Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Netizen Cybersecurity Bulletin (February 1st, 2020)

    Netizen Cybersecurity Bulletin (February 1st, 2020)

    Overview

    • Phish Tale of the Week
    • New cybersecurity hirings in the new administration.
    • Looking for cybersecurity experts? Consider hiring veterans.
    • How Can Netizen Help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting business/work emails offering an “invoice” as their way in. At first glance, this email masquerades as an everyday dealing in the business world, with either a client or business sending an invoice to your inbox. Unfortunately, this invoice is not as it may seem to be and should not be clicked on.

    Take a look below for our reasons why:

    1. The first red flag on this email is the sender address. Always be hyper-vigilant when receiving emails from an unknown sender. A way to run this email through a quick authenticity check is by googling the sender address after the @.
    2. The second warning sign in this email is the email title. The title is meant to disguise a malicious link, as an invoice that you may have been expecting from a different company. Always be sure to preview any documents before opening them on your computer.
    3. The final warning sign for this email is the email thread itself. Most of the time, businesses will attach invoices or documents to previous email chains. The fact that this email isn’t attached to any, and really only just serves as a vessel to deliver an invoice is concerning. Remember, if something looks suspicious, report it to your IT admin or managed service provider for help.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    A focus on Cybersecurity in the new administration.

    In the wake of one of the furthest reaching hacks in U.S history, President Biden has moved cybersecurity to the top of his agenda. Last week the president announced that he plans to create a new cybersecurity task force headed by Jen Easterly. Easterly was a former special assistant to the Obama administration and was senior director for counterterrorism on The National Security Council. Easterly will be taking a step-back from her current role as head of resilience at Morgan Stanley to lead this newly-created team. Her hiring comes days after multiple news outlets reported that the worst of the Solar-Winds hack has still yet to be uncovered.

    What does this mean?

    This new agency will focus on improving the United States’ cybersecurity response and readiness. Experts believe that attacks like Solar-Winds may occur more frequent now that the world has seen our response to the most recent attack. “The United States remains woefully unprepared for 21st century security threats – the establishment and prioritization of a DNSA for Cyber and Emerging Tech on the NSC indicates the seriousness the Biden Administration will afford to addressing these challenges,” said Phil Reiner, chief executive of the Institute for Security and Technology. This quote by Reiner reaffirms just how necessary more cybersecurity spending is to focus on new and existing threats The United States currently faces.

    In addition, Biden plans to nominate Rob Silvers to replace out-going Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency head Chris Krebs. Silvers previously served as Assistant Secretary for Cyber Policy at the U.S. Department of Homeland Security where he focused on the development and implementation of new Cybersecurity strategies.

    Rounding out the new hires is Anne Neuberger as Deputy National Security Adviser for cyber and emerging technology. This position was created to reaffirm the new administrations commitment to protecting our country and it’s businesses online. Neuberger comes from the National Security Agency where she has been lauded the past few years with exposing new hacking-methods from foreign nations to better understand how to prevent and combat them.

    To read more about the new hirings, click here.

    Looking for cybersecurity experts? Consider hiring veterans

    Recently, jobs in cybersecurity have been in very high demand. In The United States alone there are over 1,000,000 openings across a vast array of companies. According to the latest Cybersecurity Workforce Study, The United States needs to increase the number of cybersecurity professionals by 145% to fill the openings currently in the workforce. The U.S Government Accountability office has proposed that companies should increase their internal efforts towards hiring veterans for these positions.

    Why Veterans?

    With over 200,000 members of the U.S military transitioning from active-duty to civilian life every year, U.S military members are one of the leading sources for new talent in the workforce. These men and women are well-versed in defensive tactics and are accustomed to continuous training that make them excellent candidates for most companies. Veterans are also trusted with advanced computer systems and technology while actively serving regularly. They understand that security is a priority in every company and can apply much of their military training and work ethic to help better secure businesses. While some employees may not see suspicious emails or external storage devices as potential threats, members of the military are constantly on the lookout for ways foreign actors can compromise systems.

