Top 10 Cybersecurity Trends for 2024

Futuristic cybersecurity shield emblem superimposed on a circuit board highlighting modern cybersecurity trends and digital protection technologies.

The cybersecurity landscape is undergoing a seismic shift, driven by technological advancements, evolving threats, and a heightened focus on regulation. From the talent crunch in cybersecurity to the rise of Generative AI and the increasing importance of soft skills, the industry is bracing for a transformative year. This guide delves into the Top 10 Cybersecurity Trends for 2024.

1. The cybersecurity skills crunch will mean less people/higher costs for organizations.

One of the most critical challenges facing the cybersecurity industry is the talent gap. According to the Bureau of Labor Statistics1, the employment of information security analysts is projected to grow by 33% from 2020 to 2030. This rate of growth is much faster than the average for all occupations, highlighting the increasing demand for cybersecurity expertise. However, the supply of qualified professionals is not keeping pace with this demand, leading to a talent gap that poses a serious risk to organizations. For businesses, this can mean higher labor costs. In the next few years, scarcity will cause salaries to increase, and upskilling existing employees will require added costs for development and training.

2. Cybersecurity professionals will have increased need for soft skills.

While technical expertise remains a the primary focus for anyone working in cybersecurity, there will be a growing emphasis on the importance of soft skills for cybersecurity professionals. These include interpersonal communication, problem-solving, and emotional intelligence, among others. Effective communication will be crucial when explaining complex security issues to non-technical stakeholders so that decision-makers can understand how and why to take appropriate action. Indeed2 suggests that a blend of technical and soft skills will be the hallmark of the most sought-after cybersecurity professionals.

3. There will be more cybersecurity in board rooms.

According to a Gartner Report3, around 70% of corporate boards are expected to have at least one member with specialized cybersecurity knowledge by 2026. Another report from Moody’s4 reveals that company cyber budgets have jumped by 70% in four years. This significant increase in financial allocation is a testament to the escalating importance of cybersecurity at the highest levels of corporate governance. Boards are not just approving larger budgets; they are actively participating in discussions about how these resources are allocated and used.

As a result, the role of the CIO (Chief Information Officer) will become even more important

According to Info-Tech’s Annual CIO Survey Report For 20245, one of the top priorities for CIOs in 2024 will be to engage with the board on cybersecurity matters. This involves not just presenting technical metrics but translating these metrics into understandable, actionable business strategies. The recent SEC charges against SolarWinds serve as a stark reminder of the consequences of neglecting cybersecurity at the governance level. The SEC alleges that SolarWinds misled investors about its cybersecurity measures, leaving the company vulnerable to a significant cyberattack disclosed in December 2020. This event led to a sharp decline in the company’s value, underscoring the critical importance of taking cybersecurity seriously at the highest levels of an organization. And the SEC’s action in this case should act as a wake- up call for publicly traded companies that wish to avoid the same fate.

4. IoT (internet of things) cyberattacks will increase.

The proliferation of IoT devices, ranging from smart home appliances to industrial sensors, has expanded the attack surface for cybercriminals. According to InformationWeek6, security measures are not keeping pace with the grow of IoT technology, widening the security gap.  For businesses, one of the greatest vectors for threat is IoT devices used by remote and hybrid employees without proper security measures in place on devices used to connect to sensitive data. McKinsey7 notes that the lack of standardized security protocols is a significant concern, especially considering the IoT is expected to potentially be worth up to $12 trillion dollars globally by 2030.

5. More cybersecurity regulations are coming down the pike.

The newest regulations aim to safeguard national security and ensure economic stability by setting standards and guidelines for cybersecurity practices. In the United States, the 2024 defense bill has allocated $13.5 billion specifically for cyberspace activities. Notably, in the US financial sector, the SEC  has introduced new rules requiring companies to include cybersecurity risk factors and incidents in their financial disclosures set to take effect on December 15, 2023. In the UK, the Product Security and Telecommunications Infrastructure (PTSI)8 act was passed into law in 2022 and aims to regulate products capable of connecting to a network, such as IoT devices like networked CCTV cameras, with a compliance deadline of April 29, 2024.

