The OSI Model and You Part 7: Stopping Threats at the Application Layer
Security Intelligence
July 05, 2021
A lot has changed since the creation of the Open Systems Interconnection (OSI) model. The OSI model dates back to the mid-1970s, designed to serve as a common basis for system interconnection and networking. It has been very useful in that regard, but we have to be aware a lot has changed since its inception. The greatest disrupter to this model is cloud computing. With that said, there is still value in the OSI model and how to reduce risk in each layer, as many of our systems today still rely on its design.
See publication
Tags: Cybersecurity, Risk Management
The OSI Model and You Part 3: Stopping Threats at the OSI Network Layer
Security Intelligence
June 07, 2021
Networking models help us understand the ‘lay of the land’ when it comes to protecting the network. In our journey through the Open Systems Interconnection (OSI) framework, we’ve arrived at the last stop in the media group, the OSI network layer.
See publication
Tags: Cybersecurity, Privacy, Risk Management
The OSI Model and You Part 2: The Data Link Layer
Security Intelligence
May 31, 2021
If the physical layer we talked about earlier in this series about OSI layers is the ‘what’ that allows data to travel, the data link layer is the ‘how.’ In the previous piece of this seven-part series on the OSI model, we described the physical layer and what cybersecurity threats could impact it. Remember, the key takeaway on how to protect the physical layer is this: business impact, contingency planning and continuity. NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems, is one of your best friends here. Now, let’s take a look at the data link layer.
See publication
Tags: Cybersecurity, Privacy
Ransomware Attacks in 2021: Information Meets Emotion
Security Intelligence
April 16, 2021
“If you want to go quickly, go alone, but if you want to go far, go together.”
This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders also need to focus on working together, even when teams are separated in home offices.
As ransomware trends change in 2021, what should we look out for? An overview of the Sophos report provides some ideas.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Does a Strong Privacy Program Make for a Stronger Security Program?
Security Intelligence
February 04, 2021
There is a saying in sociopolitical circles: “politics is downstream from culture.” Using that same line of thinking, poses a question: Is information security downstream from data privacy?
See publication
Tags: Cybersecurity, Privacy
CISO Success: It’s About More Than Tech Skills
Security Intelligence
February 02, 2021
The chief information security officer (CISO) is a relatively new position in the C-suite. It’s about 25 years old or less, depending on whom you ask. But, it is only within the last 10 or so years that the role has taken on greater prominence, likely because of the increase in cyber breaches over the last decade. What does a CISO do, and what skills are required?
See publication
Tags: Cybersecurity, Privacy, Risk Management, Business Continuity
Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit
Security Intelligence
January 29, 2021
The universe is getting smaller, and space cybersecurity is keeping up. On May 30, 2020, nearly a decade after the Space Shuttle program ended, people witnessed a first: a vehicle built as part of a public-private partnership (between SpaceX and NASA) took off into space. This development was transformational because it brought the world one step closer to commercial space travel. We now have proof of concept that space travel, once reserved for powerful nation-states, is something that can be achieved, albeit with a lot of assistance right now, by a commercial company.
See publication
Tags: Cybersecurity
Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget
Security Intelligence
January 15, 2021
As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are some items you can bake into your cybersecurity budget that will reduce your overall risk posture?
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management
Security Intelligence
January 12, 2021
There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can be a serious problem for workers.
See publication
Tags: Cybersecurity, Risk Management, Mental Health
Data Destruction: Importance and Best Practices
Security Intelligence
November 19, 2020
As discussed in an earlier piece, data should be treated as a valuable currency. But there is another aspect to data handling that needs to be considered: data as a liability. Having your data fall into the wrong hands can be incredibly damaging to you and your team, which is all the more reason to have a sound and secure data destruction policy for the last mile.
See publication
Tags: Cybersecurity, Privacy, Data Center
Cybersecurity Today: The Intersection of Technology and Behavior
Security Intelligence
September 30, 2020
In the movie “Back to the Future II,” protagonist Marty McFly travels forward to the year 2015. During a quick stop at Café 80s, Marty encounters two children, confused by the 80s-style arcade game in the store. When Marty shows them how to play, the kids retort with, “You mean you have to use your hands?”
See publication
Tags: Cybersecurity, Risk Management
Cybersecurity Risk Management: Protecting Our Most Valuable Currency
Security Intelligence
September 29, 2020
Cybersecurity risk management can be a unifying conversation throughout your organization. Few things are more challenging in the cybersecurity business than getting stakeholders to speak in the same language. The business planners are talking supply and demand; the IT department is talking bits and bytes; the HR department is talking wellness and productivity; the C-suite is talking dollars and cents; and the board of directors are talking governance and liability. All these competing challenges make discussions about endpoint solutions, monitoring systems and identity management systems difficult to have.
See publication
Tags: Cybersecurity, Risk Management
Back to Basics: Creating a Culture of Cybersecurity at Work
Security Intelligence
September 16, 2020
The importance of security culture can be seen now more than ever. Many of us work remotely; there are app concerns; and the lines between personal and business use of devices and networks are blurred, challenging our cyber resilience. Therefore, despite all the great tools, frameworks and protective measures in place, we need to ensure people are doing what they can to help protect the larger network. These basic tips can make a great checklist for creating a culture of cybersecurity at work, regardless of employees’ level of security literacy.
See publication
Tags: Cybersecurity
When Your Heartbeat Becomes Data: Benefits and Risk of Biometrics
Security Intelligence
August 21, 2020
Knowing who your users are today is more important than ever. This explains, in part, why integrating biometric usage into identity and access management (IAM) appears appealing. Throw in some artificial intelligence (AI) to help manage all these data points, and the future of biometrics looks pretty wild.
