Paul Bergman

Category: Management

  • Advances in Phishing Detection Systems Highlighted at Cybersecurity Conference

    Advances in Phishing Detection Systems Highlighted at Cybersecurity Conference

    Phishing detection got a lot of attention at RSA Conference 2025. Multiple vendors showed off new tools. Researchers presented new techniques. And the message was clear: the old ways of catching phishing emails are not keeping up.

    That matters to you because phishing is still the number one way attackers get into your environment. It has been for years. And it is not slowing down.

    The Bottom Line

    If you just want the highlights, here they are:

    • AI-driven phishing attacks are outpacing traditional email filters
    • New detection systems are using behavioral analysis and large language models to fight back
    • Real-time link analysis and brand impersonation detection are becoming standard features
    • Most of these advances will show up in paid platforms — budget accordingly
    • Your people are still your last line of defense, and training has to evolve too

    What Is Actually Changing

    Traditional phishing detection relies heavily on signatures and reputation lists. Think of it like a bouncer at a bar with a list of known troublemakers. If your name is on the list, you do not get in. If you are new, you walk right through.

    That model is broken. Attackers now use generative AI to craft emails that are grammatically perfect, contextually relevant, and free of the obvious red flags we trained people to spot. No more Nigerian prince emails with misspelled words. These messages look like they came from your CEO’s actual inbox.

    The new detection systems presented at the conference take a different approach. Instead of just checking a list, they analyze behavior. They look at how an email was constructed, where it actually originated, whether the sending patterns match historical norms, and whether the language in the message is consistent with how the supposed sender typically writes.

    Some systems are now using large language models — the same technology behind ChatGPT — to evaluate whether an email’s content is likely machine-generated. That is a meaningful shift. You are essentially using AI to catch AI.

    Real-Time Link and Brand Analysis

    Another area getting major upgrades is link analysis. Old-school systems check a URL against a blocklist. New systems actually follow the link in a sandboxed environment, render the page, and evaluate it in real time.

    They look at the visual layout of the destination page. They compare it against known brand assets — logos, color schemes, login page structures. If someone cloned your bank’s login page and hosted it on a throwaway domain registered six hours ago, these systems catch it.

    Brand impersonation detection is also getting smarter. Instead of relying solely on domain name checks, newer tools analyze the full context of the message — the tone, the branding elements embedded in the email body, even the favicon on the linked site.

    What You Should Do

    1. Evaluate your current email security stack. If your phishing protection is still primarily signature-based, you are behind. Ask your vendor specifically what behavioral and AI-driven detection capabilities are included in your current license.
    2. Ask about LLM-based detection. This is the new frontier. Find out if your email security provider has a roadmap for detecting AI-generated phishing content. If they look at you blankly, that tells you something.
    3. Enable real-time link scanning. Many platforms offer this but it is not always turned on by default. Make sure URLs are being detonated and analyzed at click time, not just at delivery.
    4. Update your security awareness training. Your training program should reflect the new reality. Show your team examples of AI-generated phishing emails. The old “look for typos” advice is dangerously outdated.
    5. Budget for upgrades. My guess is many of the most impressive capabilities shown at the conference will be foundational to paid product tiers. The free or base-level protections are not going to cut it. Plan your spend accordingly.

    A Word of Caution

    Conference demos are designed to impress. Vendors show you the best-case scenario under controlled conditions. Real-world performance is always messier.

    Do not rip and replace your email security based on a flashy demo. Run a proof of concept. Test against your actual mail flow. Measure false positive rates, because a system that quarantines legitimate business email is a productivity killer that your users will learn to ignore.

    The Bottom Line

    Phishing detection is getting meaningfully better. That is the good news. The bad news is that it has to, because the attacks are getting better too. This is an arms race, and standing still means falling behind.

    Review your defenses now. Not next quarter. Because the phishing email that gets through tomorrow will not have a single typo in it.

  • The cybersecurity reality for SMBs

    In today’s digital environment, SMBs can no longer assume “we’re too small to matter” when it comes to cyber-threats. Microsoft’s report underscores how the risk has become pervasive and how the stakes are significant for organizations with limited resources yet major responsibilities. The findings reveal both awareness and a gap between knowing the risk and acting fully on it.

