The Most Frightening Ramifications of Cybersecurity Vulnerabilities

Posted by Mike Fitch on Oct 29, 2021

It’s Halloween 2021, which means it’s that time of year that you’ll see plenty of ghouls, goblins, jack-o-lanterns, trick-or-treaters, cybercriminals and the looming audits needed to meet CMMC requirements. Okay, maybe the majority of the public won’t need to worry about the last one, but it can definitely be a terrifying time for any organization or contractor who works with the US Department of Defense (DoD) that has yet to meet the appropriate level of CMMC certification. Not to mention, there’s no house more haunted than one that isn’t employing VPN, zero trust or antivirus software within its walls.


Asking for a friend… what is CMMC?


The Cybersecurity Maturity Model Certification, or CMMC, is a new set of security requirements for contractors working with the DoD so that Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) stays protected within the IT ecosystem. CMMC was announced in January 2020 and went into effect last November, replacing self-certification of NIST SP 800–171 compliance. The new CMMC requirements must fully be met for all new contractors by 2025.


In a previous post, we covered the five levels of certification for the CMMC requirement, as well as what it means for FED and SLED budgets in 2022. As a quick recap, here is each level of certification:

  1. Basic Cyber Hygiene
  2. Intermediate Cyber Hygiene
  3. Good Cyber Hygiene
  4.  Be Proactive
  5. Advanced and Progressive Security

Haunting your infrastructure: Consequences of non-compliance


The DoD relies on its contractors, vendors and partners for critical IT projects, and sensitive data is often at the forefront of these assignments. The five levels of compliance will allow the DoD to assess a contractor’s ability to protect CUI and FCI on both a technical and non-technical scale. For most projects, companies will need to meet level 3 (Good Cyber Hygiene) to bid on DoD contracts. Certifications are valid for three years and are designed to understand and solve for the evolving threat landscape.


While it may seem less scary to watch The Ring at home, alone, with the lights off than to go through your CMMC audit and assessment, this process is critical for identifying and addressing any gaps that could interfere with attaining the different levels of CMMC compliance.

In short, DoD contractors that are unable to comply with CMMC will lose their DoD contract and will be unable to bid for future DoD contracts until the new guidelines are met.


While we’re at it: Terrifying cybersecurity stats in 2021

  • Cyberattacks happen every 39 seconds — that’s 2,244 times a day, on average
  • Cybercrime saw a 300% spike following the COVID-19 pandemic — as more individuals worked from home environments, cybercriminals took advantage
  • The average time from breach to resolution is 279 days — 206 days to identify the threat and then 73 days to contain it
  • 95% of breaches are caused by human error — whether it’s through opening email attachments, clicking suspicious links, weak passwords or leaving unlocked computers unattended, human mistakes make up the vast majority of vulnerabilities
  • Each data breach in the US costs a company $1.2 million — that results in $50–100 billion in losses from ransomware attacks over the course of a year. Globally, this number is $10.4 trillion.
  • More than 500,000 instances of malware are created daily — another reason to fully vet through every email link and attachment that hits your inbox
  • More than 20% of Americans will become a victim of ransomware annually — that’s one in five people reading this article who will unintentionally fall to the cybercrime market
  • 30,000 websites are hacked every day — many that hold sensitive personal data and valuable information

While these threats of vulnerabilities are very real and more frequent than ever, there are ways that, collectively, we can mitigate risk. To start, passwords. Ensure all of your passwords are unique, impossible to guess and backed by multi-factor authentication (MFA). Email: Don’t open any emails that you have any suspicion of being fraudulent. Double and triple check the sender’s email address and don’t click any links or open any attachments unless you are completely certain that it’s safe. Lastly, as an organization, maintaining safe internet and cybersecurity practices needs to be part of the company culture, and it goes beyond those annual compliance training courses. In addition, it’s important to stay up-to-date on data privacy changes so that you can understand what personal data you’re sharing around the web.


At TD SYNNEX, our DLT (public sector) team can help you with your CMMC implementation and our Security Solutions team we can help also help mitigate vulnerabilities by helping you with VPN, antivirus software, device policies, zero trust and endpoint protection. Our industry-first Cyber Range can help you assess risks, identify threats and solve breaches through simulations within our interactive cyber playground.


Stay safe (both digitally and physically) and Happy Halloween!


About the Author

TD Synnex Editor

Mike Fitch
Content marketer and communicator through and through. ASU grad with more than 10 years of B2B tech marketing/communications experience.