Bad people taking advantage of dark times

Unfortunately, we live in a world where bad actors take advantage of any and all opportunities they can find. Even worse, it is often those who are most vulnerable that are taken advantage of. In daily life, we see it with the elderly, and we see it with young children. Today, in the world of the coronavirus, the pool of vulnerable people is growing exponentially. “Phishers know all too well that during uncertain times…people become desperate for information and reassurance.”  It is not just those who have coronavirus who are […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for March 2020

They Come in the Night: Ransomware Deployment Trends – Fire Eye Threat Research We noted several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity. Contain and remediate infections quickly to prevent attackers from conducting follow-on activity or selling access to other threat actors for further exploitation. Editor’s note: As I was looking to pull together this month’s post, I was almost overwhelmed with the uptick in ransomware-related reporting. If that means that we […]

by Dawn Dunkerley
Contributing Editor

Read more

Top 10 Security Predictions Through 2020

This 2016 Top 10 Security Prediction List is still as relevant today as the day it was written. Numerous known, yet unmitigated vulnerabilities top the list and are still yet to be addressed in today’s business world. If knowledge is power, how much money and intellectual property will be lost before you or your business take action?

by Chris Mitchiner
Contributing Editor

Read more

Cyber Could Take Center Stage in 2020 US Presidential Elections

Cyber could take center stage in 2020 US presidential elections…you can help. Since the election appears to be on just about everyone’s mind, I thought I’d take a break from my usual OT cyber domain and spend a minute on election security.  Although the Iowa caucus debacle appears not to have been cybersecurity related, it did underscore challenges with online voting apps/systems. The following two articles form Dark Reading are a good primer for understanding the challenges: https://www.darkreading.com/risk/how-can-we-make-election-technology-secure/a/d-id/1336975 https://www.darkreading.com/risk/5-measures-to-harden-election-technology-/a/d-id/1336978 My ask is to all of you politically active “cybernauts” out there.  Ask […]

by Bret Bergman
Contributing Editor

Read more

Finance vs. Accounting

I’m not an accounting major; I am a finance guy… I went to school for finance and management theory. There is probably a whole post to be written on the “theory” of management and why it remains just a lofty notion (spoiler alert: because people be people) but instead, let’s focus on the finance side. “So, you’re an accountant?” I get asked all too frequently… well, I understand tax and double-entry concepts, I can read a balance sheet and write one from a blank sheet of paper but… no, no […]

by Richard Berkley
Contributing Editor

Read more

Do you want to build a dashboard?

‘Do you want to build a dashboard?’: Building a risk-based cybersecurity dashboard to improve executive decision-making Most organizations have an executive dashboard for cybersecurity. Unfortunately, most are designed and built by the IT organization, and most focus on compliance and maturity rather than on what truly matters – risk mitigation. Even worse, most provide little ability to drive effective executive decision-making. Let’s start with a very simple premise: cybersecurity is a business enabler. If risk is well understood within an organization, it will have been quantified in dollars. Cybersecurity, then, […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020, Part 2

Cybersecurity: A guide for parents to keep kids safe online – ZDNet Security Being a parent can be a rewarding but stressful endeavor, and in today’s networked world, it is not just physical risks to children that have to be considered in modern parenting strategies. Editor’s note: A great reminder that good cyber hygiene begins at home.  READ MORE Mandatory IoT Security in the Offing with U.K. Proposal – Threatpost The new U.K. law mandates that manufacturers apply several security controls to their connected devices. The U.K. government has unveiled […]

by Dawn Dunkerley
Contributing Editor

Read more

CISO New Year’s Resolutions

CISO New Year’s Resolutions…is 2020 the year your organization finally makes security a business driver? And how would you know? It’s usually right about now when my New’s Year resolutions start to waver.  So I thought it would be a good time for all of us in cyber to take stock of how we’re doing so far in 2020. This article from Dark Reading offers a good place to start: 1. Resolve to Make Security a Business Driver 2. Resolve to Prioritize Privacy 3. Resolve to Focus on the Human […]

by Bret Bergman
Contributing Editor

Read more

Let’s speculate

Let’s speculate wildly on the year(s) ahead in cyber… Do you want to hear something freaky? The US Navy has a weapons system with destructive powers so great Dr. Doom and Lex Luthor would both find themselves blushing. Ok, that isn’t news but what may be of interest is the rumor that such a system runs on Windows XP. (note to the US Government; this is just a corroborated rumor I have heard and nothing more) … For those not following the RSS feed from Microsoft Corp, they stopped supporting […]

by Richard Berkley
Contributing Editor

Read more

No shortcuts, just good management

I have been supporting organizations through transformations for 20 years. If there is one common thread it is that they are all looking for a silver bullet – buy something, install technology, hire or fire someone, re-organize. The fact is, there is not an easy answer. Read the research about the success rates of transformation, including digital transformation, and you will see that they all say the same thing: ‘75% of transformations fail’. The truth is, if people actually bothered to measure their cyber programs, they would realize that 75% […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020

6 CISO New Year’s Resolutions for 2020 – Dark Reading We asked chief information security officers how they plan to get their infosec departments in shape next year.  Editor’s note: Great recommendations that, as a CISO myself, I will personally be focusing on in 2020 and beyond.  READ MORE Hacking School Surveillance Systems – Schneier on Security Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said. […]

by Dawn Dunkerley
Contributing Editor

Read more

Cyber OT governance….what’s the right answer?