    How best to help?

    Veterans possess many soft-skills such as problem-solving, critical thinking, and analytical skills that help make them ideal candidates. These soft-skills help tremendously in the onboarding and training process that many companies have new employees undergo. Many of these veterans have utilized computer systems when they were in the military and have plenty of skills employers are looking for. All employers need to do is look past their years of experience that can sometimes get lost in translation easily and look towards what kind of an employee they will be for their company. Will they show up on time, be accountable, and be trainable? If the answer is yes, then employers should start looking towards veterans to help fill the need in the cybersecurity workforce.

    Find more about this article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Calling all top-tier performers looking to drive innovation forward. We favor a “can do” attitude, dedication to continuous learning, commitment to teamwork, and keen attention-to-detail.

    Netizen, a national Inc. Magazine Best Workplace and HIRE Vets Platinum Medallion awardee, offers competitive pay and benefits plus ample flexibility, performance incentives, training, and career growth. Equal Opportunity Employer. Military Veterans/Family/Spouses welcome. We are constantly looking for the top industry talent to join our growing team.

    Take a look at some of our openings here.

  • SolarWinds Breach Fallout: What happened and what we learned

    SolarWinds Breach Fallout: What happened and what we learned

    • =

    On December 13, 2020 cybersecurity company FireEye announced they had discovered a state-of-the-art exploit that created a backdoor in SolarWind’s Orion application. This hack was then distributed to thousands of systems running this application as a routine update from the manufacturer. With no reason to suspect any issues, IT administrators all over the country unknowingly downloaded this malware onto their systems and the damage began. Over 18,000 of SolarWind’s customers were left compromised by this hack leaving many to wonder what the real damage was. In short, this is only the beginning.

    How did we get here?

    Although this vulnerability was discovered on December 13, 2020, experts believe these systems had been compromised since at least early March, with some even believing it had been over a year since these backdoors were installed. This vulnerability was first loaded onto the Orion application after installing what appears to be a routine update from SolarWinds. The malware then utilizes multiple blocklists to sweep the system and identify any third-party security tools or anti-virus software. Once the threat actors established that there was no imminent threat of discovery, the malware begins executing commands called “jobs” which can be anything from transferring and executing files, to disabling system services. The malware then begins remotely encrypting small amounts of data and combined this with regular analytical data to masquerade as legitimate traffic that would normally be shown in the Orion software. At the same time, the malware also attempts to spread across the network by pivoting from one compromised system to another, gaining a beachhead and then expanding across networks from there.

    What does this mean?

    While threat actors from foreign nations are not uncommon, the complexity and severity of this case is remarkable. For almost a year, foreign actors had remote access to systems in a litany of organizations, from members of the federal government such as the Department of Justice and State Department, to 400 of the Fortune 500 companies in The U.S. The sophistication of this attack also alludes to the idea that these hackers must have been sponsored by a foreign state agent. These attackers had ample time and resources to make sure they were not discovered for extended periods. Although an investigation into what exactly was stolen is still underway, many experts have ruled out monetary incentive as the primary goal of this attack.

    This attack was seemingly executed to gauge the security readiness and response of our nation’s government and some of its most critical businesses. With an ever-changing geopolitical landscape, our nation-state adversaries may no longer appear as combatants on a battlefield. The next war will likely not be fought as much with so called “boots on the ground” but rather “bots on the network” as cyberspace quickly becomes a primary theater of warfare moving forward. In this theater of operations, however, geographic distance does not protect businesses and governments as it once did. Everyone is now a potential target.

    What is the solution?

    No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.

    A lot of this type of attack may have been difficult to prevent in its totality given the level of sophistication, but effective round-the-clock monitoring, routine assessments, network segmentation, and proper evaluation of vendor software may help alleviate damage caused by such attacks. Proper segmentation of networks, data, and systems and having an effective data management plan is so crucial and may have even prevented expansion of this attack in many instances. Data management is the practice of classifying, protecting, controlling, and segmenting data and systems to prevent leakage or unauthorized disclosure of sensitive information. If implemented properly, it could thwart attempts by attackers to “pivot” across a network, even once they are inside the perimeter, thus containing any damage.

    Beyond this, basic cyber hygiene can prevent so much carnage for routine attacks that are far more common. For example, stop using the same passwords on multiple sites or systems. If hackers get access to one set of account credentials, they will look to try these again and again to gain access to subsequent systems. Use a password manager to store strong and unique passwords to ensure that one password will not grant access to multiple sites. Also be mindful of what you are clicking that comes through email on as well. If you think an email or attachment looks suspicious, take no action, and report it to your information security representative. Many times, emails and attachments are used as the primary method to breach an organization’s systems. Cybersecurity starts at the ground level, too. Organizations should put much more focus on training their employees cyber-safe habits to foster a culture of security throughout the entire organization.

    Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact

  • NETIZEN HIRES AKHIL HANDA AS CHIEF OPERATING OFFICER AND OTHER TEAM NEWS

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cybersecurity solutions, has added Akhil Handa to the executive team and named him Chief Operating Officer (COO) of the company. Akhil is an experienced and highly respected senior executive in federal and defense markets. He has served in senior leadership roles with some of the most successful companies in the Washington, D.C. area before joining Netizen and has also worked in cybersecurity engineering and management. Akhil oversees company operations, strategic relationships, and solutions engineering at Netizen and is based at the company’s Washington, D.C. metro area (Northern Virginia) location.

    Doug Ross, previously Netizen’s Director of Business Development and, prior to that, President and Founder of SPARC, LLC and Morgan6, LLC where he earned over $1 Billion in federal contracts for those companies, has been promoted to Chief Strategy Officer (CSO) at Netizen. In this role, he oversees all of Netizen’s strategic business development for key markets and also serves as advisor to the CEO. Doug is based at Netizen’s Charleston, South Carolina location.

    Emily Dietrich Witmer, previously Netizen’s Administrative Officer, has been promoted to Director of Human Resources and Legal Affairs. Emily has been a licensed attorney since 2001 and is a graduate of Villanova’s Charles Widger School of Law with specializations in contracts, business law, and legal documentation. At Netizen she oversees and coordinates human resources, contract management, and legal affairs. Emily is based at Netizen’s Allentown, Pennsylvania headquarters location.

    Additional details, photographs, and biographical information can be found for these team members on the Netizen website at https://www.Netizen.net/about/leadership.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT:
    Doug Ross
    Chief Strategy Officer (CSO)
    Phone: 1-800-450-1773
    Email: doug.ross@netizen.net    

  • Netizen Cybersecurity Bulletin (December 15, 2020)

    Overview

    • Phish Tale of the Week
    • IoT Cybersecurity Improvement ACT Passed
    • Universities Across The Globe Attacked by Phishing Scam
    • How Can Netizen Help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing scam targeting unsuspecting Amazon customers. This email appears to be a security notification about “illegal transactions” that were made on your Amazon account and require immediate attention. This email contains Amazon’s logo as well a link to fix this issue right in the email, so why not click “verify now”. Unfortunately, there’s plenty or reasons not to click that email right away.

    Take a look below:

    1. The first red flag on this email is the sender address. Big corporations like Amazon will never email you outside of their company emails. Seeing that this email was from info@clersondemand.com and not a .amazon.com domain, its safe to say this might be a scam.
    2. The second warning sign in this email is the email title. The title is meant to create a sense of distress/urgency while also providing a fake invoice number to try to create legitimacy.
    3. The final warning sign for this email is what is being asked in the email. This sender is requesting us to send back our name, address, and phone number registered on our credit card. Amazon would normally have all of this information already on file, so this raises suspicions immediately. Remember, never give out any of your personal information to random links on the internet.

    For Amazon specific recommendations find more here.


    General Recommendations:

    A phishing email will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
    • Do not give out personal or company information over the internet.
    • Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief:

    Senate Passes Internet of Things Cybersecurity Improvement Act of 2020.

    The U.S. senate unanimously passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 without any amendments recently. Experts in cybersecurity are lauding the work of Will Hurd (R-Texas) and Robin Kelly (D-Ill) on this bill, calling it some of the most groundbreaking security law in decades. This bipartisan effort would require the federal procurement for and use of IoT devices to adhere to basic security requirements that NIST will be developing. This bill faced no opposition in either the house of representatives or the senate and is now headed to the President’s desk to be signed into law.

    What does this mean?

    This new act will create a basic set of security standards and practices for all IoT devices used or purchased by the federal government and its industrial base (vendors). One of the first caveats in the bill is that NIST will develop and issue a set of standards-based guidelines for the minimum security that IoT devices owned or used by the federal government and contractors must adhere to. Additionally, The Office of Management and Budget (OMB) must also construct requirements for commercial vendors that perform contract work involving IoT devices to meet information-security policies that are in line with these NIST guidelines. These contractors, IoT vendors, and federal agencies are also going to be required to create and implement a vulnerability-disclosure policy for IoT devices to assist in the reporting of bugs, vulnerabilities, or defects that may be uncovered.

    This new act could have significant impacts on IoT resellers and manufacturers, but also has the added benefit of ensuring the security of internet-connected “smart” devices operating on federal government networks which are becoming more and more pervasive. These devices collect and parse data that could be considered highly sensitive, such as video, audio, and other. Developing a standard for IoT security will ensure that a common baseline can be leveraged by both industry and the federal government to ensure vulnerabilities and other threats (like intentional backdoors) are identified and dealt with promptly. . Netizen specializes in the validation, engineering, assessment, and authorization of classified and unclassified systems and devices in accordance with the NIST Risk Management Framework (RMF). We also offer an experienced team of cybersecurity professionals ready to help with any cyber or compliance issue that may arise.

    To read more about the IoT Act, click here.

    Phishing Campaign Targets Universities

    Recently, a string of large-scale phishing attacks were carried out by an organization known as the “Shadow Academy” against some of the world’s most prominent universities. Victims of this attack include the University of Louisiana, University of Washington, University of Arizona, and Oxford University to name a few. Experts believe these attacks were planned to align with the back-to-school chaos that comes from students returning to campus at the start of this most recent fall semester.

    How did this happen?

    The beginning of the semester is always a busy time for most college students and employees. Work begins to pile up, schedules become full, and the last thing on everyone’s mind is checking which emails are from legitimate sources or not. This, coupled with a large amount of coursework being shifted online instead of in-person, has created a perfect storm for phishing campaigns. The “Shadow Academy” leveraged a technique called domain shadowing to construct harmful landing pages to harvest login credentials across numerous platforms. Some of these malicious domains near perfectly resembled your everyday email you see from popular services such as Facebook, Amazon, and Netflix. In addition to these traps, the “Shadow Academy” also created fake “phishing” emails that appeared to be from a target school’s financial aid department or library in an attempt to trick students and faculty into giving up their information.

    What can be done to prevent this?

    Netizen specializes in cybersecurity solutions including penetration testing, vulnerability assessments, advisory, and 24×7 monitoring. In addition to these services, we also offer social engineering and phishing campaigns in attempt to better prepare individuals with what to watch out for when they are using the internet. Netizen’s experienced team of cybersecurity professionals stands ready to help with any cyber or compliance issue that may arise, leveraging advanced tools, such as the award-winning Overwatch suite, and intelligent automation. A cost-effective cybersecurity monitoring program coupled with social engineering testing and employee training would help prevent such attacks by educating your staff on how to identify, handle, and report suspicious behavior.