    Here is a summary of the Microsoft report from a survey of SMBs.
    Read the Full Report Here

    5 Key Statistics

    Here are five standout figures from the report:

    1. 94% of SMBs say cybersecurity is critical to their success.
      According to Microsoft, 94% of SMB respondents recognize that cybersecurity is fundamentally important to business success.
    2. About 1 in 3 SMBs suffered a cyberattack in the past year.
      The report notes roughly 31% of SMBs reported being victims of a cyberattack (including ransomware, phishing or data breach).
    3. The average cost of a cyberattack for an SMB is over US$250,000, and some incidents exceeded US$7 million.
      Microsoft reports that the cost to an SMB can easily top the quarter-million mark and in some cases go much higher.
    4. 81% of SMBs believe AI increases the need for additional security controls.
      As artificial intelligence becomes more widespread, 81% of SMBs view it as elevating their security requirements.
    5. Less than 30% of SMBs manage their security in-house.
      The report indicates that due to limited resources and expertise, fewer than 30% of SMBs handle security internally, the rest rely on external providers or outsourcing.

    What this means for SMBs

    Given those statistics, here are some reflections and take-aways that SMBs (including you, if this applies) should consider:

    Awareness is high, but action must catch up

    Yes — 94% of SMBs know cybersecurity is critical. But the fact that ~1 in 3 have still been attacked suggests awareness alone isn’t sufficient. Investment in the right controls, training, governance and incident-response capability is essential.

    The financial risk is real

    With costs often exceeding US$250k (and in some cases many millions), cyberattacks can be existential for smaller companies. For SMBs with tighter margins, fewer resources, and less time to recover, the pressure is intense. Having a plan ahead of time can reduce both impact and downtime.

    New threats are emerging (AI, hybrid work, remote access)

    The finding that 81% of SMBs believe AI raises security demands signals that it’s not just “business as usual”. Threats are evolving, the attack surface is shifting (remote/hybrid work, cloud adoption, AI) and SMBs need to adapt accordingly.

    Outsourcing security is common but presents its own challenges

    Less than 30% of SMBs manage security internally. That means many professionals are depending on MSPs (managed service providers), consultants, SaaS tools, etc. While that’s often necessary, it creates dependencies: choose your providers carefully, establish clear SLAs, maintain visibility into what they do, and ensure you retain control over your security posture.

    Prioritisation and investment matter

    If 80%+ of SMBs intend to increase their security spending (as the report indicates), then the next question is where to invest. Data-protection, identity management (MFA, least‐privilege access), endpoint detection, and incident response planning should all be high on the list. Preventing an attack is far cheaper than recovering from one.

    Practical steps for SMBs today

    Here’s a brief “checklist” of actionable items based on these insights:

    • Conduct a cyber risk assessment: identify your assets (data, systems, identity), map your threat vectors (phishing, ransomware, remote access), and determine potential impact.
    • Ensure multi-factor authentication (MFA) is enabled for all privileged or remote access accounts.
    • Invest in employee training — phishing awareness, suspicious link detection, secure remote-work practices.
    • Implement an incident response plan: define roles, notification paths, backup/recovery procedures, and test it periodically.
    • Consider partnering with a trusted MSP or security consultant — but keep reporting, visibility and oversight top-of-mind.
    • Monitor emerging risks: AI/ML-driven threats, supply-chain vulnerabilities, cloud misconfigurations, hybrid work models.
    • Measure and track your security posture over time: number of access incidents, malware alerts, patching status, compliance with policies, etc.

    Final thoughts

    The Microsoft SMB Cybersecurity Report paints a clear message: SMBs cannot afford to be passive. The combination of widespread awareness (94%), meaningful attack rates (~31%) and potentially crippling costs (US$250k+) indicates urgency. At the same time, emerging threat vectors like AI and remote access complicate the picture.

    Yet it’s not too late — careful planning, targeted investment, smart outsourcing, and ongoing monitoring can shift a business from vulnerable to resilient. SMBs may not have the large budgets of enterprise giants, but they often have agility on their side: the ability to implement security controls, train staff, and build culture more quickly. With the right mindset and focus, smaller size can become an advantage rather than a disadvantage.

    If you’d like, I can pull additional statistics from the report (e.g., geographical breakdowns, sector‐specific results, readiness levels) and we could craft a companion infographic or checklist for SMB leaders. Would you like me to do that?

  • What is Salt Typhoon and why should I care?

    ???? What is Salt Typhoon?

    Salt Typhoon is a state-sponsored Chinese Advanced Persistent Threat (APT) believed to operate under China’s Ministry of State Security. Its espionage operations began around 2020 and have heavily targeted U.S. critical infrastructure CyberScoop.

    ???? How did they infiltrate U.S. telecom networks?

    • Initial access via unpatched vulnerabilities in critical network gear—especially Cisco routers, Fortinet, and Versa Director systems—often exploiting default or weak admin credentials.
    • Once inside, they leveraged existing tools (“living-off-the-land” such as PsExec, WMIC) to avoid detection and maintain stealthy network access.
    • They carefully erased logs and stayed embedded for months—or longer. Cisco Talos notes one case with persistent presence for over three years.

    ???? Scope of the breach: What was affected?

