Services PIP America protects the value in your organization by managing operational risk in the cyber era
About Us Our unique partnership of top-tier consultants and U.S. military leaders aims to secure and grow American critical infrastructure, private enterprise and government Find out more about our team
Leadership Team Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Leadership Team
HighlightedPIPers Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Team
Contact Us Thank you for your interest. Get in touch with your questions or feedback Contact us to find out how we can help you
Posted 09 July 2019 Do You Trust Your Counterparty? Do you trust your counterparty? What about ALL THE COUNTERPARTIES? Full disclosure, I bought my first car from a huckster used car salesman in the Bronx NY. His smile was perfect, his form straight out of central casting. The car? A “lightly used” Subaru Forrester. Really, what could I have to worry about? Subarus are known to be reliable. 12,000 miles from one owner hardly seemed used at all. It drove like a dream, and it looked great. As I pulled out of the lot, I was sure we made […] by Richard Berkley Contributing Editor Read more
Posted 02 July 2019 Wired for Cyber Resilience Not original, but true: ‘you are only as strong as your weakest link.’ For cyber security, that weak link usually manifests itself in the people within your organization. Over 90% of cyber breaches are a result of some form of human error. Malicious individuals prey on human weaknesses and gaps in corporate culture. We have found that most of these flaws can be categorized as the result of gaps in policy compliance or routine adherence. Most organizations have policies, unfortunately, often these same organizations often fail to ensure these policies […] by Joseph Socolof Contributing Editor Read more
Posted 25 June 2019 The Cyber Skim: Monthly Top Cyber Articles for June 2019 Cyber security is not just an IT or a CIO problem; it’s a senior leader problem. With so much information on cyber security out there, we’ve curated our list of the most interesting articles to come out this month to give senior leaders the information and perspective they need to approach cyber security. Tomorrow’s Cybersecurity Analyst Is Not Who You Think by Chris Schueler I can vouch for this myself; some of the most talented cyber security professionals I know have “non-traditional” backgrounds such as music and language that make […] by Dawn Dunkerley Contributing Editor Read more
Posted 28 May 2019 We Have Met the Enemy and It Is Us In this blog we have written often about the need to assess levels of risk and to apply appropriate levels of security to them, but we have not mentioned a solution that should be at the top of everyone’s list of remedies. Eliminate the possible risk. Last week First American Financial Corporation, a large provider of title insurance disclosed that it had inadvertently disclosed mortgage records, including social security and bank account numbers for 885 million records going back 16 years. There were no hackers involved or state sponsored villains. The […] by Hank Berkley Contributing Editor Read more
Posted 21 May 2019 The World is Getting Scarier This blog and most cyber security reporting have focused on the financial ramifications of breaches. We speak of loss of business, loss of customers, loss of reputation and direct loss of money; but over the last few years there has been a group of threats that have been uncovered which have much more serious consequences. These are cyber-attacks with physical outcomes. The motives may still be to achieve financial benefits, such as collecting a ransom or stealing intellectual property, but the collateral damage can be significantly worse. The first known […] by Hank Berkley Contributing Editor Read more
Posted 14 May 2019 No More Mr. Nice Guy A broad view of activity in the cyber world can help you to focus your resources as well as provide you with the basis of a scorecard compared to others. Verizon just released their 2019 Data Breach Investigations Report and it is worth a read for guidance it can provide. Here are a few of the things that we found of interest along with some of our comments. Of the just over 17,000 cyber incidents that were reported, the most common attack (more than 60%) was a denial of service event […] by Hank Berkley Contributing Editor Read more
Posted 07 May 2019 Measure for Measure Measuring success in cyber security is difficult. In the simplest case it can be seen as a binary value – you had a security issue or you did not, but that is not particularly useful and certainly won’t help you to improve your overall security posture. In a world in which metrics drive just about everything, why are security metrics so difficult to identify? The values in cyber security that are most meaningful cannot be measured because they are unknown. We have seen companies report on how many SPAM emails […] by Hank Berkley Contributing Editor Read more
Posted 30 April 2019 Be Careful What You Ask For The old cliché, “we are as strong as our weakest link”, applies perfectly to computer security. The implication is that we should invest in improving the awareness and thus behaviors of all our employees. While this may seem like a straight forward training exercise or a reason to implement new security policies, it turns out that it is a lot more complicated than that. As in most endeavors, you need to be aware of unintended consequences. When a new middle-school opened in my town the traffic control department feared that […] by Hank Berkley Contributing Editor Read more
Posted 23 April 2019 The Cost of War Last week we discussed some conclusions that one could form based on a data breach report from the Ponemon Institute. One number we did not highlight was the impact of cyber insurance on losses. Taking that information together with activities taking place in the current marketplace suggest that it may be time to reexamine your insurance coverages and assumptions. In the US, the average data breach included in the report had a cost of $7.9 million. Of that amount, $4.2 million was related to what they refer to as “customer churn”. […] by Hank Berkley Contributing Editor Read more
Posted 16 April 2019 Figures Don’t Lie, But… More than once this blog has referred to the costs of a data breach as a function of the number of impacted records. For some reason that seems to be the standard measure. The last IBM sponsored report from the Ponemon Institute suggests that the average global cost increased from $141 in 2017 to $148 in 2018 per lost record. But is this a valid metric? You have likely heard of the actuary with one foot in a bucket of ice and the other in scalding water who, on average, was […] by Hank Berkley Contributing Editor Read more
