Take Back Control of Your Cybersecurity – The Podcast Series

Today, I’m sharing the list of the first five podcasts (with a few more to come in the next month). Paul and I want to thank the IBM Security team, and Mitch Mayne (of IBM Security) for their support in making this podcast series happen, and indirectly for helping get the word out about our book.

As many of you know, in January 2017, Paul Ferrillo and I released our new book, Take Back Control of Your Cybersecurity Now. Around the same time, the folks at IBM Security, the masterminds behind SecurityIntelligence.com where over 40 of my blog articles are posted, agreed to record a series of podcasts with Paul and I. Continue reading “Take Back Control of Your Cybersecurity – The Podcast Series”

NACD Publishes Five Cybersecurity Principles Every Board Director Needs to Know

“Directors don’t need to be technologists to play an effective role in cyber risk oversight — but every board can take the opportunity to improve the effectiveness of their cyber oversight practices.” — Peter Gleason, NACD President

In January 2017, the National Association of Corporate Directors (NACD) released an updated edition of its “Director’s Handbook on Cyber Risk Oversight.” In light of increasing pressures from regulators and ongoing cyberattacks, board directors have a key role to play to ensure proper oversight of cyber risks for their organizations.

The 2017 edition improves on the 2014 version by clarifying several points for board directors to help them understand the strategic importance of cyber risks and the complexity of threats. It also includes several appendices that both chief information security officers (CISOs) and directors will find useful when preparing for mergers and acquisitions (M&A). The appendices also contain information about metrics and dashboards, and the relationship between boards and CISOs. Continue reading on SecurityIntelligence.com

Highlights From the World Economic Forum’s ‘Global Risks Report 2017’

The report emphasized that cyberattacks and breaches have led many countries to enact tough national security and counterterrorism measures. That changes the rights of citizens and alters how governments work in the 21st century.

On Jan. 11, the World Economic Forum (WEF) published “The Global Risks Report 2017.” As we did for the 2016 edition, we dug in this year’s report to analyze key findings as they relate to cybersecurity. Continue reading at SecurityIntelligence.com

Five Ways to Be a More Effective CISO in 2017

The security officer’s role is mentioned alongside other technology roles such as head of IoT strategy, chief data officer and chief digital officer.

The new year is here, and with it comes another fresh wave of attacks, continued strain on resources and the hubbub of everyone returning to the office after a long, much-needed break. The chief information security officer’s (CISO’s) time is as stretched as it has ever been and, most likely, so is his or her attention span. Here’s a short list of priorities for CISOs to keep running in the background. Continue reading at SecurityIntelligence.com

The Priority of the Government/Industry Cybersecurity Partnership

Information sharing to risk management will help allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, insider threats, and especially denial of service attacks. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes.

The change in the cyber risk environment coinciding with a heightened need for procurement of new technologies and services has created a new paradigm for a cybersecurity partnership between government and industry. The prioritization of that special partnership appears to be in the immediate plans for the new Trump Administration. Continue reading “The Priority of the Government/Industry Cybersecurity Partnership”

Charisma Killed the Cat: Fostering an Effective Cybersecurity Leadership Style

Competing in the global marketplace in 2017 doesn’t come easy. Today’s organizations must deal with global competition and innovation, workforce gaps, a pace of disruption that shows no signs of slowing down and the ever-increasing frequency and maturity of cyberattacks. These factors translate into a lot of stress and very little time to determine the best cybersecurity leadership style to keep the organization safe from the barrage of cyberattacks. Continue reading at SecurityIntelligence.com

Using Cognitive Security to Fight the Cybersecurity Borg

We are the Borg. You will be assimilated. Resistance is futile.

Organizations today find themselves in a situation not unlike that of the Enterprise crew in “Star Trek.” They are facing a formidable, technologically advanced enemy capable of taking over key components of the organization. In one episode of “Star Trek,” in fact, the Borg collective takes control of Captain Jean-Luc Picard himself, to the horror of his crew. Continue reading at SecurityIntelligence.com

The cybersecurity priority for DHS in 2017

Because of the exponential growth of the Internet of Things, mobile devices, big data and digital commerce, cybersecurity has grown immensely as a key priority while DHS has assumed more of a formal government role in the civilian cyber arena. Cyberthreat actors include hackers, terrorists, criminals and nation-states.

As one of his first national security appointments, President-elect Donald Trump has selected retired Marine Gen. John F. Kelly to lead the Department of Homeland Security. Kelly is widely recognized for his expertise in counterterrorism, his dedication, composure and intellect. He is especially known for his excellent leadership skills honed by more than 40 years of military service, including as the commander of U.S. Southern Command. Continue reading “The cybersecurity priority for DHS in 2017”

A Human’s Role in an AI-Dominated Cybersecurity World

To think that “more technology” will make us “more secure” – especially if we start to sacrifice basic Internet survival skills…like being able to identify a spearphishing attack…because that had no influence on aaanything in 2016, did it? – we run the risk on having a long-term problem that we may not be able to untangle ourselves from so easily…or ever.

Hello again! It’s been a while, but with the flurry of stories surrounding the Presidential election, I made a conscious decision to stay away from writing.  As of this past weekend, many of you have heard of further claims of foreign interference in the election.  And, as the title of this post suggests, I will not be talking about that!

Fake news, foreign interference, protection of information, conflicting reports, ascertaining intent, spearphishing attacks, typos, and so on will be talked about in one of my later posts, probably early 2017. Despite the hype, I’m actually trying to let the dust settle a bit, in order to present a clearer picture (I hope). Continue reading “A Human’s Role in an AI-Dominated Cybersecurity World”

Recent Attacks Demonstrate The Urgent Need For C-Suite Cybersecurity Expertise

Plans that are most successful often involve the leadership at the top of companies and organizations, commonly referred to as the C-Suite. To carry out plans that rectify potential cybersecurity damages waiting to happen, it is paramount that the C-suite bring cybersecurity expertise to their Boards of Directors and Advisory Boards.

Escalating cyber-attacks on corporations, infrastructure, and organizations have created an environment of uncertainty and, in some cases, panic over the implications of data breaches. Despite the trends of greater frequency, sophistication, efficacy and liabilities associated with incursions, the industry has been mostly unprepared and slow to act.

Tools for hackers have become more readily available, and cyber-criminal gangs are becoming more pervasive and skillful. At the same time, nation-state actors and terrorists are also a becoming a more powerful part of the cyber-threat landscape. The bottom line is that in the wake of these developments, the mindset behind corporate cybersecurity needs to change from passivity to preparedness. Continue reading “Recent Attacks Demonstrate The Urgent Need For C-Suite Cybersecurity Expertise”