Most Recent Blogs

People (Still) Don’t Care About Cyber Attacks

Posted: May 01, 2015   /   By: Kyle Prigmore   /   Tags: Cybersecurity, Security, privacy, cyber attack

business-peopleLet’s get something out of the way: I know that all the data says people care more about their privacy than ever before, and especially the under-40 age group sees it as a “key issue.” And I don’t for a second doubt the data—if you ask me in a survey, “Is privacy important to you?,” I’ll say yes. If you ask “Would you do business with a company that does not protect your privacy?,” I would say no—because those are the right answers, and intellectually we understand that. But there is a gigantic disconnect between what people say in a survey, and how they actually behave. I’m the first to admit guilt here.

Read More

The Proportional Cybersecurity Law (aka Oltsik’s law)

Posted: March 31, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber attack, cyber crime

cyber_criminalI recently published a blog on the increasing cybersecurity attack surface as enterprise organizations embrace new IT initiatives like cloud computing, mobile application deployment, and the Internet of Things (IoT).

The combination of IT complexity, the growing attack surface, and a progressively more dangerous threat landscape is making cybersecurity more difficult. And it’s not one particular area of cybersecurity that’s becoming more difficult, it’s the whole kit and caboodle.

Read More

The Increasing Cybersecurity Attack Surface

Posted: March 19, 2015   /   By: Jon Oltsik   /   Tags: Cloud Computing, Cybersecurity, IoT, Mobile computing, cyber attack, cyber crime

securesurfaceI just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes. This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses.

Read More

Last Minute Cybersecurity Predictions for 2015

Posted: December 26, 2014   /   By: Jon Oltsik   /   Tags: Apple, Cybersecurity, threat intelligence, cyber attack, FIDO, CISA

By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015. I actually described some of mine on a Co3 webinar with Bruce Schneier last week, so I thought I’d put together a quick list. Here are ten predictions in no particular order.

Read More

Sony Baloney

Posted: December 19, 2014   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber attack

As an information security analyst, I’ve been following the cyber-attack details at Sony Pictures for some time now, just as I followed other events (i.e., Home Depot, JP Morgan Chase, Staples, UPS, etc.) earlier this year.

Yup, each of these events received its fair share of publicity, but nowhere near the amount of press that Sony is getting.  Maybe it’s the Hollywood angle, maybe it’s the intrigue of geopolitical tensions between the US and North Korea, or maybe it’s the general impression that this hack is juxtaposed to our first amendment rights.  Whatever the reason, it’s big.  I participated in a webinar yesterday with security guru Bruce Schneier (CTO of Co3), focused on security predictions for 2015.  The Sony Pictures cyber-attack dominated the conversation and we both agreed that we could have discussed it for hours more. 

Read More

Cybersecurity Recommendation: Don’t Poke the Bear

Posted: December 03, 2014   /   By: Jon Oltsik   /   Tags: Cybersecurity, cyber attack

The website, Urban Dictionary, defines the expression “don’t poke the bear” as follows:

A phrase of warning used to prevent oneself or others from asking or doing something that might provoke a negative response from someone or something else. 

Read More

Good News and Bad News on Cybersecurity Priorities and Spending in 2014

Posted: February 10, 2014   /   By: Jon Oltsik   /   Tags: Cybersecurity, Information and Risk Management, Security and Privacy, Security, Mandiant, rsa conference, nsa, Edward Snowden, cyber attack

With the Winter Olympics in full-swing, the cybersecurity community anxiously awaits another global event, the 2014 RSA Conference. Like Sochi, the RSA Conference comes with its own controversy, but I still anticipate that most of the global information security glitterati will be in San Francisco two weeks hence.

Read More

Posts by Topic

see all