New Year, But Classic Literature Never Goes Out of Style

The new year brings a chance to reset, restart, and set goals while reflecting on the past year’s accomplishments. With each coming year, new technological advancements are made, but we cannot forget our history or we are doomed to repeat it. 

 Reflecting on how our past and present often overlap in unexpected ways in two of his 2021 Forbes articles, Ntirety CEO Emil Sayegh references classic literature pieces, showing how their timeless themes provide a familiar perspective to modern-day cybersecurity issues. Explore these themes and perspectives from his articles  Never Truly Quiet On The ‘Western Front’ and Who Will The Cybersecurity Bells Toll For? highlighted below.. 

 Never Truly Quiet On The ‘Western Front’ 

First released in the late 1920s, the novel All Quiet on the Western Front was publicly burned, banned, derided, and censored for its “anti-war” and “unpatriotic” messages. Set in the final weeks of World War I, the story swings heavily on the contrast between false security and the realities of war. Today, we are talking about a different war that is dynamically morphing between a physical war and cyber war.  A real cyber war has been raging on the front lines of computer networks for a while and we must remain vigilant to the fact that an eerie silence may be the biggest threat of all.  

All Quiet on the Western Front was described as the most loved and hated novel about war; its messages threatened Nazi ideologies, sparking riots, mob attacks, and public demonstrations, yet it inspired an Academy Award-winning 1930 movie adaptation. Author Erich Maria Remarque may not have foreseen its full impact, but the story is laced with imagery describing starving soldiers, the brutally indiscriminate nature of (then) modern weapons, lost limbs, poison gas, and death—lots of death.  

False Sense of Security: Peace Before Death 

On the frontlines of computing, there is a false and persistent sense of security among CIOs, company boards, and most security professionals that reminded me of the end of this novel. Over the years, the phrase “all quiet on the Western Front” has been adopted in innumerable contexts to mean a lack of visible change or stagnation. It seems this is where many organizations are stuck today under this false sense of security. 

The final moments of the novel are (spoiler) deceivingly peaceful, contrasting with the overarching setting of war and its effects. It is in these moments, in the last “situation reports” from the military frontlines, where a false state of calm and security that belied the coming death of the story’s protagonist. It seems like the most important lessons in life must be learned time and again. 

That Silence You Hear is a Sign 

Across the landscape of organizations, there is a definite cyber war raging, and I am not talking about Call of Duty. You don’t have to read news headlines for very long to see that there are casualties all around us. There is an enemy lurking and there are no rules to hold them back. Defensively natured as cybersecurity practices can be, there are offensive principles that are a necessary part of the posture. That begins with an understanding that there is always a calm before the storm; and in today’s climate, we cannot afford the reassuring sense that all is well at any given point in time.  

Let us set the stage of this sea of “calm”: 

  • APT – In the age that followed the global pandemic, nothing in cybersecurity stopped that entire time. Advanced Persistent Threats (APT) continued and according to countless reports and breaches, they have accelerated.  
  • Mobile – Reports also show that mobile threats to the web and applications have gained more traction under new campaigns. 
  • Diversity – Hacker creativity is at an all-time high, with actors bringing in waves of zero-day threats into supply chain software attacks, phishing, and ransomware. Experienced groups and new players are combining forces and found new nearly undetectable ways to exchange information. 
  • Maximum Impact – Fueled and inspired by changing workforce composition as well as user behaviors, attacks today are designed to express maximum impact, driven by geo-political goals and financial gains.  

All the while, threat visibility has proven itself to be riddled with blindspots as hacks and incident reports continue to show compromised detection, a gap in understanding, and shortcomings in proper security practices. To add to these factors, technology continues to change, accelerate, and evolve—on both sides, while a crisis of talent resources continues. We can also see that intrusion incidents lead to ad hoc approaches to security funding, adding ineffective layers to cybersecurity health especially when spending tails off when all seems well.  

A Time to Act 

When things seem calm, follow these general guidelines and remember that only the paranoid survive a cyber war like this one: 

  • Actively and proactively leverage multiple sources of Threat Intelligence and trusted resources to monitor the latest methods, tools, tactics, and keep a watchful eye on the roost on a daily or even hourly basis. 
  • Always verify and never trust. It is always a good time for zero-trust authentication and a zero trust posture throughout the organization. This protects systems outside and inside the “castle.” 
  • Detect, investigate, respond, and remediate issues on every endpoint, application, service, and server system. Commit to timely and near instant responses. 
  • Spin up more security awareness training to help minimize social engineering, phishing, and other user-focused attacks. 
  • If you can’t do these items on your own, and very likely you won’t, engage partners that specialize in a comprehensive security posture. 

All is Not Quiet  

North, south, east, west, up, down, or sideways—all is not quiet, or well, on the security front (and it never should be). Don’t hide the truth with skin-deep positive “situation reports” and always verify. Embark on a comprehensive security strategy that starts with the honest identification of your environment’s threats, then work to secure your environments comprehensively. After these two first basic steps, it is critical to also prepare for the eventuality of a breach with a fully vetted disaster recovery strategy. The final step is to continually assure and ensure that there are no gaps in your security posture through an assurance and compliance program that takes new threat vectors, and compliance requirements into account. Remember, there’s a massive storm out there even if you don’t see it or hear it. Silence is not golden, it’s a false sign of security. Let’s take lessons from All Quiet on the Western Front and avoid the horrors of an actual war.  

Who Will The Cybersecurity Bells Toll For? 