Similarly, the EU is focusing on the cybersecurity of a product’s life cycle for IoTs that connect to a network by implementing the European Cyber Resilience Act (CRA). The CRA is designed to replace the existing European Union agency for cybersecurity ENISA.  It will oversee certification schemes for ICT products, services, and processes and is set to be officially released in 2024.

6.  Generative AI will continue to have long lasting impacts on cybersecurity.

The integration of Artificial Intelligence (AI) into cybersecurity is not a new phenomenon, but the advent of generative AI marks a significant milestone. One of the most concerning developments is the use of deepfake technologies for social engineering attacks. According to a report by Cyber Magazine9, the proliferation of deepfakes is causing increasing concern in the cybersecurity community. AI-generated synthetic media can impersonate individuals, manipulate content, and deceive systems, making them a potent tool for cybercriminals aiming to compromise business networks and data. Beside deepfakes, AI is contributing to more sophisticated phishing attempts. AI can be used to create more believable phishing emails with programs like ChatGPT, Bard, and Claude and to automate the process of sending these emails, making attacks more efficient and harder to detect.

On the flip side, advancements in AI are also empowering organizations to bolster their defenses. A Gartner report10 highlights the growing importance of Machine Learning in data science, including real-time anomaly detection. Additionally, AI-driven incident response mechanisms are becoming increasingly sophisticated. These systems can automatically isolate affected network segments, initiate predefined security protocols, and even communicate with human operators to provide real-time updates on security incidents.

7. You will see evolving, more sophisticated phishing attacks and the cost will be much higher.

Phishing attacks have long been a staple in the cybercriminal’s toolkit, and Humans are the weakest link in the chain. 95% of cybersecurity issues traced to human error11. The advancement of automated technologies and generative AI tools that can create more realistic and emotionally evocative phishing attempts is a large contributing factor on this front. Cybersecurity Ventures12 predicts that by 2025, cybercrime will cost companies and individuals over 10 trillion dollars worldwide.

8. Cyber warfare and state-sponsored cyberattacks will continue to increase.

Ongoing conflicts and significant electoral events around the world are expected to be flashpoints for cyber warfare activities. According to the U.S. Department of Homeland Security’s homeland threat assessment for 202413, state-sponsored cyberattacks are among the top threats facing the nation. Critical infrastructure sectors such as energy, transportation, and healthcare are likely to be primary targets. In 2022, one of the biggest attack types on infrastructure was remote management devices with a marked increase happening over the course of the year.  In the current geopolitical environment, the trend for cyber warfare shows no signs of slowing.

9. There will be a move towards cyber resilience as cyberattacks become more common.

Organizations will no longer be solely focused on preventing cyberattacks; they will also be investing in strategies to ensure operational continuity in the aftermath of an attack.  According to the National Institute of Standards and Technology (NIST)14, cyber resilience is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” However, it is not a one-size-fits-all concept; it can be implemented at multiple levels, including individual system elements, entire systems, and even across organizations or sectors. As cyberattacks become more frequent, organizations will likely invest more in training programs, technological solutions, and governance models that support cyber resilience. The aim is to build systems that not only defend against cyber threats but also adapt and recover quickly when attacks occur.

10. The zero trust model will continue to evolve.

The concept of zero trust has been a cornerstone in cybersecurity, operating on the principle of “never trust, always verify.”15 However, the zero trust model, which relies heavily on static rules and policies, is becoming increasingly inadequate. According to Gartner16, the future of it will demand more dynamic and adaptive security measures to cope with the complexities introduced by emerging technologies and sophisticated cyber threats. One of the major shifts in zero trust will be the incorporation of AI for real-time authentication. AI algorithms can analyze behavioral patterns and other contextual factors to make instantaneous trust decisions. Beyond that, the zero trust model will increasingly incorporate continuous monitoring of user activity. This approach extends the security perimeter past the initial point of entry, continuously verifying the legitimacy of a user’s actions throughout their session.

