Cybersecurity consistently ranks as a top-10 priority for the C-Suite. Yet, companies face both a lack of in-house infosec resources and a very limited, expensive talent pool in the market. So, where do SMBs and SMEs naturally look for knowledge, guidance, and talent when it comes to information security? Managed IT service providers (MSPs) and managed security service providers (MSSPs).
EXTEND Resources is honored to participate in the ISSA-LA Summit XII, held Sept 20-22 in Santa Monica, California. EXTEND CTO and CISO Antonella Commiato will attend the annual event hosted by the Los Angeles Chapter of the International Systems Security Association.
EXTEND Resources is proud to announce the company has renewed its ISO 27001 certification for information security management.
The certification scope includes every level of EXTEND’s people, processes, and technology. Moreover, the scope covers the company’s IT infrastructure stack, access control, asset management, operational and HR processes, and technology applications. In addition, the certification also includes EXTEND’s global operations in the U.S. and the Philippines.
STAMFORD, CT, October 25, 2021 — EXTEND Resources is delighted to announce that it is a Diamond Sponsor of the 2021 Wolters Kluwer ELM Amplify conference. Amplify will bring together industry leaders, business executives, enterprise legal management solution experts, and Consulting partners in a travel-free, complimentary, and interactive digital event from October 26-28, 2021.
In Part 3 of this series on the New Cyberwar, we will address the current best practices approach to preventing cyberattacks, such as ransomware and other cybercrime, and reacting to data breaches. When it comes to cybersecurity practices, is there really such a thing as “best?” How can you focus on developing the right practices for your organization? In addition, we’ll discuss the questions organizations should ask before performing a cybersecurity gap analysis project. Finally, we will dive into Data Vulnerability – what is it and where does it come into play?
EXTEND’s Steve Henn recently sat down with Paul Starrett of PrivacyLabs to discuss the ways data privacy and information security are interconnected, a modern take on managing compliance across both focus areas, and the four questions companies should ask themselves as they work to protect the data their organizations create, handle, and store. Jam-packed with insights from two leaders who bring extensive AI, technology, information security, legal management, and data risk management expertise to clients, IT, InfoSec, Compliance, and Legal teams can leverage the on-demand recording to support their compliance initiatives.
The private sector is starting to awaken to the fact that we are in the hackers’ crosshairs as the cyberwar rages. Several private initiatives led by the insurance industry are looking to develop a coordinated policy with government entities, data to inform action, and best practices for companies.
But is it fast enough?
It is an open secret that cyberwars have been going on for quite some time. To most of us, it is an unseen war – carried out by nations and nation-state actors against other countries. Consequently, the “civilian” populations of the nations at war were – for the most part – unaffected.
Criminal enterprises supported by nations have greatly increased cyberwar attacks on commercial companies and other non-governmental organizations. The SolarWinds hack, the Colonial Pipeline and JBS ransomware attacks, and others are just the beginning.
The current information security environment is hostile to organizations seeking to ensure information integrity of the confidential legal content their law firms hold and generate. Hackers see professional services firms such as law firms and CPAs as the number one industry to target with ransomware attacks. In fact, professional services firms experience more than twice the number of attacks than the second-highest industries: Healthcare and the Public Sector. Consequently, the cybersecurity environment is getting worse for law firms every day. As proof, we have seen numerous legal industry companies – firms and vendors – suffer severe attacks in the past 18 months.
Between April 1, 2020 and June 25, 2020, cybercriminals managed to steal personal health information (PHI) and personally identifiable information (PII) from over 36,000 patients at the University of Pittsburgh Medical Center (UPMC). The hackers did not, however, obtain this information by hacking into UPMC. In 2020, hackers managed to access the email of one of UPMC’s law firms, Charles J. Hilton and Associates, an eight-member firm focused on billing-related services. The hackers have allegedly generated over $2,000,000 in fraudulent financial transactions. There is now a large class action lawsuit hitting both UPMC and the law firm regarding the breach. The lesson: Law firms that lack good cybersecurity hygiene create cyber risk for corporate legal departments and their companies.