OTX Partners
OTX Roundtable GRC News
October 2023
October is Cybersecurity Awareness Month
Although some would argue (myself included) that EVERY month should be Cybersecurity Awareness Month, October is the month designated by the committee that comes up with these things. For MSPs, it is an opportunity to bring the topic back to front and center with their clients. The Cybersecurity and Infrastructure Security Agency (CISA) has made several resources available to organizations to help promote better cyber hygiene. You can find those resources here. You can also view their weekly webinars focusing on the four most critical areas users should focus on to protect themselves. That series appears in this month’s featured event.
City of Dallas Releases Ransomware Report
In May of this year, the city of Dallas suffered a devastating ransomware attack costing the city millions of dollars in restoration expenses. Last month the city released its after-action report on the causes, methods, remediation, and the costs of the attack. It is a fascinating story of how the Royal ransomware group infiltrated the organization and spent about a month moving laterally throughout the network before finally launching the attack. The group “lived off the land”, using legitimate RMM components and other built in utilities and well as other external tools to fully map the environment. The final cost to the city is estimated to be about $8.5M. This report is a great resource to understand the anatomy of a well-executed ransomware attack and some of the lessons learned. Read the Full Report Here…
Penn State University involved in False Claims Act Lawsuit
The consequences of lying about compliance are real. Since 2016, defense contractors have been required to implement the NIST 800-171 security controls regarding the protection of Controlled Unclassified Information (CUI). Until the new CMMC 2.0 program becomes law, contractors must self-assess their compliance with the regulation and attest to their compliance by posting their scores in the Supplier Performance Risk System (SPRS). If, under audit, organizations are determined to have lied about their compliance with the controls, they can be found to be in violation of the False Claims Act. This comes with serious penalties including large fines as well as potential jail time. Additionally, the FCA provides huge incentives for whistleblowers to expose violation.
It appears Penn State University has found itself the target of a lawsuit. The ramification of this case may be very significant. Read More…
Featured Event
CISA Cybersecurity Awareness Month Webinar Series
How to Create Stronger Passwords and Debunking Myths About Password Managers
October 3, 2023 | 2:00pm-2:30pm ET
The Importance of Multifactor Authentication
October 10, 2023 | 2:00pm-2:30pm ET
How to Recognize and Report Phishing
October 17, 2023 | 2:00pm-2:30pm ET
October 24, 2023 | 12:00pm-12:30pm ET
Featured Blog
In the past the Managed Service Provider could typically deliver a complete service with engaging with other partners. By deploying a fault-tolerant system, protected behind a good firewall, and managed by a good RMM, the MSP pretty much had their clients covered…Read More
Next OTX Roundtable Meeting
Thursday January 18, 2024
2:00 PM ET
(Virtual)
OTX Partners LLC
OTX Roundtable GRC is a peer group helping MSPs build and maintain a security and compliance-focused culture. Find out more here
© 2023 OTX Roundtable, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners.