Category: Security

“plans are worthless, but planning is everything.”

by paulandrescott, posted in Data Breach, Development, Law, Leadership, Privacy, Project Management, Ransomware, Security, Uncategorized

Just the other day, I had a pleasant conversation with a senior leader of a very prosperous company here on the West Coast.  Our dialog concerned her company’s future.  What will business be like once COVID begins to truly recede.   Together, our discussion was focused on formulating plans for the organization to be flexible, and very focused on delivering value.  We are seeking to take advantage of what was learned during this pandemic.

I made the comment, that plans are not prescriptions.   She, laughed and quipped, “plans are worthless, but planning is everything.”  I listened and pondered this response.  She was correct — this statement gave me pause.  To me, it was insightful, rational, even enlightening.   I concurred immediately.  

Entertained by my admiration of the comment, she advised me that she was not the original author.  Former President and US Army General Dwight D. Eisenhower authored this enlightening passage.  General Eisenhower, the Supreme Allied Commander for the invasion of Europe during World War II, planned and plotted, spending enormous efforts into planning.  However, as history showed us, situations arise, the adversary does not behave as we planned.    He and the allied forces were faced with extraordinary circumstances.

Plans may not have been executed in the same manner as outlined.  However, planning and the plans themselves, provided the framework, the map for how to proceed, ultimately, defeating the enemy and ending the war.

This pandemic may not be on the order of a World War.  However, COVID is very serious: impacting lives, families and businesses throughout the world.    As Eisenhower demonstrated, I would encourage us all to be nimble and agile in our approach to business operations—looking for the advantages and productive means to win.  Planning is still a wise endeavor.   Let’s go forth and conquer our destiny as a business.  Let’s plan to win, by being very nimble to adjust and keep moving forward to success.   Like the Allied forces, we will face strife and setbacks, however, if we keep planning and moving forward, we will win.

Ransomware is scary…

by paulandrescott, posted in Data Breach, Development, Law, Privacy, Ransomware, Security

SecureWorld and the BBC have published a dark recitation that we all should read. It outlines a Ransomware Negotiation where hackers demanded a ransom of $3 million dollars. The following are excerpts from the article showing the hackers hubris:

“UCSF, or its negotiators, asked for hackers to take down information they had posted, to get things rolling.

[Netwalker hackers] “Done, your data is hide from our blog. Now let’s discuss.”

Hackers explained that UCSF had more than $5 billion in annual revenue, so a $3 million ransom seemed reasonable.

The university responded by offering $780,000 and explained that the coronavirus had been very costly to the university.

[Netwalker hackers] “How can  I accept $780,000? is like, I worked for nothing. You can collect money in a couple of hours. You need to take is seriously. If we’ll release our blog, student records / data, I am 100% sure you will lose more than our price what we asked. We can agree to an price, but not like this, because I’ll take this as insult.”

Keep that 780,000 to buy McDonalds for your employees. Is very small amount for us.”

In his BBC article, Tidy says back and forth negotiations continued for a day until the University of California came up. It now offered a ransom of $1.02 million. 

Then, the high stakes negotiating continued.

[Netwalker hackers] “I speak with my boss. I sent him all messages and he can’t understand how a university like you: 4-5 billions per year. Is really hard to understand and realise you can get $1,020,895. But okay. I really think your accountant / department can get $500,000 more. So we’ll accept $1.5m and everyone will sleep well.”

With the two sides still almost $500,000 apart, it was the university’s move.

A few hours later, Tidy writes, UCSF made a final offer of $1,140,895.

Hackers squeezed nearly another $120,000 from the university.

[Netwalker hackers] “Ok, good. Now you can sleep well. Well can you pay?” {End Comments}

Security is our new battlefield for business.

Article from

Economic downturn: Driving cost of software development down–alternatives to help your company.

by paulandrescott, posted in Data Breach, Development, Privacy, Project Management, Security

With today’s pandemic and economic uncertainty, companies are now looking for creative ways to move forward, while reducing cost. Teams are considering alternatives solutions in order to maintain existing development,  or contemplating  new development opportunities with concern over meeting business deadlines and reduced budgets.

Ascension Development Group may have a solution for you.  We have clients that use our Nearshore development teams to help them meet new challenges.  The teams are based in Mexico. Many of the developers were educated in the US and speak English.

Cost reductions alone are realized by our clients of 25-40% versus US rates. We work on Central Time–working US all timezones. With Covid, most of us are working remotely and the future seems to point to more remote work than ever before.

If you want to discuss the advantages of nearshore, without any obligation, please call us at 425-750-0760 or you can email me directly at paul@ascension-tg.com.

Thank you and please be safe.

WHO, CDC & Gates Foundation credentials exposed

by paulandrescott, posted in Data Breach, Law, Privacy, Ransomware, Security

The Washington Post and Secure World, a very reputable cybersecurity news group, is reporting that organizations related to helping with this Pandemic have had their credentials exposed, organizations such as:

  • World Health Organization (WHO)
  • Center for Disease Control and Prevention (CDC)
  • The World Bank
  • U.S. National Institute of Health (NIH)
  • The Gates Foundation
  • Wuhan Institude of Virology

The estimate is around 25,000 email addresses and passwords were breached and exposed. The Post is reporting that NIH had issued a statement stating, “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cybersecurity matters, as such information could be used to undertake malicious activities.”

The Post went on to state that the report by SITE, “said the largest group of alleged emails and passwords was from the NIH, with 9,938 found on lists posted online. The Centers for Disease Control and Prevention had the second-highest number, with 6,857. The World Bank had 5,120. The list of WHO addresses and passwords totaled 2,732, according to SITE’s report.”

We live in a dangerous world! We, at Ascension, have found that security and privacy are front and center in every means of this digital world. Feel Free to let us know you opinion on privacy and security.

Cost Effective Application Development Option

by paulandrescott, posted in Development, Project Management, Security

With today’s pandemic and the economic uncertainty, companies are now looking for creative ways to move forward. Teams are considering alternatives solutions in order to maintain existing development,  or contemplating  new development opportunities with concern over meeting deadlines and budgets.

Ascension Development Group may have a solution for you.  We have clients that use our Nearshore development teams to help them on a daily or project basis.  The teams are based in Mexico. Many of the PM’s were educated in the US and many of the developers and testers as well, speak English. 

What does this mean to you and your company?   Here are some of the benefits to your organization:

•          Acceleration of delivery time

•          Meet objectives alignments between business and technology

•          Expand  project portfolio visibility

•          Increases team productivity

•          Cost  reduction, realizing a 25-40% saving versus US hourly rates

•          Two hour time difference in Mexico vs. 10 to 16 hours Offshore in the Far East

How can your business benefit from Nearshore development?

Please complete this form and one of our representatives will contact you within one business day.

Data Privacy Legislation for Washington Businesses

by paulandrescott, posted in Data Breach, Development, Law, Privacy, Ransomware, Security, Uncategorized

Ascension Technical Group is hosting an interactive TEAM’S session on April 8th at 10AM-11AM PDT. You can register now and we’ll send you a TEAM request.

The Webinar will provide analysis on the draft Washington Data privacy Act (WPA), its impact on business and detail the associated penalties for data privacy breeches.

This  webinar will help businesses determine potential security vulnerabilities and identify a mitigation strategy. The cyber breech discussion, will review the benefits of an in-depth security assessment that includes reviewing current policies, procedures, technical environments and other security related functions. Details will be provided on applicable standards including, ISO/IEC 27001, NIST 800-53, ISA 62443, COBIT 5, CIS CSC, CCPA, GDPR and PCI DSS.

Topics that will be covered include:

  • Data Security & Privacy
  • Awareness and Training with related policies, procedures, and agreements.
  • Governance, Analysis & Mitigation
  • Information Protection Processes
  • Identity Management, Authentication and Access Control
  • Protective Technology, Anomalies and Events, Detection Processes
  • Response & Recovery Planning
  • Law Enforcement

We look forward to your participation in this interactive TEAM’s Session on  April 8th at 10 AM -11 AM PDT.

Nearshore – Alternative for App Development during the Coronavirus Pandemic

by paulandrescott, posted in Development, Project Management, Security

With today’s pandemic and the economic uncertainty, companies are now looking for creative ways to move forward. Teams are considering alternatives solutions in order to maintain existing development,  or contemplating  new development opportunities with concern over meeting deadlines and budgets.

Ascension Development Group may have a solution for you.  We have clients that use our Nearshore development teams to help them on a daily or project basis.  The teams are based in Mexico. Many of the PM’s were educated in the US and many of the developers and testers as well, speak English. 

What does this mean to you and your company?   Here are some of the benefits to your organization:

•          Acceleration of delivery time

•          Meet  objectives alignments between business and IT

•          Expand  project portfolio  visibility

•          Increases team  productivity

•          Cost  reduction, realizing   a  25-40% saving versus US hourly rates

•          Two hour time difference in Mexico vs.  10 to 16 hours Offshore in the Far East

If you would like  more information on our Nearshore Practice or set-up an appointment  and discuss next steps. Please contact  Mel Silver @ 425.466.3459 Phone or email me. mel@ascension-tg.com, Website: www.ascension-tg.com

How Privacy Legislation affect your business.

by paulandrescott, posted in Data Breach, Law, Privacy, Ransomware, Security, Uncategorized

There is current legislation and standing law that will affect your firm’s ability to manage Consumer Data. Legislation is now in process that will affect Human Resource Data of your employee’s next year.  Washington State has legislation almost completed today.  If you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.

Ascension partnering with Insperity, was scheduling, an Executive Briefing regarding Privacy legislation that affects your business.  We wanted to invite you or members of your team.  Due to the warranted restrictions in preventing the spread of the COVID-19 virus, we are moving the briefing to later this Spring or Summer. However, if you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.

Washington State Privacy Law — Senate and House are meeting to hopefully compromise.

by paulandrescott, posted in Data Breach, Law, Privacy, Security, Uncategorized

After the House of Representatives passed an amended Privacy Bill on the evening of March 6th, the Senate received the Bill and responded ” Senate refuses to concur in House amendments.” The Senate “Asks House to recede from amendments.”

Today, the “House insists on its position and asks Senate for a conference. Conference committee appointed. Representatives Hudgins, Hansen, Dufault.” And the “conference committee request was granted.”

Now, hopefully the committee jointly can work out the details and come to some compromise that helps both the consumer and business.

You can find updated information regarding the bill at https://app.leg.wa.gov/billsummary/?billNumber=6281&year=2020&initiative=False