Cybersecurity Vault #9 with Min Kyriannis — Dangers of Misinformation
Medium
July 08, 2022
Had a great time talking with Min Kyriannis about the dangers of misinformation and how to begin disentangling the online web of lies and half-truths!
See publication
Tags: Cybersecurity, Risk Management, Security
Biggest Challenge in Cybersecurity
Medium
June 28, 2022
Conveying the meaningful value of cybersecurity investments In the next few years, the biggest challenge in cybersecurity won’t be dealing with a specific threat, but rather conveying a meaningful value proposition..
See publication
Tags: Cybersecurity, Risk Management, Security
Amazon Alexa to Mimic the Voice of Anyone
Medium
June 25, 2022
Ethical and Privacy issues abound. If a malicious actor combines an impersonated voice and deepfake video of a target, they can make others believe anything or harass them in unthinkable ways. We already have a..
See publication
Tags: Cybersecurity, Privacy, Security
US Sanctions Blender.io for Supporting Terror
Medium
May 10, 2022
US Treasury sanctions a cryptocurrency mixing site for supporting North Korean hackers who have been stealing hundreds of millions of dollars. Blender.io is a virtual currency mixing site that obfuscates the origins of
See publication
Tags: Cybersecurity, Risk Management, Security
Ransomware is Funding Russian Aggression
Medium
April 30, 2022
Ransomware attacks and payments are increasing, with most revenue going to Russian attackers. It is time to revisit outlawing Ransomware payments.
See publication
Tags: Cybersecurity, Risk Management, Security
How Cybersecurity Risks Must Be Fixed to Build Trust in Technology Innovation
Medium
April 28, 2022
Thanks to DynamicCISO for a great discussion about the changing landscape of cybersecurity and how we must all adapt to drive trust into the global digital ecosystem. The key to our success is to think ahead and show leadership in managing innovation for our benefit.
See publication
Tags: Cybersecurity, Security
It is Time for the West to Supply Quantities of Lethal Drones to Ukraine
Medium
March 10, 2022
The war in Ukraine is grinding down to a slugfest where innocent civilians will suffer ever greater impacts. The defenders need a combat advantage
See publication
Tags: Cybersecurity, Leadership, Security
The Ugly Path to Avoid a War in Ukraine
Medium
February 03, 2022
Russian tanks may invade Ukraine before the ink is dry on this article, as part of maneuvers to undermine the independence of Ukraine. International negotiations are underway but nobody believes they will be effective. Everyone is fearful that a shooting war in Ukraine may escalate to war between nuclear superpowers. As an armchair strategist, I only see one narrow and rocky path that could avoid the unnecessary bloodshed and suffering while preserving the ability of Ukraine to determine its own future and prosperity.
See publication
Tags: Cybersecurity, Leadership
Happy International Privacy Day
Medium
February 01, 2022
Happy Privacy Day to all those privacy professionals out there that work to make our digital world more safe, respectful, and private.
See publication
Tags: Cybersecurity, Privacy, Security
Taxonomy of Cybersecurity Roles and Responsibilities
Medium
January 27, 2022
Dive into the ever-changing roles and responsibilities of the cybersecurity space with seasoned leader Deidre Diamond on this new episode of The Cybersecurity Vault. Learn about some of the industry’s recent and longstanding challenges and how to confidently manage the chaos.
See publication
Tags: Cybersecurity, Security
Vlog — Why is Norton adding a cryptocurrency miner to their product and should we be worried?
Medium
January 19, 2022
Norton recently announced its Anti-Virus product will have a new feature that enables mining of Ethereum cryptocurrency for their customers, if they choose to participate. Is this a nice benefit for users or a reckless move to that increases overall cyber risks? …
See publication
Tags: Cryptocurrency, Cybersecurity, Security
Criminalizing Ransomware Payments
Medium
January 05, 2022
Ransomware is a growing scourge. Is it possible to eradicate this entire class of attacks? I think it is but in today’s Cybersecurity Insights interview I have a lively debate with Malcolm Harkins on criminalizing ransomware payments and different approaches to undermine Ransomware attacks!
See publication
Tags: Cybersecurity, Risk Management, Security
10 Cybersecurity Predictions for 2022
LinkedIn
December 30, 2021
Cybersecurity will continue to rapidly gain in both relevance and importance in 2022 as the world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders.
See publication
Tags: Cybersecurity, Privacy, Security
Deficient Forethought for Digital Technology Risks
LinkedIn
December 30, 2021
Technology can be mesmerizing. We are all lured by the seemingly endlessly tantalizing stream of emerging technologies that promise to connect and enrich our lives. But there is a potential dark side. For every great innovative benefit, there are accompanying risks.
See publication
Tags: Cybersecurity
Privacy Concerns for Dual-Use AI Image Clarity Tools
Medium
December 15, 2021
AI tech is a powerful tool. The original photo (left) was cleaned-up with an AI deep learning algorithm (Image source: from Murilo Gustineli) and restoring tremendous clarity.
See publication
Tags: AI, Privacy
The problem of banning offensive technology sales
Medium
November 27, 2021
I like the concept of ‘banning’ the sale of offensive cyber weapons to potential adversaries, but what defines technology as offensive versus defensive?
See publication
Tags: Cybersecurity, Privacy, Risk Management
New Ransomware Bill Shows Promise But is Undermined by a Limited Scope
Medium
November 16, 2021
A new bill has been proposed to address Ransomware. Congressman Patrick McHenry recently introduced the Ransomware and Financial Stability Act of 2021.
See publication
Tags: Cybersecurity, Risk Management
EU Mandates Cybersecurity For Phones And Wireless Devices
Medium
November 02, 2021
Industries must either take security, privacy, and safety seriously or find themselves burdened under the crushing blanket of regulatory oversight.
See publication
Tags: Cybersecurity, Privacy
Video — Cybersecurity Value and Metrics with Gavin Gro
Medium
October 27, 2021
Measuring the true value of cybersecurity with Gavin Grounds, Executive Director of Information Risk Management and Cybersecurity Strategy at Verizon. Listen as we explore the benefit of security metrics that effectively quantify risk and how to best manage them.
See publication
Tags: Cybersecurity, Risk Management
Are Cybersecurity Labels on IoT Devices a Wasted Effort
Medium
October 05, 2021
The U.S. is exploring the idea to establish cybersecurity labels on IoT devices and software, in hopes it will both inform consumers of risks and motivate manufacturers to improve the security for the flood of new products entering the market.
See publication
Tags: Cybersecurity, IoT, Privacy, Risk Management
4 Phases of Cybersecurity Maturity
Medium
September 16, 2021
Please click the Like button if you found this insightful and subscribe to the Cybersecurity Insights channel for more best-practices, rants, and strategic viewpoints. https://www.youtube.com/c/CybersecurityInsights
See publication
Tags: Cybersecurity, Management, Leadership
Disruption Looms as Workers Return to the Office
Medium
September 03, 2021
As the global disaster of our generation wanes and people begin to emerge from isolation, misaligned expectations about the future of remote work models start to appear. Surveys show that much of the workforce has enjoyed the benefits of working from home. Conversely, many employers are anxious to get employees back in the office and return to the traditional ways of engagement. Organizations are already experiencing the friction. Leadership must prevail to avoid serious business disruption. This may be the moment when Hybrid Working rises to become an accepted practice in the corporate world.
See publication
Tags: Cybersecurity, Leadership, Future of Work
600 Million Differences Between Hackers and Cybercriminals
Medium
August 16, 2021
There are 600 Million Differences Between Hackers and Cybercriminals…
An amazing story is emerging from a massive cryptocurrency exploitation that exemplifies the difference between a ‘hacker’ and a ‘cybercriminal’.
Interested in more cybersecurity insights, rants, and strategic viewpoints?
See publication
Tags: Cryptocurrency, Cybersecurity
Top Tip for New Managers
LinkedIn
August 12, 2021
The single most important tip for aspiring managers is to learn to be a good leader.