    • At least eight U.S. telecom firms were breached (Verizon, AT&T, T‑Mobile, Spectrum, Lumen, Windstream, Consolidated, and another unnamed firm); a ninth was confirmed later by the White House.
    • Access extended to infrastructure handling lawful intercepts (CALEA systems), exposing text and call metadata—and in some cases, even call audio—of over a million individuals, including senior political figures (Trump, Vance, Harris campaign).
    • Metadata included timestamps, phone numbers, IP addresses, and live intercepts.

    ???? Broader implications

    • Senate Intelligence Chair Sen. Mark Warner described it as “the worst telecom hack in our nation’s history”—worse even than SolarWinds or Colonial Pipeline .
    • The intrusion extended beyond espionage: it potentially granted visibility and control over communications infrastructure—vital in crisis or conflict scenarios.
    • U.S. authorities fear this is a strategic campaign to enable future disruption, pre-positioning within critical inter-state communication networks.

    ????️ Government response & policy shifts

    • U.S. agencies (FBI, CISA, NSA, FCC) issued hardening guidance—patching, monitoring, stronger authentication, log retention.
    • Calls emerged for mandatory cybersecurity regulations for telecoms, culminating in new FCC rules championed by Chair Rosenworcel.
    • The Treasury .
    • However, full eviction of the hackers is still a challenge—remediation may require replacing thousands of devices.

    ???? Summary: Key facts at a glance

    CategoryDetails
    ActorSalt Typhoon (MSS-affiliated)
    Breach timelineFrom at least mid-2023 through late 2024, possibly earlier .
    Firms affected8–9 major U.S. telecoms
    Data compromisedCall metadata, wiretap systems, live audio
    Depth of accessRouter-level access via Cisco exploits
    Strategic threat levelEspionage w/ potential for disruption

    ???? What this means for you

    While the average consumer’s daily service hasn’t been significantly disrupted, this breach compromises the integrity and privacy of communications infrastructure. As a result, safer communication practices like using end-to-end encrypted apps (Signal, WhatsApp) are now recommended WIRED.

    ? Why do the carriers not care?

    The fact of the matter is that this had no impact on the carriers financially. Yes, they have failed to secure our data and communications but there is no real downside to them.

  • Balancing Budgets and Breaches: The Risky Tradeoff of Cutting Tech Talent

    Balancing Budgets and Breaches: The Risky Tradeoff of Cutting Tech Talent

    Balancing Budgets and Breaches: The Risky Tradeoff of Cutting Tech Talent

    In an era where technology drives competitive advantage, companies are under increasing pressure to cut costs while remaining innovative. Artificial Intelligence (AI) has emerged as a compelling solution, promising automation, efficiency, and scalability. For executive boards focused on shareholder value and margin expansion, it’s easy to see AI as a strategic investment—especially during periods of financial tightening.

    But as organizations accelerate their shift toward automation, many are making a consequential tradeoff: reducing their technical headcount, especially in cybersecurity and IT operations. While this may appear to streamline expenses in the short term, the longer-term implications deserve closer scrutiny.

    Recent examples from major firms like Microsoft and CrowdStrike underscore this trend. Both companies have announced workforce reductions—7,000 and several hundred jobs respectively—while ramping up AI investments (Microsoft Layoffs, CrowdStrike Cuts). For board members, this shift may look like prudent fiscal management—but there’s another side to the story.

    Cybersecurity Staffing: An Unseen Cost

    According to a Dark Reading article, mass layoffs in information security can create hidden vulnerabilities. More than 80% of departing employees take some form of sensitive information with them—either unintentionally or maliciously. This risk grows exponentially when defensive cybersecurity staff are reduced or replaced without a solid transition plan in place.

    Cutting defensive staff may also mean fewer eyes on real-time alerts, fewer team members conducting penetration testing, and longer response times during active threats. AI can certainly assist with detection and automation—but it still needs experienced humans to interpret signals, act with nuance, and make judgment calls in rapidly evolving threat environments.

    Why Boards Feel the Pressure

    From the boardroom perspective, AI can look like a smart play. Technology vendors promise lower long-term operational costs, 24/7 monitoring, and faster throughput. And with capital markets and investors increasingly fixated on profitability and growth, the drive to find cost efficiencies is real. This is particularly acute in tech-heavy sectors where headcount is a large portion of operational spend.

    However, while automation can enhance productivity, it doesn’t eliminate risk. When cybersecurity roles are seen as cost centers rather than risk mitigation investments, the balance can tip dangerously toward exposure.

    A Smarter Path Forward

    This isn’t a call to reject AI. On the contrary, AI is already improving outcomes in areas like phishing detection, log analysis, and behavioral anomaly monitoring. But it works best as a co-pilot—not a replacement—for skilled professionals.

