What Are Encrypted and Fileless Malware?

malware featured

Malware is a significant, and continuing, problem. A 2019 Verizon study shows that 28% of all data breaches involve malware, and new forms of malware and ransomware are emerging into the wild almost daily.

The challenge of fighting malware is that hackers are finding new ways to inject programs into systems. Even with advanced compliance and security guidelines in private and public markets, these hackers are working every technical and social angle possible to attack industrial, commercial and defense systems. And, unfortunately, it only takes one malicious program to completely bring a system to its knees. We’ve seen this most recently and publicly with the Colonial Pipeline ransomware attack, which cost the company $2.3M. 

In the past 5 years, new forms of malware have emerged. Two of these, encrypted and fileless malware, have become more sophisticated and, thus, more dangerous. These attacks are harder to detect, using our existing security measures and assumptions about malware against us.

 

Read More

Streamlining Preparation for CMMC 2.0

CMMC 2.0 featured

The Department of Defense has recently released plans for CMMC 2.0, the revised standards for compliance and security in the DoD supply chain. Many contractors working with DoD agencies were already gearing up for CMMC 1.0, and now are left wondering what is next for them and their business.

The important thing to remember is that CMMC 1.0 hasn’t gone away, and as such it’s possible to continue on your current compliance path, based on any RFP requirements and streamline your path to CMMC 2.0 compliance.

 

Read More

Can I Use a Plan of Action and, Milestones (POA&M) in CMMC?

POA&M featured

CMMC has become a strict, rigorous set of regulations for contractors working with the Defense Department. It is a clear map of maturity and capabilities; its implementation of NIST 800-171 controls; and its call for complete compliance before certification make CMMC audits challenging for many unprepared businesses. Unlike other frameworks, CMMC doesn’t allow for documents like a Plan of Action and Milestones (POA&M) to stand in for actual compliance. 

CMMC 2.0 seems to change that. Here, we will discuss a POA&M and what it means within the CMMC framework. 

Read More