A manager is a functional role that ascribes responsibility for a team and an outcome. It is an organizational assignment that may or may not be based upon skills or a desire for responsibility. Managers often prioritize the pursuit of short-term goals and are willing to sacrifice team growth that is necessary for long-term success. A leader is someone who is well suited to support the individual team members and organize them for maximum benefit of achieving the goals. Leaders help individuals work together in optimal ways for the common objective and are often recognized by their outstanding sustainable results.
See publication
Tags: Social, Management, Leadership
Arguments Against Criminalizing Ransomware Payments
LinkedIn
August 12, 2021
The goal is to effectively end ransomware as a significant cybersecurity risk for everyone. In exploring the different strategic options, one path has emerged superior, in which the flow of money to the ransomware attackers is essentially stopped. The only way to make that happen consistently is to compel the victims to not pay by making it a criminal act. However, not everyone agrees.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Demotivating Ransomware Attackers by Ending Ransom Payments
Medium
August 06, 2021
Outlawing payments will result in the abandonment of ransomware attacks. By stopping the flow of money, we can demotivate cybercriminals who will shift to other activities that are more profitable than ransomware. We don’t need to stop all types of ransomware attacks for every potential victim. It is better to dissuade attackers from committing attacks in the first place.
See publication
Tags: Cybersecurity, Risk Management
This is How to End Ransomware
Medium
July 27, 2021
We can rid the world of ransomware attacks to such an extent they are no longer a likely risk vector! It is possible, but we all have to work together.
See publication
Tags: Cybersecurity, Privacy
Success Criteria for Ending Ransomware
LinkedIn
July 16, 2021
Stopping ransomware from being an impactful menace is the grand goal, but what are the specific criteria for success we should be striving for? Without clear objectives, we are often consumed with trivial aspects and never attain the desired end-state.
See publication
Tags: Cybersecurity, Leadership, Business Strategy
Reevaluating the Work-Life Balance
Medium.com
May 03, 2021
My priorities are my family then my Cybersecurity career. However, I recently noticed that for more than a year, I have not taken a day off. I always make time for my children and wife, but I am also doing work, research, consulting, writing articles, producing videos, or speaking at events every day.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity is Not Reaching its Full Potential
Medium
April 22, 2021
Cybersecurity has evolved with the rapid rise of digital transformation, becoming a crucial element of trust for products and services. No longer just a function of preventing impacts and meeting regulatory requirements, cybersecurity is emerging as a cornerstone for future enhancement of user-experiences, compelling features, and growth into new fields.
See publication
Tags: Cybersecurity, Privacy, Risk Management
We Must Crush Digital Misinformation Before It Destroys Society
Medium
April 19, 2021
Digital communication is connecting people around the globe with tremendous benefits, but is also being misused in terrible ways that take advantage of the community. We are bombarded by misinformation posing as facts, leading to terrible fractures, victimization, and grief to the detriment of individuals and society as a whole.
See publication
Tags: Cybersecurity, Social, Leadership
HMG CISO Executive Leadership Summit
Medium
February 21, 2021
I am looking forward to speaking at the upcoming HMGLive CISO executive leadership event!
I encourage all cybersecurity leaders to attend and interact. This is how we build teamwork, communicate challenges, and share best practices.
See publication
Tags: Cybersecurity, Leadership
Building Smart Cities of the Future Takes a Team of Experts
Medium
February 18, 2021
Today I am honored to join the World Smart Cities Economic Development Commission Advisory Board of the World Business Angels Investment Forum (WBAF), a partner of the G20 Global Partnership for Financial Inclusion (GPFI), to support job growth, digital inclusion, and social justice worldwide.
See publication
Tags: Cybersecurity, Privacy, Smart Cities
More Supply-Chain Cyberattacks are in the Wind
LinkedIn
February 17, 2021
It appears France is the main victim for this recent attack which has several uncanny similarities to the SolarWinds exploitation that exposed thousands of U.S. government agencies, critical infrastructure organizations, and major businesses. Let me be absolutely clear (again), that these attacks have been active for years and will continue to increase in pace, scope, and boldness! According to the French cybersecurity agency Agence Nationale de la sécurité des systèmes d’information (ANSSI), this attack may have begun back in 2017.
See publication
Tags: Cybersecurity, Supply Chain
Rise in Whistleblowing Signals the Need for Formal CyberEthics
Medium
February 16, 2021
Times are changing and whistleblowing is on the rise. People are more empowered to challenge unethical situations in the workplace. Getting ahead can help manage the risks and be used to improve, identify, and resolve caustic situations before they get out of hand.
See publication
Tags: Cybersecurity
Safety Risks Rise Due to Critical Infrastructure Cyber Attacks
LinkedIn
February 09, 2021
The recent attempt by malicious hackers to poison a Florida city water supply, highlights the public risks and exposure of critical infrastructures. Luckily, this incident was detected by an observant technician and mitigated before people were hurt, but it could have turned out far worse.
See publication
Tags: Cybersecurity, Digital Transformation, Leadership
Apple’s CEO Superbly Articulates How Privacy Need Not be Sacrificed for Technology
Medium
February 08, 2021
Tim Cook, CEO of Apple, in a speech at the Brussels’ International Data Privacy Day event, beautifully articulated how technology does not need to undermine privacy.
See publication
Tags: Cybersecurity, Privacy
Another Creepy Case of Hackers Watching People in their Homes
Medium
February 01, 2021
Protect yourself from creepy hackers that watch people on their home cameras.
When it comes to cameras installed inside of homes, there is always a risk of someone else gaining access and watching over you!
See publication
Tags: Cybersecurity, Privacy
Falsely Vilifying Cryptocurrency in the Name of Cybersecurity
Medium
January 31, 2021
I get frustrated by shortsighted perceptions, which are misleading and dangerous is far easier to vilify something people don’t fully understand.
Here is another article, titled Bitcoin is Aiding the Ransomware Industry, published by Coindesk, implying cryptocurrency is the cause of digital crime.
See publication
Tags: Blockchain, Cryptocurrency, Cybersecurity
U.S. the 4th Worst Privacy Offender for Government Collection of Biometric Data
LinkedIn
January 28, 2021
Researchers ranked 96 countries by their collection and use of biometric data. Biometrics are gathered and stored as part of international travel, banking, law enforcement, healthcare tracking, and general surveillance by governments.
See publication
Tags: Cybersecurity, Leadership, Privacy
New U.S. Cybersecurity Leadership Needs More Experience Diversity
Medium
January 25, 2021
President Biden has been quick to name a number of cybersecurity leadership positions, to greatly strengthen the nations capabilities, but there are concerns with the diversity of experience.
See publication
Tags: Cybersecurity
WhatsApp Still Needs to Prove it is Trustworthy
Medium
January 17, 2021
In the aftermath of WhatsApp’s privacy notification to users, that they will again be sharing data with Facebook, there is still a lack of clarity. I see a lot of statements from WhatsApp and general chatter regarding what data they will NOT be sharing. But I have yet to find any specificity on what exact data they WILL be sharing with Facebook. That is very strange and seems misdirecting.
See publication
Tags: Cybersecurity, Privacy
Law Enforcement is Seduced by Big Cybercrime Cases
Medium
January 07, 2021
Some important aspects are changing in law enforcement, when it comes to cybercrime.
In today’s video I look at the social aspects within the law enforcement community, the criminal evolution of cybercrime, and the resulting changes in behaviors that are driving fundamental improvements to cybercrime investigations around the globe.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
China Seizes $4B in Cryptocurrency from Scammers
Medium
December 01, 2020
Governments can still pursue cybercriminals and fraudsters who use cryptocurrency. China authorities have seized over 4 billion dollars worth of Bitcoin, Ethereum, and several other cryptocurrencies as part of a crackdown on the PlusToken scheme that defrauded over 2 million people. This seizure has been approved by the courts after the ringleaders were convicted of Ponzi-type fraud.
