A Day in the Life: Working in Cyber Incident Response
Security Intelligence
October 25, 2022
As a cybersecurity incident responder, your life can go from zero to 100 in a heartbeat. One moment you are sipping a beverage reading the latest threat intelligence or getting the kids ready for bed; the next, you may be lunging for your “go bag” because you cannot remote in to the breached system. It’s all part of the game.
See publication
Tags: Cybersecurity, Risk Management, Security
What Kind of Data Costs Most in a Breach?
Security Intelligence
September 14, 2022
Today’s most valuable currency is data. Breaches, information operations, analytics and behavior recognition are all driven by data and the desire to possess it, regardless of what those who possess it want to do with it. We set out to answer the question “What kind of data costs the most in a breach?” As it happens, that’s a complicated question. We’ll need to factor in many variables depending on the specifics of your business.
See publication
Tags: Cybersecurity, Privacy, Security
What Should Customers Ask Managed Service Providers?
Security Intelligence
September 01, 2022
Managed service providers (MSPs), sometimes called managed security services (MSS) or MSSP, play a very important role in protecting data and other digital assets and will continue to do so. Some of the benefits include, but are not limited to:
See publication
Tags: Cybersecurity, Risk Management, Security
Data Fabric: What It Is and How It Impacts Cybersecurity
Security Intelligence
March 07, 2022
Data use and generation today are both awesome and daunting to manage. What is the best way to manage this mountain of dispersed and disparate data? A possible answer lies in the concept of ‘data fabric’ as a means to unify data. This is an integrated layer of data and connecting processes that “utilizes continuous analytics over existing, discoverable and inferenced metadata assets to support the design, deployment and utilization of integrated and reusable data across all environments.”
See publication
Tags: Big Data, Cybersecurity, Privacy, Security
The Great Resignation: How to Acquire and Retain Cybersecurity Talent
Security Intelligence
January 14, 2022
If you’ve been following reports and whispering with industry colleagues, you know what’s going on: the cybersecurity skills gap is difficult to close, and the Great Resignation is here. The 2021 (ISC)2 workforce study gives us a mixed picture of what to expect:
See publication
Tags: Cybersecurity, Risk Management, Security
Small Business Cybersecurity: What to Fix, What to Manage and What to Outsource
Security Intelligence
January 10, 2022
The risk posture of small and medium-sized businesses has changed a lot over the last few years. Bluntly: small businesses inherited a series of digital risks. Many of these risks, such as supply chain and cloud-related risks, can wound and devastate a small business. Meanwhile, the enterprise, armed with more resources, could sustain the shock. When, and how, do you need to boost your small business cybersecurity?
See publication
Tags: Cybersecurity, Business Continuity, Security
A Journey in Organizational Resilience: Survive the Disruption and Become Stronger
Security Intelligence
December 20, 2021
Our journey through the factors that make up organizational cyber resilience is almost complete. It’s time to put the puzzle pieces together.
See publication
Tags: Privacy, Risk Management, Business Continuity, Security
It’s Not Too Soon to Start Talking About 6G
Security Intelligence
December 17, 2021
We may be only a short time into 5G deployments, but discussions of the impact 6G technology will have on our lives have already started. In late 2020, the Alliance for Telecommunications Industry Solutions created a new group called the Next G Alliance to “advance North American mobile technology leadership over the next decade through private sector-led efforts.”
See publication
Tags: Mobility, 5G, Security
A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats
Security Intelligence
December 13, 2021
The last stop on our organizational resilience journey touches one of the issues organizations have the least control over: geopolitical and socio-economic trends and threats.
See publication
Tags: Cybersecurity, Risk Management, Security
A Journey in Organizational Resilience: Security by Design
Security Intelligence
November 01, 2021
Security by design is one of those concepts that happily goes hand in hand with resilience. Candidly, they were made for each other. The security by design methodology helps minimize some of the inherent risk we cannot do anything about.