The adoption of zero trust is on the rise. According to a 2023 report by Fortinet17, 67% of survey respondents have adopted zero trust network access but have struggled to implement the full suite of strategies.  In fact, in 2023, only 28% had achieved complete implementation – down from 40% in 2021. While there is an increase in the intention to adopt zero trust, the difficulties in achieving full planned deployment in the business environment require a higher degree of commitment.

Conclusion

As we confront the unfolding cybersecurity trends of 2024, it becomes clear that this year will be a watershed moment for digital defense. In an era where technological progress and cyber threats accelerate in tandem, robust and forward-thinking cybersecurity strategies are not just advisable—they are imperative. Organizations are called to bolster their digital ramparts with a blend of seasoned experts, cutting-edge AI technologies, and resilient operational blueprints that promise not just to endure but to dynamically counteract cyber incursions. The path to a fortified cyber future is complex and demands a unified front across all sectors and communities. It’s a path that companies like Back To Business IT are equipped to help navigate. Staying ahead of the curve and ready to act decisively will transform these emerging challenges into stepping stones for a more secure and resilient digital landscape.


1. https://www.bls.gov/OOH/computer-and-information-technology/information-security-analysts.htm

2. https://in.indeed.com/career-advice/career-development/cyber-security-skills

3. https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024

4. https://www.businessinsurance.com/article/20230929/NEWS06/912360168/Company-cyber-budgets-jump-70-in-four-years-Moody%E2%80%99s-

5. https://www.infotech.com/research/ss/annual-cio-survey-report-2024

6. https://www.informationweek.com/data-management/iot-technology-growth-and-security-trends-this-year-and-beyond

7. https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/cybersecurity-for-the-iot-how-trust-can-unlock-value

8.https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1037629/PSTI_FactSheet_1__Overview__1_.pdf

9.https://cybermagazine.com/technology-and-ai/the-rising-tide-of-deepfakes-as-ai-growth-cause-concern

10. https://www.gartner.com/en/newsroom/press-releases/2023-08-01-gartner-identifies-top-trends-shaping-future-of-data-science-and-machine-learning

11. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf

12. https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/

13. https://www.dhs.gov/sites/default/files/2023-09/23_0913_ia_23-333-ia_u_homeland-threat-assessment-2024_508C_V6_13Sep23.pdf

14. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2.pdf

15. https://www.nist.gov/blogs/taking-measure/zero-trust-cybersecurity-never-trust-always-verify

16 https://www.gartner.com/en/newsroom/press-releases/2023-10-17-gartner-unveils-top-predictions-for-it-organizations-and-users-in-2024-and-byond

17. https://www.fortinet.com/blog/industry-trends/zero-trust-report-key-takeaways#:~:text=In%202021%2C%2040%25%20of%20respondents,54%25%20in%20the%20previous%20survey

Top Considerations When Buying New IT Equipment

new IT equipment

Investing in new IT equipment is a smart move for any business that wants to stay competitive and efficient. However, choosing the right equipment can be a daunting task, especially for small and medium-sized businesses that may not have dedicated IT staff. In this article, we’ll explore some key factors to consider when selecting IT equipment for your business, and share some best practices for managing and maintaining your IT investment.

Why is upgrading IT equipment important for your business?

Before we dive into the specifics of selecting IT equipment, let’s take a step back and look at why upgrading your equipment is important in the first place. Here are some of the main benefits of investing in new IT equipment:

  1. Increased productivity: Newer equipment typically offers faster processing speeds and better performance, which can help your employees get more work done in less time.
  2. Enhanced security: Older equipment may lack the latest security features, leaving your business vulnerable to cyber threats. Upgrading to newer equipment can help you stay protected against modern threats.
  3. Improved efficiency: Newer equipment often has better energy efficiency, reducing your electricity bills and helping the environment.
  4. Competitive advantage: Upgrading your IT equipment can give you a competitive edge by enabling you to offer better products or services, or by making your business more agile and responsive.