 From Room 511 in a famed Cuban hotel, the iconic writer Ernest Hemingway authored some of his most acclaimed works. One of his most famous books was For Whom the Bell Tolls, which was completed in 1940. Inspired by his observations in Spain during the Spanish Civil War, Hemingway weaved the tale of a loss of innocence, psychological and physical trauma, death, and human nature during times of war. The work was revolutionary and controversial as it deconstructed romanticized wartime concepts of bravery and contrasted them with the sheer impact of then-modern weapons. It even inspired the Metallica song “For Whom the Bell Tolls,” as a lyrical adaptation of a particular scene from the book. There are various interesting parallels from this story to the modern world we currently live in and more specifically the cybersecurity arena.  

The bell toll is a symbol of death, which carries a dark theme throughout the novel. From beginning to end, most of its characters manage to consider their own potential deaths or inflicting death upon others. This heavy tone and the plot narrative between fascists and the forces of resistance provided the perfect setting for the Second World War, which was brewing at the time the book was released.  

A Setting Reimagined 

The knowledge of historical works allow us to better navigate our present and future. As the saying goes, “If we do not learn from history, we are doomed to repeat it.” The lessons from Hemingway’s novel translate very well to our world today, and more specifically to the cyberwar that is raging now. The bells keep tolling for the daily victims of hackers, while we have unfortunately become apathetic due to the frequency of those attacks. In cyber warfare, we may not always be able to see the enemy with our own eyes, but the threats and actors are as real as they come. The bell could arrive for anyone, at any time, when we least expect it. 

Joining the Resistance 

The Spanish fascists from the story are a lot like the organized cybercriminal gangs of today. Sponsored, nefarious, and destructive in their ways, today’s misguided hackers seem to fancy themselves as guerilla forces, yet they are nothing but the makings of a Big Brother criminal network. The companies that try to defend themselves from this coordinated system of attacks fulfill the role of the “Resistance.” Organizations that are fighting back today must be resourceful and diligent in tactics. They should put themselves in a position to also refuse to acquiesce to the impact of a ransomware incident, just as we saw with the catastrophic attack against Ireland’s Health Service Executive (HSE) organization. HSE joined the “resistance” and refused to pay the ransom, as they had a disaster recovery plan in place. In another extreme, we witnessed the twin sagas of the Colonial Pipeline along the JBS meat producer plant and how, faced with little choice, these two organizations cowardly paid massive ransoms in hopes of recovering data and operations.  

A Wasteland of Attacks and the Endless Wave 

The main story-derived lesson for organizations today  comes straight out of the title. It doesn’t matter who you are or what your security budget is, you cannot successfully assume that the bell will only “toll” for someone else. Just ask FireEye, SolarWinds, Kaseya, or even Peloton. You can even ask the federal government itself regarding some of its disclosed and undisclosed hacks. Here is the simple reality: 30,000 websites and applications  are hacked every day with an attempted attack happening every 39 seconds. This industry is filled with conversations and false narratives of the latest security product lineups, cyber capabilities and reports of how attacks were averted.  The reality is that security standards are obsolete the moment they are released. The security landscape is evolving daily, and very few static standards are going to guard against zero-day, novel threats. 

Not an Island 

It can be safely stated and significantly inspired by Hemingway that “no man is an island,” and similarly that no company stands alone. It is not revolutionary to state that anyone can be a target, but at what point does targeting become real and inspire preparation, budgeting, and deploying best of breed safeguards? Far too often, we are called to address this question after the facts of a breach become clear. It is not too late for the community or for any company to mind the bells of attack. 

Every organization holds the opportunity to mature security and privacy programs and be fully aware and best positioned for the modern challenge of cybersecurity by leveraging facts, expertise, monitoring, and knowledge about what is vulnerable about their digital presence and valuable. The realization is that when data drives actions and security is comprehensively implemented throughout a formless and endless perimeter, you can escape the trap of false security “standards.”  

Beyond the Chaos 

It all starts with an identification of gaps and threats and securing against those threats. Disaster recovery planning follows, since no matter the security measures, the enemy may still break through the defenses. The journey of cybersecurity cannot be complete without an assurance program that maps to the never ending quest to find ways to stay a step ahead of the enemies and ahead of our personal limiting concepts. An awakening must happen through the sharing of the phenomenal cybersecurity statistics that line the battlegrounds of today. From the frontlines of cybersecurity, there are so many close calls and so many seemingly minor events that can be the first of a chain of “perfect storm” events that lead to a major security incident. This happens thousands of times per day.  

All the while, strewn among the spent tools of cyber warfare are targets that defy simple definitions. No business domain is immune, and it matters little whether an attack is launched against large or small organizations, profit or not for profit, public or private. No one is safe—plan accordingly. 

 

Classic literature remains relevant because of its timeless themes that even after a decade or  a century still stands and can be related to modern people. History may repeat itself, and we must continue to prepare for any possible scenario in the cyber field. 

Schedule an assessment with us today to learn more about preventative security measures you can take to secure your cyber environment.

Readying For Regulation Response To Cyber Incidents – Forbes Article by Ntirety CEO Emil Sayegh

Recently, utility companies have been a major target for hackers, and critical infrastructure has been put at stake. As these cyberattacks have increased, taking action to keep bad actors away from our cyber environments must be a top priority. For industries such as utilities that provide services to almost all of us, we must all do our part to ensure security is enforced. 

 Ntirety CEO Emil Sayegh emphasizes the importance of the United States government’s involvement in protecting the ever-growing cyberspace, and the businesses and people whose lives could drastically change. The following piece, Readying For Regulation Response To Cyber Incidents, was originally published in Forbes.

