Tangible Security

Did you know that software configuration errors are by some estimates responsible for one third of all data breaches? In fact, the issue is so serious that the NSA and CISA regularly issue a list of Top Ten Cybersecurity Misconfigurations subtitled “a plea for network defenders and software manufacturers to fix common problems.” https://lnkd.in/eKmvwJzJ IT departments are often stretched thin, so it can be a smart investment to have an independent security controls and configuration review, which can save you a lot of time, money, and pain later. Tangible Security offers a customized evaluation of the effectiveness and alignment of your security controls and configurations with industry best practices, compliance requirements, and organizational objectives. We verify the presence, proper deployment, and configuration of existing security controls, firewalls, intrusion detection and prevention systems (IDS/IPS), data encryption solutions, Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) solutions, and a Security Information and Event Management (SIEM) platform. We identify vulnerabilities and misconfigurations that could expose your organization to cyber threats and provide actionable recommendations to fortify your cloud security and mitigate risks. To learn more about how Tangible Security can help, visit https://lnkd.in/gHTJu7aa

Is your organization ready for the NIST Cybersecurity Framework 2.0? The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF 2.0) is a set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risks. Adoption of the NIST CSF 2.0 is mandatory for US federal agencies. The NIST CSF 2.0 contains some important changes, including: ·      A new Govern function that consolidates GRC categories ·      Revised to address all types and sizes of organizations ·      New emphasis on supply chain risk management ·      Implementation tiers updated for formal use as a maturity model ·      New self-assessment tools and quick start guides Watch our on-demand webinar with CISO Anthony Bolan to learn how it will impact you. Learn about the new recommendations in NIST CSF 2.0 for governance and risk management, how to use the CSF to improve your security program now, and when you should plan for an assessment. Watch: https://lnkd.in/gid7_ptP

CISA releases new sector specific goals for IT and product design. The new guidance was announced this month in a press release: “Today, the Cybersecurity and Infrastructure Security Agency (CISA) released new voluntary cybersecurity performance goals for the information technology (IT) and product design sector. The IT Sector Specific Goals (SSGs) are aligned to Secure by Design principles and will help to protect the sector from cyber incidents, identify and address vulnerabilities prior to product release, improve incident response, and significantly improve software security.” https://lnkd.in/ghaXHD-t Tangible Security has a full set of services to help organizations increase the security of their product designs.  Our Secure Development Lifecycle (SDL or SDLC) services include assessment and/or development of your SDL program, policies, and processes to identify gaps and areas for improvement and integrate security into your development lifecycle. Security engineering services provide you with comprehensive support in architecting, implementing, configuring, and maintaining robust security solutions. Our team of skilled security engineers and developers will help you develop secure products aligned with industry best practices and regulatory standards, and design and maintain programs that provide secure system architecture, controls, and configurations. We offer a broad range of services, including SDL services, threat modeling, secure design and architecture reviews, security controls capability and configuration reviews, security team augmentation, and security remediation services. Learn more: https://lnkd.in/gVqNrKfK

What is the Cybersecurity Maturity Model Certification (CMMC), and what do you need to know about? Anthony Bolan, Tangible Security CISO gives an overview of CMMC in a new blog post: Defense Industrial Base (DIB) organizations, meaning those working with the Department of Defense (DoD) on US federal contracts, have long been subject to significant regulatory requirements for protecting sensitive information. However, a weakness of earlier regulations was a heavy reliance on self-certification. In response, the DoD in 2019 announced the development of the Cybersecurity Maturity Model Certification (CMMC) as a new effort to move away from self-attestation and provide enforceable, verifiable cybersecurity requirements for its contractors. Most who have been involved in the ongoing development of the CMMC will tell you that it wasn’t an easy process getting to the final rule, which was released on October 15, 2024. Reaching this milestone involved extensive changes to the proposed CMMC rules, its Accreditation Body, and years of continual feedback. The final updates to the associated Defense Federal Acquisition Regulation Supplement (DFARS) regulation are unreleased at this writing, but the first phase of CMMC implementation will begin in Q2 2025. If your organization is part of the DIB and hasn’t begun its efforts toward CMMC compliance, now is the time to start. Read the rest of the blog post here: https://lnkd.in/g_SpETdk

CISA issues Mobile Communications Best Practice Guidance in response to government-affiliated threat actors targeting commercial telecommunications. You might have missed this as CISA released it just before Christmas. The guidance contains solid recommendations for securing mobile devices including the use of end-to-end encryption, Fast Identity Online (FIDO) phishing-resistant authentication, and password managers. https://lnkd.in/gXT_zujx These are great best practices, but if your organization has developed its own mobile apps, you should also consider penetration tests. Tangible Security offers mobile application penetration testing by our expert team to provide you a detailed analysis of the security of your Android or iOS mobile applications to identify vulnerabilities, weaknesses, and potential entry points for attackers targeting mobile platforms. We then provide a set of recommendations to enhance the security of your mobile applications and safeguard sensitive data and user privacy. Learn more: https://lnkd.in/g8k9iVyW

