• Welcome to Demakis Technologies! We are waiting to help you!

Monthly Archives: December 2021

cybersecurity maturity model certification

What You Need to Know and Do About CMMC

In this post, we’ll tell you about cybersecurity maturity model certification (CMMC).

You’ll find out:

  • What is the cybersecurity maturity model?
  • What are the CMMC security requirements?
  • What are CMMC levels?
  • How to prepare for CMMC?

So if you want to learn more about CMMC and how you may apply for a DoD contract, then this post is for you.

Let’s begin!

What is the cybersecurity maturity model certification?

Cybersecurity maturity model certification (CMMC) is a U.S. Department of Defense (DoD) cybersecurity program. 

At its core, CMMC ensures contractors are all meeting at least a basic security level. The goal is to keep sensitive defense information protected. 

CMMC controls Defense Industrial Base (DIB) contractors. It’s a unifying standard for implementing cybersecurity across DIB.

The Department of Defense released the CMMC 1.0 framework in January 2020, and in November 2021, the DoD released CMMC 2.0, changing many compliance requirements.

CMMC requirements

Companies comply with the CMMC requirements by showing commitment to a range of practices and processes.

Practices are the technical activities required by the contractor. All in all, there are 171 practices mapped across the 5 CMMC maturity levels.

Processes measure the maturity of organizations’ cybersecurity procedures. There are 9 processes that are mapped across the 5 CMMC maturity levels.

Any defense company that does business with DoD needs to become certified with at least one of the 5 CMMC levels.

This requirement applies to not only prime contractors, but also to all of their subcontractors.

The DoD contract specifies the level of compliance an individual contractor needs to meet. 

For example, some parts of the contract might require the contractor to meet CMMC level 3. In that case, other subcontractors may only have to meet level 1.

cybersecurity maturity model certification cmmc

What are CMMC levels?

CMMC levels are benchmarks for an organization’s cybersecurity capabilities

The higher the maturity level, the higher the protection of sensitive information.

Every organization that wants to work for the DoD must achieve a certain CMMC level. 

The level it must achieve depends upon the sensitivity of the information it will work with.

Let’s look at the summary of processes and practices for each of CMMC’s five levels. 

It will help you identify the right CMMC level for your business. 

Level 1

Processes: Performed

Level 1 requires that an organization performs the specified practices. The organization may be able to perform these practices only when needed. 

Also, it may or may not rely on documentation. That’s why process maturity is not assessed for Level 1.

Practices: Basic Cyber Hygiene

Level 1 focuses on the protection of FCI (Federal Contract Information). It consists only of practices that correspond to the basic safeguarding requirements.

Level 2

Processes: Documented

Level 2 requires an organization to document practices to guide the implementation of their CMMC efforts. The documentation of practices enables individuals to perform them in a repeatable manner. 

Organizations develop mature capabilities by documenting their processes and practicing them as documented.

Practices: Intermediate Cyber Hygiene

Level 2 serves as a progression from Level 1 to Level 3. Because this level is a transitional stage, a subset of the practices reference the protection of CUI (Controlled Unclassified Information). 

Level 3

Processes: Managed

Level 3 requires an organization to demonstrate the management of activities for practice implementation. 

Practices: Good Cyber Hygiene

 Level 3 focuses on the protection of CUI. Any contractor with a DFARS clause In their contract will need to at least meet Level 3 requirements. 

Level 4

Processes: Reviewed

Level 4 requires an organization to review and measure practices for effectiveness. In addition, organizations at this level are able to take corrective action when necessary. 

They can inform higher level management of status or issues on a recurring basis.

Practices: Proactive

Level 4 focuses on the protection of CUI from APTs. It covers a subset of the enhanced security requirements and other cybersecurity best practices. 

These practices enhance the organization’s capabilities to address and adapt to the changing tactics used by APTs. 

Level 5

Processes: Optimizing

Level 5 requires an organization to optimize process implementation across the organization.