See publication
Tags: AI, Cybersecurity, Privacy, Risk Management
4 Steps to Help You Plan a Cyber Resilience Roadmap
Security Intelligence
July 22, 2020
According to IBM Security’s 2020 Cyber Resilient Organization Report, a cyber resilient organization is one that “more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.”
See publication
Tags: Cybersecurity, Privacy
The Latest Mobile Security Threats and How to Prevent Them
Security Intelligence
June 15, 2020
For many of us, the last few months have drastically increased our reliance on mobile capabilities. Through the increased use of corporate mobile apps, virtual private networks (VPNs), hot spots and more, mobile communications are more ubiquitous than ever.
See publication
Tags: Cybersecurity, Privacy, Risk Management
The Case for Integrating Dark Web Intelligence Into Your Daily Operations
Security Intelligence
January 30, 2020
Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) employed by threat actors. With that knowledge in hand, decision-makers can better position themselves to protect their organizations.
See publication
Tags: Risk Management
3 Steps to Find the Right Digital Transformation Strategy for You
Security Intelligence
January 17, 2020
You should not feel overly concerned if somebody says “digital transformation” and you are not exactly sure what that means. It’s a phrase that means different things to different people. For some, it might mean cloud migration. For others, it could mean a new set of data and analytics processes being integrated into business operations. And for others, it could simply mean moving completely to the exclusive use of mobile devices to conduct business.
See publication
Tags: AI, Cloud, Digital Transformation
How Do We Ensure the Security of What Comes After the 5G Revolution?
Security Intelligence
January 16, 2020
2020 will see huge investments in 5G networks — Greensill estimated that the 5G rollout throughout the global supply chain will top $2.7 trillion by the end of the year. That’s not a number to sneeze at either, as it’s equal to roughly three percent of the world’s total gross domestic product. And while most of the investment will be in the infrastructure rollout, do not forget the other pieces. Hardware, software and services are also among the necessary investments.
See publication
Tags: AI, Cybersecurity, Privacy, Quantum Computing, 5G
About That IoT Device You Received as a Holiday Gift…
Security Intelligence
December 30, 2019
It is quite possible that you received an internet of things (IoT) device as a holiday gift, and it’s very likely that you will find this holiday gift useful. But it’s also possible you received an additional gift you have no use for at all: security vulnerabilities. This is the inconvenient truth about the average IoT device — like all technologies, it has flaws and it can add to your risk profile.
See publication
Tags: AI, IoT, Risk Management
Does Social Media Visualization Serve as a Primer for 5G Data Visualization?
linkedin
December 01, 2019
The deployment of 5G data technology in our daily lives will be revolutionary, but this blast of speed and data will burden cybersecurity management teams and create an entirely new set of risks to handle around issues such as mobile security and integration with smart cities.
See publication
Tags: Cybersecurity, 5G, Smart Cities
Will the Future of Authentication Run Into a Privacy Wall?
SecurityIntelligence
October 16, 2019
Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space.
See publication
Tags: AI, Privacy
When Digital Identity and Access Management Meets Physical Security
linkedin
October 06, 2019
Originally published on IBM's SecurityIntelligence on October 3, 2019
Where does digital security end and tangible, or physical, security begin? In today’s cybersecurity ecosystem, I’d argue that it’s all just security. In fact, if you are handling these domains in discrete silos, your cyber resilience is already taking a hit.
See publication
Tags: AI, Cybersecurity, Management, Privacy
What Does Good Cyber Resilience Look Like in 2019?
linkedin
September 08, 2019
Originally published on IBM's SecurityIntelligence on September 6, 2019
The Greek philosopher Heraclitus of Ephesus once said, “πάντα χωρεῖ καὶ οὐδὲν μένει.” If you’re getting the blue screen feeling, it’s probably because that’s Greek to you. Here’s the translation: “Everything changes and nothing stands still.”
See publication
Tags: AI, Cybersecurity
Is Staff Burnout the Best Reason to Implement Cybersecurity AI?
linkedin
August 18, 2019
Originally published on SecurityIntelligence on August 14th, 2019
Many in the cybersecurity workforce can’t keep up with technological change and are too busy to learn about the latest threats. Some are even so burned out that they are leaving the industry entirely. These are some of the findings of a June 2019 study by Goldsmiths, the University of London and Symantec, the results of which should not only worry those who work in the cybersecurity space, but everyone who relies on a computer to do their work.
If there wa
See publication
Tags: AI, Cybersecurity, Emerging Technology, Management
How to Reduce the Risk Posed by Vulnerable Mobile Apps
linkedin
August 11, 2019
In June 2019, a study on mobile app vulnerabilities presented some incredible and worrisome findings. Most notably, high-risk vulnerabilities were found in 43 percent of mobile apps for Android and 38 percent for iOS, according to Positive Technologies. Now, consider this: In terms of market share, per IDC, Android owns nearly 87 percent and iOS owns around 13 percent.
See publication
Tags: Cybersecurity
Is It Time to Start Certifying Connected Devices?
linkedin
July 30, 2019
At some point, you’ve likely seen markings and icons on an electronic device, its user manual or the box it came in. If you’re unsure what these markings are, they are almost certainly some type of certification.
See publication
Tags: Cybersecurity, IoT
Technology, the Enterprise or the User: Which Owns Mobile Security?
linkedin
July 03, 2019
It’s not outrageous to suggest that you might be reading this on a mobile device. Nor is it outrageous to think that most people use a mobile device for the majority of their reading these days. I’m even writing this on a mobile device. So for those not following along, at this point, mobile security is really just security. There really isn’t any difference anymore.
See publication
Tags: Cybersecurity
