Achieving the Ultimate Buy-In: Getting Everyone in Your Organization Thinking and Acting With the Data Security in Mind

It's no longer a secret that relying on your company's IT security team to be the sole provider of workplace cyber security is folly. Recent incidents such as the WannaCry ransomware attack and the catastrophic Equifax breach remind us that in today's cloud-dominated, always-connected, device-centric world, everyone connected to a business—from employees and management to contractors and customers—plays a role in keeping data secure. In fact, the concept of workplace cyber security being everybody's business has emerged as a major theme of National Cyber Security Awareness Month, which just…
Read more

Could the Equifax Breach Have Been Avoided?

Much has been written about how Equifax could have prevented the recent breach that exposed personal information on 143 million Americans with one simple act that's supposedly on the to-do list of every corporate security practitioner: Stay up to date on patches. We've read about how the Apache Software Foundation had released a patch to address a vulnerability in its Struts web app-building software in March, two months before hackers broke into Equifax's network and spent two months collecting data undetected. (We've also seen how Equifax exacerbated the blow to its reputation by inadverte…
Read more

Why The Equifax Breach Should Be Doing More Than Scaring Us

Do we need look any further than the recent Equifax breach for compelling evidence of what a cyber security incident can do to a business? A couple of weeks ago, Equifax was just one of three credit reporting agencies Americans knew housed their financial data. Today? It is being held up as an example of the risks of housing valuable data. We've all seen the eye-popping number over and over again: confidential information on as many as 143 million Americans was compromised in a breach Equifax discovered on July 29, and that was apparently occurring for more than two months. Allowing a breach…
Read more

The Keys to Finding Cybersecurity Talent in a Candidates’ Job Market

There's a lot of fretting these days about the impact artificial intelligence will have on the job market. The fear is that many skills will become obsolete as machines perfect them, but there's no such worry in the cybersecurity world. Security pros are in an enviable position today, what with zero unemployment in the field and more job openings than qualified applicants. On the flip side, though, filling security jobs can be a bear, which is a potentially huge problem given the array of threats organizations face today. So it's no surprise that recruiters from search firms, large companies…
Read more

State of Emergency: Government Cyber Security Efforts are Missing the Boat, or Just Plain Missing

Getting to the bottom of just how problematic government approaches to cyber security are is like peeling away the layers of an endless onion. The more you learn, the more you realize this is a problem that's not going anywhere because it's not being tackled adequately. Starting at the highest level possible, the United Nations recently released its second annual Cyber Security Index which indicated that just 38 percent of the world's countries have a published cyber security policy, and another 12 percent are in the process of developing one. In other words, half of all countries have no…
Read more

HBO Hack Takeaway: The Pluses and Minuses of Playing Hardball With Ransomware Attackers

It's hard to stonewall hackers who are threatening to share sensitive data they've stolen about customers and employees on the dark web if they don't receive a ransom. The prospect of calling the bluff and risking the violation of customers' and employees' privacy understandably causes many companies to cave. But when the stolen data being released is unseen television shows — still an admittedly valuable piece of intellectual property — a company's resolve apparently strengthens. Look no further than HBO, the victim of a well-documented hack a few weeks ago in which Game of Thrones scripts, …
Read more

Ditching Textbooks and Teaching Cybersecurity via News Headlines: Modern Times Call for Modern Measures

In a constantly changing field like cybersecurity, nothing stays the same for long. And as Jim Lewis, a senior VP at the Center for Strategic and International Studies, has learned first hand, this makes teaching about cybersecurity a challenge. Lewis this spring started teaching a section of a social engineering course to cybersecurity majors at the U.S. Naval Academy. Once it became apparent that the textbooks available to support the course were all several years old, Lewis opted to ditch the traditional approach and adopt a different source of reading materials: daily newspapers. And why…
Read more

Financial Services Organizations Are in Need of a Cyber Security Wake-Up Call

There's little to suggest that the money you've entrusted to the financial institutions you do business with is in jeopardy. But the data surrounding that money? That's another story. Financial services companies are braced for a period of continued and expanded cyber threats, and the really bad news is that many of them aren't prepared to withstand the onslaught. Recent surveys paint a picture of an industry that sees the writing on the wall but often finds itself working with the technological equivalent of whiteout. At the NACHA Payments 2017 conference in Austin in April, TD Bank polled…
Read more