Practices: Advanced/Proactive

Level 5 focuses on the protection of CUI from APTs. The additional practices increase the depth and sophistication of cybersecurity capabilities.

cmmc levels

How to prepare for CMMC?

Is your organization interested in being considered for DoD contracts? 

If so, then it’s in your  best interest to make sure it can meet the CMMC 2.0 requirements.

Here’s what you can do to prepare for CMMC certification:

  • Become familiar with the CMMC standard on the Cybersecurity Maturity Model Certification website
  • Try to identify levels your company wants to be able to achieve to get CMMC certified
  • Review your current IT security and cybersecurity processes and protocols. Compare them to industry best practices. 
  • If your company isn’t already following critical IT security best practices, get started on them now. 

Take the next step

If you want to prepare to get CMMC 2.0 certified, we’ve got you covered!

Demakis Technologies is a leading IT and cybersecurity expert that can help you get your tech stacks up to code with CMMC requirements.

Our cybersecurity services are the best-in-class in the U.S., and our managed services can be just the boost your business needs to get contracted by the DoD.

If you want to learn more, please CONTACT US to get in touch with one of our Demakis experts who can answer all of your questions.

If you want to prepare for meeting CMMC 2.0 and other requirements, contact us at Demakis Technologies

We have extensive experience in helping customers meet cybersecurity industry standards! 

remote work

Best Remote Work Technologies for 2022

What are the best technologies for remote work in 2022?

What remote working solutions should you invest in?

And what do you actually need to implement to support your remote workforce?

In this post, we’ll give you answers to all three questions.

So if you’re planning your IT budget for 2022 or reevaluating your current tech stack, you’ll enjoy this post.

Let’s dive right in. 

#1 Cloud Computing 

During 2020 and 2021, cloud computing exploded as work went remote. 

In 2022, we will undoubtedly see a continuation of rapid adoption and growth.

Let’s go over some key cloud computing trends organizations are moving to adopt. 

Since businesses started migrating to the cloud, they have had two options. 

They can use public cloud solutions or private cloud solutions. 

Today, companies like Microsoft, Amazon, and IBM (the biggest cloud providers) are expanding their rollout of “hybrid” models

These hybrid clouds adopt a best-of-both-worlds approach.

Edge computing is another cloud trend. The cloud is acting as a hub and localized data centers as the outer end of spokes. 

The edge data centers are located at, or near, the place where they are needed. 

This design lowers the load placed on the cloud. Also, it improves processing speeds near the data center.

Artificial intelligence has come to depend on the cloud. The two have become interdependent. 

AI makes decisions that manage data, provides insights, and optimizes workflows. 

On the other hand, cloud computing supports artificial intelligence as it interacts with humans.

remote work cloud computing

#2 Secure remote access

Remote employees need secure access to the company’s network, data and applications.

Let’s look at some remote work tech solutions that can guarantee it. 

Virtual Private Network (VPN) provides secure access through public connections. 

It uses advanced encryptions to create a secure internet connection between a user and a network.

Although VPN is technically a security solution, it does enable remote access to the network.

Remote Desktop Protocol (RDP) is a secure network protocol. It enables the remote management of virtual desktops and applications. 

Unlike VPN, RDP allows users to access applications and data on any device, anytime.

IAM stands for Identity and Access Management. It includes an extensive verification process to confirm the validity of all logins. 

It can be used as a VPN alternative or paired with a VPN. 

Privileged Access Management (PAM) is a solution that helps restrict privileged access. PAM includes advanced credential security, such as user activity monitoring, systems and data access control, etc.

Zero Trust is a security framework. It assumes all users are threats and must be verified before being given any access. 

Zero Trust has basic features of a VPN, but with an additional layer of security. 

#3 RDP Solutions

RDP allows a user to connect to another computer over a network connection. 

It means your employees can securely access everything to do their jobs: desktops, softwares, applications, etc. 

There are different RDP-based solutions for remote work operations. 

Remote Desktop Services (RDS) lets users share remote desktop environments. In other words, it allows you to take control over a remote Windows computer via internet connection.