Factors to consider when selecting IT equipment

Now that you know why upgrading your IT equipment is important, let’s take a look at key factors to consider when selecting it:

  1. Compatibility: Make sure that the new equipment you are considering is compatible with your existing IT infrastructure, including software, network, and peripherals. You don’t want to invest, only to find out that it doesn’t work with your existing systems.
  2. Scalability: Consider whether the new equipment can grow with your business. You don’t want to invest in anything that will be outdated in a year or two.
  3. User-friendliness: Look for ease of use. Your employees should be able to operate it without extensive training.
  4. Total cost of ownership: Consider the total cost of owning and maintaining the equipment over its lifetime, including maintenance costs, repair costs, and energy costs.
  5. Warranty and support: Look for equipment that comes with a comprehensive warranty and technical support. You want to make sure that you can get help if something goes wrong.

Best practices for managing and maintaining IT equipment

Once you’ve selected your IT equipment, it’s important to take good care of it to ensure that it lasts as long as possible and performs at its best. Here are some best practices for managing and maintaining your IT equipment:

  1. Keep your equipment clean: Regularly clean to remove dust and debris that can clog vents and cause overheating. Use a soft cloth and a gentle cleaner to avoid scratching the equipment.
  2. Update your software: Keep your operating system, applications, and security software up-to-date to ensure that you have the latest features and protection.
  3. Back up your data: Regularly back up your data to prevent loss in case of failure or a cyber attack.
  4. Monitor your equipment: Keep an eye on your equipment’s performance and check for any signs of malfunction or degradation. Address any issues promptly to prevent further damage.
  5. Schedule regular maintenance: Schedule regular maintenance, such as cleaning, updates, and hardware checks. This can help prevent problems before they occur and extend the life of your new technology investment.

Investing in new IT equipment can provide significant benefits for your business, but it’s important to choose the right technology and take good care of it. By considering the factors and best practices previously outlined, you can make informed decisions and get the most out of your IT investment. Additionally, working with a trusted IT provider can help simplify the process of selecting and managing IT equipment. They can help you assess your needs, recommend the right software/hardware, and provide ongoing support and maintenance.

At Back to Business I.T., we understand the importance of having reliable and efficient IT equipment for your business.

Our team of experienced professionals can help you select the right equipment, manage and maintain it, and provide technical support whenever you need it (even nights and weekends). We’re dedicated to helping your business stay competitive, efficient, and secure. Contact us today for a quote or assessment!

Department of Defense prepares rollout of national cybersecurity standards

DoD cybersecurity standards

By Tyler Greenwood, Vice President of Back To Business I.T. (originally published in the Dayton Business Journal)


Cyber incidents like the SolarWinds attack in 2019 and the Colonial Pipeline ransomware attack in 2021 have the U.S. Department of Defense (DoD) taking urgent action to strengthen national cybersecurity regulations.

report released last November found most prime contractors (and their subcontractors) hired by the DoD in the last five years failed to meet minimum cybersecurity standards, putting U.S. national security at risk. Security gaps in the federal supply chain have been well known for years, but attempts to fix them have failed.

Enter: CMMC

In response to heightened security risks, the DoD introduced Cybersecurity Maturity Model Certification (CMMC) program. Its goal is to ensure any company involved in the federal supply chain is protecting controlled unclassified information.

Under CMMC guidelines, more than 300,000 contractors must meet 110 NIST SP 800-171 controls, which the government sees as a reasonable cyber risk management approach. In addition, 80,000 of these organizations must complete a third-party assessment and certification to continue bidding on defense contracts.

When will CMMC certification be required?

The DoD is expected to release a final rule on CMMC framework by March 2023, which means contractors could start seeing requirements in RFPs/RFIs as early as May.

