Lack of Controls and Verification Result in System Intrusions
Vulnerability specialists often say that cybersecurity compliance is not cybersecurity. That can be true with the outdated ITAD, HIPAA, PCI and NERC standards that allow for more exceptions than closing cybersecurity vulnerabilities. Try NIST 800-171 or ISO 27001, where you either meet the standard or lose your certification. Every day we see organizations in the public or private domain that join partnerships with vendors that do not have even 1% cybersecurity capability. In their world, they actually pay for non-compliant, non-certified, and untrained resources and then they expect a different outcome.
Verizon’s New Data Breach Investigative Report
In Verizon’s Data Breach Investigative Report (2022-data-breach-investigations-report-dbir.pdf (verizon.com)), their research claims four paths to your network exploitation: Credentials, Phishing, Vulnerabilities and Botnets.
With the three top reasons to exploitation as financial gain, espionage, and hacktivism, many times the purpose of the breach is to sell your data to gain knowledge at your expense, to embarrass you and to defeat you. Although with Ransomware (25% of breaches) in the news, most breaches come from human error (82%) and your supply chain (62%). The result of your partner’s inattention and your lack of verification, stolen credentials lead the way to system intrusions.
In industry reports from Gartner, Forrester, and Deloitte, they tell CIOs and CISOs the same story. They see that real IR preparedness come from true adherence and practice to industry standards like NIST and ISO.
How TechR2 Can Help You Comply with Industry, Federal and State Regulations
Today because of CMMC, GDPR, NIST, ZTA, CCPA, CMS, CJIS and IRS 1075, Meeting IRS Safeguards Audit Requirements | Internal Revenue Service cybersecurity assessors from the government GAO, IRS, DoD, NERC, PCI, HIPAA or more will examine you and your contractors, and all the subcontractors they use. It is your responsibility to prove the compliance of your entire supply chain and ignore a supplier’s embellishments on their website telling of their fictitious data governance.
What Has Changed in Data Control?
- The Data Destruction process must meet your Risk and Data Policies requirements
- Data Destruction must occur under your control per Federal, State and Industry regulations
- Vendor must be Cybersecurity Framework certified per Federal, State and Industry regulations
- You must follow data destruction techniques based upon your published Data Classification Policy
- Data destruction by the Sanitizer must be Verified by a second individual
- Certificates of Destruction must be complete and meet NIST 800-88 requirements
Do you need the Patented Tear-A-Byte® Method to Track – Contain – Destroy – Verify Loose Media?
The answer to your cybersecurity control challenge is the ISO, NIST and NAID certified TechR2’s Patented Tear-A-Byte solution. Data and Hard Drive Shredding Tracking Destruction Containment Service (techr2.com). All TechR2 products and services incorporate Zero Trust Architecture data security techniques. Zero Trust Model – TechR2.
TechR2’s NEW Data Destruction as a Service (DDaaS) is the future model and the archaic ITAD processes are dead. DDaaS Data Destruction as a Service – TechR2.
Contact Sepp Rajaie to learn more. Contact our experienced TechR2 staff.