Readying For Regulation Response To Cyber Incidents

In the wake of a prolonged season of significantly impactful cyberattacks, new regulations have arrived on the scene and we can expect more to soon follow. Good, bad, and ugly, regulations are a natural governmental response to significant situations that carry national implications. For now, the focus is on pipeline operators. But with so much vulnerability in the wild, a lack of overall standards -and also the fact that so much is at stake -cyber regulation is on a trajectory of growth, and may also find itself on a collision course across many more sensitive industries.

Back in May, the world was shocked when the Colonial Pipeline Company revealed that it was a victim of a ransomware attack. The immediate response was to halt operations in order to contain the attack. Five days later, operations resumed, but not before fuel prices on the East Coast of the U.S. skyrocketed and fuel shortages crippled the Eastern Seaboard.

Regulatory Response

The same day that operations resumed, President Biden signed an Executive Order on “Improving the Nation’s Cybersecurity.” Moving from voluntary participation to mandated compliance, some 100 pipeline operations had to formally designate a 24/7 cybersecurity coordinator and report confirmed and potential incidents to the Cybersecurity and Infrastructure Security Agency (CISA) under the new directives.

In late July, the rules tightened up from there with further regulations. The specific details that accompany this mission have not been fully revealed to the public, but some elements have been shared about the program. Participants will need:

  • To develop a cybersecurity contingency and recovery plan
  • Conduct a cybersecurity architecture design review
  • To implement mitigation measures to protect against cyberattacks immediately

In addition, the regulations have a bit of a bite to them, leveraging potential fines that can amount to close to $12,000 per day for each violation.

The Regulatory Trajectory

The age of self-driven, voluntary standards and industry participation is beginning to change as a response to the rash of successful attacks against critical organizations. With solid research and preparation, the implementation of these forthcoming compliance measures could possibly roll out smoothly. It is also likely that challenges will be felt throughout the industries affected by new compliance measures. Revisions and updates will follow, as already exhibited in the pipeline industry.

For most, compliance and regulation are not completely new territory, however the horizontal rollout and application to formerly voluntary industries will carry some challenges along for the ride. New technologies, cutting-edge standards, and continual assessment are not always associated with the considerably comprehensive publications of ordinary regulations.

Rolling out successful cybersecurity regulations in a comprehensive effort is going to require awareness on the contextual history of regulations as well as measures to keep regulations up-to-date and achievable.

Preparing Now

Based on technical and operational components, the gold standard reference point throughout the industry are the standards set forth by CISA. Organizations can get ahead of these and create a better security baseline by assessing cybersecurity policies and procedures and updating them as necessary.

Among the advancing best security practices and technologies, prepare to assess and incorporate:

  • Updated backup and recovery tools and processes
  • Risk prioritization exercises
  • Secure cloud service practices
  • Segmenting networks
  • Multi-factor authentication
  • Zero trust capable architecture
  • Robust endpoint management
  • Enterprise threat mapping
  • Data encryption at rest and in transit

Every environment is different, with different realities to consider.

It can be difficult to turn down the background noise of emerging products, industry buzzwords, and marketing smoke. With so much to navigate, I cannot blame anyone that has completely tuned out. But please don’t. Silence is not bliss in this case. Most companies are ill-equipped to deal with this threat alone and must find competent cybersecurity partners. This movement has already started-this is a clarion call and moment of action on every digital front. Cybersecurity is becoming an imperative across the land.

Happy Thanksgiving – A Message from Ntirety CEO Emil Sayegh

Thanksgiving has always been one of my favorite holidays. What is not to like? Good food, good time with family, cool weather, and college football. Also, there is no pressure associated with exchanging gifts. Although Black Friday is around the corner, I prefer to not partake in it, and I always let the glow that comes from the Thanksgiving Holiday permeate the whole weekend. 

Thanksgiving marks a time to show appreciation to all those that have helped us and made our lives a bit easier. While this holiday is traditionally celebrated in North America, the message of giving thanks and reflecting on the past year’s accomplishments is important in many more cultures around the world. It is always important to and take a step back to look at the joys in everyday life. First and foremost, I would like to thank the customers, partners, and employees of Ntirety for the amazing success we had in this past year despite the pandemic and all the turbulence that came with it. I personally am thankful for our partners and customers who have enabled us to continue to grow. Thanks to them, and our amazing team, we will only continue to reach new heights and remain as the premier Comprehensive Security Services provider. 

I hope that each of you get to spend the entire Thanksgiving weekend surrounded by family and friends, taking a well-deserved break. For our customers, partners, and members of the Ntirety team that are working this weekend, I am grateful for your dedication and drive. I extend a huge thanks to you for being there for all of us to enable us to take a break. During this Thanksgiving season, certainly thank your friends and family who are special to you, as well as others that may not be as close. Kindness and gratitude start one step at a time. Let’s spread the love and gratitude around.  

I am thankful for all of you!  

Happy Thanksgiving.

Managed Compliant Security Solutions Leader Ntirety Announces New Suite Of Advanced Security Offerings

Launch Furthers Ntirety’s Leadership in Comprehensive and Compliant Security Solutions that Permeate the Entire IT Stack 

We are excited to introduce a new set of security tools and continue our pledge to reduce risk, optimize IT spend, and improve business agility through services unlike any other IT provider in the market. This expansion of cybersecurity tools would not have been possible without the support of our partners. 

Ntirety will continue to search for the next way to keep you and your business safe and do all that we can to be proactive in keeping bad actors out of your cyber infrastructure.  

AUSTIN, Texas, Nov. 9, 2021 /PRNewswire/ — Ntirety, the most trusted Comprehensive Security provider and only company that embeds compliant security throughout the IT stack to safeguard the assets businesses rely on, today announced the launch of a new suite of advanced security solutions. 