RDS can be configured so only certain applications are available to remote users.

Virtual Desktop Infrastructure (VDI) is the hosting of desktop environments on a central server. It’s a form of desktop virtualization. 

Desktop operating systems run within virtual machines (VMs). They are then  delivered to end clients over a network. 

You specify which tools can be used, how systems are monitored, where data is stored, and who has access.

remote work software

Desktop-as-a-service (DaaS) uses a cloud computing offering. 

A service provider delivers virtual desktops to end users over the internet. 

DaaS solutions are usually subscription-based and charged by the seat. This cost model ensures you’re paying only for the resources you’re actively using. 

The provider handles monitoring, upgrades, availability and troubleshooting.

Still, your IT staff has to deal with the management of the applications, data and security.

Workspace-as-a-service (WaaS) is a “business-ready” remote work solution. 

It delivers a true virtual workspace with all your employees need to do their job on their desktop.

It’s similar to DaaS, but with anti-virus protection, supporting apps, data storage, data backup, etc. 

WaaS provides a virtual desktop in a cloud and all features needed to run your business. It’s a full package, so the per-seat cost is bigger. 

A CSP powers all backend services, including managed backup and remote monitoring. 

Get Help from a Trusted IT Specialist

We listed some of the best technologies for working remotely. 

Still, the precise tools for working remotely depend on the job type, industry, and other factors specific for your business. 

Implementation of remote work is stressful and challenging. 

And it has to be successful. 

Unless you’re not a trusted IT specialist yourself, perhaps you should find one. 

But good news is that you just found one!

We at Demakis Technologies provide a comprehensive range of services. This also includes cybersecurity, data backup & recovery, cloud solutions, managed services and networking.

IT Budget

Planning Your IT Budget for 2022: 5 Things to Consider

In this post, we’ll explain how you can plan your IT budget for 2022 and five key things you’ll need to consider investing in next year.

So if you still haven’t locked in your IT spending for 2022, you’ll find this article very helpful.

Let’s begin.

#1 Moving to the Cloud 

Moving data and key business activities to the cloud will continue to be a top priority in your IT budget for 2022. 

Cloud technology proved to be critical for business resilience in 2020 and 2021, due to the disruption caused by the COVID-19 pandemic. 

Continuing to invest in the cloud will provide your organization with high availability and agility in case another global disruption occurs.

In fact, in 2021, nearly all organizations started using at least one public or private cloud.

AWS, Azure and Google remain the top three public cloud providers. 

Another thing to consider is the hybrid cloud

We are seeing more and more businesses adopt the hybrid cloud approach (using both private and public cloud) because it ensures:

  • Streamlining application workloads to scale
  • Continuous and uninterrupted operations automation
  • Reduced traffic paths between remote workers and the apps they use
  • Improved end-user experience

So it’s worth taking the time to consider multi-cloud strategies, as well.

preparing the IT budget

#2 Security

When planning the IT budget, double-down on cybersecurity

In fact, investing in security upgrades is one of the top initiatives among IT leaders in 2022. 

Why? 

Because of the rising risk of cybersecurity threats in 2021. 

Attacks like Ransomware and Phishing scams won’t stop in 2022, yet they have a negative impact on your business, regardless of its size.

Make sure you are compliant with the latest updates of the NIST or ISO standards, as well. 

Keeping track of this may seem complicated, so 2022 may be a good time to outsource security and hire a cybersecurity expert. (If there’s room in your IT budget, of course)

#3 Remote working 

Like most companies in 2020 and 2021, you’ve had to transition to remote work. You’re not the only one:

In the next five years, experts expect nearly 41 million U.S. employees will be fully remote.

In 2022, your IT spending should reflect this trend in three ways:

  • Evaluating and changing current remote policies
  • Evaluating and changing current technology
  • Investing in key additional tech stacks

First, you probably already have policies in place to manage remote work. But it may be that they are now almost two years old.