If your business is one of the 80,000 contractors that requires an outside assessment and certification, you may have less than a few months to do so. Failure to achieve compliance before the published rule could mean leaving money on the table and losing the ability to do business with the Department of Defense.

Getting started

If your company is still in the beginning stages of CMMC compliance, the time to act is now. Preparation and implementation of the following requirements can take upwards of 18 months. To get started on compliance, contractors should immediately:

  • Work toward meeting the 110 controls in NIST SP 800-171.
  • Identify their Supplier Performance Risk System (SPRS) score.
  • Create a system security plan (SSP).
  • Document plans of action and milestones (POA&M) to demonstrate how you intend to close any gaps for controls not yet met.

Next steps

If your organization has already started on CMMC compliance, consider conducting a preliminary self-assessment to see if you satisfy requirements. This can provide a range of helpful information to ensure you have everything functioning as expected once you’re ready to formally self-attest or go for your official certification.

If your business wants consultative guidance, including assistance walking you through standards you didn’t meet, explaining why, and offering suggestions on closing those gaps, you might find it beneficial to work with a CMMC Registered Provider Organization (RPO), such as Back To Business I.T.

As a full-service I.T. firm and the region’s leading CMMC-AB RPO, Back To Business I.T. can help you achieve NIST SP 800-171 compliance as well as help you prepare your plan of action and milestones (POA&M) and system security plan (SSP) required for CMMC certification. Learn more at www.backtobusinessit.com/cmmc-readiness.

Ransomware 3.0 | Cyber Risks in IoT Devices

news from microsoft

Ransomware 3.0

Ransomware attacks continue to get worse. They have now expanded to extort not just the companies, but also contractors and customers, in a “Triple Threat”. In addition to encrypting a victim company’s data, they will also exfiltrate, or download, copies of company data and emails. They will ask for one ransom to decrypt the computers, a second ransom to not make the stolen data public, and then the newest ransom attack. They reach out and present the data to customers, contractors, and business partners and demand a ransom from them in order to not have the data published. With phishing emails still being the number one attack vector for ransomware, be sure you have sufficient protection for your company. A combination of quality user education, phishing exercises and awareness campaigns, and system endpoint protections provides an in depth defense to this constantly evolving threat.

What does this mean for your business?

Back To Business I.T. has you covered. Our cybersecurity training programs are customized to meet the needs of your workforce and are designed to create a “human firewall” inside of your business. Building upon that, we offer state-of-the-art intrusion detection systems to stay one step ahead of cybercriminals. Don’t become a cyber statistic. Contact our team today and get Back To Business.

LinkedIn breach could mean your information was exposed

Just when you thought you had seen it all, think again! LinkedIn is the latest victim of phishing attacks. According to USA Today, firms are stating that cyber attackers are now posing as “boring, authentic, cubicle-office dwellers.” On top of these reported phishing attempts, CyberNews reports that the cyber attackers have also scraped data from 500 million LinkedIn accounts. The information leaked includes LinkedIn IDs, full names, email addresses, phone numbers, and various other sensitive information. Due to the leak of information, customers may be susceptible to increased email and text spamming or phishing.

What does this mean for your business?

Tighten up your security measures, and encourage your employees to do the same. Be conscious of strangers requesting to follow your LinkedIn profile. Consider changing your password periodically. Enable two-factor authentication for your account if possible. This additional layer of security serves as another barrier between your information and bad actors on the internet.

Manufacturing systems and IoT devices present high risk

IOT and other embedded manufacturing systems can present a high risk to your data and operations if not properly secured. Basic security steps can greatly improve your overall risk posture. From doorbells and cameras to CNCs and additive manufacturing systems, there are simple steps you can take to reduce the risk and exposure of the business side of your operations.

What does this mean for your business?