“Security is everything, especially in today’s world; traditional IT security as people used to know it doesn’t work anymore,” said Emil Sayegh, CEO of Ntirety. “Ntirety has put security and compliance at the core of everything we do, extending the concept of comprehensive security across the entire IT stack. This new suite of services further cements our evolved approach to security and helps safeguard businesses to become virtually unstoppable.” 

“With this launch Ntirety continues to leverage its position as a deep rooted, managed service provider, adding now a full-fledged managed security service capability,” said Philbert Shih, Managing Director at Structure Research. “This combination raises the bar on its overall value proposition as cybercrimes have exponentially increased during the pandemic with the average cost of data breaches topping several million dollars per incident. Ntirety’s new suite of advanced security offerings offers businesses comprehensive protection for everything they hold dear and reflects the increasing complexity that organizations are faced with, which translates directly into demand for service providers and MSPs.” 

This new product suite augments Ntirety’s comprehensive security services in two of the primary cyberattack vectors, and shows how Ntirety continues to comprehensively protect IT environments by enhancing its protect, recovery, and assurance security framework. New offerings being brought to market include Managed Secure Email Services, next-gen Web Application and API Protection, and Managed ASV Scan. 

Please see below for a breakdown of Ntirety’s new product offerings included in its comprehensive service suite: 

  • Ntirety Managed Secure Email Services – Email is the leading target vector of attack for cybercriminals.  Ntirety secures email by adding additional perimeter, internal, and end-point threat detection, which forms an integrated layer of email protection.  Ntirety’s Security Operations Centers maintain a comprehensive view of the entire email threat landscape and take proactive measures to protect them.  
  • Ntirety Web Application & API Protection – Ntirety keeps web applications safe and secure, the API’s safe from cyber threats across cloud, on-premise, and hybrid environments utilizing their state of the art Security Operations Center.  
  • Ntirety Managed ASV – This service allows Ntirety to manage the vulnerability scanning process required for PCI Compliance, which is often extremely complex to manage on your own. 

“Ntirety’s comprehensive security suite has been an impressive security shield for our business,” said Chris Becker, National IT Director of AbsoluteCare. “Our data is extremely important, and we cannot afford for it to get in the wrong hands. Additionally, we don’t have the budget to stand up our own internal infrastructure or internally hire the expertise required to protect against today’s artful criminals. We are grateful for our partnership with Ntirety, who keep our data safe and protected from unknown threats.” 

With a vision to “help businesses move forward with less risk”, Ntirety’s vision encompasses four foundational components that ensure successful customer experiences: Comprehensive Security First, Channel Only focus, and unfettered Customer Success. Ntirety continues to provide the highest quality customer service across all sectors of healthcare, manufacturing, FinTech, and SaaS applications.  

IoT Devices May Not Be the ‘Smart’ Choice

Tis the season to start hunting for the latest and greatest gifts, and smart technology is making just about anything, from homewares to exercise equipment, hot ticket tech toys. Are these smart devices on your shopping list this holiday? Buyer beware – there’s often not any consumer warnings about the cybersecurity risks these new IoT toys can bring. 

Ntirety CEO Emil Sayegh has done deep dives into the potential hazards of smart mirrors in his article Mirror, Mirror On The Wall and the very real consequences of IoT cyber-attacks in Peloton Breach Reveals a Coming IoT Data Winter both published in Forbes.  

Mirror, Mirror On The Wall and Peloton Breach Reveals a Coming IoT Data Winter 

Recently, attacks against Internet of Things (IoT) systems have emerged. With the technology in billions of everyday items, the scope of these attacks is worrisome. Because the migration to Internet-everything is unstoppable, we’ll be seeing these security incidents for a long time unless we adjust course quickly. 

The financial motive to add Web features to every device known to mankind is clear. It seems everyone wants to be on the Web, uploading data from their bicycles, sprinkler systems, refrigerator energy consumption, and just about everything you can possibly think of.  

Consumers accept risks, sometimes unknowingly, because many assume that the worst-case scenario will not happen to them or affect them significantly. 

The Peloton Breach 

That leads us to the breach of Peloton, the at-home connected fitness equipment company. A security researcher discovered an open unauthenticated API in Peloton bikes and treadmills, which revealed an open channel to information about users such as age, weight, gender, workout statistics, and birthdays. A significant amount of scrutiny has fallen on Peloton, which made a mess of remediation communications and deadlines. It appears that this is just the beginning of issues to come, as more items from the physical world come online, handling sensitive information that few people think about protecting until it is too late. 

In the wake of consumerized products from all walks of life, IoT systems and online accounts are under significant threat. It does not matter what the product is. An increasing number of smart camera platforms are being targeted by thieves. At risk are privacy, security, and the risk of fraud, and criminal gangs are exploiting the spoils of data to their merciless benefit. 

The Smart Mirror 

A recent story getting a lot of attention involves an interconnected “smart mirror.” With a price tag of $1,495, this mirror provides tips, suggestions, can set and keep progress on fitness goals, as well as delivering streaming workout classes. The company was picked up by the sportswear giant Lululemon for $500 million last year. Under the home exercise boom precipitated by the global pandemic, the product could be finding a mainstream groove. Reviews for the new product are trending well on the positive side and Lululemon appears to have a rare winning omnichannel marketing vehicle to pin onto their main product lines. 

Clothing and marketing retailers, like Lululemon, wield a fine history of supply chain, retail, and e-commerce experience, but a device with this kind of technology introduces challenging privacy and security concerns for the consumer and the company. 

Can IoT Be Slowed? Should It? 