    Boards and executive teams must consider hybrid models that integrate AI with existing human talent. Upskilling employees to work alongside AI, rather than replacing them outright, can preserve institutional knowledge while embracing innovation.

    Final Thoughts

    It’s understandable that companies seek to do more with less. But as cybersecurity threats become more sophisticated and reputational risks grow, the decision to replace experienced defenders with machines should be made with full awareness of the tradeoffs. AI may be the future—but it’s not a substitute for human expertise just yet.

    Let me know if you’d like a LinkedIn version or graphic elements for this article.

  • Why HR Service Firms Should Consider Cybersecurity Services as Their Next Revenue Stream

    Why HR Service Firms Should Consider Cybersecurity Services as Their Next Revenue Stream

    Introduction

    In today’s digital-first world, compliance is no longer just about HR manuals and legal frameworks—cybersecurity has become central to every risk management conversation. For a companies in this space, which already offers legal and HR compliance solutions, expanding into cybersecurity services is not just a logical step—it’s a strategic opportunity to deliver greater value and unlock a powerful new revenue stream.

    1. Compliance and Cybersecurity Are Intertwined

    Companies that turn to staffing for HR or legal compliance already trust the brand to help them navigate complex regulations. But today’s regulatory landscape increasingly includes data protection laws, digital risk mandates, and cybersecurity requirements. From GDPR and CCPA to SOC 2 and HIPAA, your clients need help understanding and mitigating risks tied to information security.

    Adding cybersecurity services like: risk assessments, incident response planning, and employee awareness training, allows staffing companies to offer a more complete, integrated compliance solution. It’s not a pivot, it’s an expansion.

    2. A Natural Extension of the Talent Placement Model

    Expertise in workforce solutions could also be enhanced by cybersecurity services in two key ways:

    • Security staffing: Help clients identify, vet, and place cybersecurity professionals—roles that are notoriously hard to fill.
    • Security onboarding and offboarding protocols: Many breaches occur due to poor user lifecycle management. By offering cybersecurity consulting tied to employee access and data policies, you provide more value around the employment lifecycle.

    3. Clients Are Already Looking for These Services

    According to Deloitte, more than 70% of mid-size companies now seek outsourced support for cybersecurity. Your clients are likely evaluating vendors for penetration testing, policy development, and even virtual CISO services. Why not position yourself as a trusted partner already within their ecosystem?

    With the right hires or strategic partnerships, you could offer packages tailored to client size and risk profile, including:

    • Cyber risk assessments
    • Vendor risk management
    • Policy and compliance alignment (e.g., SOC 2 readiness, HIPAA risk analysis, CMMC, NIST alignment)
    • Security awareness training programs
    • Cloud and endpoint security consulting

    4. High-Margin, Recurring Revenue Model

    Cybersecurity services naturally lend themselves to monthly retainers, annual reviews, or project-based consulting—making them ideal for building predictable, scalable revenue. Margins in cybersecurity services are often higher than traditional staffing or compliance offerings, especially when automation and standardization are in place.

    5. It Future-Proofs Your Brand

    By embracing cybersecurity, staffing firms strengthen market position as a modern, full-spectrum compliance partner. This kind of forward-thinking service offering not only retains current clients but also attracts new ones—particularly in sectors like healthcare, finance, and SaaS, where cybersecurity isn’t optional.

    In Summary

    Cybersecurity isn’t just an IT issue, it’s a business imperative. Stepping into cybersecurity services complements your existing offerings, reinforces your position as a trusted compliance partner, and unlocks long-term growth. As digital risks continue to rise, your clients will be looking for support. With the right expertise and a commitment to strategic service expansion, staffing firms could be exactly who they turn to next.

  • AI Cybersecurity Playbook: Enhancing Collaborative Defense

    AI Cybersecurity Playbook: Enhancing Collaborative Defense

    The AI Cybersecurity Collaboration Playbook, developed by the Cybersecurity and Infrastructure Security Agency (CISA), serves as a crucial guide to improving collaboration and enhancing the cybersecurity resilience of AI systems and technologies. With AI playing an increasingly integral role in various sectors, the potential for cyber threats targeting AI systems also escalates. In response, CISA has developed this playbook to strengthen partnerships between federal, state, and local government agencies, the private sector, academia, and international entities. The playbook provides a detailed framework for how stakeholders can work together to manage AI cybersecurity risks and bolster collective defense.

    Objectives and Focus Areas

    The playbook’s central goal is to foster a collaborative approach to AI cybersecurity. As AI technologies become more embedded in critical infrastructure and everyday business processes, their vulnerabilities need to be addressed through cooperative efforts. The playbook underscores the importance of sharing information about AI-related threats, incidents, and vulnerabilities. This exchange of data allows for timely identification of emerging threats, better coordination in response efforts, and more informed decision-making when it comes to AI system security.