    Find more about this article here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • NETIZEN NAMED ONE OF THE NATION’S FASTEST-GROWING VETERAN OWNED BUSINESSES FOR 2nd YEAR IN A ROW

    NETIZEN NAMED ONE OF THE NATION’S FASTEST-GROWING VETERAN OWNED BUSINESSES FOR 2nd YEAR IN A ROW

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has once again been named one of the nation’s fastest-growing veteran-owned businesses by Inc. Magazine in partnership with the Institute for Veterans and Military Families (IVMF) at Syracuse University on their annual Vet100 list of the most successful veteran-owned companies in the United States. Netizen ranked #16 this year out of the top 100 veteran owned businesses nationwide and was ranked #2 in the country last year on the list.

    Netizen was also ranked as the 184th fastest-growing private company and the second-fastest-growing cybersecurity company in the United States on the 2020 Inc. 5000 list of the nation’s most successful businesses. Last year, in 2019, Netizen was the 47th fastest-growing private company and fastest-growing cybersecurity company in the nation on this list. These are the highest rankings that a company based in the Lehigh Valley region of Pennsylvania have ever achieved on the Vet100 and Inc. 5000 lists, according to published records on the official program website.

    Syracuse University’s IVMF is higher education’s first interdisciplinary academic institute, focused on advancing the lives of the nation’s military veterans and their families. As a result of this special recognition, Netizen leadership will be attending, as an invited guest of the IVMF, the national veteran-owned business growth conference, Veteran EDGE, sometime in October 2021 in Dallas, TX.

    “We are very proud to receive such recognition within the close-knit veteran-owned business community. It speaks volumes to the incredible team we’ve assembled here at Netizen, with every military branch represented across a diverse group of team members located around the country and serving customers globally,” said Michael Hawkins, Netizen’s founder and CEO as well as a U.S. Army veteran himself.

    About Netizen Corporation:
    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT
    Doug Ross

    Director of Business Development
    1-800-450-1773
    doug.ross@netizen.net

  • Netizen Named 2020 Game Changer

    Netizen Named 2020 Game Changer

    Netizen Corporation, an ISO 27001:2013 and 9001:2015 certified provider of cybersecurity and related solutions for defense, government, and commercial markets, has been named a 2020 Game Changer by Lehigh Valley Businesses. Netizen received the Game Changer Business of the Year award within the 20-74 employee category. The Game Changers award recognizes and honors extraordinary business leaders and businesses that make a positive impact on the greater Lehigh Valley. The honorees consistently demonstrate strong leadership, integrity, values, vision, and a commitment to excellence.

    This year’s Game Changers awards celebration will be a virtual event held on December 9th starting at 5:30 p.m. (login opens at 5:00 p.m.) and can be viewed from any location with internet access. The program will be professionally produced including video storytelling, shoutouts from sponsors, and interaction from the audience through social media posts that appear live during the program. All winners will be celebrated during the event at LVB.com and through LVB’s social media channels.

    About Netizen

    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine, a “Game Changer” business of the year by Lehigh Valley Business, and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

  • The Difference Between CMMC and DFARS CUI

    The Difference Between CMMC and DFARS CUI

    From DFARS CUI to CMMC, we understand how challenging it can be to keep up with these regularly evolving compliance requirements. Here at Netizen, it is our goal to help guide our customers through the process with minimal cost or delay. Although DFARS CUI compliance and CMMC programs do overlap, the assessment (audit) process will be significantly different moving forward. To have a better understanding, let’s discuss the differences between the two. 

    The Main Differences

                DFARS regulations address how to keep data protected but specifically Controlled Unclassified Information (CUI) in order to help government contractors better protect sensitive data flowing in and out of their organization. Compliance to DFARS requires the appropriate security controls to be put in place to protect CUI, and the processes must be established to make reporting cybersecurity events simple. In contrast to DFARS, CMMC brings together a number of different security controls to create a hierarchy of maturity levels. These five maturity levels represent the different levels of data security government contractors provide.

    The differences in these two models is not only how they function, but how they are assessed. One major difference in DFARS and the CMMC model is the way compliance is assessed. DFARS helps to establish guidelines for self-assessment. This means government contractors are religiously monitoring their security controls and assessing them for effectiveness. If a breach is detected, it would have to be reported right away. Contractors in compliance with DFARS must continuously self-assess to keep data protected. On the other hand, CMMC requires assessments to be conducted by third party assessment organizations. Take Netizen for example, our certified personnel will help you determine whether or not you are appropriately aligned with a specific maturity level. 

    From DFARS to CMMC

    The Cybersecurity Maturity Model Certification (CMMC) has many of the same goals as DFARS. It is targeted to both government contractors and subcontractors. CMMC gathers a number of different security controls to create a hierarchy of maturity levels. The DoD released the Cybersecurity Maturity Model Certification to displace DFARS (NIST 800-171) ensuring it had satisfactory security to handle CUI. The CMMC Accreditation Body (AB) then made it clear that aligning with the DFARS standard is of prime importance to the Cybersecurity Maturity Model Certification from small business or prime DoD contractors. CMMC is now officially a requirement for any company providing goods or services in the defense market. Delay in implementing the standards could mean the loss of contracts and contract opportunities for your business.

    What Makes Our CMMC Solutions the Best?

    The answer is simple, we specialize in this field. At Netizen, we have been working diligently ensure that our clients are in line with upcoming CMMC requirements. As a company, we landed a spot on the 2020 Inc. 5000 list of America’s fastest growing businesses for the second year in a row. Netizen placed 184th overall in 2020 and 47th in 2019, which places us as the fastest growing company in the entire Lehigh Valley region. Not only is our company growing in size but so is our knowledge in the industry. Our personnel and company maintain advanced certifications and are continuously trained through our Netizen Academy program to stay ahead of the industry. To help DoD contractors prepare, we are offering a FREE initial assessment to determine gaps in your CMMC readiness. Contact us to ensure you have what you need to succeed. Our cybersecurity experts will start you on the path to full compliance, today.

  • The Issue With Cloud Databases

    The Issue With Cloud Databases

    A database left exposed and unsecured to the public is essentially begging for a cyberattack. Your vital data is now on the cloud, accessible to anyone, and wide open to attackers who will see it as a golden opportunity to siphon sensitive customer data from you. In a world where the average total cost of a data breach is $3.92 million and the average cost per lost or stolen record is $242, this isn’t something businesses should take lightly. 

    Look at the data

    Cybersecurity experts from Comparitech created a simulation of a database on a cloud server in which data is often stored on. They left it exposed and wanted to detect how long it would take for hackers to connect to it, steal from it, or destroy the data. They found 175 attacks beginning just 8 hours after deployment. The study accounted for an average of about 18 attacks per day. 

    Yes, it was just that easy for hackers to locate and retrieve important data from an exposed and improperly security cloud-based database. Data from Varonis shows that on average only 5% of a company’s folders and file storage systems, including those hosted on cloud-based services, are adequately protected. Don’t be a part of the 95% left exposed to the fast-paced world of cyberattacks and hacks.  

    The solution

    Minimize your risk and assume the worst when considering your exposed data. Consider what the likelihood and impacts of the loss of your data would be, and implement security controls in accordance with that level of risk. Security controls such as this may include access restrictions, cryptographically secured network connections, password policies, and other measures that, when combined, significantly lower the risk of a breach.

    Also, when leveraging cloud-based resources, security is often not implemented by default. Lock down access to your databases, systems, and files by creating virtual private networks, requiring proper authentication (such as an encryption key) for access, and implement traffic filtering security policies on your cloud networks to block traffic from non-approved locations and devices. Cloud service providers offer an array of tools to create, audit, and update permissions for specific cloud resources, though they are not always intuitive or easy to use, which leads to a lot of mistakes and major breaches.