See publication
Tags: Cryptocurrency, Cybersecurity
Police Cameras are Providing Facial Recognition Tracking to Criminals in Moscow
Medium
November 17, 2020
Criminals are offering stalking services, through the use of Moscow’s camera system, to identify and track people for $200. Customers provide a picture and the criminals will return a report of where that person has been, where they frequent, and more. Apparently, the data is being gleaned from the police facial recognition camera system, that includes over 100,000 cameras positioned to watch the city.
See publication
Tags: Cybersecurity, Privacy
U.S. Dept of Justice seizes $1 billion in Bitcoin
LinkedIn
November 10, 2020
A billion-dollar mystery has been solved. Cryptocurrency watchers were stunned when they recently saw a billion dollars of Bitcoin being moved from a very old account that has been inactive for years.
The mystery was solved as the U.S. Department of Justice unsealed court filings related to the Ross Ulbricht 2015 Silk Road case. Ulbricht, who ran the infamous dark-web site Silk Road, was convicted and his bitcoin assets seized. But before they all could be grabbed, a hacker stole 70k bitcoins from Ulbricht's accounts. As they say, there is little honor among thieves. At the time it was worth a few hundred thousand dollars, but now it has appreciated to a billion dollars!
See publication
Tags: Cryptocurrency, Cybersecurity, Management
Managing IoT Data Security Risks: The Need to Secure Data in Modern Computing
CISO MAG
October 20, 2020
The demands to defend the information on edge devices have reached a new pinnacle and continues to grow beyond what current capabilities can handle. Legacy cybersecurity systems that ensure the confidentiality, integrity, availability and the proper use of data from edge devices are not sufficient for the growing scale of the Internet of Things (IoT) and Industrial IoT (IIoT). Innovation in technology and process is needed to deliver the robustness necessary to defend against a world of ever-evolving cyber threats.
See publication
Tags: Cybersecurity, IoT, Leadership
Should Governments be Responsible for Protecting the Internet?
Medium
October 13, 2020
Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded by citizens to protect personal access and online security?
See publication
Tags: Cybersecurity, Privacy
Microsoft’s New Tactics Disrupts Trickbot Ransomware
Medium
October 13, 2020
Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnerships to better target and disrupt future malware campaigns!
See publication
Tags: Cybersecurity
Leveraging culture for better cybersecurity?
Medium
October 05, 2020
Join the free webinar on Oct 28th 10am PST to listen to the panel discuss how culture can contribute or destroy cybersecurity!
Colleagues Jack Roehrig, Theo Nasser, and myself will be discussing the importance of weaving a positive cyber culture into organizations as part of a greater set of best-practices for effective cyber strategy.
See publication
Tags: Cybersecurity
We Don’t Want IoT Cybersecurity Regulations
Medium
September 21, 2020
It simply makes no sense to call for IoT devices to be certified safe-and-secure. Before you get bent out of shape, hear me out.
Regulations are unwieldy blunt instruments, best left as a last resort. Cybersecurity regulations are not nimble, tend to be outdated the day they are instituted, and become a lowest-common-threshold for an industry to follow. This stifles security innovation and the application of best practices. On the upside, regulations do force industries that have ignored basic security practices to meet a common standard. But history has shown those industries rarely go any farther than the regulatory requirements. All the data breaches we see in the news every week, almost all of those organization are compliant with regulations, yet they are losing data records by the billions. Compliance does not equal security!
See publication
Tags: Cybersecurity, IoT
Beware of Unified Cybersecurity Solutions Claiming to Help CISO's
CISO Platform
September 17, 2020
Many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s
See publication
Tags: Cybersecurity
Painful IoT Security Lessons Highlighted by a Digital Padlock
LinkedIn
September 15, 2020
The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.
See publication
Tags: Cybersecurity, Digital Transformation, Risk Management
EC-Council Free Online Event for Cybersecurity Skills Development
Medium
September 12, 2020
EC-Council is announcing the #TheNextBigThingInCyber skills development in a free online event on Sept 16th 9:30am EST. EC-Council’s CEO, Jay Bavisi will discuss what it means to Humanize firewalls, build a new era of ethical hackers, empower cyber defenders, and the importance of great penetration testers.
See publication
Tags: Cybersecurity, Edtech
Intel patches 9 vulnerabilities in their management platform
Medium
September 12, 2020
Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. One of them was a critical flaw in AMT that allowed remote privilege escalation CVE-2020–8758
See publication
Tags: Cybersecurity, Risk Management, Supply Chain
Defenders show up to the war on deepfakes
Medium
September 04, 2020
Digitally altered and synthetic media are becoming more of a problem. Openly available tools, including AI Deep Learning, enable the easy modification of pictures and videos for distribution on the Internet. Most are benign; clearing up acne, improving image lighting, creating a funny meme, or perhaps narrowing a waistline for aesthetic reasons. More disturbing is the generation of videos of known personalities, making them appear to make caustic statements or take part in inappropriate activities. These fakes have appeared in political posts, social satire, news media, and pornographic material. Motivations are sometimes for humor, vanity, vindictiveness, or to sway public viewpoints.
See publication
Tags: AI, Cybersecurity, Privacy
Google to offer AI Ethics services to others?
Medium
September 01, 2020
AI Ethics are very relevant and growing in importance as the world embraces artificial intelligence systems.
Google has announced it will it will launch new AI ethics service by the end of the year to help others with tricky ethical challenges involving AI.
See publication
Tags: AI, Cybersecurity, Privacy
Smart Cities Keynote: Security and Privacy After 2020
Medium
September 01, 2020
I am looking forward to a great keynote conversation and Q&A session about the new normal for digital security & privacy of smart cities. As our cities embrace digital technologies to extend and improve services to its citizens, it is important to weave in security and privacy controls to reinforce trust.
Come join my co-speakers Marcelo Peredo, the CISO of the City of San Jose, and Zulfikar Ramzan, the CTO of RSA, as we discuss the evolving cybersecurity challenges and opportunities beyond 2020.
See publication
Tags: Cybersecurity, Privacy, Smart Cities
Sacramento Opens Cybersecurity Opportunities for Covid Displaced Workers
Uptrennd
August 28, 2020
City of Sacramento is leading the way and showcasing how public/private partnerships can help the community and make the digital world safer for everyone! This is a great template for other communities to retrain Covid-19 displaced workers for a career in cybersecurity.
See publication
Tags: COVID19, Cybersecurity
How privacy can decrease safety
HelpNetSecurity
August 03, 2020
Online anonymity can undermine accountability and enable victimization. A balance needs to be struck. The second article of a 2 part series between Matthew Rosenquist and Lisa Thee explores the complexities of digital privacy and outlines some U.S. focused recommendations.
See publication
Tags: Cybersecurity, Privacy
What is privacy and why does it matter?
HelpNetSecurity
July 28, 2020
Privacy is a basic right and a necessary protection in the digital age to avoid victimization and manipulation.
See publication
Tags: Cybersecurity, Privacy
What are are the Top 5 CISO Frustrations?
CISO Platform
July 25, 2020
I was recently asked an interesting question: What are are the Top 5 CISO frustrations with the cybersecurity industry?
After a few minutes of deep thought, this is what I came up with.
See publication
Tags: Cybersecurity
Digital privacy: A double-edged sword
HelpNetSecurity
July 21, 2020
igital privacy is paramount to the global community, but it must be balanced against the proliferation of digital-first crimes, including child sexual abuse, human trafficking, hate crimes, government suppression, and identity theft. The more the world connects with each other, the greater the tension between maintaining privacy and protecting those who could be victimized.
See publication
Tags: Cybersecurity, Privacy, Social
The 10 Worst Cybersecurity Strategies
Medium
July 16, 2020
Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Will AI rescue the world from the impending doom of cyber-attacks or be the cause
mc.ai
July 08, 2020
There has been a good deal of publicized chatter about impending cyberattacks at an unprecedented scale and how Artificial Intelligence (AI) could help stop them. Not surprisingly much of the discussion is led by AI vendors in the cybersecurity space. Although they have a vested interest in raising an alarm, they do have a point. But it is only half the story.
See publication
Tags: AI, Cybersecurity
Teaching AI to be Evil with Unethical Data
Peerlyst
July 04, 2020
Artificial Intelligence has a weakness. Unethical training will result in an evil system. Now more than ever, we need a framework of AIEthics to ensure AI systems are created for the good of society.
See publication
Tags: AI, Cybersecurity, Emerging Technology
Profiling White-Hat Vulnerability Researchers
Medium.com
June 26, 2020
Bugcrowd has released some interesting survey data that provides insights into the white- hat vulnerability researcher community.
See publication
Tags: Cybersecurity
Killer Drones to be Available on the Global Arms Markets
Medium.com
June 24, 2020
Turkey may be the first customer for the Kargu series of weaponized suicide drones specifically developed for military use. These semi-autonomous devices have been in development since 2017 and will eventually be upgraded to operate collectively as an autonomous swarm to conduct mass synchronized attacks.
See publication
Tags: AI, Cybersecurity, Autonomous Vehicles
Intel Designs Chips to Protect from ROP Attacks
Medium
June 16, 2020
It looks like Intel Corporation's Control-Flow Enforcement Technology (CET) will finally be making into products. If it works and is adopted, it should disrupt ROP hacks.
See publication
Tags: Cybersecurity, Emerging Technology
Curiosity Labs Opens Free Test-Track for Autonomous Vehicle Innovation
Medium.com
June 05, 2020
Enabling better security, privacy, and safety
It is always nice to see projects that are open and free to use, to advance technology in secure, private, and safe ways. Curiosity Labs provides startups and established companies a no-cost real-world testing infrastructure to innovate smart city and transportation technologies.
See publication
Tags: Cybersecurity, Autonomous Vehicles, Smart Cities
Misunderstanding the Economic Factors of Cybercrime
Medium.com
May 30, 2020
A new study by Cambridge Cybercrime Centre titled Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies concludes that cybercrime is boring and recommends authorities change their strategy to highlight the tedium in order to dissuade the growth of cybercrime.
See publication
Tags: Cybersecurity
10 Areas of Change in Cybersecurity for 2020
Medium
May 11, 2020
Cybersecurity in 2020 will be evolutionary but not revolutionary. Although there is always change and churn, much of the foundational drivers remain relatively stable. Attacks in the next 12 months are likely to persist in ways already known but taking it up-a-notch and that will lead to a steady escalation between attackers and defenders.
See publication
Tags: AI, Cybersecurity, Privacy
Pivot to Telehealth Brings New Benefits and Risks
LinkedIn
April 27, 2020
Innovations in healthcare bring great benefits but also new risks to security, privacy, and safety.
See publication
Tags: Cybersecurity, Healthtech, Privacy
Preventing a Product Security Crisis
LinkedIn
April 17, 2020
How did Zoom end up in crisis? More importantly, how can these lessons help other businesses avoid a major product security crisis that drives customers away and creates a massive opportunity for competitors consume market share?
See publication
Tags: Cybersecurity, Privacy, Risk Management
Zoom in crisis: How to respond and manage product security incidents
HelpNetSecurity
April 15, 2020
Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Managing the crisis will be a major factor in determining Zoom’s future.
See publication
Tags: Cybersecurity, Privacy, Risk Management
My Pursuit Intensifies to Secure Digital Technology
linkedin
April 01, 2020
For over 30 years I have continually sought-out new professional challenges, been enticed at opportunities to overcome near-impossible obstacles, and have taken on new roles to further the cybersecurity industry.
See publication
Tags: Cybersecurity, Privacy
Cryptocurrency Fraud Reached $4.3 Billion in 2019
LinkedIn
February 18, 2020
Cryptocurrency fraud is aggressively on the rise and topped over $4 billion last year and is shocking to those who thought they had found an incredible investment in the cryptocurrency world, yet were swindled out of everything.
See publication
Tags: Cryptocurrency, Cybersecurity
There is No Easy Fix to AI Privacy Problems
Semiwiki.com
February 08, 2020
Artificial intelligence – more specifically, the machine learning (ML) subset of AI - has a number of privacy problems.
See publication
Tags: AI, Cybersecurity, Privacy
Avast Shuts Down its Data Sales Subsidiary Due to Privacy Backlash
CISO Platform
January 31, 2020
Avast was recently caught selling user's web browsing data. Shortly thereafter the CEO made an apology and announced they were ceasing the Jumpshot data collection activities and winding down company operations. It is time that privacy regulations improve. This situation is playing out again and again for freemium type services and only hints at the greater problem.
See publication
Tags: Big Data, Cybersecurity, Privacy
Privacy Day – Yes it Matters More than You Might Think
LinkedIn
January 28, 2020
Privacy matters to everyone! In fact, more than most people realize. It underpins the very nature of liberty and is a key pillar for online security. Celebrate Privacy Day, with a little more effort in protecting your personal data and supporting a digital world that respects privacy.
See publication
Tags: Cybersecurity, Privacy
Lessons from Microsoft’s 250 million data record exposure
HelpNetSecurity
January 24, 2020
Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. As a former cyber incident commander for a major technology corporation, I can see a number of important lessons to be learned.
See publication
Tags: Cybersecurity, Leadership
There is no easy fix to AI privacy problems
HelpNetSecurity
January 23, 2020
Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems.
See publication
Tags: AI, Cybersecurity, Privacy
Banks are Developing Digital Currencies and Opening Themselves to Cyber Risk
LinkedIn
December 31, 2019
Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies. Banks are developing their own digital currencies. The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat landscape.
See publication
Tags: Blockchain, Cybersecurity, Fintech
The 7 most dangerous digital technology trends
HelpNetSecurity
December 10, 2019
As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally. But there is a catch. For every opportunity, there is a risk.
See publication
Tags: AI, Cybersecurity, Privacy
Cryptocurrency Exchange Hacks are on the Rise
Medium
December 09, 2019
Seven major cryptocurrency exchanges were victimized in 2019, totaling over $160 million in financial theft. As predicted, cybercriminal hackers targeted crypto exchanges in 2019 and the trend will continue into 2020.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Hackers Scan Massive Docker Instances to Mine Crypto
LinkedIn
November 27, 2019
Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.
See publication
Tags: Cryptocurrency, Cybersecurity
AI Based Defensive Systems Impact on Cybercriminal Strategy
PenTest Magazine
November 08, 2019
Good guys are working at a fever pitch to create pre-emptive adversarial attack models to find AI vulnerabilities. But threat actors are working just as fast to develop threats and have the resources (aka money) to build powerful cyber weapons. Who will win this race against time?
Some of California’s top security minds came together during National Cybersecurity Awareness Month to discuss the role of Artificial Intelligence (AI) in cybersecurity. Leading experts from both the private and public sectors joined our Inteligenca Cyber Salon to discuss both the promise and concern about AI. No doubt we heard during this talk that AI is controversial.
See publication
Tags: AI, Cybersecurity, Risk Management
Hacking Phones: How law Enforcement is Saving Privacy
DarkReading
October 30, 2019
In the battle between privacy and security, technology can bridge the gap allowing a healthy balance. We must not fear technology, but rather purposefully wield it in better ways with clear goals of benefits and limitations for abuse.
Here is my latest article, posted on Dark Reading, discussing one such path that may raise concerns with privacy advocates at first glance, but could result in a strategic win for everyone's privacy and security, except criminals.
See publication
Tags: Cybersecurity, Govtech, Privacy
Major Drone Attack Against Global Oil Production Showcases Weak Cybersecurity Thinking
LinkedIn
September 16, 2019
We are entering a new era for conflict that brings with it a synthesis of cyber and physical security that increases global safety risks. Attacks with connected technology, Internet-of-Things (IoT) devices, and Industrial IoT components are ramping up, now attaining levels with serious consequences. The cybersecurity industry is not prepared. It is time we revisit the deeper discussion of converged cybersecurity!