Once upon a time, distributed alternating current electricity was the next new thing. Electricity, lighting, and motors were added to every item available at the time. Therefore, people no longer had to crank record players, grind coffee beans by hand, or shine shoes with a pile of rags. What it meant to consumers was that convenience and functionality were clear winners. With IoT, we’re seeing a parallel application of the Web to real-world things, but with additional variables of security and privacy concerns. Consumers seem to be unable to resist these features, and the ecosystem continues its stratospheric growth. 

What many consumers don’t seem to realize is that consumer products companies are in the business of selling the products they make. They are not in the business of securing our information. If history is any indication, they have failed at protecting personal information as their products connect to billions of endpoints in your kitchen, your garage, your bedroom, and every place you live your life. 

Considering factors such as the growth of the market, continual cybersecurity threats, and financial motivations driven by successful compromises, we can expect to see more information losses, even in places thought to be safe. Worse, threats once affected only digital things, but IoT drops the cyber realm directly in the middle of our physical world. Attacks against data can be attacks against critical systems, human beings, resources, and the world around us. 

Even the smallest bits of leaked data can be enough to compose purpose-built phishing attacks or be stacked into significant waves of fraud. Unfortunately, it will take an unknown event of significant scale or personal financial impact for users to collectively wise up and demand more security from the market. 

The Need for Strict Security and Privacy Standards

Proper use of privacy settings, privacy protocols, and comprehensive security tools are an absolute necessity. Companies must be held accountable when there are significant variances, misuse of data or violations of trust. Privacy regulations in Europe, California, and Texas have done their share to elevate the element of privacy to the forefront of discussion, but it may not be enough. Certain compliance measures also demand the ability for individuals to select their privacy settings of choice. 

Protection is Comprehensive 

Companies and individuals should embrace a security-first strategy that prevents unauthorized access by enabling a comprehensive security and compliance approach to technology implementations. Outlined by outside and organization-driven compliance, an organization can achieve compliant comprehensive security with the tooling of: 

  • Strong authentication 
  •  Strong privacy rules 
  •  Third-party monitoring and validation 
  • End-to-end encryption from the user device down to the database, application, and systems 
  • Roles-based access to data and systems 
  • Data classifications 

 This is a list that goes on and on, tracking highly to the mission, capabilities, and parameters of each organization that ventures into comprehensive security. 

Proactively Protect 

Don’t let these risks make you cross the latest smart devices off your wish list— work with experts to learn how to always be proactive when it comes to protecting your data. Practicing good cybersecurity hygiene isn’t just a priority for the holidays – schedule a Security Assessment any time of the year to strength your security posture (but don’t wait til it’s too late!)

 

Ntirety’s Inaugural Partner Advisory Council

Further Cementing our Channel-Only Strategy, Ntirety Selects Nine Partners for Exclusive Council to Create Long-term Channel Success.

In the ever-evolving field of information and technology, it is important to be adaptable; new devices are released every year, so cybersecurity awareness and education are of utmost importance. Ntirety’s Channel-Only approach has proven to be the ideal way to help raise awareness and security postures through our trusted Channel Partners.

To continue leading in the industry for both our partners and Ntirety, we invited partners to join our first Partner Advisory Council. We extend our sincerest thanks to our partners for their participation and for making Ntirety the trusted provider we are today. See our full press release covering the event below:

AUSTIN, Texas, Oct. 19, 2021 /PRNewswire/ — Ntirety, the most trusted Comprehensive Security provider, today announced the creation of their inaugural Partner Advisory Council. This council brings together top partners from the Channel industry to advise on best practices and collaborate on goals and initiatives for the upcoming year. This comes to further cement Ntirety’s strategy as a company that exclusively sells through the Channel.

The partners serve as the trusted voice of Ntirety customers, providing unique insights and firsthand knowledge on the brand’s services. The council’s goal is to help the Ntirety team fine-tune its product offerings, messaging, and marketing programs to further accelerate the adoption of its Compliant Security Suite of Services.

“Ntirety is 100% Channel focused, and the forming of this council reaffirms the brand’s commitment to our Channel partners,” said Emil Sayegh, CEO of Ntirety. “I’m thrilled to be able to form this council of passionate channel professionals who care deeply about the success of our clients and delivering to them pervasive, compliant security services that empower businesses to move faster with less risk.”

During the inaugural council meeting, partners gathered to align on bridging the gaps between technology, operations, and the human element of the Channel. The inaugural meeting identified a need for Channel partners to get more comfortable speaking about cybersecurity, as well as advising on compliance as new regulations across all industries continue to roll out.

“It was an honor to participate in this inaugural gathering,” said Auburn Holbrook, CRO of Opex Technologies. “For the first meeting, the content, and presenters were excellent. Ntirety is unique on multiple fronts with their Channel Only and Security First strategy. Their offering of compliant data security services comprehensively and compellingly for enterprise are unique and differentiated.”

The formation of this council directly follows Ntirety’s platinum sponsorship of the 2021 Avant Special Forces Summit in Austin, TX where CTO, Josh Henderson, and VP & Field CTO, Tony Scribner, were both featured panelists. It is the latest in a productive year connecting and collaborating with partners, including Ntirety’s participation as a platinum sponsor with speaking engagements at Telarus Partner Summit in San Diego, CA in June, and attending and co-hosting multiple events with Intelisys. Through these major conferences and summits to more exclusive gatherings, Ntirety continues to set the company apart with its cybersecurity thought leadership from other managed security providers in every interaction.

Ntirety’s exclusive commitment to Channel includes dedicated training resources, co-branded marketing collateral, reciprocal opportunity generation, and partner advisory boards, as well as evergreen commission structures and opportunity-specific incentive plans.