See publication
Tags: Cybersecurity, Risk Management, Security
Cybersecurity First: Becoming GOAT
Security Intelligence
October 25, 2021
As we close off Cybersecurity Awareness Month, let us examine how we can become the cyber GOAT: ‘greatest of all time’. Sure, there will be plenty this week on cybersecurity training, making security a priority, more investments into products and processes and all that fun stuff. But we’re not going to talk about that right now. We are going to talk about something different you may not see elsewhere. We are going to talk about success.
See publication
Tags: Cybersecurity, Security
A Journey in Organizational Resiliency: Governance
Security Intelligence
October 11, 2021
From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example:
See publication
Tags: Cybersecurity, Privacy, Security
The OSI Model and You Part 7: Stopping Threats at the Application Layer
Security Intelligence
July 05, 2021
A lot has changed since the creation of the Open Systems Interconnection (OSI) model. The OSI model dates back to the mid-1970s, designed to serve as a common basis for system interconnection and networking. It has been very useful in that regard, but we have to be aware a lot has changed since its inception. The greatest disrupter to this model is cloud computing. With that said, there is still value in the OSI model and how to reduce risk in each layer, as many of our systems today still rely on its design.
See publication
Tags: Cybersecurity, Risk Management, Security
The OSI Model and You Part 3: Stopping Threats at the OSI Network Layer
Security Intelligence
June 07, 2021
Networking models help us understand the ‘lay of the land’ when it comes to protecting the network. In our journey through the Open Systems Interconnection (OSI) framework, we’ve arrived at the last stop in the media group, the OSI network layer.
See publication
Tags: Cybersecurity, Privacy, Risk Management
The OSI Model and You Part 2: The Data Link Layer
Security Intelligence
May 31, 2021
If the physical layer we talked about earlier in this series about OSI layers is the ‘what’ that allows data to travel, the data link layer is the ‘how.’ In the previous piece of this seven-part series on the OSI model, we described the physical layer and what cybersecurity threats could impact it. Remember, the key takeaway on how to protect the physical layer is this: business impact, contingency planning and continuity. NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems, is one of your best friends here. Now, let’s take a look at the data link layer.
See publication
Tags: Cybersecurity, Privacy, Security
Ransomware Attacks in 2021: Information Meets Emotion
Security Intelligence
April 16, 2021
“If you want to go quickly, go alone, but if you want to go far, go together.”
This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders also need to focus on working together, even when teams are separated in home offices.
As ransomware trends change in 2021, what should we look out for? An overview of the Sophos report provides some ideas.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Does a Strong Privacy Program Make for a Stronger Security Program?
Security Intelligence
February 04, 2021
There is a saying in sociopolitical circles: “politics is downstream from culture.” Using that same line of thinking, poses a question: Is information security downstream from data privacy?
See publication
Tags: Cybersecurity, Privacy, Security
CISO Success: It’s About More Than Tech Skills
Security Intelligence
February 02, 2021
The chief information security officer (CISO) is a relatively new position in the C-suite. It’s about 25 years old or less, depending on whom you ask. But, it is only within the last 10 or so years that the role has taken on greater prominence, likely because of the increase in cyber breaches over the last decade. What does a CISO do, and what skills are required?
See publication
Tags: Cybersecurity, Privacy, Risk Management, Business Continuity
Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit
Security Intelligence
January 29, 2021
The universe is getting smaller, and space cybersecurity is keeping up. On May 30, 2020, nearly a decade after the Space Shuttle program ended, people witnessed a first: a vehicle built as part of a public-private partnership (between SpaceX and NASA) took off into space. This development was transformational because it brought the world one step closer to commercial space travel. We now have proof of concept that space travel, once reserved for powerful nation-states, is something that can be achieved, albeit with a lot of assistance right now, by a commercial company.
See publication
Tags: Cybersecurity, Security
Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget
Security Intelligence
January 15, 2021
As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are some items you can bake into your cybersecurity budget that will reduce your overall risk posture?
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy, Security
Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management
Security Intelligence
January 12, 2021
There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can be a serious problem for workers.