See publication
Tags: Cybersecurity, Digital Transformation, IoT
Criminals Luring in Bitcoin Sellers to Launder Money
LinkedIn
September 13, 2019
With the lure of big cash rewards, cybercriminals are luring-in the bitcoin community to become money laundering mules. This does not end well for anyone except the criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Social
Matthew Rosenquist Joins the Eclipz Advisory Board to make the World of Connected Data More Secure
LinkedIn
September 04, 2019
I am excited to announce that I am joining the Advisory Board of Eclipz! Such a great team working to make the connected world of data more secure across devices, services and even between untrusted endpoints.
See publication
Tags: Cybersecurity, Emerging Technology, Startups
NATO’s Collective Defense for Cyber Attack Remains Fragile
LinkedIn
September 03, 2019
NATO is far from implementing "collective defense" for cyber-attacks. Much work is still to be done before Article 5 is an effective deterrent.
See publication
Tags: Cybersecurity, Govtech, Leadership
Cryptocurrencies Should be Enabled to Blacklist Criminal Holdings
LinkedIn
August 28, 2019
Cryptocurrencies like Bitcoin are heavily targeted and exploited by cybercriminals. There may be something that can be done to assist law enforcement in revocating illicit assets, aid victims, and still preserve the fierce independence autonomy of public blockchain cryptocurrencies.
See publication
Tags: Cryptocurrency, Cybersecurity, Innovation
Do Not Pay Ransomware – A Lesson for Municipalities
Medium
August 19, 2019
Ransomware is getting worse, in part because victims are paying. Poor decisions of certain municipalities is having an impact on their peers. Stop paying criminals! They will be back, stronger than before.
See publication
Tags: Cybersecurity, Govtech
Joining the Advisory Board for the Techno Security & Digital Forensics Conference
LinkedIn
August 15, 2019
I am excited to announce I have accepted a position on the Techno Security & Digital Forensics Conference Advisory Board. I am honored to be part of this team to help drive education, awareness, training, and ethics across the digital forensics and cybersecurity industries.
See publication
Tags: Cryptocurrency, Cybersecurity, Digital Transformation
Binance Cryptocurrency Exchange Refuses to Pay Blackmailers Over a Possible Data Breach
LinkedIn
August 08, 2019
A blackmailer attempted to extort $3.5 million from the Binance cryptocurrency exchange, stating they would release confidential KYC (Know Your Customer) data. Binance has refused to pay the demands and is working with law enforcement to track down the cyber criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Insider Threats in the Digital World are Sinister
LinkedIn
August 07, 2019
The compromise of AT&T is another example of the serious risks posed by insider threats. In this case an external attacker leverages the access and authority of internal people through bribes. Especially in digital environments, trusted insiders have incredible potential to do harm, cause disruption, and undermine trust. They are the submerged part of the cyber risk iceberg that we all must deal with.
See publication
Tags: Cybersecurity, Risk Management
Does Home Depot Respect Customer Privacy?
LinkedIn
July 29, 2019
Raising an issue with the privacy practices at HomeDepot. Why are they unnecessarily gathering personal information of its customers? A privacy savvy community should raise and amplify such issues to drive change.
See publication
Tags: Customer Experience, Cybersecurity, Privacy
Cryptocurrency Exchanges are Cyber Hackers Next Targets
LinkedIn
July 22, 2019
Where will online criminal hackers look next? Cryptocurrency. There are already hacks going on, but this will ramp up significantly as some of the more highly competent criminals are targeting cryptocurrency exchanges.
See publication
Tags: Cryptocurrency, Cybersecurity, Risk Management
Top 10 Things You Should Be Doing to Protect from Cyberattacks
LinkedIn
July 15, 2019
I get asked all the time for a quick answer to the question “How can I protect myself from getting attacked online?”. The simplified answer is to follow these Top 10 best practices.
See publication
Tags: Cybersecurity
Fight for Digital Privacy Rights Continue in Tech-Focused California
LinkedIn
June 27, 2019
The tech heartland of California is the latest battleground for privacy rights. Big tech companies are fighting to dilute upcoming legislation that will require more privacy protections. But is it enough? No! We need even better protections, accountability, and transparency of how our personal data is handled. This is the moment when ethical tech giants can either stand-up to do the right thing by leading the charge for the betterment of their users or lawyer-up to allow hidden practices, abuses, obfuscation, and deniability to continue for their financial gain.
See publication
Tags: Big Data, Cybersecurity, Privacy
Should Exploit Code be Published When Vulnerabilities are Made Public?
linkedin
April 18, 2019
On the heels of a recent report from Kaspersky Labs, discussions among security professionals have been stirred-up regarding the risks of publishing proof-of-concept code that may be helping hackers more than benefiting security. The topic has history and continues to be vigorously debated.
See publication
Tags: Cybersecurity, Privacy
Invitation to Innovators for Voting Technology Security
linkedin
April 15, 2019
Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. I am looking forward to listening to all the excellent concepts for election security at the upcoming event in Sacramento CA. As India is now in the midst of having 900+ million people vote, we too need to figure a way to leverage digital tools for our democracy in a secure, private, trustworthy, and attestable way.
See publication
Tags: Cybersecurity
Role of the CISO: Top 3 Questions
linkedin
February 15, 2019
The role of Chief Information Security Officers (CISO) is evolving and requires a complex skill set. Long perceived as cost center that constrains the business in order to reduce losses from cyberattacks and to meet regulatory compliance, cybersecurity is now transforming into a critical function that must contribute to overall competitiveness.
See publication
Tags: Cybersecurity
Open Letter to the FTC – Bureau of Consumer Protection
linkedin
January 29, 2019
In December 2018 the FTC held hearings on Competition and consumer Protection in the 21st Century. A number of people spoke at the event and the FTC has graciously opened the discussion to public comments. The Federal Trade Commission has interest, certain responsibilities, and can affect changes to how data security evolves. This is our opportunity for the public to share its thoughts and concerns. I urge everyone to comment and provide your viewpoints and expertise to the FTC committee. Comments can be submitted electronically no later than March 13, 2019.
See publication
Tags: Cybersecurity, Privacy
When the Wrong Person Leads Cybersecurity
linkedin
November 19, 2018
Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.
See publication
Tags: Cybersecurity, Privacy
Technology Transformation for 2019
linkedin
November 15, 2018
Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.
See publication
Tags: Cybersecurity, Privacy
Should Companies be Allowed to ‘Hack Back’ after a Cyberattack
linkedin
September 30, 2018
Government officials and experts are weighing in on the concept of ‘hacking back’, the practice of potentially allowing U.S. companies to track down cyber attackers and retaliate.
See publication
Tags: Cybersecurity, Privacy
Beware Friendly Botnets
linkedin
September 18, 2018
The recently discovered Fbot, which finds systems infected with crypto-coin mining malware and scrubs them clean, may seem like a champion of good, but remember it is entering your system without your permission and modifying code and deleting files. We have seen other such ‘cleaner’ worms in the past, and the best advice is to be wary.
See publication
Tags: Cybersecurity, Privacy
“Unhackable” Product Claims are a Fiasco Waiting to Happen
linkedin
August 17, 2018
Those who think that that technology can be made ‘unhackable’, don't comprehend the overall challenges and likely don't understand what 'hacked' means.
