Posts by Shawn Corrigan

Cybersecurity (risk) assessments and compliance audits are often considered one and the same. However, while related, these two approaches are different cybersecurity evaluation techniques. While compliance audits examine whether an organization’s IT security measures adequately meet a specific Standard (i.e., HIPAA, PCI, SOC, CMMC), cybersecurity assessments look at how effective those measures are and provide a…

Can Cyber Insurance Companies Accurately Determine Cyber Risk? Hardly a day goes by when we do not hear about a significant hacking event with serious repercussions. Organizations face downtime, loss of data, potentially significant fines, and issues with reputation. Little wonder that they are looking for protection through insurance policies at the same time as…

10 SMB Data Breach Statistics ~ Small Businesses ARE NOT Immune The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020 More than 60% of breaches result from misused, stolen or purchased credentials An estimated 85% of data breaches involve a human element.…

The Confusion between Penetration Testing vs. Vulnerability Assessment There seems to be a certain amount of confusion within the Information Technology arena about the differences between Penetration Testing and Vulnerability Assessment. They are often classified as the same thing, when in fact they are not. Penetration Testing is more aggressive and intrusive, it goes a…

  2020 saw a lot of changes, and not just in the personal sector of our lives. At the beginning of the year, the US Department of Defense (DoD) – recognizing a growing need for increased cybersecurity – released a new certification system for all of its contractors and subcontractors. The Cybersecurity Maturity Model Certification…

Organizations rely on third-party vendors for a variety of services, from payroll processing to HVAC maintenance to information technology services. Every vendor relationship brings potential security risks, and shortfalls in one vendor can compromise sensitive data throughout the supply chain. Vendor management programs, service level agreements, and long-term monitoring are valuable tools for managing vendor…

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be…

In this age of rapidly evolving technology, a corporate privacy program is indispensable to a large organization. Regulations that govern personal data collection and storage are becoming more stringent worldwide. An organization needs a dedicated team to keep everyone up to date on the latest rulings and risks. A formal privacy program establishes leadership and…

On January 31, 2020, the US Department of Defense (DoD) rolled out the long-awaited Cybersecurity Maturity Model Certification (CMMC). So if you’re a DoD contractor, how does the CMMC affect you, and what should you do now to prepare for implementation? Here’s a rundown of everything you need to know. What is the CMMC? The CMMC…