Verizon 2017 DBIR: Key Takeaways

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories (up from last year’s 83%) that were first identified in the 2014 report. These attacks…

Confronting the New Cyber Security Reality: Part 1

During the peak of the 2016 U.S. presidential election cycle, two groups of hackers accessed the Democratic National Convention servers. The leak made public emails detailing the DNC’s interactions with the media, both primary candidates’ campaigns and campaign contributions, and personal information about DNC donors, including credit card and Social Security numbers. This historical breach will forever be known for its impact on the 2016 Presidential election. Recently, we’ve seen the frequency of breaches like the DNC attack skyrocket—and no organization is safe. Over the past two years, sixty-six percent of organizations report experiencing five or more breaches, according to…

Researchers: Action Required to Protect Against IoT Threats

Recently, Pwnie Express researchers released their third annual report on the wired, wireless, Bluetooth, IoT and BYOD challenges facing IT security professionals. It’s not your typical study. These researchers combine a survey of hundreds of IT security pros with “on-the-ground” data captured from Pwnie Express sensors, distributed across a number of businesses. This mix of human perspective and real-world data offers a more accurate picture of what’s really going on out there. This year’s report had some interesting findings that I wanted to point out. If you have time to read the report — and I recommend it — you…

Top 3 Takeaways from the 2017 RSA Conference

Last week was the 2017 RSA Conference in San Francisco. Having attended, I can report that the number of vendors at the conference was nothing short of mind-boggling. While there are many challenges facing the security industry, there are also a lot of innovative ideas about how to respond to them. Here are my top takeaways from the conference: #1 Organizations Should Consolidate Security Vendors While it was great to see so many vendors at RSA, it was also indicative of just how many point security tools are on the market today — many of which provide very specific solutions…

How the Centrify Identity Platform Solves the IT Frankenstein Nightmare

In the novel Frankenstein, by Mary Shelly, Victor Frankenstein embarks on a quest to create life by using dead body parts, “collected bones from carnel-houses.” In the novel, the monster is totally uncontrollable and ultimately dooms his creator Victor. Frankenstein is not only a masterpiece of literature, but also represents a perfect analogy for today’s highly distributed business, and government, IT enterprises. Within the IT organizations of large enterprises, it’s very common to have different groups operating with almost complete autonomy, like small “kingdoms,” and these groups may rarely, if ever, coordinate their activities. Sure it’s true, that in some activities…

3 Ways to Prove Identity & Combat Cybercrime: National Cybersecurity Awareness Month

The Secret to Security What if I told you that the secret to security was just one, simple and attainable thing? Fort Knox is the de facto standard of security. It has granite walls that are four feet thick, vaults housing gold constructed with 27 inches of steel and one of the largest surveillance network on earth. Not to mention, it has the U.S. Army guarding the facility.  Yet, there is “one thing” that really helps protect this compound. Area 51 is one of the most highly classified areas in the world. Its protective measures include elaborate fences, an actual army of…

The Government Cloud is Coming

If you’re like me, you’ve been hearing the phrase, “the cloud is coming” for years before you ever learned that winter was too. I never read any of the books, which first came out in 1996, so it wasn’t until the Game of Thrones TV series started in 2011 that I first heard the phrase “winter is coming.” So, when did I start hearing of the cloud’s inevitability? For me, the “cloud” started when people began insisting that it didn’t really exist, like Oracle’s Larry Ellison did back in 2008. And I distinctly remember thinking that ‘ol Larry had a point….

Top 3 Takeaways from the 2016 Cyber Security Study by Wells Fargo Insurance

Wells Fargo Insurance released their 2016 Cyber Security Study this week. Over 100 decision makers at companies with at least $100 million in annual revenue were surveyed to better understand perceptions of network security and data privacy vulnerabilities and related business exposures and risks. Three interesting takeaways from this study include: Takeaway #1: The Rise of Imposter Fraud Whether you call it CEO fraud, fraudulent inducement, social engineering fraud or business e-mail compromise scams, 21% of respondents have been targets of impostor fraud. Unfortunately, most suffered a financial loss, and often a significant one ($500k+). In fact, in April 2016,…

Securing Enterprise Identities For Dummies: Free Live Webinar

In previous blogs, “Securing Enterprise Identities For Dummies, Part One and Part Two,” I wrote extensively about how identity can provide a new layer of security for your organization. Identity can be a powerful security tool for protecting both end-users and privileged users from the leading cause of data breaches — compromised credentials. Implementing an identity platform for both identity as a service and privileged identity management can add a strong player security for your organization. In Part One, we covered how the traditional network perimeter is inadequate for today’s apps and infrastructure, which are increasingly cloud and mobile. We also…

How Personal is Personal When It Comes to Handing Out Information?

Recent experiences have made me question just how much information we hand out nowadays to people we barely know. It seems that everyone wants a bit of our personal information, and more often than not we are happy to provide it. Even from my recent experiences selling a flat, it was surprising how much personally identifiable information the estate agent needed to see. I was asked to send all sorts of documents, from passport details to bank statements, often over e-mail. As someone keen to sell a flat, I did it without question of course — we all want the…