See publication
Tags: Cybersecurity, Privacy
Slowing Innovation Should be a Cybersecurity Violation
linkedin
August 04, 2018
Risks come in many forms. Going too fast, being reckless, taking chances, etc. are easy to recognize warning signs. But what about the other end of the spectrum? Is going too slow ever bad? I say yes, especially when it unnecessarily impedes productivity, innovation, operational logistics and intentionally creates frustration of users.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
LinkedIn
July 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
Companies in regulated industries and larger businesses will typically invest in an internal team to actively manage the cyber risks with a Chief Information Security Officer (CISO) at the helm. The current incarnation of the CISO position has not really been in widespread use for very long and the role has radically changed over the years. Where they report within the organization, what background and skills they possess, their overall responsibilities, and the desired experience for which they are hired varies wildly from one CISO to the next. The traditional CISO role focuses on protecting company assets, including preserving reputation, preventing downtime, securing data and financial assets, and ensuring regulatory compliance. But some companies are also using the CISO role as an external marketing ambassador to fuel visibility and drum up customers. So, in today’s world it is a mixed bag. Consequently, security teams are managed very differently and there is a major performance gap that needs to be addressed.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Mylobot Showcases the Evolution of Modern Malware
linkedin
June 21, 2018
The recently discovered Mylobot aggregates 9 sophisticated features, highlighting how advanced malware is evolving. Stealth capabilities make it difficult for security tools to detect and protection aspects preserve its functionality over time.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
linkedin
June 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
See publication
Tags: Cybersecurity, Privacy
3 Tips to Maximize Cybersecurity Value
Medium
July 11, 2022
Delivering maximum value is a momentous challenge for cybersecurity organizations. It takes a decisive effort to organize and prioritize the proper goals that are meaningful to the business, and establish operational excellence to deliver effectiveness and efficiency. But running a good risk program that manages the defensive posture by addressing internal vulnerabilities is not enough. There are external factors that have a profound impact on the likelihood of attack and business factors that matter to the executive suite which could represent a competitive advantage to the corporate bottom line.
See publication
Tags: Cybersecurity, Security
Value is the Cybersecurity Blind Spot
Medium
May 16, 2022
The industry currently suffers from a weakness to understand, align, and showcase its maximum potential value, which extends beyond managing digital risks and often includes non-traditional competitive advantages which contribute to the overall business goals.
See publication
Tags: Cybersecurity, Risk Management, Security
Announcing 2022 Cybersecurity Predictions
Medium
January 16, 2022
2022 will be a very tumultuous year for cybersecurity professionals. The underlying fundamentals that drive major shifts of the cybersecurity industry — technologies, threats, and economic factors, will introduce new risks and combine to significantly increase the relevance and challenges of protecting digital assets and capabilities.
See publication
Tags: Cybersecurity, Privacy, Security
Growing Cyber Risks of Firmware with Scott Scheferman
Medium
December 22, 2021
Firmware is the little-talked-about component of every digital device and computer system, that possesses tremendous control, and is now being targeted by cyber attackers. In today’s Cybersecurity Insights podcast, I am talking with Scott Scheferman about the growing cybersecurity risks of firmware that could undermine most of the security controls in computer systems.
See publication
Tags: Cybersecurity
International Coalition Fails to Address Ransomware
Medium
October 20, 2021
U.S. leadership organized a meeting with over 30 nations to figure out how to address the growing problem of ransomware. The results were unimpressive, lacking the bold innovation needed to stem the meteoric rise of ransomware that is targeting businesses and the critical infrastructure that citizens depend upon for security, health, services, and prosperity.
See publication
Tags: Cybersecurity, Privacy
The Next Big Data Breach You Need to Know About
Medium
October 13, 2021
The Syniverse hack may be the most important data breach of the year!
Hackers had access for 5 years and potentially compromised hundreds of billions of SMS text messages, likely including 2nd Factor Authentication codes that protect logins and are used to reset passwords.
See publication
Tags: Big Data, Cybersecurity
Why Trust in Digital Tech is the Key to Future Innovation
Medium
September 29, 2021
I was honored to speak at the Hexcon21 cybersecurity virtual conference this year and wanted to repost my presentation for all who did not get a chance to watch the live event.
I discussed why trust in digital technology is the key to sustaining a future where digital innovation and adoption continue to thrive.
See publication
Tags: Cybersecurity, Innovation, Privacy, Risk Management
Cybersecurity Progresses from Mitigating Risks to Deliver Profit Opportunities
Medium
September 08, 2021
Cybersecurity is breaking out from just preventing risk of loss! Forward thinking companies are showing leadership by leveraging cybersecurity capabilities to contribute to market position and profitability opportunities. In today’s video I cover some of the ways cybersecurity is being leveraged for the bottom line.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Rohit Parchuri on the Challenges of Securing Future Healthcare
Medium
September 03, 2021
The Cybersecurity Vault — Episode 2 — The risks and opportunities of securing data are shifting rapidly for the healthcare industry. Rohit Parchuri who serves as the CISO for Collective Health Security, discuses the rapidly changing challenges in healthcare that will affect every American.
See publication
Tags: Cybersecurity, Healthtech, Risk Management
Anti-Money Laundering Detection Tool on the Dark Web
Medium
August 24, 2021
A new tool is gaining popularity on the dark web which provides insights to users if their cryptocurrency activity might be flagged by authorities as potentially illicit. Such a tool can provide cybercriminals the intelligence necessary to stay under-the-radar of law enforcement. Conversely, the tool may help law enforcement understand how to shift their threshold to catch those who are looking to evade detection!
See publication
Tags: Cryptocurrency, Cybersecurity
Arguments Against Criminalizing Ransomware Payments
Medium
August 11, 2021
The goal is to effectively end ransomware as a significant cybersecurity risk for everyone. In exploring the different strategic options, one path has emerged superior, in which the flow of money to the ransomware attackers is essentially stopped. The only way to make that happen consistently is to compel the victims to not pay by making it a criminal act. However, not everyone agrees.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Why REvil Ransomware Group Suddenly Disappeared
Medium
July 20, 2021
The notorious REvil ransomware cybercriminal group suddenly disappeared without explanation, spurring lots of speculation in the cybersecurity community. In this week’s video, we go over the results of a recent poll among security professionals that revealed what they believed was behind the REvil’s disappearance and if they will be back.
See publication
Tags: Cybersecurity
Ransomware Explained — Ending Ransomware
Medium
July 16, 2021
Stopping ransomware from being an impactful menace is the grand goal, but what are the specific criteria for success we should be striving for? Without clear objectives, we are often consumed with trivial aspects and never attain the desired end-state.
See publication
Tags: Cybersecurity
Ransomware Explained — 3 Fundamental Ways to Stop Cyberattacks
Medium
July 07, 2021
There are only 3 fundamental ways to stop attacks from motivated and intelligent adversaries.
Let’s identify and explore those options, and discuss how they may be applied to undermine Ransomware.
This video is the latest installment of a multi-part series on Ransomware. The series is free on the Cybersecurity Insights YouTube Channel.
See publication
Tags: Cybersecurity
Ransomware Cybersecurity Fireside Chat
Medium
June 29, 2021
See publication
Tags: Cybersecurity, Privacy, Risk Management
Ransomware Explained — Understanding the Attackers
Medium
June 24, 2021
Understanding the attackers is the first step in identifying an effective, efficient, and sustainable paths to mitigating the risks of ransomware.
See publication
Tags: Cybersecurity, Privacy
Ransomware Explained Video Series
Medium
June 09, 2021
Ransomware is a rising threat to every organization, device, and person connected to the Internet. All the products, services, and critical infrastructures are at risk of being victimized. We are all being impacted by this type of cybercrime and it is only the beginning.
See publication
Tags: Cybersecurity, Risk Management
2 Biggest Factors Driving the Future of Cybersecurity
YouTube
June 03, 2021
Cybersecurity can appear random and chaotic, but there are basic fundamentals that drive the course of cyberattacks.
In today’s video, I dive into the two biggest factors that shape cybersecurity risks, attacks, and what drives the direction of the security industry.
See publication
Tags: Cybersecurity, Social, Business Strategy
Paying Ransomware Should be Illegal
Medium
May 26, 2021
Ransomware is a growing problem that must be STOPPED! Cybercriminals are accumulating fortunes by impacting individuals, businesses, critical systems, and digital services. Some victims are paying ransoms in the tens of millions of dollars.
See publication
Tags: Cryptocurrency, Cybersecurity
The Colonial Pipeline Cyberattack Might be Good for America
Medium
May 17, 2021
The Colonial Pipeline ransomware attack, that caused fear of fuel shortages on the US East Coast, might be exactly what the nation needed to improve Critical Infrastructure security!