Your network is unique, and your security measures should be too. Your manufacturing systems and devices should be protected using industry best practices. Preventative steps such as changing default passwords, keeping your systems properly patched, and separating crucial systems from the rest of your network can make the difference between a few minutes of down time, and your entire operations coming to a halt. Our team is experienced in manufacturing environments, and passionate about our clients’ security. Contact us today to learn what we can do for your operations.

Microsoft announces 24 new issues posing cybersecurity threats

Microsoft announced the discovery of 24 issues in a wide range of IoT and OT devices. These issues allow malicious individuals to execute code on or crash your devices. This affects a wide range if industrial, medical, and enterprise devices. It is vital to your security to have an active inventory of the assets on your network, monitor them for vulnerabilities, and patch them regularly.

What does this mean for your business?

Our team of experts stands ready to help your organization take care of risks inside your network that you might not know are there. Cyberattacks are at an all-time high…and getting worse every day. We are here to help!

Cybersecurity risks continue to evolve, and so do our tools to fight them. We are passionate about protecting small businesses, and stay up to date on technology and cybersecurity best practices. Contact us today and let us show you how our cybersecurity services can help your business stay safe in an uncertain world.

Call us at 937-490-5600 or Contact Us to learn more or get started.

Common Sense and Cybersecurity

Common sense and cybersecurity

Earlier this month, Colonial Pipeline’s operations came to a halt after a ransomware attack orchestrated by DarkSide, an Eastern European cybercriminal organization. It took several days after the May 7 attack for the company to begin restarting parts of their systems as well as the mainlines. The effects were widespread and felt by most of us – gas prices at the pump fluctuated almost immediately.

As a society, we are becoming increasingly desensitized to news like this. Cyberattacks happen so often, it seems, that it’s hardly news. So why is it that so many businesses still don’t take cybersecurity seriously? There’s a shroud of mystery surrounding cyber – the media portrays hackers as hooded criminals lurking in a dark room. And while cybercrime methods change constantly, there are measures companies and individuals can take to protect their data. Those steps aren’t mysterious; they’re not hidden. Maybe they’re so simple – so rooted in common sense – that it’s easy to overlook them, and dismiss their importance.

 “The problem with common sense is that it is not so common.”

Maybe it’s easy to dismiss simple ways to implement cybersecurity because “well, everyone knows to do that.” The truth is maybe not everyone knows. Maybe “common sense” isn’t as common as we would like to think. For example – do you lock your doors when you’re not home? Chances are you do. It’s one of the most basic things to prevent entry and protect what’s inside. One of the easiest ways to protect your business data is to password protect your computer systems. This most rudimentary of security measures, which costs nothing to implement is still not being used by many businesses.

Along the lines of common sense, let’s revisit the events following the Colonial breach. Gas prices increased, media coverage heightened awareness of a potential (temporary) shortage. Some people took to the pumps to fill up before it got worse. Others took more drastic measures, filling up plastic bags with gasoline. Common sense would tell (most of) us it’s a bad idea to fill a plastic bag with gasoline, but the truth is not everyone has the same thought process and the same information. So much so that the US Consumer Product Safety Commission announced on social media that it was, in fact, a bad idea to fill plastic bags with gasoline.

This is an extreme case, most of us probably understand why it’s not a good idea to fill a bag with gasoline. But many businesses are doing the cybersecurity-equivalent of this, likely without realizing it. For example, if your company has data on computers that aren’t password-protected, or even protected by passwords such as “password1234” – that’s a potentially disastrous situation.

Cybersecurity: Start with common sense

Cybersecurity for your business doesn’t have to be complicated, unattainable, and cost-prohibitive. It would be irresponsible for us to reduce cybersecurity to just password-protecting your computers – but the truth is that you can start with simple steps like that. The password illustration is easy to understand but is by no means the gold standard as far as security measures go. Using common sense – perhaps the best of the senses – can help jumpstart your cyber approach. Your business technology is unique; your cybersecurity strategy should be unique, too. We can start where you are – whether that is as simple as password-protecting your systems or as complicated as monitoring network traffic for anomalies. Every business that uses technology in some way is vulnerable to cyberattacks, from pipelines to pop-up boutiques. Don’t wait until something disruptive brings your operations to a halt. Let’s start today.

