HRTec, Inc.

07/21/2023

Fortinet’s FortiGuard Labs, a threat intelligence platform, found that “ransomware threats remain at peak levels with no evidence of slowing down globally”, meanwhile, “84% of organizations experienced one or more breaches in 2022”. Board of Directors are aware of the rising problem, with “93% of organizations in the study indicating that their board members are asking about cyber defenses and strategy”, according to the research. Also finding “that more than 90% of leaders believe that increase employee cybersecurity awareness would help decrease the occurrence of cyberattacks.”
However, not all employees are aware of proper protocol when facing a cyber threat. With the growing frequency and gravity of cyberattacks, it is now evident that all levels of employees should complete cyber awareness training programs. As employees across different levels of seniority are often a company's first line of defense in the face of cyberattacks, it is critical that cyber awareness is implemented throughout the company culture.
To access HelpNetSecurities full article on Employee Cybersecurity Awareness, follow this link:

Despite 85% of leaders implementing security awareness and training programs, over 50% believe employees lack cybersecurity knowledge.

03/06/2023

New Cybersecurity Strategy Assigns Responsibility to Tech Firms:

The Biden administration issued a new cybersecurity strategy that calls on software makers and American industry to assume higher responsibility in protecting their systems from hacks while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups. This new strategy under the Biden Administration represents a shift towards “public-private partnerships”, including urging more mandates on private industry and expanding the role of the government to take preemptive measures against cyberattacks.

Source Link: https://lnkd.in/e3BAd429
Fedhive Link: https://www.fedhive.com/

FedHIVE | Modernizing Your IT Operations Quickly & Securely.

02/07/2023

FedRAMP is now a law!!

President Biden recently signed the National Defense Authorization Act (NDAA) into law, which notably included language from the FedRAMP Authorization Act. The law will reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight, verification, or further checks. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee states “the legislation would make it easier for agencies to quickly acquire cloud states and also protect the tremendous amount of sensitive data held by departments from cyberattacks.” To learn more, explore FedScoops’ article here: https://lnkd.in/euMdb5iG and to read the full National Defense Authorization Act, click https://lnkd.in/dsKhh4b6.

01/06/2023

Outlook on Cybersecurity in 2023:

Forbes has released their predictions for the course of cybersecurity in the new year of 2023 and offers advice for tackling 6 main predicted challenges of 2023 cyber issues. Click on the link below to learn more. To better protect your company, check out what HRTec has to offer.

Source:
https://lnkd.in/diWbGdFE

Fedhive:
https://www.fedhive.com/

The C-suite and the board can no longer ignore the business risks introduced by cyber threats and vulnerabilities.

12/21/2022

Chris Inglis, one of President Joe Biden’s most senior cybersecurity advisers is expected to step down and retire in the next couple months. The three year veteran has spent his work cracking down on bad cybersecurity practices that make organizations vulnerable to damaging hacks.

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

One of President Joe Biden's most senior cybersecurity advisers is expected to step down in the next two months, three people familiar with the decision tell CNN.

12/14/2022

Supply-Bill of Materials and the Executive Order 14028

Issued in May 2021, Executive Order 14028 requires agencies to enhance cybersecurity and software supply chain integrity. The order initiates a series of new requirements for service providers and establishes baseline security standards for the development of software sold to the government. The order created a Cybersecurity Safety Review Board, a standardized playbook, and set of definitions for cyber incident response by Federal departments and agencies.