See publication
Tags: Cybersecurity, Privacy
Top 10 Things the Industry Can Do Now to Mitigate Digital Supply-Chain Attacks!
Medium
May 11, 2021
The SolarWinds and Exchange supply-chain attacks have highlighted how vulnerable 3rd party and vendor security is for every organization.
See publication
Tags: Cybersecurity, Supply Chain
Where Should a CISO Report Into?
Medium
May 03, 2021
Where should a CISO report into within an organization? No common standard exists as we can find them operating under many different organizations, including IT, Legal, the CTO, and CEO just to name a few.
See publication
Tags: Cybersecurity, Management, Risk Management
What’s Broken with M&A Cybersecurity
Medium
April 26, 2021
Cybersecurity for Mergers and Acquisitions is a mess. There are a surprising number of significant unforeseen risks that can wreak havoc on M&A deals. In this week’s fireside chat, I am joined by Justin Daniels, General Counsel/Cybersecurity/Data Protection SME at Baker Donelson, and Alex Rayter, Principal at Phoenix 2.0 Inc, to discuss the due diligence, risks, and recommendations to better understand and manage the challenges.
See publication
Tags: Cybersecurity, Privacy, Security
Good and Bad of Google’s Project Zero Vulnerability Disclosure Changes
Medium
April 19, 2021
Google’s infamous Project Zero vulnerability research team recently announced it is changing its disclosure policy to be more friendly to product vendors. But is that good for cybersecurity?
See publication
Tags: Cybersecurity, Privacy
Zoom Critical Vulnerability Discovered
Medium.com
April 12, 2021
A new vulnerability has been discovered in the popular Zoom online conferencing tool that allows an attacker complete remote control over the targeted system, without any involvement by the user. As vulnerabilities go, this is pretty bad. But there is some very good news about this exploit.
See publication
Tags: Cybersecurity, Privacy
Stopping the Runaway Ransomware Epidemic
Medium.com
April 06, 2021
I see many government politicians positioning a ban of cryptocurrency as a solution for ransomware. That would simply not world. It would create an obstacle for cybercriminals, but one they would pursue to overcome. At most, it would be a temporary setback for cybercriminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Chaining Exploits are Taking Vulnerabilities to a New Level
Medium
March 30, 2021
Cyberattacks are leaping ahead in sophistication and the industry is not prepared.
As an example, Google Project Zero team recently detected attackers that exploited a combination of seven previously unknown vulnerabilities (0-days) to hack fully patched Windows, Android, and IOS systems.
See publication
Tags: Cybersecurity, Privacy
A Simple Solution to Crush Digital Misinformation
YouTube
March 22, 2021
Digital communication is connecting people around the globe with tremendous benefits, but is also being misused in terrible ways that take advantage of the community.
See publication
Tags: Cybersecurity, Digital Transformation, Privacy
DeepFakes — the Digital Future of Forgery
Medium
March 18, 2021
DeepFake technology is readily accessible and rapidly increasing in its capabilities. It will be used for both entertainment and malicious activities. In today’s short video I talk about some of the misuse we are already seeing and how there are counter-efforts to identify deepfakes.
See publication
Tags: Cybersecurity, Privacy
Cyber Threats Porting Malware to Apple Chips
Medium
March 10, 2021
Cyber threats are adapting their malware to work on new Apple chips that will power their products. The shift to a multi-architecture design will allow attackers to target the next generation of Apple systems and potentially exploit any discovered vulnerabilities.
See publication
Tags: Cybersecurity, Privacy, Risk Management
What SMB’s need to know about Cybersecurity
Medium
March 08, 2021
Small and medium businesses aren’t paying attention when it comes to cybersecurity. They are being targeted. Even with limited resources SMB’s can greatly improve their cyber defense. Many free resources are available that identify good practices to bolster cybersecurity of any sized organization.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Who do Executives Blame for Cybersecurity Failures?
Medium
March 03, 2021
My rant in response to the former CEO of SolarWinds pointing the finger of blame at an intern in an attempt to redirect cybersecurity responsibility, highlights a lack of understanding and accountability within the c-suite.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Nation State Cybercriminals are a Risk to Everyone
Medium.com
March 01, 2021
Most nation-state activities are focused on intelligence gathering, political manipulation, interference with critical infrastructure, and subverting military capabilities. These indirectly affect everyone, but don’t represent a direct threat to everyday citizens.
See publication
Tags: Cybersecurity, Risk Management
Not Paying Ransomware is the Only Way We All Win
Medium.com
February 22, 2021
Ransomware is on the rise because cybercriminals are being rewarded. Those who are impacted have been paying the ransoms, thereby funding and encouraging attackers to expand and target others.
See publication
Tags: Cybersecurity, Risk Management
If I Were a Nation-State Hacker Looking to Conduct Supply Chain Attacks
Medium
February 10, 2021
Cyber threats are racing to find and exploit the next big Supply-Chain hack. Compromises like that of SolarWinds represent a tectonic shift in the Cybersecurity world, where the compromise of a single software supplier can expose all their customers for victimization by attackers.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Top 3 Missions of a CISO
Medium
February 03, 2021
Every Chief Information Security Officer should have a strategic plan that defines the key deliverables to enable success.
See publication
Tags: Cybersecurity, Edtech, Privacy
Cautious Optimism and Grave Concerns as Intel Integrates Cybereason into Chips
Medium
January 27, 2021
Intel and Cybereason just announced that they are working to integrate Cybereason to collect data from hardware to software levels, with the goal of protecting users from ransomware.
See publication
Tags: Cybersecurity
Finding the Next SolarWinds Type of Supply Chain Attack
Medium
January 20, 2021
The SolarWinds compromise showed that supply-chain attacks are possible and the ramifications can be tremendously impactful. Other nation states will be investing in efforts to duplicate this success. That makes IT tools, security products, hardware & firmware vendors, and cloud service providers prime targets for exploitation.
See publication
Tags: Cybersecurity, Supply Chain
Cybersecurity Value is About Protecting Intangible Assets
Medium.com
January 14, 2021
Intangibles now account for 90% of the S&P’s total assets and it is no accident that the core of cybersecurity has evolved to protect those aspects of the business. It is a natural progression for security to align with protecting the most important assets. This is a crucial element when communicating the value and relevance to audiences.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Why are Cybersecurity Roles Confusing
Medium.com
January 11, 2021
The cybersecurity field is dynamic and the roles and responsibilities are ever changing. People coming into the cybersecurity field often expect clearly defined positions and are surprised at the significant variance when looking at job descriptions or talking with professionals.
See publication
Tags: Cybersecurity, Management, Privacy
The CISO Dilemma - When Leadership Ignores Risks
YouTube
December 24, 2020
What should a CISO do when the executive leadership chooses to ignore critical cyber risks? If the C-Suite and board are well informed of imperative vulnerabilities and yet choose a path to ignore security, the CISO is put in a position where they are incapable of effectively managing risk, yet still responsible when incidents occur.
Let’s break down the problem, from what a CISO must do, how people disposition risks, and finally the recommended actions.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Objectives of Nation State Cyber Attackers
YouTube
December 21, 2020
It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.
Today I discuss the 4 primary reasons why Nation States conduct cyber warfare activities and evaluate that against what we currently know of the SolarWinds hack to gain a better sense of the scale and strategic value to the infiltrators.
See publication
Tags: Cybersecurity
Leaders and Losers of the SolarWinds Hack
YouTube
December 20, 2020
The SolarWinds hack has had a significant ripple effect on the cybersecurity community, with over 18k organizations discovered to be severely vulnerable and at the mercy of nation-state hackers. The security community realized some of the biggest companies, most sensitive government agencies, and critical infrastructure were at risk. Some organizations have shown leadership, most have remained quiet, and a few have decided to take advantage of the fear to sell their wares and pursue profits.
Time to call out the leaders and deceivers.