Posted 09 April 2019 Finding the Value There is only one overarching reason to invest in cyber security. It is to save your company money through cost avoidance. That savings might come from avoiding legal expenses from a data breach or from not paying penalties imposed by regulators. These types of losses are frequently the ones presented to justify security spending as they are the most obvious, but they are not likely to be the ones you should be most concerned about. In the quainter times of a few years ago, people believed in the concept of […] by Hank Berkley Contributing Editor Read more
Posted 02 April 2019 Who You Going to Call? Despite our best efforts, cyber security is often a reactionary process. We take steps to prevent breaches, but mostly wait for something to happen before we jump into action. If we detect and react quickly enough, we avert a problem or perhaps minimize its impact. The “bad guys” also know their time is limited and behave accordingly. Yet we don’t always prioritize our efforts to tighten the time frames, meaning we aren’t doing everything we can in the area of prevention. As with most professions, there is a wide disparity […] by Hank Berkley Contributing Editor Read more
Posted 26 March 2019 Working in the Department of Redundancy Department Perfection is not achievable, yet information technology relies upon it every day. Cyber security teams deal with the small imperfections in computer software that inadvertently allow bad actors to cause the software to do things that were not anticipated. These flaws might be in the original design or in the implementation of that design. Regardless of their origins, information security today is all about protecting our assets from hackers who try to take advantage of those weaknesses. Your security team is challenged to block 100% of the attacks on an […] by Hank Berkley Contributing Editor Read more
Posted 19 March 2019 A New Hope Cyber security does not come cheap and is not great. But that may be changing. Today security is primarily outside of regular business processes. It sits on top of and often interferes with business. Moving security from an external function to an integrated process potentially reduces the costs and improves the product, but we aren’t there yet. Information security is in a separate world in which people speak in acronyms and most of what is done is obscured from all but the most technology savvy people. But there is hope. […] by Hank Berkley Contributing Editor Read more
Posted 12 March 2019 I’ve Got Your Number A few decades ago Americans were told to safeguard their social security number (SSN) and not to divulge it unnecessarily. Today, after billions of records have been breached that federal ID is no longer considered to be a trustworthy identifier. Even the government is recognizing that they can no longer rely on it and is implementing other methods to identify people.* But the newer solutions are not without their side-effects. At the root of all cyber security is identity. You need to know WHO is doing something in order to […] by Hank Berkley Contributing Editor Read more
Posted 05 March 2019 The Gig Economy Volumes have been written about the transformation in the workforce as employees become contractors and companies focus on cutting costs by replacing full-time workers with part-time labor. A lot of this has been presented in a negative light because of the perception that businesses are simply trying to cut corners. While saving money may catch management’s attention, bringing in individuals to work non-traditionally may offer other benefits if it is done correctly. How is this related to cyber security? Read on. When we travel to a distant city, we make […] by Hank Berkley Contributing Editor Read more
Posted 26 February 2019 Trust Me! Though cybersecurity pundits will make a lot of recommendations regarding steps to make you safer the truth is that it is not possible to be completely protected. In the complex and integrated world in which we operate we are exposed to so many technical dangers that we survive by placing trust in others. We previously wrote about third party risk, but focused primarily on vendors and entities with whom you have a transactional relationship. Recently there has been a lot of light being shed on some parts of your business […] by Hank Berkley Contributing Editor Read more
Posted 12 February 2019 From C to Shining C Most departments within a business are distinct and wholly intact which leads to a clear management hierarchy, but technology and its related aspects bring overlap, conflicting goals and confusion. Companies seem to find it particularly challenging to figure out where in the corporate pyramid the Chief Information Security Officer (CISO) fits in. While the title implies a most senior placement, many are justifiably reticent to place these people near the top. Is there a “right” place for the CISO?* Some industries have seen legislation passed that specifically mentions the title […] by Hank Berkley Contributing editor Read more
Posted 05 February 2019 Contrary to Popular Belief… A nationwide network of ATMs in Chile was recently hacked, and while there is not a lot of public information about costs and damages, some of the details about how this came about were released. This week we have decided to use this case as the basis of a fictionalized cyber crime to examine what can be learned at someone else’s expense. The following account is a somewhat embellished version combined with some typical scenarios that we have witnessed. Some of this might seem overly technical – but it is […] by Hank Berkley Contributing editor Read more
Posted 29 January 2019 Win Some, Lose Some. The term “risk” as it applies to information security is a bit amorphous and because of that it may lead one to make some wrong assumptions. One such misconception has to do with the purchasing of cyber insurance. While insurance is considered to be a tool for “risk transfer”, in the case of cyber coverage it really doesn’t do that. What insurance really does is reduce the risk of an unanticipated financial loss. For most companies this means property loss, theft or significant injuries. What it does NOT do is […] by Hank Berkley Contributing editor Read more