To learn more about Ntirety’s Channel Partner commitment or how to become a partner, visit ntirety.com/partners today!

Worldwide Cybersecurity Best Practices Part 2

Cybersecurity needs to constantly expand its resources because technology increasing with new devices released every year. Countries around the world have acknowledged this need and have played their part in making the cyber world a safer place.

In part 2 of our series on Worldwide Cybersecurity Best Practices, learn about more cybersecurity initiatives across the globe. 

Canada   

The Canadian Government is investing $80 million over four years (2021-2022 to 2023-2024) to create the Cyber Security Innovation Network, a national network composed of multiple centers of cybersecurity expertise. This includes post-secondary institutions (colleges, universities, research centers, polytechnics), partners in the private sector, not-for-profits, and governments (provincial, territorial, municipal) to enhance research and development and grow cyber security talent across Canada.   

Ntirety Director of Governance Risk and Compliance Wing Lau works in the Vancouver office and will firsthand experience this expansion of cybersecurity resources.    

“With the digital economy continuing to grow rapidly, accelerated by the Covid-19 pandemic, cyber security is an ever-increasing concern for Canadians and businesses,” Lau said.   

Ghana   

Ghana’s Cybersecurity Act , enacted in December 2020, regulates cybersecurity activities, promotes the development of cybersecurity, and provides for related matters. Under this act, the National Computer Emergency Response Team was established and functions to:   

  • Be responsible for responding to cybersecurity incidents
  • Co-ordinate responses to cybersecurity incidents amongst public institutions, private institutions, and international bodies
  • Oversee the Sectoral Computer Emergency Response Team established under section 44

Under Section 60 of the act, the document states that education and awareness programs on cybersecurity will be carried out. As stated under section 61, research and development programs will be designed. This includes actions such as collaborating with academic research centers and developing a framework for cybersecurity training programs.   

Japan   

Japan released their Cybersecurity Strategy in September 2021 that included a plan that would stretch over the next three years to ensure a “free, fair and secure cyberspace.” In order to do this, the government plans on:   

  • Advancing digital transformation (DX) and cybersecurity simultaneously  
  • Ensuring the overall safety and security of cyberspace as it becomes increasingly public, interconnected, and interrelated
  • Enhancing initiatives from the perspective of Japan’s national security

The Cybersecurity Strategy acknowledged, for the first time, China, Russia, and North Korea as cyberattack threats.   

Spain 

In April 2021, the Spanish government committed to investing over €450 million over the course of three years to increase the country’s cybersecurity sector. Carme Artigas, Spain’s state secretary for digitalization and artificial intelligence announced that an online “Hacker Academy” would be available for the country’s residents ages 14 and older as a part of the cybersecurity expansion initiatives.   

This training attracted hundreds of participants. The National Cybersecurity Institute (INCIBE) oversees this strategic plan for spending relating to cybersecurity. Key components of increasing the business ecosystem of the sector and attracting talent include:  

  • Strengthening the cybersecurity of individuals   
  • Strengthening the cybersecurity of Small to Medium Enterprises (SMEs) and professionals   
  • Consolidating Spain as an international cybersecurity hub  

United States   

While the states within the U.S. have passed laws governing cybersecurity, federally nothing has been constructed as far as cybersecurity enforcement specifically. There are, however, national laws in place that protect individuals’ information considered “private.”   

An example of this would be the Health Insurance Portability and Accountability Act (HIPAA) that guards “individually identifiable health information” including data that relates to:   

  • The individual’s past, present, or future physical or mental health or condition 
  • The provision of health care to the individual 
  • The past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual   

Individually identifiable health information includes identifiers such as name, address, birth date, and Social Security Number.   

The cyber-world can be accessed from almost anywhere on earth; this means that as individuals we must all use caution and do everything that we can to make a safe cyberspace for all. A seemingly harmless action such as clicking on a link can lead to your personal data being stolen and potentially the private data of others.    

The personal data of others is on the line when using a social media account, email, or other places where personal data such as name and birth date is shared online. Being a member of the cyber world means holding yourself and others accountable. Hackers will always be around as long as there is cyberspace, but as global cybersecurity efforts continue to increase, we can be more prepared and respond with greater speed and efficiency.   

Worldwide Cybersecurity Best Practices Part 1

Information Technology has created the ability to connect people from virtually (no pun intended) anywhere in the world. With new internet-connected devices being released every year, safety must only continue to increase along with it. Countries all across the globe have acknowledged the importance of enforcing cybersecurity and creating a safer cyber world for everyone.  

 In this two-part series, we will take a look at how eight countries from across the world implemented cybersecurity initiatives in the past few years, including Ntirety’s global offices in Bulgaria, Canada, and the United States.  

 Australia 

In May 2021, the Critical Infrastructure Uplift Program (CI-UP) was presented by the Australian government to aid in identifying and repairing vulnerabilities in critical infrastructure. This program was set in place to help providers evaluate their current security program and implement recommended strategies to reduce risk.  

 This program is available to critical infrastructure businesses that are Australian Cyber Security Centre (ACSC) partners. According to ACSC, this program was created to:  

  • Deliver prioritized vulnerability and risk mitigation strategies  
  • Assist partners to implement the recommended risk mitigation strategies  

 Brazil 

In Feb. 2020, Brazil introduced its first national cybersecurity strategy. The country that ranked 70th in the Global Cybersecurity Index, moved its way up to number 18 on the list in 2020. While the bones were set in place with the passing of the National Policy on Information Security in Dec. 2018, there were still more steps needed to create a strategy to secure the biggest economy in Latin America.  

