Do You Trust Your Network?

Therefore, if your IT department says to you, “we’re confident we do not have any malware on our network” ask how they came to that conclusion. If instead they say, “we do not have any malware on our network, honest, trust us!” then raise an eyebrow and get your hands dirty, because you have work to do.

The question seems simple enough, doesn’t it?  But have you asked the question?  My feeling is that not enough people actually do.  Of course, a natural response may be: isn’t that a question for my IT department to answer?

Yes and no (more on that in a moment).  And I promise I am not trying to play word games, but words and their meanings matter, and am therefore placing particular focus on the word trust.  Trust is different than confidence.  Trust is different than transparency.  Trust has a much more “personal” element than the others.  And so much of what we do in the world today is based on trust. Continue reading “Do You Trust Your Network?”

Multilateral Cyber Interests Will Rarely Align

The human-technology cyber conflict cannot be solved, but instead is a fact not to be solved but to be coped with over time.

Previously, I proposed that security and economy are inextricably linked and that such a link has the potential to increase both national and personal prosperity. If you are a student of history, I do not believe you will have any difficulty accepting this hypothesis, particularly when you put aside any consideration of cultural and societal issues or constructs.

A sovereign entity can potentially achieve national prosperity through security and economy, but that construct may not be tenable over time. Therefore, how prosperity is achieved is where it gets tricky. Why? Because people see the world in different ways and people want to live their lives differently. Continue reading “Multilateral Cyber Interests Will Rarely Align”

Before You Declare Your Enemy, Be Sure of Your Interests

Set aside all politics and details for a moment and begin with this premise: are my interests being met? If you take that as your starting point, the fog will begin to clear for you. Of course, reasonable people can have an informed debate over what “correct” interests are, but that is what we try to do in democracies. Interest is the overriding factor here.

In my previous article, I discussed the clash of systems we currently are in. Super quick recap: in one corner, we have the Westphalian nation-state system that’s been around since 1648 and is built on the principles of sovereignty, legal equality and a policy of non-interventionism; in the other corner, we have the Internet, which has no established sovereignty, is marred by legal blurring, and by virtue is interventionist and disruptive in nature.

Ultimately, what we have is a system clash where our original intent – free flow of information but with positive control of the Internet in our lives – has been flipped on its head, where the Internet effectively controls our lives. Continue reading “Before You Declare Your Enemy, Be Sure of Your Interests”

Cybersecurity Starts With Basics

I start from this premise: we have finite resources. I do not think anybody serious would disagree with me on this premise. Therefore, let us be smart about how we use these resources. And part of being smart is asking the right questions and knowing the basics.

One undeniable fact: the 2016 elections brought the word “cybersecurity” into the mainstream.  The problem that stemmed from that fact: nobody is actually sure what “cybersecurity” is.  And as a result, we spin our wheels or head off into differing directions.

For all the tech talk, commentary, and promise of some incredible “save you from all cyber threats” solution, lost in the conversation are the cybersecurity basics.  It is a disservice to all when pundits use words, such as hack and leak, interchangeably.  Those who have a more informed understanding of the issue know that these terms having incredibly different meaning.  The same can be said for words such as stolen and copied.  They are not the same and are often confused, even misused.  And how about this one: the difference between authorized access by an unauthorized user and unauthorized access.  The fine nuance between the two can entirely re-characterize the nature of an attack. Continue reading “Cybersecurity Starts With Basics”

Closing the Awareness Gap Requires a Team Effort

In March 2017, Forbes made the case that the IT skills gap is really more of an awareness gap: “College graduates’ skills are not visible to employers because while they’re leaving colleges and universities with transcripts and resumes, employers aren’t able to see the skills they’ve developed through coursework and co-curricular activities.”

Until academic programs provide current and prospective students with documentation on how their multitude of classes translates into mastery of different skills, students are left trying to connect the dots on their own. But to connect the dots, students must step back and reflect on their lessons and experiences to translate them into skills — quite a challenging task in the midst of an academic term or degree program. Continue reading at SecurityIntelligence.com

Personal Cyber Health and Hygiene: More Expensive Shoes Don’t Make You Run Faster

Wasting your time and money on the latest fad exercise machine or diet will be just that, a waste of time and money, especially if you are not ready to put yourself through the daily grind. Same goes for cyber tools that promise you a path to the mythical place known as CybersecureLand, a place where you can click on any link without any fear because the magical Fairy Cybermother will protect you and whisk any malicious code back to the depths of Maldorware.