Contact our team to talk about cybersecurity solutions for your business, from the tried-and-true to the cutting edge.

Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

Back To Business I.T. to Participate in First-Ever Identity Management Day

Identity Management Day

Identity Management Day, founded by the Identity Defined Security Alliance, aims to educate and engage business leaders and I.T. decision makers on the intersection of identity management and security.

 

Beavercreek, OH — Back To Business I.T. today announced that it will participate in the first ever ‘Identity Management Day,’ an annual awareness event that will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.

Founded by the Identity Defined Security Alliance (IDSA), the mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.

In addition, the National Cyber Security Alliance (NCSA) will provide guidance for consumers, to ensure that their online identities are protected through security awareness, best practices, and readily-available technologies.

To support this exciting initiative as a champion, Back To Business I.T. will be sharing information about ways to safeguard your identity online as well as resources available to individuals and organizations.

“Raising awareness around identity management is especially critical after a barrage of identity-based breaches made headlines in the past year, including Twitter, Marriott, and Nintendo. In fact, research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable,” said Julie Smith, Executive Director of the IDSA.

Smith continued, “Compounding this, the ongoing pandemic has accelerated digital transformation initiatives that support changes in how we work and how we live day-to-day, putting organizations at greater risk. Our hope is that Identity Management Day will result in higher prioritization of identity security and, as a result, fewer data breaches in 2021 and beyond. We are grateful for all of the support from IDSA and NCSA member companies and the broader industry to further this mission.”

“Identity-related cybercrimes are nothing new, but the methods that hostile actors are using have changed tremendously,” said Tyler Greenwood, Vice President of Back To Business I.T. “Phishing and identity spoofing are tactics that cybercriminals are using to get people to give up information that’s then used to compromise systems. It’s happening everywhere and unfortunately many people and businesses aren’t taking proper precautions and are paying the price.”

“Identity management isn’t just about passwords anymore”, Tyler added, “It’s about people. Making sure users are trained to recognize maleficence is potentially the most critical factor keeping their identity and credentials safe.”

Back To Business I.T. offers customizable managed services designed to improve your business operations. Whether you have straightforward technology requirements or complex technical needs, Back To Business I.T. offers a full suite of managed services and solutions that can bring value to your operations and solve your technology challenges. One of our most popular services – Security Awareness Training – offers custom-built company-specific campaigns to train employees on cybersecurity risks. We craft and deploy simulated phishing campaigns to test employee awareness and provide resources to strengthen their understanding and increase cyber resiliency.

About the Identity Defined Security Alliance

The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources.

To learn more about and get involved in Identity Management Day 2021, please visit www.identitymanagementday.org and check out #IDMgmtDay on Twitter and LinkedIn.

Follow the IDSA

Join the Community: https://forum.idsalliance.org/

Twitter: www.twitter.com/idsalliance

LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/

Blog: https://www.idsalliance.org/blog/

Follow Back To Business I.T.

Facebook: https://www.facebook.com/BacktoBusinessIT/

Twitter: https://twitter.com/Back2BusinessIT

Instagram: https://www.instagram.com/backtobusinessit/

LinkedIn: https://www.linkedin.com/company/back-to-business-it

YouTube: https://www.youtube.com/user/BacktoBusinessIT

What is a CMMC RPO?

CMMC rpo

Throughout 2020, the U.S. Department of Defense released details surrounding the Cybersecurity Maturity Model Certification (CMMC) requirements for companies in the defense industrial base (DIB). These new consolidated cybersecurity requirements are driving suppliers and contractors to dedicate time, money, and other resources to strengthen their cybersecurity strategy to meet compliance. Depending on the company’s existing cybersecurity posture, some will have much more work to do than others, and they will all need professional guidance.

