Category
Cybersecurity

The weather is changing, and spring is upon us. Each year around this time, many people tend to do a thorough cleaning of their home and maybe tackle a few home improvement projects before summer arrives. We cannot forget to do the same maintenance and enhancements to our cybersecurity program. To assist you, we created this basic cybersecurity “to-do” list to ensure that you are being proactive...

If you’re in the financial sector, no doubt you’ve already heard, and hopefully, are prepared or preparing for, the new federal banking rule regarding cyber breach notifications. This new rule, which took effect April 1, 2022, with full compliance required by May 1, 2022, requires banking organizations and bank service providers to notify banking regulators within 36 hours after a notification...

Most (not all) cyber-related incidents can be avoided through proper planning and by having the right resources in place. Preparation is what makes all the difference, which entails outlining your risks, implementing safeguards to aid in prevention, and knowing who to bring in and when in the event of a cyber incident. After a cyber incident has occurred, time is of the essence to lessen the...

A week ago, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to all businesses and government entities on the risk of Russian cyberattacks affecting US systems and networks. Rob Lee, CEO of Dragos, indicates that his team has “observed threat groups that have been attributed to the Russian government by US government agencies performing reconnaissance against US...

The Avalon Cyber team is proud to welcome Jill Martucci as our new Director of Governance Risk and Compliance (GRC) for our security advisory services. Her experience spans many service lines and industries in which she executes programs that ensure the proper functioning of client information technology and information security (IT/IS) controls, with a focus on the following areas:

If you experience a breach, it’s critical that you quickly find and fill the gaps in your network and identify what data may have been compromised. The Avalon Cyber team has extensive experience in digital forensics and technology crime fighting and provides prompt and comprehensive response to cyberattacks.

If you’re one of the more than 300,000 companies in the defense industrial base’s (DIB) supply chain, you’re probably familiar with the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC). If not, here’s a quick definition courtesy of the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)): “The CMMC is a framework that includes a...

If you’ve made it past the title, you already know what we’re talking about, and I hope you don’t stop here because you’re afraid of just another technical brain dump of how bad Log4j (aka Log4shell) actually is. What I think will be more impactful for our readers is to provide you with information on:

An attacker leveraged a combination of Microsoft Exchange vulnerabilities (ProxyShell), which led to the deployment of Lockbit 2.0 ransomware. Here's what happened:

Microsoft 365 (previously Office 365) offers a wealth of tools, including Teams, SharePoint, OneDrive, PowerPoint, Excel, and more, that help your team work and collaborate easily and efficiently from anywhere in the world. And, since the platform is cloud-based, your business has access to all these resources, yet doesn’t have to host the infrastructure.

Cyber risk, the probability of loss and/or harm to an entity based on technological exposures, is much higher in the financial industry as compared to others, to the extent that even bank ratings can be greatly impacted. This certainly isn’t surprising given the nature of the data this sector manages every day.

People use their mobile devices for everything these days, including, of course, work. In fact, 60% of an organization’s endpoints are mobile – and unprotected. Since they contain much, if not all, of the same information found on an employee’s corporate laptop or desktop, keeping smart phones, tablets, etc. safe is crucial to the security of your business.

Avalon is proud to announce that we have successfully completed the SOC 2 Type 1 information security audit as of July 2021. The scope of the audit included our cybersecurity, eDiscovery, and secure print and mail services.

During our most recent webinar, “Into the Dark Web with David Maimon,” (which you can watch at the link) an attendee asked: Is there a list of common email subject lines that are red flags?

If you experience a data breach, you probably know that you need to alert your customers as quickly as possible to comply with state and national regulations. But did you know that Avalon Cyber can assist with this? 

So here's the main difference between vulnerability assessments and penetration tests, put as simply and briefly as possible:

Avalon has been on a consistent growth trajectory for many years, expanding our geographic reach and our suite of services to meet the everchanging needs of our clients. To this end, we recently made some exciting changes within the Avalon Cyber division, including creating new positions for current team members and bringing a new hire aboard. This alignment will better position each of our...

In this blog, Brandy Griffin, Cyber Service Delivery Manager for Avalon Cyber, discusses the business email compromise (BEC), what you can do to help prevent one from affecting your organization, and how to respond if a BEC occurs.