It’s January 2nd and you have just finished your latest culinary blowout from the holiday season.  You look down towards your toes and you see something obstructing your view that wasn’t there just three weeks ago.  And of course, you fear walking towards the scale because you already know it’s going to be bad news.

So what do you do?

Sign up for an expensive gym membership and spend $300 on new training gear of course!

Unfortunately, neither of those will make a difference unless you put your best foot forward and start working your own butt off.  Worse, if you do not put that expensive membership and new gear to good use, you are only a few months (weeks?) away from saying, “I wish I didn’t spend all that money for nothing!”

I fear I am about to upset a few people by stating the following: good cyber health and hygiene is a lot like personal health and weight management.  It takes time, effort, and dedication to keep in top form and it is also very easy to go off the rails if you do not watch what you’re doing.  Furthermore, each time you go off the rails it becomes harder and harder to get back to the good form.  And the only real difference between your health and cyberspace is that you can at least upgrade your device or operating system, whereas when it comes to our personal health, we are stuck with the same body and brain for our entire lives. Continue reading “Personal Cyber Health and Hygiene: More Expensive Shoes Don’t Make You Run Faster”

Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road

The #CyberAvengers want to make cybersecurity unintimidating. Isn’t it a liberating feeling to know when your mechanic is running a fast one on you? It is. And you do that because you build up your knowledge and are unafraid to say, “why are you trying to get me replace my entire axle when all I need is a control arm?”

We are pointing out the obvious, but the obvious needs to be pointed out these days: How you view the world impacts your decision-making. And equally as important is how you view yourself. Therefore, if you see the world as a relatively benign place and feel for the most part you are well prepared for whatever challenge you will face, it is quite likely you will do little to change your behavior.

But if you view the world as a more hostile place and think of yourself and us as unprepared, chances are you will either wither away into a corner, frightening yourself into hysterical paranoia, or you will do something rational to prepare yourself for whatever challenge comes your way.

Let us start with this basic premise: The internet is inherently vulnerable. It was designed that way because the debate—about 40 plus years ago—focused on open access and free flow of information versus security. The former won, but we are paying the price today. So, if the information highway (the internet) is all banged up and falling apart, it does not matter how safe your car is because the road is still a mess. Continue reading “Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road”

Security Awareness: Three Lessons From Health Campaigns

“If you are doing the same things you did five years ago to keep your business and its data secure, then you do not have an effective security awareness program.” — Michael Corey, technologist and columnist.

A recent study found that nearly 4 out of 5 health care IT executives view employee security awareness as their biggest information security concern. Verizon’s “2017 Data Breach Investigations Report (DBIR)” found that cybercriminals used social attacks in 43 percent of breaches, while 66 percent of malware was installed using malicious email attachments. Meanwhile, 7.3 percent of users fell for phishing attacks by clicking a malware-laden link or opening an attachment. Continue reading at SecurityIntelligence.com

Today’s Cybersecurity Challenges Started in 1648

Instead of positive control, we have a system that completely controls how we conduct ourselves.

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet.

Many of the institutions, social constructs and domains we have accepted as norms came out of the Peace of Westphalia, a series of treaties to end the 30 Years War. No, the problems do not stem from the fact that many of us wish to throw our devices out the window when things go wrong or we find ourselves in disagreement with technology. (Though defenestration does sometimes feel like a natural response to many of our cybersecurity problems.) Continue reading “Today’s Cybersecurity Challenges Started in 1648”

When it Comes to Cyber Deterrence, One Size Fits…One

These are governance issues at their core, not technological ones, meaning that whatever technological steps you take to protect your data, you still may be overlooking the big picture (which will result in a loss of resources and open you up to liability). And because they are governance issues, there is a heavy dose of “human element” challenges associated to them.

Protecting yourself in cyberspace requires multiple solutions working all together.

Be cautious of the cybersecurity vendor that promises you a technical solution that will solve all of your cybersecurity problems. Life, unfortunately, is not that simple and a one-size-fits-all approach is bound to get you in trouble given today’s cyber complexities. Similarly, simply adopting a solution may not be enough. How you implement that solution could be the difference between operating a safer network or, inadvertently, making your network more vulnerable. One such solution is encryption. Continue reading “When it Comes to Cyber Deterrence, One Size Fits…One”