Supply Chain Risks: It’s Everybody’s Business

There is an old saying that states, “Take care of your house and let others worry about theirs.” This might be valid in the pre-internet world, but with so many dependencies and relationships that have been created between partners and third-party suppliers, the “trust but verify” motto has become commonplace—or has it? Companies are only as strong as their weakest links. Creating a strong cybersecurity program internally is not enough, as the program should include all aspects of business in which data is vulnerable.

I can remember the moment clearly: I was in an early-morning meeting with several of my employees. Several minutes into the meeting, my mobile phone came to life with notifications and a call. Shortly after answering, there was a knock at the door. Almost instantly, I did not feel so well; I knew this couldn’t be good. As if it were rehearsed for stereo effect, I heard the words no one ever wants to hear: “I think we’ve been hacked.” My first response was, “Not possible!” Turns out, it was very possible and very much a reality. To be fully transparent, I thought my life and professional career were over in that moment; 25 years down the drain just like that! I took the cyberattack very personal.

As an Executive Director at one of the largest school districts in my state, I had officially become the next victim of ransomware.

Since the shift from the concept of traditional IT to the public cloud, there have been many new security services and cloud-native tools being implemented across all vertical industries to protect and govern the customer cloud environment. Cloud computing is evolving at an ever-increasing rate of change, but regulations and technology have not been keeping the same pace. Businesses trust the AWS cloud to secure their infrastructure so they can grow and evolve by accelerating innovation.

The continuing evolution of ransomware attacks requires innovative, protective solutions. Dell has led the protection of the data center with the Cyber Recovery solution, which is the only solution certified by Sheltered Harbor. It implements a digital air-gap solution that provides a dedicated replica isolated from the production environment. The isolation limits risks associated with remote threats identifying, accessing, and corrupting the backup data. In order to identify when a ransomware attack has occurred, Dell has partnered with Index Engines to monitor the backup data stream. CyberSense from Index Engines uses machine learning to identify changes in the backup data and alert when the appearance of an attack occurs.

Microsoft has issued an Exchange Server Security Update on April 13, 2021 for companies with an on-premises deployment of Microsoft Exchange Server 2013, 2016 and 2019. This affects both on-premises and hybrid deployments of Exchange Online. Exchange Hybrid users are less affected. However, the FBI’s recommendation is to patch this vulnerability as soon as possible.

This blog post was co-authored by Kathy Sobus (Senior Director, Customer Experience Strategy, ConvergeOne) and LumenVox.

Current Status of Hafnium

Coming on the heels of the still evolving SolarWinds data breach, it is now verified that four previously unknown or "zero-day" vulnerabilities in Microsoft Exchange Server are being used in widespread attacks against thousands of organizations, with many more potentially affected, according to security researchers.

In part one and part two of this blog series, we shared fourteen cybersecurity tips to prepare your organization for 2021. This blog post includes seven final tips to keep your organization safe in 2021.

This blog post was co-authored by Kathy Sobus (Senior Director, Customer Experience Strategy, ConvergeOne) and LumenVox.

As today is Data Privacy Day, it is only fitting that we discuss your data and understand the rights you have when sharing that information. How many of you have used Google? Apple? Facebook? Amazon? Within the last day? Did you know what you were agreeing to when you quickly scrolled down to the accept their terms of service boxes? How about when you accept the numerous cookies that pop up on seemingly every website that you visit? Do you know what these “accept” actions have given companies permission to do?