Up Times
Up Times · April 2025
The door to Bryley HQ – home since 2017, but we go back – and with many loyal clients – much further than that.
To thirty-nine and beyond! – Bryley and its CEO Garin Livingstone were born a week apart – and thirty-nine years looks good on both of them.
Garin has always been drawn to tech, but when he was named president in 2021, he was clear about what responsible leadership would require of him. For Garin, the technical side was comfortable, having worked for years as a tech himself. So intentional communication was the standard he set for the organization. In his words: I personally don’t let things fall through the cracks. If something gets told to me, I just don’t let it go, but take some kind of action. Even if it’s saying that we can’t do that. More often, it’s that we can do that and here’s how we can do it.
The combination of technical expertise and commitment to communication is what has kept some Bryley clients around for ten years, twenty years and a few nearly since the beginning, growing alongside Bryley as their organizations and their technology needs have evolved.
Thirty-one of those thirty-nine years have been Roy Pacitto’s, Bryley’s VP of Business Development and Marketing. Roy has been the first person most people connect with when reaching out to Bryley. He works on his own cars and takes apart technology to always be learning something new. So when he works with an organization’s managers, he shares with them information that he would want to have himself when making important decisions. You can reach him at 978.562.6077 x217 or rpacitto@bryley.com.
And a happy birthday to Bryley and Garin.
The new report explains what defense, detection and forensic readiness look like for organizations. Free to download.
Defense, Detection and Forensics
Bryley’s new practical guide
On a Tuesday: emails came in, the CRM was working, projects were assigned. Everything seemed fine.
There was an uninvited and hidden observer to all that normalcy — exfiltrating data, installing tools, gathering credentials, preparing for an attack. According to Mandiant, the average dwell time is 14 days. Two weeks of unseen access, on what looked like the ordinary network.
This is the situation many businesses are in without realizing it … [10 min. read] Continue Reading >
Some of the monitors Bryley donated to a local school.
Bryley donates computer equipment
To benefit a local school
Bryley donated eight monitors and two PCs to the TEC Schools in Worcester. TEC Schools is a STEAM-based, Montessori school for preschool through grade eight (the STEAM acronym adds the arts to the more familiar Science, Technology, Engineering and Mathematics curriculum) … [2 min. read; audio available] Continue Reading >
Hey! It’s you! It’s really really you! Right?
Remember those notices like ‘Example Bank will never email you and ask for your login’?
We need a similar reframing for one another
Phishing clicks are up 4x because 80% are now AI-written, so training has to change (Bryley partner Huntress explains five ways its training has changed recently and shows why).
Because of AI, the old easy-to-spot typos and grammatical errors are in many cases now absent.
Not saying there’s an easy answer, as we’ve seen with the trouble trying to recognize deepfakes. And it’s not always convenient to do – but taking the time to consider if an email sounds like something that would come from such-and-such person makes a good first step. Cybersecurity education organization Mitre offers these guidelines for training (suspicion is a key concept) … [6 min. read] mitre.org
A Honeywell similar to what was at MIT in 1975. Dorsetonian via Wikimedia Commons
How much has endured in principle for data security since 1975
Saltzer and Schroeder’s MIT Protection of Information in Computer Systems
They didn’t foresee the web, but you can take a lot of the ideas for protecting data to the bank fifty years later.
Consider the Glossary’s Capability: In a computer system, an unforgeable ticket, which when presented can be taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket. This principle anticipated tokenization which you see when you enter a credit card number into Apple Pay or Google Pay, your real card number is used only once — to set up the device to be able to pay; the real card number is replaced by a substitute token, meaningless to anyone who intercepts it. And that token is what the merchant gets instead of your actual card details.
The same principle runs through good networking practice broadly: tokens act as stand-ins so that what gets exposed at any point in a system is the minimum needed to complete a task … [Glossary page is a 7 min. read] mit.edu
Investigators show AI is being used to auto-generate fresh attack code, so attacks are harder to detect and can be scaled faster.
… incident proves that threat actors are moving beyond ‘AI-assisted attacks’ into fully automated AI-powered cyber operations
Automation cuts the need for attackers to pinpoint targets
Anthropic Claude-based tools were shown to be running across thousands of businesses simultaneously, regardless of size or sector. While the need to target seems to have greatly expanded, the execution looks to mirror what Anthropic researchers showed at the end of last year on larger organizations: Claude identified and tested security vulnerabilities in the target organizations’ systems by researching and writing its own exploit code.
Review access permissions. Monitor for unusual account behaviors. If you need help, please call on Bryley at 978.562.6077 or email ITExperts@Bryley.com … [2 min. read] bostoninstituteofanalytics.org
Faster than a speeding newly-discovered vulnerability
The speed at which AIs are finding new vulnerabilities is happening 2-9x the speed of repairing them
S&P is focused on credit ratings, but the underlying message is that sound practices are the only way to deal
The gap between vulnerability discovery and remediation predates Mythos, but AI-accelerated discovery further undermines the assumption that the two can operate at comparable speeds. National Institute of Standards and Technology (NIST) data shows the mean time to remediation (MTRR) is two to nine times the rate of discovery for medium- to-critical severity vulnerabilities … this highlights that the problem is not the discovery of more weaknesses, but reaction times that are limited by how quickly patches can be deployed, particularly to infrastructure with operational constraints, uptime obligations, or legacy dependencies.
Full report here and highlights > [2 min. read] cybersecuritydive.com
Privacy is next to security. Using consumer-grade ChatGPT can expose your data to machines and humans.
I read the Data Usage for Consumer Services FAQ oh boy
OpenAI’s use of your data
I’ve read different accounts of how LLM (Large Language Model) training works, but here from ChatGPT’s open mouth is default consent that in its consumer version user content is used for further training. And then, even when you follow the directions to opt-out, OpenAI tries to dissuade you: one of the most useful and promising features [is AI models can] improve over time (opt-out anyway: privacy.openai.com/policies ).
Harvard Law’s Jolt journal offers an overview of LLM data-handling concerns, including: users need to know whether user interactions contribute to company-wide model training, what anonymization processes protect user privacy in these scenarios, and whether users can opt out of such contributions without losing essential functionality. The practice of burying training provisions deep within privacy policies must also end … [10 min. read] law.harvard.edu
Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Get Up Times, useful tech news by New Englanders in Your In-Box
- Subscribe to Up Times, the monthly New England-centric technology newsletter.
- Up Times covers:
-
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing
- In continuous publication since 2000, Up Times arrives monthly in your email box.
Sign up for Up Times to have tech news and tips delivered monthly via email
About Us
Services
Archive
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- July 2024
- May 2024
- December 2023
- November 2023
- September 2023
- May 2023
- March 2023
- November 2022
- June 2022
- September 2021
- August 2021
- July 2021
- May 2021
- December 2019
- September 2019
- May 2019
- December 2018
- November 2018
- October 2018
- June 2018
- April 2018
- October 2017
- September 2017
- August 2017
- April 2017
- February 2017
- November 2016
- June 2015