Awareness

The Glupteba Botnet: Threats to Businesses and Consumers

Dec 8, 2021 Continuum GRC 0 Comment

Featured botnet resources. Continuum's 2025 GRC for botnet detection, network security, and compliance.

December 7, 2021–the Google Threat Analysis Group (TAG) announced that it has identified and temporarily disrupted the Glupteba botnet responsible for infecting an estimated 1 million computers and IoT devices.

This temporary disruption seems to have slightly impacted the botnet’s operation, but currently, the network is still operational.

Many of us may hear about botnets in the news or our compliance meetings… but what is a botnet? Here, we will cover the topic briefly and discuss the implications of Google’s move against this particular threat actor.

Can I Use a Plan of Action and, Milestones (POA&M) in CMMC?

Nov 10, 2021 Continuum GRC 0 Comment

Featured POA&M resources. Continuum GRC's 2025 plan of action for compliance remediation.

CMMC has become a strict, rigorous set of regulations for contractors working with the Defense Department. It is a clear map of maturity and capabilities; its implementation of NIST 800-171 controls; and its call for complete compliance before certification make CMMC audits challenging for many unprepared businesses. Unlike other frameworks, CMMC doesn’t allow documents like a Plan of Action and Milestones (POA&M) to stand in for actual compliance.

CMMC 2.0 seems to change that. Here, we will discuss a POA&M and what it means within the CMMC framework.

Cybersecurity “As-a-Service” and the Benefits of Third-Party Security Providers

Oct 6, 2021 Continuum GRC 0 Comment

Featured cybersecurity as-a-service. Continuum's 2025 CaaS for GRC and threat management.

Of all the upheavals and challenges we’ve seen in the past few years; cybersecurity is one of the most important topics emerging in 2021. Newsworthy attacks on SolarWinds and Colonial Pipelines have prompted the White House to release an executive order dictating a new set of collective cybersecurity standards for government agencies and contractors. Following that, private companies associated with the supply chain have also begun to adopt stricter security controls based on their risk profiles and reliance on cloud-based service providers. All of these organizations, from agencies to contractors to utility companies, are turning to cybersecurity as-a-service models to meet these demands.

It seems like everything is “a service” these days, but it is important to realize that as modern cybersecurity threats evolve, it’s nearly impossible for individual organizations to keep up. Dedicated, expert compliance and security firms are rising to fill the gap and keep our systems safe.