It’s no surprise that the market has been recently flooded with consulting firms claiming to be experts in CMMC compliance requirements. Keep in mind that not all third-party consultancies are created equal. As a small business, we understand how important it is to properly vet vendors, and make sure you’re getting the most out of every dollar you assign to projects like these.

The CMMC Accreditation Body (CMMC-AB) has introduced five certifications and authorizations to differentiate entities offering CMMC compliance services. These are:

  • Certified Third-Party Assessor Organizations (C3PAO)
  • Registered Provider Organizations (RPO)
  • Registered Practitioners (RP)
  • Certified Professionals (CP)
  • Certified Assessors (CA)

We’re happy to provide some details regarding the RPO authorization, and what is involved.

RPOs like The Greentree Group are authorized by the CMMC AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments. We can also assist during these assessments if there is a finding that will prevent you from attaining your desired CMMC maturity level. However, we do not conduct certification assessments, and we do not grant certified status. Only C3PAOs are equipped to conduct these certification assessments. As an RPO, we are here to provide CMMC guidance and support to companies impacted by these new regulations. It’s important to remember that C3PAOs cannot provide guidance unless they’re also certified as an RPO – and even then, they cannot offer the same services (assessment + guidance) to the same company.


WHAT GOES INTO BECOMING AN RPO

A company must do the following to become certified as a CMMC RPO:

  1. Be an entity owned by a “US person”.
  2. Be registered with the CMMC-AB in order to receive authorization to use the official logo distributed by the CMMC-AB.
  3. Sign an RPO agreement, reflecting a commitment to comply with the CMMC-AB Code of Professional Conduct.
  4. Clear an organizational background check.
  5. Have at least one Registered Practitioner (RP) on their team. An RP is specially trained and authorized by the CMMC-AB to deliver “non-certified advisory services informed by basic training on the CMMC standard” at all times.
  6. Pay an annual registration fee.

These requirements put in place by the CMMC-AB are helpful for companies seeking certification because they provide a measure of legitimacy. As with any new regulations or rules, there will be many companies claiming to be experts in the field, and competing for your business. By selecting a company that has attained its RPO authorization, businesses can be confident that their choice is well suited for the job and committed to CMMC standards.


CHOOSING THE RIGHT CMMC RPO FOR YOUR COMPANY

RPO authorization is an important consideration when choosing a provider- but there are other things you should keep in mind. Other important questions you may want to ask –

  • How much experience does the RPO have in cybersecurity and maintaining compliance in highly regulated spaces?
    • The Greentree Group has supported both DoD programs and DIB clients with obtaining and maintaining required cybersecurity compliance for over a decade
  • Do they have experience with other frameworks such as CIS CSC, NIST SP 800-53, NIST SP 800-171, and ISO 27001?
    • Greentree has cybersecurity experts for the cybersecurity framework you require
  • How knowledgeable are they about the defense contracting environment?
    • Greentree’s cybersecurity team has a combined 50+ years of defense contracting experience
  • How many years have they been in business? Are they well-established?
    • The Greentree Group has been in business for 26 years with an established reputation for excellence in customer support
  • How easy is it for the provider to scale efforts appropriate to your business?
    • We support clients of all different sizes and architectures, as your business grows our support for your cybersecurity needs can grow with you

Note: Back To Business I.T. is a service brand of The Greentree Group.


WHY IS THE RPO AUTHORIZATION IMPORTANT FOR YOUR BUSINESS?

The new CMMC-AB authorization process for RPOs is an effective way for companies to sift through the increasing chatter in the CMMC consultancy space. The RPO certification signals that a consulting firm is invested in the CMMC space, and has committed to cybersecurity best practices. By visiting the CMMC marketplace, companies can look for certified RPOs in their area and reach out on their own terms.

We are authorized by the CMMC-AB as an RPO, and ready to guide your business along in the CMMC journey. Are you ready to learn more? Fill out this form and one of our cybersecurity experts will be happy to provide more information about CMMC compliance.

Skip to content