Companies will need to accept the modification in order to sell services to the federal government. As adversaries become increasingly sophisticated in their methods for attacking cyber operations, the private sector must partner with the Federal Government to constantly adapt to the changing threat environment, ensure its products are built and operate safely, and foster a more secure cyberspace. Agencies are required to obtain a self-attestation from the software producer before using the product or service through a Software Bill of Materials.

o Requires service providers to share cyber incident and threat information that could impact Government networks
o Moves the Federal government to secure cloud services, zero-trust architecture, and mandates deployment of multifactor authentication and encryption within a specific time period
o Establishes baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available
o Establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make recommendations for improving cybersecurity
o Creates a standardized playbook and set of definitions for cyber incident response by Federal departments and agencies
o Improves the ability to detect malicious cyber activity on Federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government
o Creates cybersecurity event log requirements for Federal departments and agencies
o Requires amendments to the FAR to align with requirements in the EO

Section 10(j) of EO 14028 defines a Software Bill of Materials (SBOM) as a “formal record containing the details and supply chain relationships of various components used in building software. SBOM can potentially provide increased transparency and speed at which vulnerabilities can be identified and resolved by federal departments and agencies. SBOMs can also demonstrate a supplier’s application of secure software development practices across the Software Development Life Cycle (SDLC).

Within 90 days after September 14th, 2022, agencies shall inventory all software subject to the new requirements. Within 120 days, agencies must develop a consistent process to communicate relevant requirements to vendors and ensure attestation letters are collected in one central agency system. Within 270 days, agencies shall collect attestation letters for “critical software” subject to the requirements.

Sources:
https://lnkd.in/dZiZHYXi
https://lnkd.in/whitehousebriefing
https://lnkd.in/ehGSJmTw

12/01/2022

Department of Justice False Claims Act:

According to DFARS Clause 252.204-7012, contracting services are required to comply with security requirements specified in clause 252.239-7010, or security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. According to Clause 252.204-7012, the contractor must obtain approval from the Contracting Officer and must meet several security requirements before utilizing cloud computing services in the performance of the contract.
In 2021, the Department of Justice announced an initiative led by its Civil Fraud section to bring forward False Claims Act enforcement actions against government contractors who commit fraud related to cybersecurity. The plan is to hold companies to pre-existing cybersecurity standards and severely punish companies that delay disclosing cybersecurity events to the department. Through this new initiative, cybersecurity related FCA lawsuits are expected to dramatically increase.
The False Claims Act provides that any government contractor who knowingly submits false claims to the government would be responsible for double the government’s damages in addition to a penalty of $2,000 for each false claim. After several amendments to the FCA, it now also provides that violators are liable for treble damages, meaning they will be charged triple the amount of the fine. Violators are also charged with a penalty that is linked to inflation.

Sources: https://lnkd.in/dbZfHWXR
https://lnkd.in/da66V-e2.

https://lnkd.in/grnZPAih

Secure .gov websites use HTTPS A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

11/28/2022

Suffolk County, a county in Long Island was hit by a cyberattack and has left the county offline. The county government for the past few weeks have been forced to go back to technology that has not been used since the 1990s. Some argue Suffolk was not being proactive while others believe local government does not have the resources to protect from these attacks.

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

Suffolk County officials had to return to the days of paper checks and faxes after an episode that exposed government weaknesses.

11/16/2022

Cybersecurity takes time and care and as technology advances it's important for organizations to stay up to date. Forbes lists some first steps when it comes to cybersecurity.

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

If you are just getting started, or need a refresher on cybersecurity, here are some of the first steps you should take.

10/31/2022

Companies including Crowdstrike, Mandiant, Cyber Threat Alliance, Microsoft, and Cybersecurity Coalition will meet at the White House this week to address rising cybersecurity threats. Global themes include the rise of ransomware and other cybercrime, such as the illicit use of cryptocurrencies. White House officials including FBI Director Chris Wray, Deputy Treasury Secretary Wally Adeyemo, White House national security adviser Jake Sullivan and Deputy Secretary of State Wendy Sherman, and the 37 participating countries hope to institute a set of international cyber norms after this conference.

Source Link: https://lnkd.in/dEWCU8JY

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

The White House will host officials from 37 countries and 13 global companies in Washington this week to address the growing threat of ransomware and other cyber crime, including the illicit use of cryptocurrencies, a senior U.S. official said.

10/17/2022

Cybersecurity and information security are increasingly becoming a priority to corporate chief information officers as risk of cyberattacks escalate.