    Statistics show that 24% of data breaches are caused by human error, such as a misconfiguration or other mistake. This can be avoidable by ensuring your data is stored safely and securely, regardless of where it rests. Netizen reduces the risk of a breach by providing an expertly-trained set of eyes on the situation at hand and by implementing risk-based, cost-effective monitoring software, including the award-winning Overwatch Governance Suite, and other security controls and solutions that don’t impede your daily operations or break the bank. Our CyberSecure Solutions take the pervasive fear of cyberattacks out of the equation, allowing business owners to sleep better knowing the state of their security and risk profile. Contact us today for a FREE consultation and discover the value we can provide your organization.

  • NETIZEN RANKS No. 184 ON THE INC. 5000 LIST OF AMERICA’S FASTEST GROWING COMPANIES WITH 2,222% GROWTH

    NETIZEN RANKS No. 184 ON THE INC. 5000 LIST OF AMERICA’S FASTEST GROWING COMPANIES WITH 2,222% GROWTH

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 and ISO 9001:2015 certified Veteran Owned provider of cyber security and related solutions, was named for the second year in a row to the Inc. 5000 list of the nation’s most successful businesses. Founded in 2013 and led by CEO Michael Hawkins, Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government, defense, and commercial markets.

    Netizen ranked 184th overall on the 2020 Inc. 5000 list which places them as the fastest growing company in the Lehigh Valley region, the nation’s 2nd fastest growing cyber security company, the 2nd fastest growing company in all of Pennsylvania, and one of the fastest growing Veteran-Owned companies in America with three-year revenue growth of over 2,222%.

    In 2019, Netizen placed 47th overall, was the nation’s fastest growing cyber security company, and achieved the highest ranking that a company based in the Lehigh Valley region had ever achieved on the Inc. 5000 list, according to the official program website.

    The Inc. 5000 list represents a unique look at the most successful companies within the American economy’s most dynamic segment— its independent small and midsized businesses. Companies such as Microsoft, Dell, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees of the Inc. 5000.

    “Being ranked in the highest tiers of the Inc. 5000 list for a second year in a row is perhaps yet again the truest testament to the capabilities of our world-class team which boasts a cadre of industry-recognized leaders and professionals,” said Michael Hawkins, Netizen’s President and CEO. He added, “I attribute much of this success to our process-focused, employee-centric, and innovation-nurturing corporate culture which provides unmatched career growth opportunities for ambitious professionals and superior products and services for customers.”

    As an Inc. 500 awardee, which is reserved for the top tier of companies on the Inc. 5000 list, Netizen will be profiled featured in the September 2020 issue of Inc. Magazine.

    About Netizen Corporation:

    America’s fastest-growing cybersecurity company, 2nd fastest-growing Veteran-owned company, and 47th fastest-growing private company overall in the nation according to the 2019 Inc. 5000 list of the nation’s most successful businesses, Netizen is a highly specialized cybersecurity solutions provider. They also develop innovative software products that include the award-winning AutoSTIG and Overwatch Governance Suite.

    The company, a certified Service Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA, with additional locations in Virginia (DC Metro), South Carolina (Charleston), and Florida (Orlando). In addition to being one of the fastest-growing businesses in the US, Netizen has also been named as one of the nation’s “Best Workplaces” by Inc. Magazine and is a US Department of Labor HIRE Vets Platinum Medallion awardee for veteran hiring and support for two years in a row. Learn more at Netizen.net.

    POINT OF CONTACT:

    Michael Hawkins
    Founder and CEO
    Phone: 1-800-450-1773
    Email:   press@Netizen.net

  • The Key to Compliance: Vulnerability Assessments

    The Key to Compliance: Vulnerability Assessments

    Assessing vulnerabilities through comprehensive testing and analysis mitigates issues in your technology infrastructure before they can take a toll on business operations, providing you a safe and efficient workflow that is uninterrupted and minimizing risk. The US National Institute of Standards and Technology (NIST) defines a vulnerability as a weakness in an information system, a security procedure, an internal control, or even a weakness in an implementation that could be exploited by a threat source. How many does your company have? How are you identifying, tracking and mitigating those vulnerabilities?

