Breaches, False Claims, and More Breaches
Happy Monday! Last week, a few of our team members came back from the 2019 Navy Gold Coast Small Business Procurement Event in San Diego, CA. While at the conference, we learned so much about the new CMMC (Cybersecurity Maturity Model Certification) that is going to be rolled out soon. Although this is super exciting news for us, it may not be as exciting to those who aren’t quite ready to pass the audit and receive the certification. Similar to the DFARS clause written in DoD contracts, the CMMC will require compliance with the NIST SP 800-171, as well as requirements from NIST SP 800-53 and AIA MAS 9933.
In other news, Capital One and Pearson have both announced details on recent breaches of customer data. Capital One has disclosed that around 106 million people were affected by their breach, while Pearson announced that more than 13,000 school accounts have been affected. Unfortunately, for those affected, this situation is not ideal. On the bright side, hopefully more businesses will start to recognize the importance of cybersecurity. Maybe some will even implement the necessary tools and employ the necessary personnel to prevent future breaches. A girl can dream…right?
Finally, new information has been released regarding Cisco Systems, and the 2011 case brought to attention by a whistleblower. It has been discovered that the vulnerability found in their surveillance products, which were sold to the government, had everything to do with faulty access controls. Of course, this means that the products were not in compliance with the NIST SP 800-171 standard, which Cisco Systems had previously claimed they were. The Western District of New York has the case filed under the False Claims Act, as Cisco Systems had been made aware by the whistleblower of the vulnerability and did not release a patch until two years later. On top of that, Cisco Systems did not make the companies using the products aware of the vulnerability and patch until three years after it’s release. This situation should be taken as a warning to those contractors who are not in compliance with the NIST SP 800-171 but are claiming they are. Cisco Systems has recently agreed to pay $8.6 million to settle the 2011 case.
That’s all for today! Thank you for tuning in to this week’s segment of “Mondays With Miranda!” Keep up to date with current news by following NeQter Labs on Twitter, Facebook, and LinkedIn. We love comments and questions, so drop me an email firstname.lastname@example.org. Enjoy your week!