Security comes from policy as much as technology
“Every element of company operations has a cyber aspect,” Brooks says. “It’s not just the technical. It’s the policies….So it’s really important to have that working relationship across the organization, and that’d be the recommendation I’d make to any C-suite. If you don’t have your CSO and CIO and CTO involved directly with the leadership of the company — or agency if you’re in government — then you’re going to run into issues.” Read more at AT&T Business.
Remember: the system worked exactly as it was designed to. Some don’t like the fact that Bob had access to the data. But keep this mind: it’s quite possible that we haven’t yet heard of an Alice, Joe, and Sally who had access to similar, or even more, data
Unless you have been living under a rock, you may have noticed that a growing number of people are not too pleased with Facebook and Alphabet Inc., parent of Google and developers of the mobile operating system, Android.
What started the recent frustrations are the revelations from an employee of Cambridge Analytica and how the company harvested information from 50 million Facebook users. I want to skip over the part about how the data was used, because that’s the fog in this storm and the distraction is entering “funny cat video” territory.
Where we should be focusing our thinking is here: that the data was harvested in the first place, in one central repository. That’s the issue. Continue reading “Ask Yourself: Why Do You Amass Data?”
The data integrity issue becomes an economic problem really freaking fast. If you’re spending valuable resources to ensure your data is legitimate, those valuable resources (like time and money) can’t be used for your mission-critical operations.
Previously, I brought attention to what I believe is one of the biggest cybersecurity challenges: data integrity. As I note in a different piece, we have entered a strange phase in our history where questioning “evidence” is not such a ludicrous idea.
For example, altering photographs digitally so you can’t tell there have been alterations is a full-time job. This is great for art as we try to clean out any imperfections. It’s not so great when used to conceal a crime. Or alter a map or financial statement or design schematics. I’m confident you get the point.
And just to be clear, there are benign mistakes that can happen. Not all acts are nefarious. Here’s the key that ties everything together: it’s crucial to have the confidence that the data you have in your possession is accurate. Continue reading “Data Integrity Follow Up: Ways to Protect Your Data”
Data integrity is an important issue to keep an eye on because of that entire confidence thing we talked about earlier. Without confidence, we’re going to run into a lot of problems that will not be easy to untangle. And that untangling will be mega-expensive.
Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do.
But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous pieces, the lexicon we use can be troublesome at times. This is particularly true when there is room for cultural interpretation (that’s one of the reasons why curbing international cybercrime is real hard).
That lexicon problem extends into many different areas, including what “protecting” the data means. “Protecting” data goes well beyond making sure it doesn’t get stolen. It means the data isn’t tampered with and is still usable, as it was originally intended to be used. That data can be financial statements, design schematics, or RFP bids.
Here’s the key that makes the world go around and around: confidence. If counterfeit data starts to circulate widely, our confidence in the data begins to diminish. Therefore, it’s just a matter of time before I start asking: do I really trust this financial statement, design schematic – whatever really – to be legitimate? If I don’t, I got a problem. And if I no longer want to accept the data you’re giving me as legitimate, you got a problem, too. Continue reading “Data Integrity: The Next Big Challenge”
And that’s it. That is the entire basis for developing these principles, the rules of the road, these guiding lights, so that we can protect these systems we so dearly rely on.
What is a principle? The “know all” (aka, Google) tells us a principle is: “a fundamental truth or proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning.”
What is a communication system? The other “know all” (aka, Wikipedia) tells us a communication system is: “In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment usually capable of interconnection and interoperation to form an integrated whole.” Continue reading “The Principles of a Safe Secure & Intelligent (S2I) Communications System”
I think government is traditionally been way behind on procurement issues and recently, enactment of legislation for modernization has taken place. They’re trying to replace a lot of legacy systems.
Our guest today was recently named by LinkedIn as one of the top five people to follow in cybersecurity issues among their 500 million members. He was also just selected as LinkedIn to be an advisor on cybersecurity and emerging technology issues, and we’re lucky enough to have him here in the studio– Chuck Brooks of Chuck Brooks Consulting. Chuck, thanks for joining us. Continue reading “Local LinkedIn pick as cybersecurity guru talks trends”
As we turn the page to 2018, organizations and their CISOs should commit to improving the way they consider, manage, communicate and respond to cybersecurity issues. That means introducing cognitive technology into the security environment, educating top leadership about cyber risks, promoting a culture of security awareness throughout all levels of the organization, conducting data breach simulations and tabletop exercises to hone incident response capabilities, and measuring the progress and maturity of security activities.
If you survived 2017 — a year full of data breaches, ransomware, distributed denial-of-service (DDoS) attacks and a multitude of other high-profile security incidents — you deserve a pat on the back. Some of us weathered the storm thanks to our careful preparations, the security controls we deployed, the incident response strategies we practiced and the recovery mechanisms we put in place. The rest of us can thank our lucky stars that things didn’t turn out for the worse.
Five Enterprise Security Resolutions for 2018
No matter how you navigated the treacherous threat landscape during the past year, it’s time for all of us in information security to make our New Year’s resolutions. If you’d rather not leave the fate of your organization to luck in 2018, here are five resolutions for chief information security officers (CISOs) to apply in the new year. Continue reading at SecurityIntelligence.com
Nothing is completely un-hackable, but there is a myriad of emerging technologies that can help us navigate the increasingly malicious cyber threat landscape.
Cybersecurity is at a tipping point, the sheer volume of breaches, attacks, and threats has become overwhelming. Juniper Research, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019. About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016. According to a recent AT&T Cybersecurity Insights report, some 80 percent of the IT and security executives surveyed said their organizations came under attack during the previous 12 months.
This rising threat trend, coupled with the rapid growth of sophistication in malware, ransomware, DDoS, and social engineering attacks has created a conundrum. How do we protect ourselves in an increasingly connected world? Continue reading “Emerging Technologies and the Cyber Threat Landscape”
Think Equifax. Think Uber. Now think about how to notify those tens and hundreds of millions within 72 hours. That is the sort of headache you are going to have to deal with.
There is a lot of talk about the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679). And rightly so, because it will impact a great many organizations, many of which reside in the U.S. Set to come fully into effect May 25, 2018, the GDPR has understandably caused a lot of headaches because it is wide-sweeping and costly regulation, especially if you are in violation.
Clearly, the first question to ask is if the GDPR applies to you. If it doesn’t, you are in the clear (but that is not an excuse to relax your data protection measures). If it does, well, you have work to do if you haven’t been on top of your GDPR compliance. This is especially true if you are a big organization, are not based in the EU, and have a lot of EU customers and clients. Continue reading “An Eye on GDPR”
Market forces are at play here, and with a global market, it’s tough to control what gets built, to what specifications, and then find an appropriate way to share that information with potential buyers.
Perspectives From 3 Of The Top SMEs In Information Security
As we approach the new year, I, Chuck Brooks, am very pleased to have a discussion with four of the most prominent technical SMEs in the world of cybersecurity; Kenneth Holley, George Platsis, and Christophe Veltsos. Their answers that follow offer practitioner perspectives and advice on some of the key issues and technologies that encompass the future of information security. It is worthwhile keeping their comments as a source reference for the C-Suite and anyone concerned about protecting their identities and data. Continue reading “2018 & Beyond – Cybersecurity’s Future”