Setting aside additional resources to re-evaluate them and optimize them before the end of the year is a smart IT investment for 2022.

It’s the same story with technology. This is the perfect time to make an assessment of the tech stacks your remote workers use and operate on.

New remote solutions may provide better or more affordable collaborative and time management tools that your employees can get on board with in 2022.

Finally, it’s worth investing in new technologies, especially in the area of backup and recovery, as well as cloud networking and security.

#4 Managed Services

In 2022, the landscape will be ideal for contracting managed IT service providers. So it may be finally worth outsourcing your tech services and support to outside experts.

Having a managed services provider (MSP)  benefits businesses in so many ways. But, the main benefit is that it allows teams to focus on their core objectives. 

MSPs also offer an array of services that are customizable, and which may reduce your 2022 IT spending if you outsource it to a professional provider.

planning the IT budget

#5 Networking

Lastly and most importantly,  IT budgets should include networking. Companies have realized the huge potential of the network. 

The network enables: 

  • New ways of working by
  • Connectivity to business-critical servers
  • Providing the basis to support business across countries
  • Adopting newer connectivity technologies

Get Help from a Trusted IT Specialist

As we all know, Covid-19 threw budget planning off track. 

You’re probably not really sure how to cut your IT budget.

Of course, first you need to calculate how big or small your IT budget is. 

Even if you have an adequate IT budget, you still have to prioritize where to invest it. 

This process can be extremely overwhelming. The best thing to do is to hire a specialist. 

At least, that’s easy. You just found one!

We at Demakis Technologies provide a comprehensive range of services.

This also includes cybersecurity, data backup & recovery, cloud solutions, managed services and networking

recent ransomware attacks 2021

Ransomware Attacks: Plan, Prepare and Respond

In this article, we will explain how you can plan, prepare, and respond to ransomware attacks.

Specifically, you will find out: 

  • What are ransomware attacks?
  • How to prevent them?
  • How to respond to an attack? (If it happens)

So, if you want to protect your business from ransomware attacks and raise your cybersecurity, then this post will be helpful to you.

Let’s begin. 

What are Ransomware Attacks?

Ransomware attacks are extortion malwares. They employ encryption to hold a victim’s information at ransom. Basically, it’s the act of holding your files or computer hostage. It’s only released once the ransom is paid. 

Hackers usually extort cryptocurrencies, which is why it’s difficult to trace and prosecute them. 

Biggest Ransomware Attacks

Ransomware is a growing threat, generating billions of dollars to cybercriminals.   

Recent ransomware attacks in 2021 seem to be more sophisticated and disruptive than last year. 

New forms are quickly evolving and the number of attacks is expected to increase.

Now let’s go through some of the biggest ransomware attacks. It will help you understand how these ransomwares generally work. 

Here we go. 

1. Wannacry ransomware attack

WannaCry is a ransomware cryptoworm cyberattack. It targets computers running Microsoft Windows OS. 

The first, worldwide Wannacry ransomware attack happened in 2017. The ransomware encrypted data and demanded ransom of $300 to $600, paid in Bitcoins. 

Estimates from Europol put the number of computers infected at more than 200.000 across 150 countries. Financial damages ranged from hundreds of millions to billions of dollars. 

Ransomware Attacks

2. Darkside ransomware attack

The Darkside ransomware group announced their Raas (Ransomware-as-a-Service) in August 2020 via a “press release”. 

Since then, they’ve become known for their professional operations and large ransoms. 

Darkside ransomware attacks target multiple large, high-revenue organizations. These attacks result in encryption and theft of sensitive data. If the ransom demand is not paid, they make the data publicly available. 

3. REvil ransomware attack

REvil (Ransomware Evil) is a Russian Raas operation. REvil ransomware encrypts files and discards a ransom request message. 

The message says that if a ransom is not paid in time, it doubles. If it’s not received at all, the information gets published on REvil’s page “Happy Blog”. 

REvil sold ransomware tools to other hackers. Some of their customers caused serious damage. 

