Posts by Mark Gibson

Mark Gibson heads sales enablement at Centrify. Mark is a cross-discipline, high-tech leader, with current sales, marketing and business development skills. Recent sales and marketing performance improvement engagements in Australia, EMEA and in Silicon Valley. Extensive experience in messaging and content frameworks, sales enablement, inbound marketing implementation and execution.

Centrify Perspective

Escaping Data-Breach Groundhog Day

By , February 2, 2018

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group report indicates that companies cyber budgets are being spent in areas that have been identified as least effective in securing data. “Clearly, doing what we have been doing for decades is no longer working. The more relevant question on the…

Hot Topics

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

By , October 4, 2017

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

Hot Topics

The Equifax Data Breach Disaster: ICIT’s Synopsis of America’s In-Credible Insecurity

By , September 26, 2017

The following are some of the key points excerpted from Part One of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Senior Fellow, Institute for Critical Infrastructure. This polemic 32-page report is an essential read for security practitioners, executives with responsibility for data security and privacy and a profound warning for CXO’s and board-executives in companies with responsibility for protecting Personally Identifiable Information, (PII). The recommendations offered in this ICIT report can help consumers and organizations alike mitigate some of the emerging attack vectors and regain a semblance of control over their identity, sensitive information and…

Hot Topics

Verizon 2017 DBIR: Key Takeaways

By , April 27, 2017

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories that were first identified in the 2014 report. These attacks are further categorized into key…

Centrify Perspective

Ponemon 2017 Report: The Need for a New IT Security Architecture

By , February 22, 2017

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

Hot Topics

How To Prevent Cybercrime: CFO Insights for Mid-Market and SMB Companies

By , October 12, 2016

Cybersecurity Risk From the Break Room to the Board Room How can CFO’s enable an organization to effectively combat cybercrime, while reducing IT security budgets? If this sounds too good to be true, let me explain how it can be done. Cyber risk is present at every level in every company from the break room to the board room. In retail, data breaches occur in companies of every size; from Yellowfront, a one-store grocer in Maine to the massive Home Depot and Target breaches. Cyber awareness of social engineering attack modes is a management priority, and all employees have responsibility in preventing…

Hot Topics

Why the New York Banking Cybersecurity Regulations Are Imperative and Timely

By , September 16, 2016

New York Governor Andrew Cuomo’s announcement of proposed new and far-reaching regulations to protect New York State banks, financial institutions and insurance companies against escalating threat of cyberattacks is both timely and imperative. The regulation requires institutions to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York’s financial services industry. The proposal is a landmark initiative to elevate the security posture and preparedness of New York’s thousands of financial institutions in combatting cyber-crime through a cybersecurity program that performs five core functions: Identification of cyber risks. Implementation of policies and procedures…

It's All About Identity

A Leader in the 2016 Forrester PIM Wave: What It Means for IT Security Teams

By , August 23, 2016

Little has changed in 30 years of massive data breaches From the earliest computer hackers to today’s sophisticated cyber-criminals, little has changed in the modus operandi used to access and monetize financial data. In the TRW 1984 incident, thieves stole access codes to a credit rating database from a TRW subscriber, a Sears and Roebuck’s store in Sacramento. They proceeded to paste them to an online noticeboard, so that others with personal computers could use the stolen credit history information of 90 million Americans to commit credit card fraud. Today, privileged user’s credentials are still the preferred target for cyber…

Hot Topics

Billions of Dollars in Infosec Spending Wasted on Legacy, Network Security

By , April 11, 2016

The Vormetric 2016 Data Threat Report published in January 2016 provides valuable insight into trends in encryption and data security. The 2016 report surveyed over 1100 global security executives in mid-market and large enterprises across federal, retail finance and healthcare markets. In 2015 the incidence of breaches increased and the volume of records breached doubled over the prior year despite increased security spending. The report highlights a critical thinking gap, as security executives continue to equate compliance with security. “Compliance does not ensure security,” according to Garrett Bekker, 451 Research senior analyst and the report’s author. Compliance Does Not Equal Security “As we learned from data…

Hot Topics

What Experian and T-Mobile Didn’t Learn from the Home Depot Breach

By , October 8, 2015

I read with great irritation last weekend of the Experian / T-Mobile hack. I just bought a new iPhone from T-Mobile and as part of the lease process, they ran a credit check with Experian.               Immediate thoughts were of unauthorized credit card transactions, canceled cards. Identity theft. Inconvenience and the sense of violation from a “trusted” 3rd party, Experian. Relief when I checked my email receipt from T-Mobile, dated September 18th, as the compromised data window ended on September 16th.  But it could have been a couple of days earlier as I’d been thinking about switching from Android for a while….