 The National Cyber Security Strategy, E-Ciber, details a four-year plan (2020-2023) to improve the “security and resilience of critical infrastructure and national public services.”  

 Strategic Objectives include:  

  1. Make Brazil more prosperous and reliable in the digital environment;  
  2. Increase Brazil’s resilience to cyber threats; and  
  3. Strengthen the Brazilian action in cybersecurity in the international scenario.  

Strategic Actions involve:  

  1. Strengthen cyber governance actions 
  2. Establish a centralized governance model at the national level  
  3. Promote participatory, collaborative, reliable and secure environment, between the public sector, the private sector and society  
  4. Raise the government’s level of protection  
  5. Raise the level of protection of National Critical Infrastructures  
  6. Improve the legal framework on cybersecurity  
  7. Encourage the design of innovative cybersecurity solutions  
  8. Expand Brazil’s international cooperation in Cybersecurity  
  9. Expand the partnership, in cybersecurity, between the public sector, the private sector, academia and society  
  10. Raising society’s maturity in cybersecurity   

 Bulgaria 

The strategy, Cyber Resilient Bulgaria 2020, was established to create a framework to ensure a safe cyber environment. The strategy was released in 2016 and the plans were carried through the year 2020 with the hopes of increasing growth in cybersecurity resources and leadership.  

 The strategy was broken into 3 phases:  

  1. Between 2016-2017 the goal was to achieve the minimum required information and cybersecurity and capability for responding to cyber incidents and attacks at organizations and networks.  
  2. When it came to cyber incidents, crises and systematic prevention activities, 2018-2019 was dedicated to bringing the work of individual systems to coordinated responses.  
  3. 2020 achieved a level of maturity which would provide cyber resilience at the national level and effective interaction and integration at international level (An example being the North Atlantic Treaty Organization (NATO)).  

 This strategy aims to provide better protection for citizens, businesses, governments and critical infrastructure,” Security Operations Analyst Teodora Mincheva said. 

 The cyberworld can be accessed from almost anywhere on earth; this means that as individuals we must all use caution and do everything that we can to make a safe cyber space for all. Stay tuned for the second part of Worldwide Cybersecurity Best Practices! 

Spooky Stats

Cybersecurity might be the last thing on your mind as you are picking out costumes and candy, but cybercriminals are always lurking in the shadows, no matter what day it is. Here are some important statistics you should be aware of to help you better protect yourself and your loved ones from falling victim to cyberattacks this October (Cybersecurity Awareness Month)!

Hackers do not always give you an instant jump scare; they often remain hidden in the shadows. According to the Cost of a Data Breach Report 2021, it takes an average of 287 days to identify and contain a data breach.

A prime example of a hacker lurking unnoticed would be the SolarWinds ransomware attack. The IT and software management company that provides services to businesses and government agencies had a bad actor enter their IT infrastructure in September 2019 and went undiscovered until December 2020. Within the next year, more details were released about the situation. In January 2021, SolarWinds stated they would prioritize cybersecurity in the coming year, and they hired former Facebook and CISA security experts as consultants.

Ransomware is a form of malware (software intentionally designed to cause damage to a computer, server, client, or computer network) that encrypts a victim’s files, and an attacker demands ransom from the victim in order to regain access to their data. According to The State of Ransomware 2021 report , the average cost of ransomware recovery is $1.85 million.

“[Ransomware has] really changed the face of cybersecurity over the last couple years,” Director of Cyber Security Operations Christopher Houseknecht said. “We see it all the time in the news.”

Research from the Cybersecurity and Infrastructure Security Agency (CISA) found that hackers will most commonly execute ransomware attacks through email phishing, Remote Desk Protocol (RDP) vulnerabilities, and software vulnerabilities. Email phishing is when an attacker tricks a user into revealing confidential information using false pretenses, often disguised as being from a person or business the receiver is familiar with. But underneath that familiar face is a cybercriminal waiting to steal your precious personal information.

According to the 2021 Business Email Compromise Report, the most common display names are company name (68%), individual’s name (66%), and a boss or manager’s name (53%). According CSO magazine, more than 80% of cyberattacks involve phishing.

“I received an email from ‘Emil Sayegh’, the CEO of Ntirety, asking me to buy him gift cards.”

No one is safe from these attacks. Just a few weeks after being hired, Ntirety Marketing Specialist Kori Ortiz almost fell victim to a phishing scam , but fortunately had the cybersecurity instincts to question the messages.

“I received an email from ‘Emil Sayegh’, the CEO of Ntirety, asking me to buy him gift cards,” Ortiz said. “I was confused as to why he would ask me this; which was the first red flag. Always trust your gut. If something feels like it’s not right, then it probably isn’t.”

In 2020, a record 86% of organizations were hit by a successful cyberattack, as stated in the  2021 Cyberthreat Defense Report. This is an alarmingly high percentage of people who have had their data snatched from them. There’s no trick here – we must all do our part to protect data. Everyday best practices are the first step, including not sharing passwords, creating strong passwords, and using caution when opening unfamiliar emails and links.

Cybercriminals are always disguising themselves to fool users into thinking they are safe to go about their usual business. With better caution and the help of cybersecurity professionals, these cybercriminals will receive more tricks than treats.

Our Cybersecurity Playbook explains the Five Aspects of Compliant Cybersecurity and gives you a chance to test your business’s cybersecurity posture against these five core components. Download it today and schedule an assessment with us today to learn more about ways that you can prevent potential threats.

What is Cybersecurity?

This question stumps the average person. How does one have a secure cyber-environment? What is going on in computers and IT systems that keep away the hackers?

