Cybersecurity in “The New Normal”

The term “the new normal” is increasingly popular during these times of global pandemic. I find it comes up in conversations with colleagues, friends, clients, and it is all over the media regardless of the format you choose to consume. Rather than provide yet another philosophical rant to the internet on, “what does normal mean anyway?” (answer: it means different things to different people and cohorts) or “This could actually be a good thing” (answer: maybe from some perspectives but definitely not from others), I thought it best to provide […]

by Richard Berkley
Contributing Editor

Read more

Use a VPN to mitigate risk during Covid-19

There are lots of blogs about managing cybersecurity during the Covid-19 crisis. And yes, in times of crisis where people are operating outside their standard routines, there is additional risk. The truth is, however,the actions organizations and people should be taking today are similar to what they were before Covid-19: training and awareness, patching, use of Virtual Private Networks (VPNs), etc… We believe using a VPN represents a high value, easy way to mitigate cyber risks. The use of a VPN is basic hygiene in today’s connected world. By encrypting […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for April 2020

NASA warns of a significant increase in cyberattacks during Coronavirus outbreak – Security Affairs NASA sent out a memo to its personnel warning of a significant increase in cyberattacks on the agency while its employees are teleworking due to the Coronavirus outbreak. NASA experts believe that the attacks will continue during the pandemic.  The good news is that the SOC of the agency doubled the number of blocked attempts to access malicious websites. Editor’s note: As personnel have moved to telework, many have forgotten the best practices they were trained on. […]

by Dawn Dunkerley
Contributing Editor

Read more

Beware of Zoom

As COVID-19 spreads so does malicious activity…beware of the suspicious Zoom meeting invite! As droves of people are working remotely (many for the first time), IT and cyber teams are stretched thin making it all work.  Now is not the time to take our eye off the ball.  As Kelly Sheridan recently noted in Dark Reading, “In recent weeks, security researchers have spotted an increasing number of malicious activities linked to COVID-19 as attackers capitalize on the virus.”   One specific area of concern is online meeting /collaboration platforms such as WebEx, Microsoft Teams, […]

by Bret Bergman
Contributing Editor

Read more

Bad people taking advantage of dark times

Unfortunately, we live in a world where bad actors take advantage of any and all opportunities they can find. Even worse, it is often those who are most vulnerable that are taken advantage of. In daily life, we see it with the elderly, and we see it with young children. Today, in the world of the coronavirus, the pool of vulnerable people is growing exponentially. “Phishers know all too well that during uncertain times…people become desperate for information and reassurance.”  It is not just those who have coronavirus who are […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for March 2020

They Come in the Night: Ransomware Deployment Trends – Fire Eye Threat Research We noted several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity. Contain and remediate infections quickly to prevent attackers from conducting follow-on activity or selling access to other threat actors for further exploitation. Editor’s note: As I was looking to pull together this month’s post, I was almost overwhelmed with the uptick in ransomware-related reporting. If that means that we […]

by Dawn Dunkerley
Contributing Editor

Read more

Top 10 Security Predictions Through 2020

This 2016 Top 10 Security Prediction List is still as relevant today as the day it was written. Numerous known, yet unmitigated vulnerabilities top the list and are still yet to be addressed in today’s business world. If knowledge is power, how much money and intellectual property will be lost before you or your business take action?

by Chris Mitchiner
Contributing Editor

Read more

Cyber Could Take Center Stage in 2020 US Presidential Elections

Cyber could take center stage in 2020 US presidential elections…you can help. Since the election appears to be on just about everyone’s mind, I thought I’d take a break from my usual OT cyber domain and spend a minute on election security.  Although the Iowa caucus debacle appears not to have been cybersecurity related, it did underscore challenges with online voting apps/systems. The following two articles form Dark Reading are a good primer for understanding the challenges: https://www.darkreading.com/risk/how-can-we-make-election-technology-secure/a/d-id/1336975 https://www.darkreading.com/risk/5-measures-to-harden-election-technology-/a/d-id/1336978 My ask is to all of you politically active “cybernauts” out there.  Ask […]

by Bret Bergman
Contributing Editor

Read more

Finance vs. Accounting

I’m not an accounting major; I am a finance guy… I went to school for finance and management theory. There is probably a whole post to be written on the “theory” of management and why it remains just a lofty notion (spoiler alert: because people be people) but instead, let’s focus on the finance side. “So, you’re an accountant?” I get asked all too frequently… well, I understand tax and double-entry concepts, I can read a balance sheet and write one from a blank sheet of paper but… no, no […]

by Richard Berkley
Contributing Editor

Read more

Do you want to build a dashboard?