For example, in July 2021, they targeted customers of IT software supplier Kaseya. This REvil ransomware attack breached 1.500 businesses and demanded a ransom of $70 million.

Lots of the latest ransomware attacks in 2021 are REvil’s doing. Some public figures were attacked, too, such as Donald Trump, Lady Gaga and Madonna.

4. Ryuk ransomware attack

Ryuk (Ree-yook) is a ransomware that first appeared in 2018. Ryuk tops the list of the most dangerous ransomware attacks. 

It accounts for 3 of the top 10 largest ransoms of 2020: causing damages of $5.3 million, $9.9 million and $12.5 million

Ryuk ransomware attacks successfully target industries and companies around the world. 

It’s believed that a russian cybercriminal group known as “Wizard Spider” operates Ryuk ransomware.

5. Maze ransomware attack

Maze is another sophisticated strain of Windows ransomware. 

Since December 2019, Maze ransomware has been very active. It targets organizations worldwide across many industries. 

As with other forms of ransomware, Maze extorts cryptocurrencies for the recovery of sensitive data. If victims refuse to pay, they are threatened with the leakage of data. 

Maze ransomware attacks are usually distributed through spam emails, RDP brute force attacks, and exploit kits. 

6. Conti ransomware attack

Conti is a ransomware that’s been observed since 2020. 

Conti has caused a great deal of damage in a short period of time. The Conti group makes headlines around the world. They are probably best known for “Graff ransomware attack”.

Graff has a clientele of Hollywood A-listers. The Conti group leaked 69.000 confidential documents as a preliminary show of force. After that, they demanded tens of millions of dollars ransome to prevent further leakage. 

ransomware attack solution

How to prepare for ransomware attacks?

Preventing ransomware attacks is crucial, so you need to know how to prepare. This is what people are usually advised to do: 

  • Regularly backup your data. Storing data in the cloud is commonly used for backups.
  • Train your staff so they can detect and report a possible ransomware
  • Contract with a vendor that can provide response support, in case anything happens
  • Train your staff to detect a phishing email. Most of ransomwares start with phishing. 
  • Update your software with the latest security patches
  • Create an organization-wide policy regarding ransomware attacks. 

How to respond to a ransomware attack?

If you ever receive a ransom request, first check with your IT manager if it’s legitimate. If it is, you have two ransomware attack solutions. 

If you have backups that work, you don’t need to worry. Just restore all your data and you’re fine. 

If you don’t have backups, you must asses:

  • Is the data critical to your business?
  • Has your company pre-determined that it’s ok paying a ransom?
  • Does your insurance cover it?

Preventing ransomware attacks

Preventing ransomware attacks requires an all-hands-on-deck approach.

You’ll most probably need a team of professionals to deal with it. 

But don’t worry. 

We’re here to help!
Please CONTACT US at Demakis Technologies to find out more about how we can raise your cybersecurity and protect your business data and digital assets.

managed it services roi

How to Measure ROI of Managed IT Services?

Regardless of industry, modern business runs on information technology. But not every company has the tools, skills, or know-how to manage it on its own.

Enter: Managed Service Providers (MSP).

Managed IT services are a quick and easy way to have someone with experience handle your digital infrastructure.

But, like any other service you outsource, it has to be worth the time and budget you invest.

So in this article, we explain how you can measure the return on investment (ROI) when you take on a managed IT service provider.

Let’s begin. 

What Does Managed IT Services ROI Mean?

Managed IT Services ROI is the return on your investment when you hire an MSP. It comes down to whether the provider is meeting the goals you set for them, and whether they are worth the money and time you spend on them.

Benefits of Measuring Managed Services ROI

Despite taking additional time and effort, there are several benefits of measuring the ROI of managed services.

Some benefits are clear, like tracking service costs (so it doesn’t spiral out of control), or evaluating performance (so the MSP is keeping its end of the contract).

Others are less obvious, but just as important.

So calculating managed services ROI is well worth your time and effort for a number of reasons. 