    One of the key principles outlined in the playbook is the necessity of voluntary, yet structured, information sharing. The playbook recommends that stakeholders share information regarding AI-related cybersecurity incidents, as well as the vulnerabilities that these incidents expose. This is important because AI systems often involve complex architectures and interdependencies, making them susceptible to novel and hard-to-detect cyberattacks. The playbook facilitates stakeholders’ efforts to share this information securely and responsibly, with an emphasis on protecting sensitive data and ensuring compliance with privacy laws.

    Collaborative Defense

    The AI Cybersecurity Collaboration Playbook also provides practical guidelines on how different parties can contribute to collective defense strategies. CISA encourages stakeholders to work together through the Joint Cyber Defense Collaborative (JCDC) to tackle AI-specific challenges. This collaboration involves government agencies, the private sector, and critical infrastructure providers working in concert to detect, respond to, and mitigate cyber threats that target AI systems.

    To maximize the effectiveness of collaboration, the playbook highlights the importance of proactive threat detection. By sharing threat intelligence and insights across sectors, stakeholders can identify vulnerabilities and attack patterns early on, reducing the potential damage that can be caused by these threats. Additionally, the playbook stresses the importance of coordinated response efforts. The JCDC serves as a central mechanism for organizing these efforts, ensuring that response activities are not duplicated and that resources are optimized for maximum impact.

    Recognizing the sensitivities around sharing cybersecurity data, the playbook addresses legal protections for shared information. It emphasizes the role of the Cybersecurity Information Sharing Act of 2015 (CISA) in creating a framework for secure information exchange. The playbook assures stakeholders that sharing information about cybersecurity threats is protected from liability, as long as it follows the guidelines set forth in the CISA law. This is crucial because many organizations are hesitant to share data due to concerns about privacy, legal consequences, and competitive disadvantage. By clarifying the protections available under CISA, the playbook aims to reduce these barriers to information sharing.

    Resilience Through AI Security

    AI systems are increasingly critical to the functioning of modern society, from healthcare and transportation to financial services and energy. However, as these systems grow more complex, their resilience to cyber threats becomes more challenging to maintain. The playbook outlines how AI stakeholders can better prepare for the unique cybersecurity risks that AI systems face. It highlights the need for continuous monitoring of AI systems and the potential vulnerabilities that may emerge over time. This ongoing vigilance is key to building resilient AI technologies that can withstand cyberattacks and recover from disruptions.

    The playbook also emphasizes that AI cybersecurity is a shared responsibility. While government entities and cybersecurity organizations play a critical role in shaping policy and setting standards, private companies that develop and deploy AI technologies are on the front lines of defense. Therefore, all stakeholders must take ownership of their cybersecurity responsibilities and work together to create secure, trustworthy AI systems. By sharing expertise, pooling resources, and learning from each other’s experiences, stakeholders can improve the security posture of AI systems on a national and international scale.

    Conclusion

    The AI Cybersecurity Collaboration Playbook is an essential resource for strengthening the cybersecurity of AI technologies. It offers a comprehensive approach to tackling the growing challenges associated with AI cybersecurity by promoting collaboration, improving information sharing, and ensuring legal protections for stakeholders. As AI continues to play a pivotal role in society, the need for secure AI systems is more critical than ever. By following the strategies outlined in the playbook, stakeholders can contribute to a more secure, resilient AI ecosystem that is better equipped to handle the evolving cybersecurity landscape.

    For further details, you can access the full document here: AI Cybersecurity Collaboration Playbook and explore more about CISA’s work at CISA.

  • The Need for Grassroots Support for Nonprofits in Light of the US Government Freeze on Grant Funding

    The Need for Grassroots Support for Nonprofits in Light of the US Government Freeze on Grant Funding

    Nonprofits have long been a vital part of the American social fabric, supporting a wide range of causes from education and healthcare to social justice and environmental sustainability. However, in recent times, these organizations have faced a particularly challenging hurdle: a freeze on US government grant funding. This freeze has left many nonprofits scrambling to maintain their operations, programs, and the crucial services they provide to underserved communities.

    As the government holds back on disbursements, nonprofits must look to alternative sources of support—chief among them being grassroots fundraising and community engagement.

    The Impact of the Government Funding Freeze

    The freeze on government grant funding has had a ripple effect across the nonprofit sector. Many organizations, particularly smaller ones, depend on government grants to fund their programs and operational costs. When that funding source is removed or delayed, it often forces nonprofits to make difficult decisions, such as scaling back their services or reducing staff. In some cases, it may even lead to the shuttering of entire programs that communities rely on.