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

Chief information officers say cybersecurity will once again be their top investment priority in 2023, a sign of how companies are racing to manage their business risk posed by escalating threats.

10/12/2022

Pro-Russian hacker group, Killnet, is believed to be behind cyberattacks against some of the nation's largest airports. The attacks targeted web-domains that report airport wait times and congestion by overloading them with artificial users, resulting in jamming the sites.

Explore FedHIVES website at https://www.fedhive.com and see how we can help you become a more protected company.

A senior official briefed confirmed some of the nation's largest airports have been targeted for cyberattacks by an attacker within the Russian Federation.

10/12/2022

On July 8, 2022, the Department of Justice announced that a government contractor providing systems to the federal government agreed to pay $9 Million to resolve allegations that the company violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts.
The False Claims Act (FCA) is a tool used to protect the federal government from fraud and is enforced by the Dept. of Justice. This act commonly addresses false claims from government contractors and healthcare companies.
The act forbids (1) presenting a false claim; (2) making or using a false record or statement material to a false claim; et al. Penalties under this act are ‘treble’, meaning whatever the government deems appropriate for a penalty, the amount can be tripled.

https://lnkd.in/gScJapv2

https://lnkd.in/gE73ZvY4)
https://lnkd.in/grnZPAih

Secure .gov websites use HTTPS A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

09/23/2022

Small companies are struggling to keep up with rising cyber insurance premiums. To learn more about this issue, follow the link below. Explore Fedhive's website at https://www.fedhive.com and see how we can help you become a more protected company.


https://lnkd.in/eA8tHrip

Darren Williams, founder and CEO, BlackFog, examines the rise in cyber insurance premiums, why small businesses face a disadvantage and how they can overcome these challenges.

09/19/2022

Last Thursday a hacker gained control over Ubers internal systems through a compromised Slack account. The attacker allegedly has access to the company's source code as well as to internal financial data.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

The alleged hacker gained control over Uber's internal systems after compromising the Slack account of an employee, according to the New York Times.

09/16/2022

State of the Union: New EU cybersecurity rules ensure more secure hardware and software products

The EU Commission has introduced a new Cyber Resilience Act introducing mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle. Check out the link below to learn more about this unique EU-wide legislation.

Source Link: https://lnkd.in/d6SBPmNA

FedHIVE Link: https://www.fedhive.com

Highlights, press releases and speeches

09/13/2022

New research has found a way to take advantage of Microsoft’s software automation tool. A Microsoft spokesperson downplayed the potential of the attack but Michael Bargury, the cofounder and CTO of security firm Zenity, isn’t so sure.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first.

09/09/2022

After Cyberattack, Albania Severs Diplomatic Ties with Iran

The Albanian Prime minister accused Iran of hiring four groups to paralyze public services, delete and steal government data, and incite chaos. The attack was unsuccessful - all systems came back fully operational and there was no irreversible data wiping. Iran denies any responsibility for the attack.
Learn more as the story unfolds from BBC, linked below.
https://lnkd.in/dxSp-7BB
To learn how you can protect your company against cyber risks, explore our website: https://www.fedhive.com/

Albania and the US accuse Iran of hiring hackers to paralyse public services and steal state data.

09/06/2022

Los Angles Unified School District, the nation’s second largest public school district was recently targeted in a cyberattack, They are now working with the FBI, Cybersecurity and Infrastructure Security Agency and Education Department to help resolve the issue.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

The nation’s second largest public school district announced on Tuesday that it was targeted in a recent cyberattack. Los Angeles Unified School District announced that officials detected unusual a…

09/01/2022

https://hbr.org/2022/08/new-cybersecurity-regulations-are-coming-heres-how-to-prepare

Regulations for cybersecurity are changing as attacks only continue to increase. Here’s what's changing and what companies can do to prepare.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

A whole suite of new cybersecurity regulations and enforcement are in the offing, both at the state and federal level in the U.S. and around the world. Companies don’t need to just sit by and wait for the rules to be written and then implemented, however. Rather, they need to be working now to und...