New HIPAA Security Rule changes proposed by the HHS will provide specific instructions for safeguarding ePHI, preventing data breaches and maintaining compliance, according to a new article from Tech Target: “Among the list of proposed changes is a move to require healthcare organizations to develop a technology asset inventory and network map that illustrates the movement of electronically protected health information (ePHI) throughout the covered entity's information system on an ongoing basis. Additionally, the proposed rule championed more specificity when it comes to conducting a risk analysis.” HHS proposes HIPAA Security Rule changes, TechTarget. https://lnkd.in/gyYV4jM8 Tangible Security helps healthcare organizations improve their regulatory compliance posture with HIPAA gap assessments and reviews of policies and controls. We develop compliance roadmaps for major healthcare providers that provide remediation and reduce risk. We can help you get ready for new HIPAA requirements. Our customers range from a regional health system with multiple hospital campuses to a multibillion-dollar university medical system. From compliance roadmaps and penetration testing to medical device security and cybersecurity training for frontline staff, we will ensure that security in your organization becomes tangible. Learn more: https://lnkd.in/gctFQJE7

As Internet of Things (IoT) devices proliferate, so are targeted cyberattacks. For the last measured year, there were over 112 million cyberattacks directed at IoT devices, according to Statista. At the same time, smart embedded devices are becoming a customer requirement, so manufacturers must take extra security measures. A robust program of security for embedded devices should include penetration tests and security assessments, which can identify and address security vulnerabilities in products before they reach the market. A sound assessment should include the hardware, firmware, and communication protocols of devices to ensure security and to protect customer data and privacy. Our team has expertise in testing a wide range of connected devices and IoT products, including building automation systems like HVAC controls, access control systems, energy management systems, and security cameras. We also test industrial IoT sensors and control systems, connected vehicles and their components, medical devices, consumer electronics, security appliances, wearable technology and more. Our thorough evaluation will help you deliver secure, reliable solutions that build trust with your customers and protect your brand reputation. Learn more: https://lnkd.in/gdZv26Pw   #IoT #cybersecurity #pentest

Vulnerabilities can appear in applications of all types, including web, mobile, and desktop, and lead to compromises in your infrastructure. What do you need to do to prepare? Applications can be an overlooked aspect of IT security. So, application vulnerability assessments and penetration tests need to account for a full range of applications, including for AI tools, mobile apps, web apps, web services, APIs, desktop applications, databases, operating systems, frameworks, integrated software suites, and more. You need testing that applies an attacker’s mindset and utilizes both the latest manual testing methodologies along with state-of-the-art scanning tools to identify and remediate security issues, vulnerabilities, misconfigurations, and process weaknesses. Learn more: https://lnkd.in/gGNREN4B

Learn some IT security strategies for your small business that can save you money. Our team of IT security pros have put together a great list of recommendations on our blog: https://lnkd.in/gvyfTJ_u   Having an effective cybersecurity program is essential for any business regardless of their size.  But many cutting-edge security solutions can be too expensive for smaller companies. Fortunately, there are some ways to upgrade your cybersecurity that don’t involve enterprise-level IT budgets, including: ·      Increase the security awareness of employees to help your businesses protect your data. ·      Make better use of the security tools you already have, such as the built-in security features and settings in your products to make your environment more secure. ·      Deploy cost-effective continuous monitoring solutions by using affordable Security Information and Event Management (SIEM) tools. ·      Build a security-conscious culture with initiatives like the development of clear cybersecurity policies. Read the details and the rest of the blog post here: https://lnkd.in/gvyfTJ_u #cybersecurity #smallbusiness

Medical records are increasingly a target of hackers seeking to steal valuable personal information such as names, social security numbers, and health insurance details, according to a new article: “Research from the HIPAA Journal shows that data breaches are on the rise. In 2022, there were 720 breaches involving more than 500 records – a figure that rose to 725 in 2023, exposing a total of 133 million records. One such breach, reported in 2024, saw Change Healthcare targeted in a ransomware attack believed to have impacted 100 million individuals.” Medical records are a constant target of hackers – this is why, Tech Radar https://lnkd.in/g9c4yVZH Tangible Security helps healthcare organizations protect sensitive data, stay compliant, and keep vital systems secure and operating. Our customers range from a regional health system with multiple hospital campuses to a multibillion-dollar university medical system. From developing HIPAA and HITRUST compliance roadmaps and penetration testing to medical device security and cybersecurity training for frontline staff, we will ensure that security in your organization becomes tangible. Find out more: https://lnkd.in/gctFQJE7 #cybersecurity #healthcare #dataprivacy