    This freeze has affected not only local organizations but national ones as well, with some advocacy groups and service providers finding it more difficult to maintain their work. While government grants were never a guaranteed source of funding, they provided a level of stability that allowed nonprofits to plan long-term initiatives, and now that is in jeopardy.

    Grassroots Support: A Lifeline for Nonprofits

    In the face of such uncertainty, nonprofits must turn to their communities for support. Grassroots efforts, which rely on the contributions and involvement of individuals and local businesses, are crucial during times like these. Unlike government grants or corporate donations, grassroots support comes from the people who directly benefit from the services a nonprofit provides.

    Grassroots support takes many forms: direct donations, fundraising events, volunteer hours, in-kind contributions, and public awareness campaigns. While these forms of support may seem small in comparison to large government grants or corporate sponsorships, they are incredibly powerful when aggregated. Here are some reasons why grassroots support is more critical than ever:

    1. Community Investment

    Grassroots donors are more likely to have a personal connection to the cause they’re supporting. Whether it’s a local education program, a neighborhood food bank, or a healthcare initiative, community members understand firsthand the importance of these services. As a result, they are often more invested in the long-term success of nonprofits, viewing their donations and time as an investment in their own community.

    2. Diversified Funding

    Relying solely on government funding or corporate donations is risky for any nonprofit. Government funding can be inconsistent, and corporate donations often come with strings attached. By building a strong base of grassroots supporters, nonprofits can create a more diversified funding model. This reduces the risk of being entirely dependent on any one source of funding and ensures financial stability through a wider range of revenue streams.

    3. Increased Awareness and Advocacy

    Grassroots support often goes hand-in-hand with grassroots advocacy. When individuals are engaged in giving, they become passionate advocates for the cause. This advocacy can take many forms, from spreading the word on social media to organizing local events that raise awareness of important issues. A strong grassroots base not only provides financial support but helps amplify the nonprofit’s message and mission.

    4. Sustainability and Long-Term Growth

    Grassroots funding isn’t just about short-term survival—it’s also about sustainable growth. When a nonprofit cultivates relationships with individuals and businesses within the community, it builds a network of ongoing supporters who are likely to remain engaged for years to come. Unlike large corporate donations that may fluctuate year-to-year, grassroots supporters tend to have a longer commitment, providing stability in both the financial and social capital sense.

    Ways to Cultivate Grassroots Support

    In order to tap into the power of grassroots support, nonprofits need to focus on fostering meaningful relationships with their communities. Here are some ways to build a strong base of grassroots support:

    1. Engage with Your Community: It’s crucial for nonprofits to stay connected with the people they serve. Hosting community events, town halls, or open forums can give individuals a voice and allow them to connect personally with the cause. This builds trust and encourages people to give back in whatever way they can.
    2. Leverage Social Media: Social media has proven to be a powerful tool for grassroots fundraising. From crowdfunding campaigns to awareness drives, nonprofits can use platforms like Facebook, Instagram, and Twitter to rally support, share success stories, and reach a wider audience.
    3. Offer Opportunities for Volunteering: Many people feel more comfortable contributing their time rather than money. Volunteering not only helps nonprofits meet their operational needs, but it also fosters deeper relationships within the community. Volunteers who believe in the cause are likely to become repeat contributors, both in terms of time and financial donations.
    4. Develop Targeted Fundraising Campaigns: Create fundraising campaigns that directly address community needs. Whether it’s an annual event, a campaign for a specific program, or a cause-specific initiative, targeted campaigns are more likely to resonate with supporters who feel personally connected to the outcome.
    5. Celebrate Donors and Volunteers: People who contribute their time or money want to feel valued. Recognizing their contributions publicly, whether through thank-you notes, social media shout-outs, or donor appreciation events, can go a long way in maintaining long-term support.

    In Summary

    The freeze on government funding for nonprofits presents a serious challenge, but it also highlights the importance of grassroots support. By turning to local communities for financial contributions, volunteer support, and advocacy, nonprofits can build stronger, more sustainable operations. Grassroots support isn’t just about keeping organizations afloat in tough times—it’s about creating a foundation of trust, connection, and shared responsibility that can help nonprofits thrive in any environment. As we navigate this uncertain funding landscape, it’s clear that the power of community will always remain one of the most reliable resources for any nonprofit.

  • Outsourcing IT? Key Risks for US Businesses

    Outsourcing IT? Key Risks for US Businesses

    The FBI has issued an urgent public service announcement regarding North Korean IT workers targeting U.S.-based businesses in a growing wave of data extortion. These workers have leveraged illicit access to company networks to steal proprietary and sensitive data, often holding it hostage to demand ransom payments. This has included the exfiltration of critical company code and the release of this stolen data, putting businesses at risk of significant financial and reputational damage.

