People (Still) Don’t Care About Cyber Attacks

Let’s get something out of the way: I know that all the data says people care more about their privacy than ever before, and especially the under-40 age group sees it as a “key issue.” And I don’t for a second doubt the data—if you ask me in a survey, “Is privacy important to you?,” I’ll say yes. If you ask “Would you do business with a company that does not protect your privacy?,” I would say no—because those are the right answers, and intellectually we understand that. But there is a gigantic disconnect between what people say in a survey, and how they actually behave. I’m the first to admit guilt here.

Topics: Cybersecurity Security privacy cyber attack

The Proportional Cybersecurity Law (aka Oltsik’s law)

I recently published a blog on the increasing cybersecurity attack surface as enterprise organizations embrace new IT initiatives like cloud computing, mobile application deployment, and the Internet of Things (IoT).

The combination of IT complexity, the growing attack surface, and a progressively more dangerous threat landscape is making cybersecurity more difficult. And it’s not one particular area of cybersecurity that’s becoming more difficult, it’s the whole kit and caboodle.

Topics: Cybersecurity cyber attack cyber crime

The Increasing Cybersecurity Attack Surface

I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes. This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses.

Topics: Cloud Computing Cybersecurity IoT Mobile computing cyber attack cyber crime

Last Minute Cybersecurity Predictions for 2015

By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015. I actually described some of mine on a Co3 webinar with Bruce Schneier last week, so I thought I’d put together a quick list. Here are ten predictions in no particular order.

Topics: Apple Cybersecurity threat intelligence cyber attack FIDO CISA

Sony Baloney

As an information security analyst, I’ve been following the cyber-attack details at Sony Pictures for some time now, just as I followed other events (i.e., Home Depot, JP Morgan Chase, Staples, UPS, etc.) earlier this year.

Yup, each of these events received its fair share of publicity, but nowhere near the amount of press that Sony is getting.  Maybe it’s the Hollywood angle, maybe it’s the intrigue of geopolitical tensions between the US and North Korea, or maybe it’s the general impression that this hack is juxtaposed to our first amendment rights.  Whatever the reason, it’s big.  I participated in a webinar yesterday with security guru Bruce Schneier (CTO of Co3), focused on security predictions for 2015.  The Sony Pictures cyber-attack dominated the conversation and we both agreed that we could have discussed it for hours more. 

Topics: Cybersecurity cyber attack

Cybersecurity Recommendation: Don’t Poke the Bear

The website, Urban Dictionary, defines the expression “don’t poke the bear” as follows:

A phrase of warning used to prevent oneself or others from asking or doing something that might provoke a negative response from someone or something else. 

Topics: Cybersecurity cyber attack

Good News and Bad News on Cybersecurity Priorities and Spending in 2014

With the Winter Olympics in full-swing, the cybersecurity community anxiously awaits another global event, the 2014 RSA Conference. Like Sochi, the RSA Conference comes with its own controversy, but I still anticipate that most of the global information security glitterati will be in San Francisco two weeks hence.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Mandiant rsa conference nsa Edward Snowden cyber attack