08/26/2022

The U.S. Department of Energy Announces $45 Million for Next-Generation Cyber Tools to Protect the Power Grid

The Infrastructure Law and the Inflation Reduction Act increased funds for updating and strengthening the American power grid with clean and affordable energy. Clean energy technologies are becoming more automated and cybersecurity continues to be a priority for the Department of Energy. “As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient, and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” said U.S. Secretary of Energy Jennifer M. Granholm. “DOE will use this investment to continue delivering on the Biden Administration’s commitment to making energy cheaper, cleaner, and more reliable.”

To learn more about the Department of Energy's big plans for American Power grids, explore the link below. Check out FedHIVE's website today to learn how your company can be more resilient to cyber threats.



Source Link: https://lnkd.in/eDQvjZYm

Fedhive Link: https://www.fedhive.com/

Funding Will Support Projects that Will Help Make American Energy Systems Secure, Resilient, and Reliable

08/22/2022

Amazon and the National Cybersecurity Alliance have released a PSA starring actors Micheal B. Jordan and Tessa Thompson. The message tackles how consumers can keep their private information safe.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

Amazon and the National Cybersecurity Alliance’s PSA campaign features Prime Video actor Michael B. Jordan and actress-producer Tessa Thompson as “internet bodyguards.”

08/19/2022

Government agencies are ahead of the industry in implementing zero-trust security architectures with 72% of agencies reporting at least one related initiative underway. Most agencies appear to be referring to the Zero Trust Maturity Model’s five pillars to guide their implementations. Explore Fedscoops article to learn more about how the government is implementing better cybersecurity strategies. To learn how you can better protect your company from cybersecurity threats, please check out FedHive's website today.

Source Link: https://lnkd.in/dywvM8iN
FedHive Link: https://www.fedhive.com/

About 86% of agencies increased their zero-trust budgets and 66% implemented multi-factor authentication, but passwordless access remains elusive.

08/15/2022

Keeping employees safe from cyberattacks is crucial in today's world as it continues to be a top threat to businesses. Here are some tips to make sure that your business and employees stay safe from these attacks.

Explore Fedhives website at https://www.fedhive.com and see how we can help you become a more protected company.

Private business owners feel uneasy when the subject of cybersecurity comes up because it is a top threat to these businesses, yet they don’t take many precautions against cyber attacks. The realit…

08/12/2022

AWS, Splunk and more launch cybersecurity analytics standard based on the ICD Schema developed at Symantec. This may relieve “undifferentiated heavy lifting" for SecOps pros. To learn more, please explore the article linked below. To learn more about Fedhive, checkout our website today!

https://lnkd.in/dr4uytKm

Fifteen companies have signed on to collaborate on an open source data schema that could simplify how data is shared among cybersecurity analytics tools.

11/05/2021

HRTec Assessment System (HAS) is a service of HRTec., Inc. that could give your organization an in depth description into what your organization climate looks like. Visit their website for more information!

HRTec Assessment System (HAS) is a secure, flexible, and cost-effective way to determine what’s going on throughout your entire organization. HAS will assist organizational leadership draw out both positive aspects and possible areas of concern by assessing your organization from an overall perspective or by breaking your organization into logistical areas or directorates. For more information visit our website at www.surveyqwik.com or email us at [email protected]

11/05/2021

Our CEO, Michael Cardaci , moderated on the Advanced Technology Academic Research Center (ATARC) webinar regarding how the cloud-savvy workforce is rethinking degree requirements for the future IT professional. As technology is constantly changing, employers should consider introducing stronger on the job training and mentorship programs for current and incoming employees. To be successful in the tech industry, interpersonal skills and the motivation to pick up on new things fast and understand the work culture is a must. Make sure to see the article below on rethinking the workplace for cloud related careers.
https://www.nextgov.com/it-modernization/2021/11/building-cloud-savvy-workforce-may-mean-rethinking-degree-requirements/186584/

Government and industry officials question how they can keep cloud positions filled when they require various degrees and certifications.