See publication
Tags: Cybersecurity, Risk Management, Mental Health
Data Destruction: Importance and Best Practices
Security Intelligence
November 19, 2020
As discussed in an earlier piece, data should be treated as a valuable currency. But there is another aspect to data handling that needs to be considered: data as a liability. Having your data fall into the wrong hands can be incredibly damaging to you and your team, which is all the more reason to have a sound and secure data destruction policy for the last mile.
See publication
Tags: Cybersecurity, Privacy, Data Center
Cybersecurity Today: The Intersection of Technology and Behavior
Security Intelligence
September 30, 2020
In the movie “Back to the Future II,” protagonist Marty McFly travels forward to the year 2015. During a quick stop at Café 80s, Marty encounters two children, confused by the 80s-style arcade game in the store. When Marty shows them how to play, the kids retort with, “You mean you have to use your hands?”
See publication
Tags: Cybersecurity, Risk Management, Security
Cybersecurity Risk Management: Protecting Our Most Valuable Currency
Security Intelligence
September 29, 2020
Cybersecurity risk management can be a unifying conversation throughout your organization. Few things are more challenging in the cybersecurity business than getting stakeholders to speak in the same language. The business planners are talking supply and demand; the IT department is talking bits and bytes; the HR department is talking wellness and productivity; the C-suite is talking dollars and cents; and the board of directors are talking governance and liability. All these competing challenges make discussions about endpoint solutions, monitoring systems and identity management systems difficult to have.
See publication
Tags: Cybersecurity, Risk Management, Security
Back to Basics: Creating a Culture of Cybersecurity at Work
Security Intelligence
September 16, 2020
The importance of security culture can be seen now more than ever. Many of us work remotely; there are app concerns; and the lines between personal and business use of devices and networks are blurred, challenging our cyber resilience. Therefore, despite all the great tools, frameworks and protective measures in place, we need to ensure people are doing what they can to help protect the larger network. These basic tips can make a great checklist for creating a culture of cybersecurity at work, regardless of employees’ level of security literacy.
See publication
Tags: Cybersecurity, Security
When Your Heartbeat Becomes Data: Benefits and Risk of Biometrics
Security Intelligence
August 21, 2020
Knowing who your users are today is more important than ever. This explains, in part, why integrating biometric usage into identity and access management (IAM) appears appealing. Throw in some artificial intelligence (AI) to help manage all these data points, and the future of biometrics looks pretty wild.
See publication
Tags: AI, Cybersecurity, Privacy, Risk Management
4 Steps to Help You Plan a Cyber Resilience Roadmap
Security Intelligence
July 22, 2020
According to IBM Security’s 2020 Cyber Resilient Organization Report, a cyber resilient organization is one that “more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.”
See publication
Tags: Cybersecurity, Privacy, Security
The Latest Mobile Security Threats and How to Prevent Them
Security Intelligence
June 15, 2020
For many of us, the last few months have drastically increased our reliance on mobile capabilities. Through the increased use of corporate mobile apps, virtual private networks (VPNs), hot spots and more, mobile communications are more ubiquitous than ever.
See publication
Tags: Cybersecurity, Privacy, Risk Management
The Case for Integrating Dark Web Intelligence Into Your Daily Operations
Security Intelligence
January 30, 2020
Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) employed by threat actors. With that knowledge in hand, decision-makers can better position themselves to protect their organizations.
See publication
Tags: Risk Management
3 Steps to Find the Right Digital Transformation Strategy for You
Security Intelligence
January 17, 2020
You should not feel overly concerned if somebody says “digital transformation” and you are not exactly sure what that means. It’s a phrase that means different things to different people. For some, it might mean cloud migration. For others, it could mean a new set of data and analytics processes being integrated into business operations. And for others, it could simply mean moving completely to the exclusive use of mobile devices to conduct business.
See publication
Tags: AI, Cloud, Digital Transformation
How Do We Ensure the Security of What Comes After the 5G Revolution?