    The Problem: Data Extortion and Theft

    North Korean IT workers are infiltrating corporate networks, typically through job applications, posing as legitimate remote workers. Once inside, they exfiltrate sensitive data—sometimes even copying entire repositories of proprietary code—and demand ransoms for its return. This extortion has been coupled with activities like launching cybercriminal operations or generating revenue for the regime. The threat is particularly pronounced for businesses in the software development and technology sectors, where stolen intellectual property can have a long-lasting impact.

    Risk Points and Red Flags

    Several potential risk areas have been identified, including:

    1. Remote Hiring Practices: North Korean IT workers often use fake identities, relying on AI-generated resumes, face-swapping technology, and reused communication details, such as phone numbers or email addresses, to gain employment remotely.
    2. Data Exfiltration: Once infiltrating a network, the stolen data is often transferred via cloud services, shared drives, or private repositories, making detection challenging.
    3. Unusual Network Activity: Frequent login attempts from diverse locations, especially across countries, and abnormal use of remote desktop applications, may indicate unauthorized access.

    Recommendations to Protect Your Business

    To mitigate these risks, the FBI provides several actionable recommendations:

    1. Enhance Data Monitoring:
      • Enforce the Principle of Least Privilege on your networks, limiting access for users and restricting installation of unauthorized software.
      • Closely monitor network traffic for abnormal activities such as remote connections or prohibited protocols.
      • Watch for unusual browser sessions or file transfers to cloud accounts and shared drives.
    2. Strengthen Remote Hiring and Onboarding:
      • Implement thorough identity verification for remote applicants, including cross-checking resumes and communication accounts.
      • Educate HR and development teams on potential red flags, such as unusual educational backgrounds and inconsistencies in applicants’ documentation.
      • Consider in-person interviews or “soft” interview questions to probe for authenticity.
    3. Incident Response:
      • If you suspect a North Korean IT worker may have infiltrated your network, report the incident immediately to the FBI’s Internet Crime Complaint Center (IC3).
      • Use intrusion detection systems to track and analyze suspicious activity related to a potential breach.

    In Summary

    North Korean IT workers have evolved their tactics, increasingly targeting U.S. businesses for data theft and extortion. By strengthening hiring practices, enhancing network security, and monitoring for suspicious activity, companies can better safeguard against these sophisticated cybercriminals. Early detection and swift action are key to minimizing the impact of such attacks.

  • Mentorship: Empowering First-Generation College Students

    Mentorship: Empowering First-Generation College Students

    For many students, the transition from high school to college is a pivotal moment—full of excitement, discovery, and challenges. But for first-generation college students, it can also feel like stepping into uncharted territory. Without a roadmap from family members who have navigated this journey before, these students often encounter unique barriers that make their path to higher education significantly harder.

    At Lamp of Learning, we understand these challenges all too well. That’s why programs like IGNITE, our mentoring initiative for first-generation, college-bound high school students, exist: to provide the support and guidance these students need to thrive.

    The Struggles First-Generation College Students Face

    Being the first in a family to attend college is a remarkable achievement, but it comes with a set of hurdles that can feel overwhelming:

    1. Navigating the Unknown:
      College applications, financial aid forms, and scholarship essays are daunting tasks for any student. Without someone who’s been through the process, first-generation students may struggle to understand the requirements or timelines, leading to missed opportunities.
    2. Financial Challenges:
      The cost of a college education is a significant barrier for many low-income students. Even with scholarships and financial aid, hidden expenses like textbooks, transportation, and living costs can add up quickly.
    3. Emotional Strain:
      First-generation students often feel a heavy weight of expectation from their families. They may struggle with imposter syndrome, feeling they don’t belong in academic spaces. Balancing family responsibilities and the demands of college life can also create immense stress.
    4. Limited Networks:
      Many first-generation students lack access to professional networks or mentors who can guide them in their educational and career aspirations. This isolation can make it harder to find internships, jobs, or even moral support when times get tough.

    How Mentorship Can Make a Difference

    Programs like Lamp of Learning’s IGNITE address these challenges by providing first-generation students with mentorship, resources, and a sense of community. Here’s how:

    • Guidance Through the Process:
      Mentors help students navigate applications, essays, and financial aid, ensuring deadlines are met and opportunities are seized. They act as a personal compass, offering insight and encouragement.
    • Building Confidence:
      Mentors understand the doubts and fears students face because many of them have walked the same path. By sharing their stories and successes, they help students see that their goals are achievable.
    • Expanding Networks:
      Through mentoring relationships, students gain access to a broader network of professionals, alumni, and peers who can open doors to internships, scholarships, and career paths.
    • Emotional Support:
      Knowing someone believes in you can make all the difference. IGNITE mentors provide not only practical advice but also emotional reassurance, reminding students they are not alone on this journey.

