Insights

The first thing we need to understand is the difference between MSP and MSSP vendors. A Managed Service Provider (MSP) or more commonly referred to as a Managed IT Provider focuses on uptime and the delivery of services of your end user systems and phone systems. They also are responsible for the buildout and ongoing maintenance of your network infrastructure. Some MSPs claim to provide cybersecurity services, however, antivirus and firewalls are only a small part of your cybersecurity initiatives, and with today's threat level, a more robust cybersecurity solution is highly recommended. MSSPs typically employ deeply experienced, higher trained analysts with corresponding certifications in cybersecurity, such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CompTIA Security+ (SEC+), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), and more. There are significant reasons why you need an MSSP monitoring your network. Let's look at what you…

"We're having upwards of a billion records leaked a year," said Patrick Kelley, CEO of Critical Path Security. "We can pretty much ascertain that every person that has ever been on the internet or created an account on the internet likely has been rolled into a data breach." Kelley said tracking down the source of those breaches can be nearly impossible. "Even though we have state laws that say that we should be disclosing, we haven't really tested those in courts and the companies know that," Kelley said. "Fewer than four out of five actually report that they've had a breach. They will create some pretty interesting ways to make sure that they don't have to disclose, such as telling companies like us that we are not to give them a final report, we're to provide it to the attorneys because there is attorney client privilege." Read More

A compromised and digitally signed version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is allegedly being exploited in an ongoing supply chain attack against the company's customers. 3CX is a major VoIP IPBX software development company with a vast customer base, including high-profile clients from various industries. This wide reach makes it an attractive target for threat actors seeking to compromise a large number of organizations. The 3CX Phone System is utilized by over 600,000 companies globally, with more than 12 million daily users. High-profile clients include American Express, Coca-Cola, McDonald's, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, and Holiday Inn. Security researchers from Critical Path Security, Sophos and CrowdStrike have issued alerts, stating that the attackers are targeting both Windows and macOS users of the compromised 3CX softphone application. Security researchers have raised concerns about attackers targeting both Windows and macOS users of the compromised 3CX…