Who is accountable?  As we help our industrial clients operationalize cyber security and harmonize IT and OT, this question is always front and center.  This article from Verve offers a thought-provoking perspective on OT cyber governance and lays out five principles for establishing the right governance model for OT cyber security in your organization. It’s a very worthwhile read and whether you completely agree with Verve’s perspective or not, I believe you will find it thought provoking. The perspective I found most intriguing was “there is no ‘single point of […]

by Bret Bergman
Contributing Editor

Read more

Let’s Salute Women in Technology and Grow the Workforce of the Future

This past Friday, I had the opportunity to attend and deliver a plenary speech at the Cyber Trainsitions Conference hosted by the University of Central Florida at the Orange County Convention Center in Orlando, Florida. My topic was “Integrating Women and Underrepresented Communities into the Cyber Workforce.” After discussing the contributions women and underrepresented groups have made to computer programming, we transitioned to a robust discussion over various initiatives to improve the number of women and minorities pursuing STEM education and careers.  Here are a few highlights: Primary and Secondary STEM […]

by Patricia Frost
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for November 2019

Security pros explain Black Friday best practices for consumers and businesses – TechRepublic Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites. Strong Black Friday and Cyber Monday sales crush fears of retail apocalypse but not cyber security concerns. The holiday shopping season is off to a record breaking start but analysts are reminding consumers to play it safe online.  Editor’s note: Practicing good cyber hygiene year-round is a must, but an interesting tidbit to note from this article is that credit […]

by Dawn Dunkerley
Contributing Editor

Read more

Keeping up or getting ahead?

Improving an organization’s cyber posture – i.e. continuously generating increased security at the lowest possible cost – requires that effective continuous improvement disciplines be ‘wired’ into the operating cadence of the business.  Building a cybersecurity program that continuously improves and keeps up with the changing threat landscape shares many of the core features of continuous improvement applied to other aspects of the business.  See what is possible – this is more relevant in today’s digital world where new vulnerabilities are being created and new threats are emerging every day. To determine […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for October 2019, Part 2

Is AWS Liable in Capital One Breach? – Threatpost Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year. Amazon is at least partly to blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging.   Editor’s note: This particular quote should bring pause to anyone who hands over their cyber security responsibility and visibility to a cloud provider – “Amazon knew, or should have known, that AWS was vulnerable to […]

by Dawn Dunkerley
Contributing Editor

Read more

“Wire” Cyber in from the Start

Manufacturing Engineer: “You want me to patch what? How often? Yeah, right…I can’t take these systems offline for even a minute, those patches are going to have to wait until our next planned shut in the spring…” Cybersecurity Manager: “Was that system that was breached compliant with our internal cyber specification?” Process Engineer: “What specification?” Plant GM: “Did the new remote sensing ecosystem project get approved for my plant?” VP of Ops: “Yes! Install starts tomorrow.” CISO: “Who signed off on it from Cybersecurity?” ALL: Silence…. Just about every one […]

by Bret Bergman
Contributing Editor

Read more

Cybersecurity Awareness Month – Top 10 Personal Cyber Hygiene Tips

It is cybersecurity awareness month and although we highlight cybersecurity this time of year, the top 10 tips for your individual security should be a daily cyber hygiene must for every one of us. Thought I would take the time to share with you what I tell my clients when asked:  1. Keep Your Software Up to Date & Use your Device Securely One of the most important cybersecurity tips to mitigate ransomware or other cyber intrusions is patching outdated software, both operating system and applications. This helps remove critical […]

by Patricia Frost
Contributing Editor

Read more

Did you just digitize yourself into astronomical risk?

Recently I was walking through a major US Airport and saw an advertisement for a multi-billion-dollar Management Consulting firm. It simply said: “Get digital or get left behind”. I couldn’t help but chuckle at the fear-selling clearly targeted at division managers and road warriors and think of all the urgency surrounding the need to revolutionize one’s business or be eviscerated in the marketplace. Let me get this out front before I’m accused of a luddite who is only interested in human behavior: digitization is a great thing on balance! Ok, […]

by Richard Berkley
Contributing Editor

Read more