The Gender Gap in Cybersecurity Can, and Should Be, Closed

The challenge at hand, to ameliorate the shortage of cybersecurity professionals and close the gender gap, is to educate, train, and facilitate women to fill the pipeline for a qualified information security workforce.

There are huge, growing demands for a modern cybersecurity workforce in both the private and public sectors; there is also a significant shortage of skilled professionals. There is an especially wide gender gap in cybersecurity and in many technology jobs as well. But this is a gap that can, and should, be closed. Continue reading “The Gender Gap in Cybersecurity Can, and Should Be, Closed”

Grading Global Boards of Directors on Cybersecurity

Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”

The Nature of Cybersecurity Strategies for Unprecedented Cyber Attacks

Just as the United States is vulnerable, so too are businesses within the United States and around the world. Just as the computer is increasingly becoming the weapon of choice for warfare, so too has it in business warfare.

What is foreseeable is that cyber attacks often are not. A few years ago the Sony Pictures Entertainment (SPE) hack turned on its head the business world that was already trying to come to grips with the Target, Home Depot, Neiman Marcus, and many other data breaches.

There was one thing about the SPE breach that really had the cybersecurity community in quite a buzz. An internal email from SPE’s cybersecurity investigators was made public and some were taking it as saying “It’s ok, it could have happened to anybody and there was nothing Sony could have done to stop it. It’s not Sony’s fault.”

That inference came from statements in the email that referred to the attack as being unique and unprecedented with the malware being undetectable by industry standard antivirus software.

The kerfuffle that ensued brings to mind the bigger picture of cybersecurity. Things such as what I have been preaching about cybersecurity. What others have been preaching about cybersecurity. More directly, what our respective roles are when it comes to cybersecurity and where and how (or whether) we really provide value to our clients. Continue reading “The Nature of Cybersecurity Strategies for Unprecedented Cyber Attacks”

Navigating the Cybersecurity Storm in 2016

“Our nation is being challenged as never before to defend its interests and values in cyberspace. Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”

—Admiral Mike Rogers, Head of US Cyber Command September 9, 2015

A very recent article in the UK publication The Guardian, entitled “Stuxnet-style code signing of malware becomes darknet cottage industry,” [1] raises the specter of bad actors purchasing digital code signatures, enabling their malicious code to be viewed as “trusted” by most operating systems and computers. Two recent high profile hacks utilized false or stolen signatures: Stuxnet, the code used to sabotage the Iranian nuclear program, allegedly jointly developed by America and Israel, and the Sony hack which was allegedly perpetrated by the government of North Korea. Both of these instances involve sovereign states, with effectively unlimited resources. Continue reading “Navigating the Cybersecurity Storm in 2016”