Here are six key benefits why we believe you should stay on top of ROI:

#1 Advanced Cost Analysis

Cost analysis is the key to managing ROI: 

How much you pay the MSP versus what you receive in return.

For advanced cost analysis to work, you need to go beyond spending and output.

You need to take into account what you get:

  • A developed IT infrastructure
  • A professional IT team
  • Reduced downtime and workload
  • Tech support on call
  • Repair and recovery time

So consider the big picture when evaluating the savings of hiring an MSP, not just the costs, and you’ll be more aware of the cost benefits of using managed IT services.

managed it services cost roi

#2 OpEx vs. CapEx

A great benefit that a managed service provider can provide is assistance in reducing your technology expenses

Instead of making large upfront investments by purchasing equipment, you can rent it directly from providers. 

This enables you to shift IT from Capital Expenditure (CapEx) to Operational Expenditure (OpEx).

By making this change, you’ll be able to retain more of your capital. That means you can invest in other areas of your business, and ease into IT spending as you scale and grow.

#3 Output Consistency and Productivity

Aside from the reduced downtime, there is the added benefit of increased productivity.

Consistent operations allow your entire staff to be more efficient in how they complete and handle their tasks.

That’s because their systems are always up and running. And this is what aids you when streamlining operations throughout your organization.

#4 Streamlined Operations

A Managed IT Service Partner should provide responsive support and strategic planning to streamline operational processes and increase productivity.

Technology should assist you and your team in completing tasks more quickly and easily. 

A good managed IT partner will ensure that your IT infrastructure has minimal downtime and supports efficient workflow processes. So make sure you ask these 25 questions when hiring an MSP.

#5 Network and IT Security

Many businesses are required to adhere to data privacy, security, and reporting regulations.

The regulations differ based on the industry and type of data, but each carries serious consequences if your company is considered to be non-compliant. 

As a result, shifting the compliance burden is an extremely valuable benefit of outsourced Managed IT Services.

#6 Scalability

Technology advances quickly and some businesses advance even quicker.

It is critical to be able to scale up or down in response to demand. 

Having a Managed IT Services provider allows for the addition of resources as needed.

managed it services return on investment costs

How to Measure Managed Services ROI?

Calculating managed IT services ROI entails much more than simply comparing money spent to services received.  

Numbers are important, but they won’t show you the whole picture.

To truly understand your managed IT services return on investment, you must first understand the potential risks that your company faces and how much they could cost.

Managed IT services costs should be less than the cost of your potential risks.

Get Regular Feedback from Your MSP

One way to determine if you are getting a good ROI on managed services is to solicit feedback from your employees who use the services provided by the outsourced company.

What is your staff’s reaction? Are they satisfied with the service provider?  

Are they aware of any areas that are underperforming and should be improved?

Identify and Evaluate Risk

To respond to potential risks, you must have a business continuity plan in place.

However, another aspect of your job is to determine how likely specific scenarios are to occur and how much of your resources should be invested in their prevention or potential recovery.

Managed services are a type of IT support that includes fixing things when they break but also concentrates on proactive monitoring and precautionary maintenance to keep your systems running properly.

Measure the Value of Managed Services

You should have a streamlined process for reporting problems if you have a managed services agreement. 

You should also agree on a time frame for your provider to respond and begin working on issues. 

You have no guarantee or expectation for issue response time unless you have such a service-level agreement. 

As a result, you may have to wait hours or even days before someone is available to assist you.

Understand the Actual Cost of Downtime

Downtime has the potential to harm your reputation and customer loyalty in addition to affecting your revenue.

According to a Forbes article, a company is losing $100,000 for every hour their website is down.

When calculating the cost of downtime, you must also consider the value of your reputation and the associated customer satisfaction.

Now, over to you:

What is your biggest issue with the cost of managed IT services?

How would you like to track your ROI?

We can help you answer all these questions and more.
CONTACT US at Demakis Technologies and take the first step in outsourcing your managed IT services to a trusted and experienced professional provider.