Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road

The #CyberAvengers want to make cybersecurity unintimidating. Isn’t it a liberating feeling to know when your mechanic is running a fast one on you? It is. And you do that because you build up your knowledge and are unafraid to say, “why are you trying to get me replace my entire axle when all I need is a control arm?”

We are pointing out the obvious, but the obvious needs to be pointed out these days: How you view the world impacts your decision-making. And equally as important is how you view yourself. Therefore, if you see the world as a relatively benign place and feel for the most part you are well prepared for whatever challenge you will face, it is quite likely you will do little to change your behavior.

But if you view the world as a more hostile place and think of yourself and us as unprepared, chances are you will either wither away into a corner, frightening yourself into hysterical paranoia, or you will do something rational to prepare yourself for whatever challenge comes your way.

Let us start with this basic premise: The internet is inherently vulnerable. It was designed that way because the debate—about 40 plus years ago—focused on open access and free flow of information versus security. The former won, but we are paying the price today. So, if the information highway (the internet) is all banged up and falling apart, it does not matter how safe your car is because the road is still a mess. Continue reading “Explaining Cybersecurity through Cars: Get Yours Inspected or Get It Off the Road”

The Gamification Trend in Cybersecurity

Of course there is a real science to gamification and the many algorithms that create a scenario for the players. The values of lessons learned for the cybersecurity community in conducting such exercises can create working models that will pay dividends for everyone connected, improving competiveness for industry and better security overall.

For many years the defense and intelligence communities have relied upon a concept called gamification to test concepts, strategies, and potential outcomes in various scenarios via computer simulation. They have found that gamification heightens interest of the players involved and serves as a stimulus for creativity and interchange of ideas which is vital for keeping an edge. As computers have become faster and more capable and data gathering abilities have has exponentially grown, gamification has become a “go to” process for many involved in the security community. Continue reading “The Gamification Trend in Cybersecurity”

Security Awareness: Three Lessons From Health Campaigns

“If you are doing the same things you did five years ago to keep your business and its data secure, then you do not have an effective security awareness program.” — Michael Corey, technologist and columnist.

A recent study found that nearly 4 out of 5 health care IT executives view employee security awareness as their biggest information security concern. Verizon’s “2017 Data Breach Investigations Report (DBIR)” found that cybercriminals used social attacks in 43 percent of breaches, while 66 percent of malware was installed using malicious email attachments. Meanwhile, 7.3 percent of users fell for phishing attacks by clicking a malware-laden link or opening an attachment. Continue reading at SecurityIntelligence.com

Today’s Cybersecurity Challenges Started in 1648

Instead of positive control, we have a system that completely controls how we conduct ourselves.

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet.

Many of the institutions, social constructs and domains we have accepted as norms came out of the Peace of Westphalia, a series of treaties to end the 30 Years War. No, the problems do not stem from the fact that many of us wish to throw our devices out the window when things go wrong or we find ourselves in disagreement with technology. (Though defenestration does sometimes feel like a natural response to many of our cybersecurity problems.) Continue reading “Today’s Cybersecurity Challenges Started in 1648”

When it Comes to Cyber Deterrence, One Size Fits…One

These are governance issues at their core, not technological ones, meaning that whatever technological steps you take to protect your data, you still may be overlooking the big picture (which will result in a loss of resources and open you up to liability). And because they are governance issues, there is a heavy dose of “human element” challenges associated to them.

Protecting yourself in cyberspace requires multiple solutions working all together.

Be cautious of the cybersecurity vendor that promises you a technical solution that will solve all of your cybersecurity problems. Life, unfortunately, is not that simple and a one-size-fits-all approach is bound to get you in trouble given today’s cyber complexities. Similarly, simply adopting a solution may not be enough. How you implement that solution could be the difference between operating a safer network or, inadvertently, making your network more vulnerable. One such solution is encryption. Continue reading “When it Comes to Cyber Deterrence, One Size Fits…One”

Cybersecurity Hiring Woes? Time to Consider a New Collar Approach

“There are over 5 million jobs open in this country. The reason they are not filled is skills.” — Ginni Rometty, IBM CEO, speaking to Fox Business about new collar jobs.

Organizations are suffering from an inability to fill vacant technology and cybersecurity positions. A four-year wait for students to complete their curricula is an eternity for the technology sector given the rapid pace of innovation and change in the field. And since most organizations today cannot run without technology and an appropriate level of cybersecurity, this skills gap really extends to entire countries. A March 2017 report by Frost and Sullivan predicted that the number of global unfilled positions will reach 1.8 million by 2022. Continue reading at SecurityIntelligence.com

Is WannaCry Ransomware Just the Warm-Up Act?

Companies and government also need to share data. Because of exponential connectivity, further being promulgated via the Internet of Things, future global public/private cooperation will be critical in maintaining a knowledge base to track and counter emerging cyber threats.

Ironically Warren Buffet recently stated that “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” He is right. Cybersecurity is a preeminent threat.

What is being called the largest ransomware attack is being described as a real wakeup call y many cybersecurity experts and government officials. The ransomware disrupted hospital , organizational and company networks that were not well protected and up to date. Low hanging fruit for hackers. It did not turn out to be as lethal as originally feared, but it certainly demonstrated the global vulnerabilities associated with inter-connected networks and devices. Continue reading “Is WannaCry Ransomware Just the Warm-Up Act?”

Five Strategies to Help Recent Graduates Close the Awareness Gap

This form of underemployment, over the long term, impacts the ability of this incoming workforce to receive appropriate compensation and deal with ever-increasing student debt. Being held back early on in one’s career can impact future jobs and pay.

While information security employers decry the skills shortage, a recent Forbes article pointed the finger at a different reason for the perceived gap between what employers want and what job seekers are able to bring to the table: an awareness gap. This gap is due to the widespread inability of college graduates to fully articulate the range of skills and experiences they developed during their time in college and through extracurricular experiences. Continue reading at SecurityIntelligence.com

Ransomware Spreading Like Crazy Worms

Luck – while a critical aspect of life – is not an effective resilience strategy. WannaCry has already been modified and there are variants with no “kill switch” in the code. More hurt is in order for the unprepared.

Curiosity turned blind luck saved us from something far worse from what we saw Friday as the Wanna Cry ransomware spread across the globe. Had it not been for a British malware researcher registering some gobbledygook of a domain name, who knows what we would be writing about today. At the rate we are going, if we were cats, we would be burning through our nine lives faster than Tony Stark builds Ironman suits. Continue reading “Ransomware Spreading Like Crazy Worms”

Meeting Growing Security Challenges

The more digitally interconnected we become in our work and personal lives, the more vulnerable we will become. Mitigating the cyber threats will grow as a priority and requires security awareness and that data be secure and reliable.

In 2017 we are facing a new and more sophisticated array of physical security and cybersecurity challenges that pose significant risk to people, places and commercial networks. The nefarious global threat actors are terrorists, criminals, hackers, organized crime, malicious individuals, and, in some cases, adversarial nation states. Everyone and anything is vulnerable, and addressing the threats requires incorporating a calculated security strategy.

According to Transparency Market Research, the global homeland security market is expected to grow a market size of $364.44 billion by 2020. A large part of the spending increase over the past year is directly related to cybersecurity in both the public and private sectors. Continue reading “Meeting Growing Security Challenges”