A well-run cybersecurity team operates like a beautiful orchestra, each individual knowing their part and contributing to the same goal. A cybersecurity team may consist of team members wearing numerous hats ranging from management, to defensive, and offensive security. The offensive team members will attack their own organization to find vulnerabilities so the other teams […]
Over the past year, news outlets have been buzzing about Facebook, now called “Meta”, collecting vast amounts of data from healthcare organizations and tax return companies. Some of these companies are announcing breaches as a result of this data collection. Why are Companies Sending Sensitive Data to Facebook? Let’s be clear – Companies are not […]
The 2022 Triangle InfoSeCon event hosted by Raleigh’s ISSA was on September 9th, 2022. To a full crowd, Stern Security‘s Founder & CEO, Jon Sternstein, gave a presentation titled: “Break Down Silos & Secure the Planet”. The presentation abstract was the following: People tend to cluster in their own silos and tribes in both society […]
In its second annual Velocity healthcare data breach report, Stern Security has critically analyzed over 5,000 data breaches since the Department of Health and Human Services (HHS) began tracking the information in 2009. Stern Security utilized data from their HealthcareBreaches.com website as well as published information from HHS to create this comprehensive study. Stern Security […]
What is 405(d) HICP? 405(d) Health Industry Cybersecurity Practices (HICP) is a healthcare cybersecurity framework created out of a congressional mandate from the Cybersecurity Act of 2015. Section 405(d) of this mandate has a goal to strengthen the cybersecurity posture of healthcare and public health sector. A collective called the 405(d) Task Force was formed from […]
Keeping up with Two-Factor Authentication Day (2/2/23), we decided to showcase some cybersecurity and compliance frameworks that recommend 2-factor authentication controls. The frameworks we reviewed include: Cybersecurity Framework References The multi-factor authentication controls within these frameworks are listed in the chart below. Framework Reference Control FFIEC CAT D3.PC.Am.B.9 Customer access to Internet-based products or services […]
WRAL TechWire, the leading technology news publication in the Carolinas, highlighted Velocity at the top of their Venture Connect conference coverage. Jon Sternstein, the Founder and CEO of Stern Security, took the stage at CED’s Venture Connect conference. He discussed how the Velocity SaaS product accurately evaluates cyber risk and uses this information to show […]
There are hundreds of cybersecurity products on the market and it can be difficult to select one between the noise. Do you select a cybersecurity product based on an alert you see on the news? Choose based on an advertisement or magazine article? Do you simply select one because it appears on a “magic quadrant”? […]
In April of 2023, CISA released version 2.0 of their Zero Trust Maturity Model. What is CISA? The Cybersecurity & Infrastructure Security Agency (CISA) is a U.S. federal agency that is responsible for strengthening cybersecurity across the government. The agency also provides resources for helping U.S. companies reducing cyber risk. What is Zero Trust? At […]
At Stern Security, we have declared February 2nd (2/2/23) as Two-Factor Authentication Day! The date is 2/2 so naturally it’s the best day for this holiday. This is a day to spread awareness about 2-factor authentication which is one of the most important ways to protect your online accounts at home and at work. Using […]