Keeping Pace with Evolving Risk

Today we released the 5th annual State of the Endpoint study, together with our colleagues at independent research firm, the Ponemon Institute. We’ve all known for some time the bad guys keep getting better and IT pros are continually challenged to keep the pace. Reinforcing the idea that it isn’t if an organization will be attacked but when,

> Read More

Test of our Bulk Power System, GridExII, Kicks Off Tomorrow

On November 13-14, the North American Electric Reliability Corporation (NERC) will host a Grid Security Exercise, called GridExII, with Electricity Sub-sector entities across the U.S., Canada and Mexico. The goal is to simulate both a cyber-incident and physical attack for the purposes of testing organizational readiness and response.

Some pretty good movies have been made about the notion of a cut in on our nation’s power supply – which is what could happen in the event of a serious breach of our electrical grid.

> Read More

NIST Releases Preliminary Cybersecurity Framework for Critical Infrastructure

In February, President Obama signed an Executive Order that called for increased cyber-threat information sharing between government and private companies who oversee our country’s critical infrastructure. The goal was to break down the barriers that cause privately-managed critical infrastructure companies to work independently of the government groups that could create a repository of intel on trending cyber attacks.

> Read More

Social Media: the Bad Guys’ Perfect Playground

October marks the 10th anniversary of National Cyber Security Awareness Month, a public education campaign spearheaded by our colleagues at the National Cyber Security Alliance. It’s somewhat disheartening to consider the lack of progress made in cyber security over the last 10 years; cyber criminals continue to wreak havoc stealing personal identities, corporate IP, and even national secrets.

> Read More

Advice for the Incoming DHS Secretary

A few weeks after retiring Department of Homeland Security Secretary Janet Napolitano gave a farewell speech, we are still unclear on her replacement unfortuntely. In that departure speech, Napolitano advised her successor “You will need a large bottle of Advil.” Given the DHS Secretary is responsible for dealing with everything from natural disasters to terrorists attacks,

> Read More

APT is a Hacking Strategy

When you have something that someone else wants, you’re forced to protect it if you want that something to remain yours. Since the beginning of time, theft has been our unfortunate reality. As our world moved online and everything became digitally interconnected, thieves quickly recognized that’s where real value resides. To swipe it, they have gotten increasingly creative with their tactics and,

> Read More

Hacking the Hacker: The Downside to Vigilante Justice

Imagine you woke up one morning to find all of your possessions gone. Someone broke into your house in the dead of night and stole all of your things. You don’t know how they did it or who it was, but the fact remains: your stuff is gone. You might step outside, see the broken window or the ruined lock,

> Read More

3 Executive Strategies to Prioritize Your IT Risk

Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope these strategies will help companies prioritize their IT risk and think beyond the traditional IT standards.

> Read More

CISPA, FISMA Passed the House. Now What?

CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only failed attempt at cyber security legislation.

> Read More

What Businesses Need to Know About Cyber Security

  • What laws are in place for cyber security and are they enough?
  • Are the Chinese the only foreign nation hackers we need to worry about? Who are the real perpetrators?
  • How big of a problem is stolen IP for the U.S. and other countries and what is being done about it?

> Read More

Are Journalists Sitting Ducks?

Remember Mat Honan – a Wired reporter that covers consumer electronics? He had his entire digital life erased last summer. His Google account was deleted, his Twitter taken over, his iPhone, iPad and MacBook erased.

How about the New York Times hack? Chinese hackers allegedly broke into the paper’s systems,

> Read More

Time to Think New About Security

For the good guys to get a leg up on increasingly brazen cyber criminals, we must share breach intelligence. The bad guys do it and we are at a significant disadvantage because we don’t. Or at least we don’t at the level we should. I’ve said this many times before but the road to cyber security legislation has been long and difficult.

> Read More

The Shape of Things to Come with Critical Infrastructure Attacks

How many movies have you seen where the fate of humankind depends on a geeky guy sweating in front of a computer? The specific drama varies from movie to movie, but they generally include the need to: hack into a system to get critical information, crack a password, or disable an evil supercomputer bent on destroying our way of life.

> Read More

The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside

In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective,

> Read More