The Principles of a Safe Secure & Intelligent (S2I) Communications System

And that’s it. That is the entire basis for developing these principles, the rules of the road, these guiding lights, so that we can protect these systems we so dearly rely on.

What is a principle? The “know all” (aka, Google) tells us a principle is: “a fundamental truth or proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning.”

What is a communication system? The other “know all” (aka, Wikipedia) tells us a communication system is: “In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment usually capable of interconnection and interoperation to form an integrated whole.” Continue reading “The Principles of a Safe Secure & Intelligent (S2I) Communications System”

Local LinkedIn pick as cybersecurity guru talks trends

I think government is traditionally been way behind on procurement issues and recently, enactment of legislation for modernization has taken place. They’re trying to replace a lot of legacy systems.

Our guest today was recently named by LinkedIn as one of the top five people to follow in cybersecurity issues among their 500 million members. He was also just selected as LinkedIn to be an advisor on cybersecurity and emerging technology issues, and we’re lucky enough to have him here in the studio– Chuck Brooks of Chuck Brooks Consulting. Chuck, thanks for joining us. Continue reading “Local LinkedIn pick as cybersecurity guru talks trends”

Five New Year’s Resolutions to Help CISOs Improve Enterprise Security in 2018

As we turn the page to 2018, organizations and their CISOs should commit to improving the way they consider, manage, communicate and respond to cybersecurity issues. That means introducing cognitive technology into the security environment, educating top leadership about cyber risks, promoting a culture of security awareness throughout all levels of the organization, conducting data breach simulations and tabletop exercises to hone incident response capabilities, and measuring the progress and maturity of security activities.

If you survived 2017 — a year full of data breaches, ransomware, distributed denial-of-service (DDoS) attacks and a multitude of other high-profile security incidents — you deserve a pat on the back. Some of us weathered the storm thanks to our careful preparations, the security controls we deployed, the incident response strategies we practiced and the recovery mechanisms we put in place. The rest of us can thank our lucky stars that things didn’t turn out for the worse.

Five Enterprise Security Resolutions for 2018

No matter how you navigated the treacherous threat landscape during the past year, it’s time for all of us in information security to make our New Year’s resolutions. If you’d rather not leave the fate of your organization to luck in 2018, here are five resolutions for chief information security officers (CISOs) to apply in the new year. Continue reading at SecurityIntelligence.com

Emerging Technologies and the Cyber Threat Landscape

Nothing is completely un-hackable, but there is a myriad of emerging technologies that can help us navigate the increasingly malicious cyber threat landscape.

Cybersecurity is at a tipping point, the sheer volume of breaches, attacks, and threats has become overwhelming.  Juniper Research, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019. About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016. According to a recent AT&T Cybersecurity Insights report, some 80 percent of the IT and security executives surveyed said their organizations came under attack during the previous 12 months.

This rising threat trend, coupled with the rapid growth of sophistication in malware, ransomware, DDoS, and social engineering attacks has created a conundrum. How do we protect ourselves in an increasingly connected world? Continue reading “Emerging Technologies and the Cyber Threat Landscape”

An Eye on GDPR

Think Equifax. Think Uber. Now think about how to notify those tens and hundreds of millions within 72 hours. That is the sort of headache you are going to have to deal with.

There is a lot of talk about the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679).  And rightly so, because it will impact a great many organizations, many of which reside in the U.S.  Set to come fully into effect May 25, 2018, the GDPR has understandably caused a lot of headaches because it is wide-sweeping and costly regulation, especially if you are in violation.

Clearly, the first question to ask is if the GDPR applies to you. If it doesn’t, you are in the clear (but that is not an excuse to relax your data protection measures).  If it does, well, you have work to do if you haven’t been on top of your GDPR compliance. This is especially true if you are a big organization, are not based in the EU, and have a lot of EU customers and clients. Continue reading “An Eye on GDPR”

2018 & Beyond – Cybersecurity’s Future

Market forces are at play here, and with a global market, it’s tough to control what gets built, to what specifications, and then find an appropriate way to share that information with potential buyers.

Perspectives From 3 Of The Top SMEs In Information Security

As we approach the new year, I, Chuck Brooks, am very pleased to have a discussion with four of the most prominent technical SMEs in the world of cybersecurity; Kenneth Holley, George Platsis,  and Christophe Veltsos.  Their answers that follow offer practitioner perspectives and advice on some of the key issues and technologies that encompass the future of information security. It is worthwhile keeping their comments as a source reference for the C-Suite and anyone concerned about protecting their identities and data. Continue reading “2018 & Beyond – Cybersecurity’s Future”

60 Cybersecurity Predictions For 2018

And one from the #CyberAvengers all on Forbes

Attacks on the US government and critical infrastructure

A nation-state sponsored group will commence a 5-day long DDoS attack against a critical US government (non-DoD) agency, shutting it down in order to show their strength—The Cyber Avengers

Read the entire list on Forbes

A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Cybersecurity: A fiduciary duty

This plague has only increased and has prompted much research and writing on cybersecurity best practices (including by us) settling on, at the very least, one or more best practices designed to lessen (if not entirely mitigate) the effects of ransomware.

The recent WannaCry ransomware exploit brought into full view several factors that terrify many companies and their boards of directors. Why? Because these directors are charged with the fiduciary duty of overseeing the cyber risk preparations and defences of their companies for their shareholders.

In today’s environment, this presents quite a challenge for companies and boards alike. Security has always been a challenge because the defender must be right 100 per cent of the time and an attacker needs only one lucky shot. Effective cyberattacks can involve factors, such as:

1. A ‘zero-day’ or previously unknown software exploit (or vulnerability) that even advanced IT departments could not have reasonably planned for

2. An exploit that encrypts files when enabled or executed, and will not give the files back unless a ransom is paid

3. A public relations nightmare trying to explain to third parties, regulators (and in the case of WannaCry, hospital patients) why service levels dropped (i.e. evaporated) due to lack of properly segmented back-up recovery media and/or less than rigorous implementation of standard patches for older operating systems. Continue reading “Cybersecurity: A fiduciary duty”

The #CyberAvengers Playbook

The Non-Technical, No Nonsense Guide For Directors, Officers, and General Counsels

Cybersecurity, as many organizations practice it today, is broken. Everybody is feeling the pressure as competitors and partners alike dread a breach. Leadership can’t be left in the dark due to technobabble, a lack of resources, or excuses as to why cyber risk cannot be measured.

FireEye is proud to support the new eBook, The #CyberAvengers Playbook: Doing the Little Things (and Some of the Big Things) Well (2017 Edition). This short guide is designed to give you actionable items that could help any organization improve its cybersecurity posture.

Download the eBook and pick up the following tips from the #CyberAvengers:

  • Oversight duties: Learn to view risk from an enterprise perspective in an era where accountability and fallout costs are surely going to grow.
  • Cyber risk: Why it matters and how to wisely spend your limited resources.
  • Communication gaps: Cybersecurity is not an IT-only issue, so do not be afraid to speak your mind. We show you which questions to ask.
  • Response and continuity: Even the best-tested plans can go out the window during a time of crisis. Learn to minimize the fallout.
  • What’s happening in 2017 and what to expect in 2018: From the ransomware scare to the General Data Protection Regulation (GDPR) coming into effect, business is becoming more expensive. We try to help you save wherever you can.