See publication
Tags: Cybersecurity
Missing the Big Picture from the SolarWinds Hack
YouTube
December 15, 2020
The cybersecurity industry is consumed with scale and effectiveness of one of the biggest hacks in recent memory. The emerging narrative and stories are missing important pieces of the puzzle. The attackers, likely a nation-state, gained unprecedented access to the U.S. government, military, critical infrastructure, and most major businesses. The full scope and reasons are not clear, but it is imperative to figure out. The mystery must be solved, for the benefit of everyone, so we can prepare for what is next.
See publication
Tags: Cybersecurity
Evolution of Law Enforcement is Driving Changes Cryptocurrency
LinkedIn
December 14, 2020
There is an important transition that is happening with law enforcement’s adaptation to digital currencies. Authorities are seizing billions worth of criminal’s cryptocurrency and their improving skills are proving crypto is not the safe haven that criminals thought it to be.
See publication
Tags: Cryptocurrency, Cybersecurity
FireEye Hacked – A Stark Reminder of Cybersecurity Risks
YouTube
December 10, 2020
Even the best security organizations can be hacked! Watch my message to both the cybersecurity industry as well as those attackers that hacked FireEye and stole the RedTeam tools. This skirmish went to the hackers, but the battle continues.
See publication
Tags: Cybersecurity
Apple App Store Will Require Privacy Transparency
YouTube
December 07, 2020
Apple is instituting new privacy requirements, for all new applications being listed in the App Store, to enhance transparency and educate users. It is an important step, but additional measures are needed to ensure compliance.
See publication
Tags: Privacy
Why TrickBot Malware may be a Game Changer for Cybersecurity
YouTube
December 04, 2020
Cyber attackers continue to move down the compute stack with the latest variant of TrickBot now targeting firmware for malicious manipulations. This is when it gets serious.
See publication
Tags: Cybersecurity
Some Justice for Phone Scammers
YouTube
December 02, 2020
Some justice was delivered to the leader of a major phone scam ring based out of India. You are probably familiar with those spam calls that threaten money is owed to the IRS and if you don’t pay over-the-phone you will be arrested. Total scam. This criminal will be spending some quality time behind bars, thanks to the U.S Dept of Justice and international cooperation. A good day.
See publication
Tags: Cybersecurity
Top 3 Recommendations to Avoid Online Holiday Fraud and Scams
YouTube
December 01, 2020
The holidays are a time for increased online fraud and scams. All of us need to follow the best security practices to keep our holiday from turning into a digital disaster.
The Cybersecurity Infrastructure Security Agency (CISA.Gov) has some good tips for safe online shopping https://www.cisa.gov/shop-safely
See publication
Tags: Cybersecurity
Disable Amazon Sidewalk for Now
YouTube
November 25, 2020
Amazon is releasing their Sidewalk network feature that opens users home network to connect with neighbors that also have Amazon products like the Echo devices and Ring security cameras. Amazon is turning Sidewalk ON by DEFAULT! That is concerning. Such a network could enable a host of new capabilities but might also introduce new cyber risks to participants.
See publication
Tags: Cybersecurity
Intel in Denial of the Latest SGX Secure Enclave Vulnerability
YouTube
November 19, 2020
Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology. The most disturbing aspect is not the vulnerability itself, but rather how Intel has responded to researchers and news outlets. Pure denial.
As a shareholder and former employee, I am gravely disappointed!
See publication
Tags: Cybersecurity
New Zealand Releases a Privacy Data Breach Self Test Tool
YouTube
November 16, 2020
The small country of New Zealand is showing great privacy leadership by releasing a tool to help businesses determine if a cybersecurity incident is considered a Data Breach.
See publication
Tags: Privacy
Inaccurate Predictions about Cybersecurity is Dangerous
Medium.com
November 12, 2020
I may offend some people, so for those who don’t want to hear my rant, skip this video.
Recent cybersecurity predictions aren’t just wrong, they are dangerous
I am disappointed in the recent comments that Michelle Zatlyn, the co-founder and COO of Cloudflare, made regarding the future of cybersecurity.
She stated Cybersecurity would be “a thing of the past the next decade” and that instead it will work like a water filtration system.
She is wrong. Dead wrong.
See publication
Tags: Cybersecurity
Deloitte's 'Test your Hacker IQ' Proves Vulnerable to being Hacked
YouTube
November 10, 2020
A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked. This incident showcases a number of important lessons for every organization that wants to avoid such embarrassment.
See publication
Tags: Cybersecurity
U.S. Dept of Justice seizes $1 billion in Bitcoin
YouTube
November 09, 2020
A billion-dollar mystery has been solved. Cryptocurrency watchers were stunned when they recently saw a billion dollars of #Bitcoin being moved from a very old account that has been inactive for years.
U.S. Dept of Justice unsealed court filings related to the Ross Ulbricht 2015 Silk Road case. This is momentous! Such a seizure puts most others to shame and it will likely drive some changes in law enforcement. In the video, I discuss how this case will change enforcement and criminal practices moving forward.
See publication
Tags: Cryptocurrency
Intel’s Secret Key to Decrypt Microcode Patches is Exposed
YouTube
November 02, 2020
Vulnerability researchers hacked Intel’s update process and captured the secret key that decrypts Intel microcode updates. This important finding exposes another layer of security that protects CPUs from malicious manipulations. Intel’s response downplays the true significance, seeking to pacify concerns, while ignoring the strategic implications.
See publication
Tags: Cybersecurity
Cybersecurity Awareness Month – Accept My Challenge
YouTube
October 25, 2020
October is Cybersecurity Awareness Month. It is a time to consider the risks we accept everyday when using computers and what we can do to better protect ourselves.
I have a challenge for each and every person. Something that will help people individually and everyone collectively.
See publication
Tags: Culture, Cybersecurity, Social
NSA Reveals the Top Vulnerabilities Exploited by China
YouTube
October 23, 2020
The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data.
The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information from foreign companies and countries.
See publication
Tags: Cybersecurity, Risk Management
Charges Against Russian Nation-State Hackers Sends a Message
Medium
October 22, 2020
The U.S. Department of Justice filed charges against six Russian agents, identified as members of the APT group known as Sandworm. The unsealed documents reveal that the six suspects are all current or have former ties to the Russian foreign intelligence agency, the GRU. The charges outline how this group is supported and coordinated by the Russian government to conduct hacks against people and governments around the world, including taking down the Ukraine power network and unleashing NotPetya malware, one of the most damaging in history.
See publication
Tags: Cybersecurity, Govtech
Cyber Threats Enhance Phishing with AI and Worm Functions for Rapid Disruption
Medium
October 20, 2020
New phishing malware leverages Artificial Intelligence and worm functionality to rapidly spread to contacts of victims. By leveraging previously established relationships the malware can bypass technical controls and easily fool new targets into becoming infected.
See publication
Tags: AI, Cybersecurity
Apple T2 Chip Vulnerability Challenges the Industry
Intel Corp
October 18, 2020
Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched! The announcement adds to the growing concerns and shifting perceptions about hardware security.
See publication
Tags: Customer Experience, Cybersecurity, Privacy
Is Paying Ransomware Now Illegal?
Medium
October 16, 2020
Security experts say don’t pay ransomware, but now the U.S. Treasury Department is now declaring it illegal! Every company on the Internet must deal with the threat and emerging regulations.
Ransomware continues to be a growing problem because victims have been rewarding the attackers. If regulations expand, the option to pay-off the criminals will no longer be viable. We must address ransomware in a more proactive way. It is time to get focused and start thinking strategically.
Subscribe to my new YouTube channel for more Cybersecurity Insights, rants, news, and perspectives.
See publication
Tags: Cybersecurity
Microsoft's New Tactics Disrupts Trickbot Ransomware
YouTube
October 13, 2020
Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnerships to better target and disrupt future malware campaigns!
See publication
Tags: Cybersecurity
Should Governments be Responsible for Protecting the Internet?
YouTube
October 12, 2020
Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded by citizens to protect personal access and online security?
See publication
Tags: Cybersecurity, Digital Transformation, Privacy