Cybersecurity according to Merriam Webster is “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” These measures are administered by people, processes, and technology. The people part of cybersecurity are typically an organization’s Information Technology (IT) team who create the processes necessary to provide instruction for identifying and protecting against potential threats.

Ntirety Director of Cyber Security Operations Christopher Houseknecht considers himself a “computer geek” and has been interested in the operation and evolution of the cyber world for the last 25 years growing up with it and today working for our cybersecurity company, Ntirety.

“Everything from what kind of business I conduct on my phone, private, or business related, as well as the kind of things my children do, [cybersecurity] impacts me throughout every aspect of my life,” Houseknecht says.

Houseknecht as well as Chief Technology Officer (CTO) and SVP Development and Engineering Joshua Henderson both described cybersecurity as being in “layers.” Houseknecht says these layers are made up of components such as encryption, antivirus, endpoint detection response capabilities, and separation from the network or internet. Cybersecurity is not one singular layer of protection; there are numerous layers needed to fully protect precious data.

It is always important to have a backup plan. If the first line of defense falls through, your backup plan saves you from scrambling to assess how to handle a situation before it is too late. Similarly, cybersecurity must exist in “layers” so if the bad guys somehow find their way through the first layer, precious data is not lost and stolen.

Product Manager Dave Considine also emphasizes the importance of layered security. Considine describes this as giving someone access to a resource, but limiting what they can do within it. He explains that not everyone in a company should be able to access every resource.

Henderson describes cybersecurity as making sure data is safe and available, up and running for the people who need to and are meant to access it. It is the effort from the people, technology, and processes to keep the cybercriminals out. Houseknecht explains further that technology can only do so much; it is important to have a team of people and processes in place to guide the technology to do what it needs to do.

“[Hackers] don’t care whether you’re just an average Joe using computers to play video games or if you’re running a cybersecurity company.”

CEO Emil Sayegh emphasizes how important it is for businesses to have a comprehensive security plan and a partner operating 24/7 to protect themselves and their clients. He explains that one aspect of cyber protection will not defend against all possible cyber attacks. Phishing, malware, DDoS attacks and more require different solutions.

Handling cybersecurity internally as a business may seem like the easier and cheaper option, but there are so many products that must be invested in and many people constantly monitoring and operating the technology. In the long run, off-the-shelf security products can cost more as they keep piling on as the threats become more complicated and hackers become more sophisticated, not to mention the cost of hiring or training employees to tackle these evolving risks.

“That’s where someone like Ntirety has a really beneficial solution to most customers and companies out there,” Henderson says. “The average company is not going to really want to operate or find the staffing to do it the right way.”

While it is important to bring on a team of qualified individuals to help maintain the safety of normal IT-related business operations, it is crucial to abide by cybersecurity best practices every day on your own. Henderson and Houseknecht both mentioned the importance of having good cyber-hygiene. Cyber-hygiene is how someone presents themselves in the cyber-world. This includes practices such as not sharing passwords, not clicking suspicious links, using two-factor authentication, or not plugging in a USB that you are unsure of where it was from.

Houseknecht also expressed the importance of having resiliency in cyber-matters.

“Never assume it won’t happen to you,” Houseknecht warns. “[Hackers] don’t care whether you’re just an average Joe using computers to play video games or if you’re running a cybersecurity company.”

The recent cyberattack on IT software and management company SolarWinds, is an unfortunate example of a cybersecurity business that was hacked and faced disastrous consequences. The company works with businesses and government agencies, but it’s not just larger companies that need to worry.

So much of our lives exist online now — medical records, academic information, financial details and more are stored online. In addition to this, social media has become a way of connecting with family, friends, and businesses all around the world. There will always be people who will misuse resources and seek to steal private information for personal gain. But that’s where cybersecurity comes in to provide peace of mind through proactively keeping the bad guys out and keeping important data in.

The cyber-world has moved from a “perimeter” to a “distributed mindset,” according to Considine.

The “perimeter” concept of cybersecurity is an outdated approach, sometimes referred to as the “castle mentality,” and is defined as the idea that securing the perimeter of an IT environment (i.e. building castle walls and digging a moat) is enough. It is outdated because it ignores activity within the environment that may be malicious, and it is becoming more and more difficult to secure the perimeter of more advanced cloud and hybrid environments.

“Trust your instincts.”

Cloud services, capability, and computing have eliminated the perimeter mindset. People distributed across the world are able to access the services from anywhere thanks to cloud computing. With this greater access to resources, there is an even greater need for cybersecurity.

In addition to the cyber-world’s shift to distributed mindset, remote work became increasingly more common with cloud computing resources increasing, but especially after the start of the Covid-19 pandemic – pushing a huge portion of workforces to work from home and introducing a whole new slew of cyber-risks. More workspaces have adapted fully remote or partially remote work schedules and your security posture needs to adapt as well.

The effects of data theft can impact not only personal data and the terrible personal consequences that follow, but large businesses and landmarks, a recent example being the Colonial Pipeline. The oil pipeline system that stretches from Texas to New York is responsible for carrying gasoline and jet fuel to the southeastern portion of the United States, and it uses computerized equipment to help manage it. The ransomware attack hindered operations so much to the point that the President of the United States declared a state of emergency. The company ended up paying millions in ransom.

With computers making up so much of our daily social and business functions, cybersecurity must be at the forefront of our minds. Cybersecurity starts with you.

Sayegh urges anyone utilizing a computer or IT environment to be alert and aware to potential threats. Many times, cyber criminals express urgency in getting personal details from you, but Sayegh expresses the importance of always double checking sources, and never being too quick to give out information.
“Trust your instincts,” Sayegh said. “Anything that smells fishy [or is] too good to be true, don’t do it.”