09/09/2021

Why Diversity and Inclusion matters

Though the importance on DE&I (or diversity, equity and inclusion) has been growing in the last few years, with organizations facing the impact of Covid-19, some have shifted their focus on other strategic opportunities. These organizations may actually be risking backlash according to a 2018 McKinsey report that reveals how important diversity and inclusion practices actually are. Focusing on these practices can lead to a more innovative work culture and these organizations are more likely to meet or pass financial goals and have an overall better business outcome even during a crisis. Employees also perform better in these types of environments, often feeling more motivated and engaged with their work. Do you know what the DE&I climate of your organization is? If you’d like more information on how HRTec Assessment System can help and for a Free Initial Consultation, send us an email at [email protected].

Sourcelink: https://www.forbes.com/sites/forbeshumanresourcescouncil/2021/08/17/why-diversity-equity-and-inclusion-is-the-need-of-the-hour/?sh=292caf277d87

09/28/2020

With millions of students attending school online this semester, it is critical to have a safe digital environment for remote learning. Experts on privacy, safety, and online education give the following advice to parents wondering what steps they can take to build an online remote learning environment that feels safe and learning-conducive:

-Speak to your child about what privacy means to them
-Discuss when and how often to use the camera
-Consider the benefits of the camera for learning
-Explore the tools your child will be using

With the landscape of online education constantly changing, these are important things to discuss with your child in order to ensure their privacy, safety, and to guarantee the best learning experience possible.


https://www.nytimes.com/2020/08/20/parenting/online-school-privacy.html

https://www.hrtec.net

We offer products and services specifically designed to meet our clients' compliance, communications, and information systems needs.

09/14/2020

With schools from all over the United States being moved to online education, the risk for cyber attacks on students and teachers is at a greater risk than ever before. A school district in Hartford Connecticut had to call off classes due to a cyber attack on the first day of school. Protect yourself and your students from unwanted attacks.


https://www.nytimes.com/2020/09/08/us/school-districts-cyberattacks-glitches.html

https://www.hrtec.net

With many districts across the country opting for online learning, a range of technical issues marred the first day of classes.

08/21/2020

As the upcoming Presidential election fast approaches, officials have begun to worry about the logistics of the election's security. The more COVID-19 continues to spread, the more concerns of potential hacking are being raised. With fewer people wanting to leave their homes, the government faces a poll worker shortage, while the USPS continues to slow down due to heavy traffic. HRTec understands the dangers of impending cyber attacks, and wishes to keep our clients secure beyond minimum qualifications. Visit our site to learn more!


Source: https://www.itnews.com.au/news/us-officials-now-worry-about-election-logistics-more-than-hacking-551476

www.hrtec.net

Misinformation, poll worker shortages and US postal service slowdowns.

08/19/2020

With most individuals still working at home due to COVID-19, the threat for potential cyber-attacks is still at an all time high. The transition from being in the office everyday to complete remote work is posing significant challenges in basic cybersecurity options. You can learn more about your own cybersecurity needs and how to protect your organizations information by viewing this article. Visit HRTec's website to learn more about our services.

-19



Source: https://www.securitymagazine.com/articles/93040-the-enterprise-imperative-of-cyber-resiliency-post-covid-19


www.hrtec.net

The COVID-19 driven shift to remote working coupled with accelerated digital transformation poses significant challenges to enterprise cybersecurity operations, widening the threat landscape and exposing enterprise networks, devices and data to increasing cybersecurity risk. Unmanaged devices, shado...

08/17/2020

The benefits of utilizing cloud computing services are predicated to skyrocket in the next 10-15 years. Data shows that more and more companies are referring to these services to maintain and protect their company's data. Learn more about how these cloud computing services work and how to protect your information.



Source: https://finance.yahoo.com/news/cloud-computing-market-worth-832-163000299.html

www.hrtec.net

According to a new market research report "Cloud Computing Market by Service Model (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)), Deployment Model (Public and Private), Organization Size, Vertical, and Region - Global Forecast to 2025",