of top MSSPs surveyed maintain their own security operations centers (SOCs) on a 24x7x365 basis. Another 24 percent depend on hybrid models in which some SOC services are outsourced, with the remaining 13 percent either formulating strategies or completely outsourcing their SOC services.

Demand for MSSPs has escalated amid rising cyberattacks, malware and ransomware incidents worldwide. The shortage of cybersecurity skills has further heightened the need for world-class MSSPs. Global managed security services are expected to skyrocket to $101 billion in the next nine years, advancing at an eye-popping 18% compound annual growth rate, according to Persistence Market Research.

“After Nines Inc. and MSSP Alert congratulate CRITICALSTART on this year’s honor,” said Amy Katz, CEO of After Nines Inc. “As MSPs increasingly introduce managed security services, CRITICALSTART continues to stand out in the fiercely competitive cybersecurity market.”

The Top 100 MSSPs list and research were overseen by Content Czar Joe Panettieri (@JoePanettieri). Find the online list and associated report here: http://www.MSSPAlert.com/top100.

About CRITICALSTART
CRITICALSTART is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect your brand and reduce business risk. We help organizations of all sizes determine their security readiness condition using our proven framework, the Defendable Network. CRITICALSTART provides managed security services, incident response, professional services, and product fulfillment. Visit criticalstart.com for more information.

About After Nines Inc.
After Nines Inc. provides timeless IT guidance for strategic partners and IT security professionals across ChannelE2E and MSSP Alert. ChannelE2E tracks every stage of the IT service provider journey — from entrepreneur to exit. MSSP Alert is the global voice for Managed Security Services Providers (MSSPs).

  • For sponsorship information contact After Nines Inc. CEO Amy Katz, [email protected]
  • For content and editorial questions contact After Nines Inc. Content Czar Joe Panettieri, [email protected]

New Tech: CRITICALSTART Applies ‘Zero-Trust’ Security Model to Managed Security Services

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks.

That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.

READ MORE

Featured in The Last Watchdog | September 6, 2018

Cisco Warns Customers of Critical Security Flaws, Advisory Includes Apache Struts

Cisco has issued a security advisory to customers detailing a swathe of critical and highly-rated vulnerabilities which have been resolved.

The security advisory documents three critical vulnerabilities, 19 bugs rated “important,” and a number of medium-severity security flaws.

One of the most serious bugs is a vulnerability impacting Apache Struts 2, which was publicly disclosed in August together with proof-of-concept (PoC) code.

READ MORE

Featured in ZDNet | September 6, 2018

High-Severity Flaws in Cisco Secure Internet Gateway Service Patched

Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine.

The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure internet gateway that acts as a cloud-delivered security service for corporate networks. Specifically, the Cisco Umbrella ERC and Cisco Umbrella Roaming Module are impacted.

Cisco has released software updates addressing the vulnerabilities.

READ MORE

Featured in Threat Post | September 6, 2018

Cisco Releases 16 Security Alerts Rated Critical and High

Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs.

Only three alerts refer to security problems with critical impact; among them is the recently disclosed remote code execution vulnerability in Apache Struts, for which several proof-of-concept exploits exist.

Cisco notes that not all of its products that include an affected Struts library are vulnerable because of the way they use the library.READ MORE

Featured in Bleeping Computer | September 6, 2018

Cisco Warns of Critical Remotely Exploitable Vulnerabilities

Cisco has issued security alerts for 30 vulnerabilities across a range of its products and services, with three being ranked as critical and remotely exploitable.

Some 20 different Cisco products contain a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems.

READ MORE

Featured in iTnews | September 6, 2018

Cisco Patches Serious Flaws in RV, SD-WAN, Umbrella Products

Cisco informed customers on Wednesday that patches are available for over a dozen critical and high severity vulnerabilities affecting the company’s RV series, SD-WAN, Umbrella, and other products. Patches are also available for serious privilege escalation and information disclosure bugs in WebEx, a DoS flaw in Prime Access Registrar, a privilege escalation in Data Center Network Manager, and two command injections in the Integrated Management Controller (IMC) software.

Cisco is not aware of any instances where these vulnerabilities have been exploited for malicious purposes.READ MORE

Featured in Security Week | September 5, 2018

Emerging Vendors 2018: Cybersecurity Companies You Need to Know

In the IT industry, shattering the status quo is the status quo. While big vendors generate their share of ground-breaking products, startups are a major driver of innovation and are changing the rules of the game. CRN shines a light on some of the most exciting new channel-focused vendors helping create new solutions for business and opportunities for solution providers.

CRITICALSTART’s CYBERSOC and alert classification engine is a complete offering for solution providers to offer managed security services to their customers in a completely transparent way using a mobile-first, zero-trust platform that reduces alert overload by 99.9 percent.

READ MORE

Featured in CRN | July 26, 2018

How Legacy MSSPs Increase Cybersecurity Risks

Today, the number of cyberattacks is on the rise. According to a 2017 report from Accenture, there are more than 130 large-scale, targeted breaches in the U.S. per year, and the number is growing by 27 percent annually. As a result, distributed enterprise IT environments are facing more complex threat landscapes. Threat actors and hackers are continually evolving their techniques and using new machine-generated attacks on a daily basis. With all this change, it can be extremely difficult for small enterprise security teams to keep up with the volume of alerts from their sprawling security infrastructure.

Jordan Mauriello, Chief Technology Officer of CRITICALSTART, discusses how the operational model of legacy managed security service providers (MSSPs) can actually leave organizations more vulnerable to cyberattacks, increasing the risk of security breaches and potential compliance issues.

READ MORE

Featured in Corporate Compliance Insights | July 16, 2018

©2023 CRITICALSTART. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CRITICALSTART®, MOBILESOC®, and ZTAP® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Zero Trust Analytics Platform™, and Trusted Behavior Registry™. Any unauthorized use is expressly prohibited.