Security Intelligence
January 16, 2020
2020 will see huge investments in 5G networks — Greensill estimated that the 5G rollout throughout the global supply chain will top $2.7 trillion by the end of the year. That’s not a number to sneeze at either, as it’s equal to roughly three percent of the world’s total gross domestic product. And while most of the investment will be in the infrastructure rollout, do not forget the other pieces. Hardware, software and services are also among the necessary investments.
See publication
Tags: Cybersecurity, Privacy, 5G, Security
About That IoT Device You Received as a Holiday Gift…
Security Intelligence
December 30, 2019
It is quite possible that you received an internet of things (IoT) device as a holiday gift, and it’s very likely that you will find this holiday gift useful. But it’s also possible you received an additional gift you have no use for at all: security vulnerabilities. This is the inconvenient truth about the average IoT device — like all technologies, it has flaws and it can add to your risk profile.
See publication
Tags: AI, IoT, Risk Management
Does Social Media Visualization Serve as a Primer for 5G Data Visualization?
linkedin
December 01, 2019
The deployment of 5G data technology in our daily lives will be revolutionary, but this blast of speed and data will burden cybersecurity management teams and create an entirely new set of risks to handle around issues such as mobile security and integration with smart cities.
See publication
Tags: Cybersecurity, 5G, Smart Cities
Will the Future of Authentication Run Into a Privacy Wall?
SecurityIntelligence
October 16, 2019
Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space.
See publication
Tags: AI, Privacy, Security
When Digital Identity and Access Management Meets Physical Security
linkedin
October 06, 2019
Originally published on IBM's SecurityIntelligence on October 3, 2019
Where does digital security end and tangible, or physical, security begin? In today’s cybersecurity ecosystem, I’d argue that it’s all just security. In fact, if you are handling these domains in discrete silos, your cyber resilience is already taking a hit.
See publication
Tags: Cybersecurity, Privacy, Security
What Does Good Cyber Resilience Look Like in 2019?
linkedin
September 08, 2019
Originally published on IBM's SecurityIntelligence on September 6, 2019
The Greek philosopher Heraclitus of Ephesus once said, “πάντα χωρεῖ καὶ οὐδὲν μένει.” If you’re getting the blue screen feeling, it’s probably because that’s Greek to you. Here’s the translation: “Everything changes and nothing stands still.”
See publication
Tags: AI, Cybersecurity
Is Staff Burnout the Best Reason to Implement Cybersecurity AI?
linkedin
August 18, 2019
Originally published on SecurityIntelligence on August 14th, 2019
Many in the cybersecurity workforce can’t keep up with technological change and are too busy to learn about the latest threats. Some are even so burned out that they are leaving the industry entirely. These are some of the findings of a June 2019 study by Goldsmiths, the University of London and Symantec, the results of which should not only worry those who work in the cybersecurity space, but everyone who relies on a computer to do their work.
If there wa
See publication
Tags: AI, Cybersecurity, Emerging Technology, Management
How to Reduce the Risk Posed by Vulnerable Mobile Apps
linkedin
August 11, 2019
In June 2019, a study on mobile app vulnerabilities presented some incredible and worrisome findings. Most notably, high-risk vulnerabilities were found in 43 percent of mobile apps for Android and 38 percent for iOS, according to Positive Technologies. Now, consider this: In terms of market share, per IDC, Android owns nearly 87 percent and iOS owns around 13 percent.
See publication
Tags: Cybersecurity
Is It Time to Start Certifying Connected Devices?
linkedin
July 30, 2019
At some point, you’ve likely seen markings and icons on an electronic device, its user manual or the box it came in. If you’re unsure what these markings are, they are almost certainly some type of certification.
See publication
Tags: Cybersecurity, IoT
Technology, the Enterprise or the User: Which Owns Mobile Security?
linkedin
July 03, 2019
It’s not outrageous to suggest that you might be reading this on a mobile device. Nor is it outrageous to think that most people use a mobile device for the majority of their reading these days. I’m even writing this on a mobile device. So for those not following along, at this point, mobile security is really just security. There really isn’t any difference anymore.
See publication
Tags: Cybersecurity
