It’s past time to pay much more attention to API security
Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics. The original version of this post was published in Forbes. It’s obvious that just about every entity with an online presence thinks ... Read More
SEC getting more aggressive on financial cyber lapses
SEC security measures, or cyber enforcement actions, are powerful incentives for financial institutions to protect investments and data from theft and fraud. If there oughta be a law but there isn’t, there can still be a regulation. Which so far seems to be the U.S. government’s philosophy on cyber security ... Read More
Chenxi Wang polishes her 2019 crystal ball
Dr. Chenxi Wang, founder of Rain Capital, shares some of her 2019 cyber security predictions about the cloud, GDPR, blockchain, DevSecOps, privacy, and ICS. ’Tis the season for crystal balls—lots of crystal balls. There may still be a month to go in 2018, but in the IT industry, we’re already ... Read More
President’s ‘cybersecurity moonshot’: Transformational or pie in the sky?
Making the internet safe and secure in 10 years isn’t going to be easy, if it’s even possible. And that’s why NSTAC’s new proposal is a cyber security moonshot. Stop me if you’ve heard this before: A presidential commission is launching a national cyber security initiative. That’s right. The President’s ... Read More
Hard questions raised when a software ‘glitch’ takes down an airliner
The parts and systems on an airplane don’t have to fail in a big way to have big consequences. A flaw in airline software could be a matter of life or death. The original version of this post was published on Forbes. It doesn’t take a failure of anything big ... Read More
Air gaps in ICS going, going … and so is security
As smart shipping and other network-connected industrial control systems (ICS) grow, the air gap loses value as a barrier against cyber attacks. What’s next? The air gap is low-tech but still has value as a barrier against cyber attacks. Yes, devices and systems are connected wirelessly all the time, but ... Read More
Both consumers and retailers need to up their cyber security to make holidays happy
We’ve got some Black Friday advice for retailers and shoppers who want to keep everyone’s data safe and secure, for a truly happy holiday season. The original version of this post was published on Forbes. Most of the cyber security advice leading into the post-Thanksgiving orgy of shopping known as ... Read More
Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table
The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data. The original version of this post was published in Forbes. Most of the headlines last week, after ... Read More
Threats obvious, but electronic voting systems remain insecure
Election security requires that voters trust the results. But many U.S. electronic voting systems are clearly insecure, and untrustworthy. What are we doing about it? The original version of this article was published in Forbes. Surely you’ve heard of “Rock the Vote.” Maybe you should be hearing about “Secure the ... Read More
Rachel Tobac explains how ‘polite paranoia’ can derail social engineering attacks
Rachel Tobac thinks people are the first line of cyber security defense, not the weakest link. She talks about social engineering attacks and how to be “politely paranoid” with us. That old line “Just because you’re paranoid doesn’t mean they’re not out to get you” is supposed to be a ... Read More
