The concept of enterprise-wide ad blocking always provokes a powerful response. Whenever I suggest, even casually, that the next step organizations should take to improve cybersecurity posture is implementing enterprise-wide ad blocking, I can hear the collective screams of sysadmins and help desk personnel everywhere — Websites could have compatibility issues! How will we manage it? Users won’t understand! It could be a help desk nightmare! And you know what? They are absolutely right.

In a recent episode, 60 Minutes brought national attention to the growing threat of ransomware attacks, considered by many to be the greatest current threat to the United States and global economies. More than just informative, the narrative was a chilling glimpse into the depths of the cyber underworld. Forget the stereotype of a hacker, surrounded by energy drinks and empty pizza boxes, tinkering alone in the basement.

The National Institute of Standards and Technology (NIST) released version 2.0 of the Cybersecurity Framework (CSF) on February 26, 2024. The original version was released in 2014, one year after Executive Order 13636 was signed on February 12, 2013. This executive order was written to improve critical infrastructure cybersecurity, streamline the sharing of threat information, and to drive action towards developing a cybersecurity framework.

Yep, it’s that time of year again. The moment when that dreaded questionnaire from your Cyber Insurer lands on your desk like a ton of digital bricks. Suddenly, panic mode kicks in, and you’re transported back to those school days, facing an exam that seemed more daunting than Mount Everest. Remember how you used to play the skipping game with exam questions, hoping for a miracle to help you conjure up some brilliant answers? Yeah, it’s like déjà vu all over again.

Globally, no organization is immune to attack. Cybersecurity threats are a reality and every organization, anywhere in the world, is a potential target, regardless of location or size. It’s not a question of if, but when an incident will affect your organization. Do you know who you will call for assistance?

As humans, we tend to trust the people around us in most situations simply by default. We usually don’t assume that the cook in a restaurant will poison our food or that the pharmacist will intentionally swap our medications, and for good reason. One of humanity’s superpowers, which allows all civilization to function, is cooperation. Being suspicious of everyone around you isn’t only exhausting, but it grinds society to a halt.

How can we clear our minds of preconceived notions about Artificial Intelligence? How can we approach this ongoing technological revolution without apprehension? AI has integrated into our lives more swiftly than a lawyer’s “Objection, Your Honor!” in a surprise courtroom confession. We ask AI to do a multitude of things: write email responses, research our homework, inquire about recipes, complain about our tough days, compose school papers, and create art.

By now, you are likely aware that the Cybersecurity Maturity Model Certification (CMMC) Program Proposed Rule was published in the Federal Register on December 26, 2023. This set into motion a series of deadlines, which will culminate in the full implementation of CMMC 2.0. It also set into motion a flurry of activity within the Defense Industrial Base (DIB) and the realization that a deadline for compliance looms large.

Third-party vendors, contractors, and partners are often an integral part of an organization’s operations. However, they can also pose significant security risks if not properly managed, with poor cybersecurity practices increasingly becoming a major contributing factor to supply chain disruptions. If your organization relies on third parties for anything, understanding and managing their risk should be at the top of your list.