Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

A Quick Summary of Recent Trends & Developments That Businesses and Law Firms Should Know

“Nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack.”

Cybersecurity Spending Soaring:

According to market research firm Gartner, global spending on information security is expected to reach nearly $87 billion in 2017 — an increase of around 7 per cent over 2016 – and is expected to top $113 billion by 2020.  Also according to Gartner, by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today. Continue reading “A Quick Summary of Recent Trends & Developments That Businesses and Law Firms Should Know”

Ransomware Heists are Only Part of the Board’s Problems

Your job isn’t done by completing vulnerability assessment. You actually have to do something about those vulnerabilities you have found.

It’s 10:00 am Monday morning and management is in the hot seat. The stock has lost 15 points since the opening bell and is going in a downward spiral. The company is being maligned on the news and trolled on social media. Shareholders are demanding to know how the company allowed a breach to happen over the long weekend, exposing 100 million pieces of personally identifiable information. An emergency meeting with all available board members is called for 1:00 pm to discuss the state of affairs and the question, “What do we do now?”

Ready to present, management and IT hastily put together a presentation of what happened. As soon as the presentation starts, the unthinkable occurs: ransomware takes control. Its demands are simple: $50 million in Bitcoins within one hour, or at 2:00 pm the hacker group dumps corporate R&D and emails from the last year into the public domain. There is no way for the company to recover once this information goes public. Continue reading “Ransomware Heists are Only Part of the Board’s Problems”

Independence Day from Hacking

Unfortunately, professionals in industry and government still think they are not a target. And what is worse is that many of them are still convinced that the means they used to protect their networks five years ago still apply today.

Watching the news and the debates during the past week felt pretty deflating. You must have heard about the entire who knew what when regarding the attempted Russian interference during the election. Much of what was said was fairly well known but with the new drips and drabs of information coming out into the open the past few days, political opportunism was bound to happen.

Despite this expected response, finger-pointing provides no true help to anybody in the world (and if we are being candid, not even within the Beltway). Sure, it is all interesting. And all of this chatter even provides a good spectacle. We even agree there are some serious questions that need to be answered, like who did know what when and why did they do (or not do) something about it. Continue reading “Independence Day from Hacking”

Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road

The #CyberAvengers want to make cybersecurity unintimidating. Isn’t it a liberating feeling to know when your mechanic is running a fast one on you? It is. And you do that because you build up your knowledge and are unafraid to say, “why are you trying to get me replace my entire axle when all I need is a control arm?”

We are pointing out the obvious, but the obvious needs to be pointed out these days: How you view the world impacts your decision-making. And equally as important is how you view yourself. Therefore, if you see the world as a relatively benign place and feel for the most part you are well prepared for whatever challenge you will face, it is quite likely you will do little to change your behavior.

But if you view the world as a more hostile place and think of yourself and us as unprepared, chances are you will either wither away into a corner, frightening yourself into hysterical paranoia, or you will do something rational to prepare yourself for whatever challenge comes your way.

Let us start with this basic premise: The internet is inherently vulnerable. It was designed that way because the debate—about 40 plus years ago—focused on open access and free flow of information versus security. The former won, but we are paying the price today. So, if the information highway (the internet) is all banged up and falling apart, it does not matter how safe your car is because the road is still a mess. Continue reading “Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road”

Is WannaCry Ransomware Just the Warm-Up Act?

Companies and government also need to share data. Because of exponential connectivity, further being promulgated via the Internet of Things, future global public/private cooperation will be critical in maintaining a knowledge base to track and counter emerging cyber threats.

Ironically Warren Buffet recently stated that “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” He is right. Cybersecurity is a preeminent threat.

What is being called the largest ransomware attack is being described as a real wakeup call y many cybersecurity experts and government officials. The ransomware disrupted hospital , organizational and company networks that were not well protected and up to date. Low hanging fruit for hackers. It did not turn out to be as lethal as originally feared, but it certainly demonstrated the global vulnerabilities associated with inter-connected networks and devices. Continue reading “Is WannaCry Ransomware Just the Warm-Up Act?”

Ransomware Spreading Like Crazy Worms

Luck – while a critical aspect of life – is not an effective resilience strategy. WannaCry has already been modified and there are variants with no “kill switch” in the code. More hurt is in order for the unprepared.

Curiosity turned blind luck saved us from something far worse from what we saw Friday as the Wanna Cry ransomware spread across the globe. Had it not been for a British malware researcher registering some gobbledygook of a domain name, who knows what we would be writing about today. At the rate we are going, if we were cats, we would be burning through our nine lives faster than Tony Stark builds Ironman suits. Continue reading “Ransomware Spreading Like Crazy Worms”