2023 is just around the corner.  To help our customers get ahead of cyber adversaries our team of Cybersecurity experts compiled a compressive list of cybersecurity predictions.

Andy Richter joins Dan Lohrmann in discussing 2022 Federal Vulnerability Scanning Mandates to close out Cybersecurity Awareness Month.

Join Presidio’s Dan Lohrmann and special guest Nathan Willigar as they discuss growing cybersecurity threats in the wake of current global events.

In this episode, Dave Trader, Field CISO at Presidio, and Dan Lohrmann, Field Chief Information Security Officer,  share their insights into how the recent conflicts abroad have shaped global cybersecurity. 

The meteoric rise in digital commerce, connected devices and virtual workspaces has rightfully led to an intense focus on cybersecurity to protect company assets and employees. But cyber is only half of the security equation. After all, single sign-on cannot halt an intruder rummaging around in your data center.

State and local governments will be receiving dedicated cyber grants for the first time in 2022, now that the new bipartisan legislation has passed. While previous federal programs offered the potential for grants for cybersecurity projects in state and local governments through the Cybersecurity and Infrastructure Agency (CISA), these grants were not previously dedicated (required) to improving cybersecurity.

Unlike legacy security solutions that alerted after nearly every log event, today’s MDR services can detect—and resolve—many security issues with minimal disruption. A few years ago, identity theft protection company LifeLock aired a commercial that humorously contrasted its competitors’ security monitoring services with its proactive services.

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in the popular Java-based logging package Log4j was disclosed.  Submitting a specially crafted request to a vulnerable system allows an attacker to download and execute a malicious payload to perform additional functions such as data exfiltration, diverting funds, performing surveillance, or disrupting service.  What many experts fear now is that the bug could be used to encrypt data and due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched.  Scanning activity for CVE-2021-44228 has actively begun on the internet with the intent of seeking out and exploiting unpatched systems.  Apache Log4j versions <= 2.15.0 rc1 are vulnerable.