    The Ripple Effect of Mentorship

    When first-generation students succeed, it’s not just their own lives that change—it’s their families, communities, and future generations. Mentorship programs like IGNITE have a multiplier effect: they empower students to overcome barriers, achieve their dreams, and inspire others to follow in their footsteps.

    At Lamp of Learning, we’ve seen this transformation firsthand. IGNITE alumni have gone on to attend prestigious universities, pursue impactful careers, and return to mentor the next generation of students. Their stories are a testament to the power of mentorship and the resilience of first-generation college students.

    Join Us in Empowering the Next Generation

    Empowering first-generation students isn’t just about academic success; it’s about creating a more equitable and inclusive future. With your support, Lamp of Learning can continue to expand programs like IGNITE, helping more students break through barriers and reach their full potential.

    Whether it’s becoming a mentor, attending our upcoming Lamp Vegas fundraiser, or contributing to the McNeely Fund, you can make a meaningful difference in the lives of first-generation students. Together, we can illuminate the path to success and ensure no student has to walk it alone.

    Learn more about IGNITE and how you can get involved here.

    In Summary, first-generation college students face unique challenges, but with the right mentorship and support, those challenges can be overcome. Programs like IGNITE empower students to not only succeed in higher education but to transform their lives and communities. Let’s work together to make that vision a reality.

  • How to Strengthen Your Network: Expert Cybersecurity Guidance

    How to Strengthen Your Network: Expert Cybersecurity Guidance

    The global telecommunications sector faces relentless cyber threats, especially from sophisticated actors linked to nation-states. To help network engineers, defenders, and organizations bolster their defenses, top cybersecurity agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), NSA, and their international counterparts, have released a comprehensive guide. Here’s an accessible breakdown of their recommendations to protect your critical infrastructure.

    Understanding the Threat

    Cyber threat actors, particularly those linked to the People’s Republic of China (PRC), have been exploiting vulnerabilities in telecommunications networks to launch cyber-espionage campaigns. While no novel attack techniques were observed, these attackers took advantage of existing security gaps, emphasizing the importance of proactive measures.

    1. Boost Your Network Visibility

    Effective network monitoring is your first line of defense. Here’s how you can enhance visibility and detection:

    • Track Configuration Changes: Regularly monitor and investigate changes to switches, routers, and firewalls. Use centralized configuration storage to prevent tampering.
    • Monitor Traffic Flow: Implement tools that provide detailed insights into network traffic, ensuring you can spot anomalies.
    • Log Smartly: Use secure, centralized logging systems to collect, encrypt, and store network activity logs. Analyze these logs with a Security Information and Event Management (SIEM) tool.
    • Set Baselines: Establish normal network behaviors to quickly identify threats.

    2. Harden Your Systems and Devices

    Reducing vulnerabilities through system hardening is a cornerstone of cybersecurity. Apply these strategies:

    • Segment Networks: Use Access Control Lists (ACLs) and Virtual Local Area Networks (VLANs) to isolate critical systems.
    • Secure Protocols: Upgrade to modern protocols like SNMP v3 and TLS 1.3, and disable insecure options like Telnet and SNMP v1/v2.
    • Strong Passwords: Replace all default passwords and store them using secure, hashed formats.
    • Regular Updates: Keep all firmware and software updated to patch known vulnerabilities.
    • Limit VPN Exposure: Harden VPN gateways and restrict their external access to minimize risks.

    3. Cisco-Specific Recommendations

    Cisco devices are common targets for cyber attackers. Follow these best practices:

    • Disable Unused Features: Turn off Cisco Smart Install and other unneeded services.
    • Encrypt Management Tools: Only use secure, encrypted protocols for web management.
    • Strengthen Passwords: Use Type-8 or better encryption to secure stored passwords.

    4. Be Prepared to Respond

    Every organization should have a clear plan for incident reporting. Know where to report suspicious activity:

    • U.S.: Contact the FBI’s Internet Crime Complaint Center (IC3) or CISA.
    • Australia, Canada, New Zealand: Use local cybersecurity agency contacts for immediate support.

    5. Adopt Secure-by-Design Principles

    Proactively demand secure-by-design software from vendors. Secure-by-design products reduce the need for user-implemented hardening and make systems more resilient from the start.

    Take Action Today

    Cyber threats are not just a possibility—they are a reality. By implementing these enhanced visibility and hardening practices, you can protect your network from even the most sophisticated adversaries. Don’t wait until it’s too late—strengthen your defenses now.

    For more detailed guidance, visit resources from CISA and other leading agencies.