‘Do you want to build a dashboard?’: Building a risk-based cybersecurity dashboard to improve executive decision-making Most organizations have an executive dashboard for cybersecurity. Unfortunately, most are designed and built by the IT organization, and most focus on compliance and maturity rather than on what truly matters – risk mitigation. Even worse, most provide little ability to drive effective executive decision-making. Let’s start with a very simple premise: cybersecurity is a business enabler. If risk is well understood within an organization, it will have been quantified in dollars. Cybersecurity, then, […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020, Part 2

Cybersecurity: A guide for parents to keep kids safe online – ZDNet Security Being a parent can be a rewarding but stressful endeavor, and in today’s networked world, it is not just physical risks to children that have to be considered in modern parenting strategies. Editor’s note: A great reminder that good cyber hygiene begins at home.  READ MORE Mandatory IoT Security in the Offing with U.K. Proposal – Threatpost The new U.K. law mandates that manufacturers apply several security controls to their connected devices. The U.K. government has unveiled […]

by Dawn Dunkerley
Contributing Editor

Read more

CISO New Year’s Resolutions

CISO New Year’s Resolutions…is 2020 the year your organization finally makes security a business driver? And how would you know? It’s usually right about now when my New’s Year resolutions start to waver.  So I thought it would be a good time for all of us in cyber to take stock of how we’re doing so far in 2020. This article from Dark Reading offers a good place to start: 1. Resolve to Make Security a Business Driver 2. Resolve to Prioritize Privacy 3. Resolve to Focus on the Human […]

by Bret Bergman
Contributing Editor

Read more

Let’s speculate

Let’s speculate wildly on the year(s) ahead in cyber… Do you want to hear something freaky? The US Navy has a weapons system with destructive powers so great Dr. Doom and Lex Luthor would both find themselves blushing. Ok, that isn’t news but what may be of interest is the rumor that such a system runs on Windows XP. (note to the US Government; this is just a corroborated rumor I have heard and nothing more) … For those not following the RSS feed from Microsoft Corp, they stopped supporting […]

by Richard Berkley
Contributing Editor

Read more

No shortcuts, just good management

I have been supporting organizations through transformations for 20 years. If there is one common thread it is that they are all looking for a silver bullet – buy something, install technology, hire or fire someone, re-organize. The fact is, there is not an easy answer. Read the research about the success rates of transformation, including digital transformation, and you will see that they all say the same thing: ‘75% of transformations fail’. The truth is, if people actually bothered to measure their cyber programs, they would realize that 75% […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020

6 CISO New Year’s Resolutions for 2020 – Dark Reading We asked chief information security officers how they plan to get their infosec departments in shape next year.  Editor’s note: Great recommendations that, as a CISO myself, I will personally be focusing on in 2020 and beyond.  READ MORE Hacking School Surveillance Systems – Schneier on Security Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said. […]

by Dawn Dunkerley
Contributing Editor

Read more

Cyber OT governance….what’s the right answer?

Who is accountable?  As we help our industrial clients operationalize cyber security and harmonize IT and OT, this question is always front and center.  This article from Verve offers a thought-provoking perspective on OT cyber governance and lays out five principles for establishing the right governance model for OT cyber security in your organization. It’s a very worthwhile read and whether you completely agree with Verve’s perspective or not, I believe you will find it thought provoking. The perspective I found most intriguing was “there is no ‘single point of […]

by Bret Bergman
Contributing Editor

Read more

Let’s Salute Women in Technology and Grow the Workforce of the Future

This past Friday, I had the opportunity to attend and deliver a plenary speech at the Cyber Trainsitions Conference hosted by the University of Central Florida at the Orange County Convention Center in Orlando, Florida. My topic was “Integrating Women and Underrepresented Communities into the Cyber Workforce.” After discussing the contributions women and underrepresented groups have made to computer programming, we transitioned to a robust discussion over various initiatives to improve the number of women and minorities pursuing STEM education and careers.  Here are a few highlights: Primary and Secondary STEM […]

by Patricia Frost
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for November 2019

Security pros explain Black Friday best practices for consumers and businesses – TechRepublic Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites. Strong Black Friday and Cyber Monday sales crush fears of retail apocalypse but not cyber security concerns. The holiday shopping season is off to a record breaking start but analysts are reminding consumers to play it safe online.  Editor’s note: Practicing good cyber hygiene year-round is a must, but an interesting tidbit to note from this article is that credit […]

by Dawn Dunkerley
Contributing Editor

Read more

Keeping up or getting ahead?

Improving an organization’s cyber posture – i.e. continuously generating increased security at the lowest possible cost – requires that effective continuous improvement disciplines be ‘wired’ into the operating cadence of the business.  Building a cybersecurity program that continuously improves and keeps up with the changing threat landscape shares many of the core features of continuous improvement applied to other aspects of the business.  See what is possible – this is more relevant in today’s digital world where new vulnerabilities are being created and new threats are emerging every day. To determine […]

by Joseph Socolof
Contributing Editor

Read more