    Information systems are bound to have weaknesses, but not all information systems have the same level of sensitivity to attack. That doesn’t mean they should go undetected or untested on a recurring basis. Routine vulnerability assessments evaluate what risks and threats exist for your business systems, assign severity levels to them, and ultimately recommend modifications or countermeasures to minimize the risk of a breach. 

    After a breach, it is already too late, and the cost of repair is typically 10 to 15 times higher than what even the highest levels of preventative measures would cost. The ramifications of a breach go well beyond system downtime, too. In multiple studies, a majority of customers surveyed routinely said they would likely be wary of continuing to do business with a company that suffered a breach, especially if their personal information was impacted in any way.

    It’s important to get ahead of cyberattacks before they can occur. Cybercrime is on the rise with hackers attacking a business just like yours every 39 seconds, on average 2,244 times per day. And it’s not just the large businesses that are the targets – actually, it’s typically the opposite. Small businesses, the majority of breach victims, are seen by attackers as easier targets they can then leverage to gain access to others, such as your customers, vendors, and suppliers. Protect your company before joining the multitude of those affected by attacks. 

    Types of testing

    Vulnerability assessments can be done on servers, computer workstations, networks and even connected devices, such as manufacturing equipment, HVAC sensors, and the like. There isn’t just one type of assessment. Take a look at the following:

    • Network-based assessment:  discovers possible security flaws and vulnerable systems on either wired or wireless networks.
    • Host-based assessment: scans servers, workstations, and other network hosts. Looks into a device’s configuration settings and patch history.
    • Application assessment: tests websites for software vulnerabilities and defective configurations.
    • Database assessment: helps prevent cyberattacks by finding weak spots in database security.
    • Wireless network assessment: looks for rogue access points in wi-fi networks and confirms secure configuration
    • Industrial controls assessment: discovers, tests, and audits the security status of industrial controls and other devices ranging from HVAC systems to complex connected manufacturing equipment. Even biomedical devices are not immune and need to be tested and assessed.

    Benefits of testing

    1. Gain better insight – Learning about your threats and vulnerabilities gives you a whole new perspective on your business operations. By discovering the weaknesses within your organization’s security, you will be able to get ahead of the cyberattacks, educate your team on the specifics and importance of security, and implement new tools and processes to make your work safer and more efficient. 
    • Reputation – Building trust with those involved with your company, whether internally or externally, is essential to a successful business. A big part of trust is ensuring that their, and your, important data is secure. A majority of customers surveyed indicated they would be wary of continuing to work with a business that suffered any sort of breach, with a large portion (over 30%) saying they would cut all ties to that business.
    • Efficiency – Recovering lost data and important information sets your company back. Imagine if that data was gone forever, as many companies found out when they realized their backups were old, inefficient, or non-functional when a breach took place. It takes exponentially more time, money, and resources to rebound from an attack than it does to prepare for one. If you take even basic preventative measures now, it will save much of the pain and agony our of a long recovery later on.
    • Meet Compliance – Compliance is often essential to business. Every company and its employees follow strict guidelines set by external forces due to regulations, laws, and industry standards. Compliance may also be an internal in the form of policies and ethical requirements set by the organization itself. Lose compliance and lose customers. Get ahead of evolving compliance programs now, not later.

    Netizen’s solutions bring vulnerability and compliance visibility to decision makers at an enterprise level, in terms they can understand. We are now offering a FREE trial of our award-winning Overwatch Governance Suite to help you stay ahead of ever-evolving technology risks and trends by monitoring your critical systems – right from your fingertips. Overwatch is not a one-and-done type assessment tools, it is the natural next step in continuous cybersecurity management and monitoring – offering simplified reporting and visibility, a large array of integrated tools, and simplified tracking for metrics, trends, milestones, compliance tasks and more. Contact us at to schedule your demo and sign up for a free trial today! 

    Your cost effective enterprise Cyber Governance Suite awaits at https://overwatchsuite.com/.