Posts by Mark Gibson

Mark Gibson heads sales enablement at Centrify. Mark is a cross-discipline, high-tech leader, with current sales, marketing and business development skills. Recent sales and marketing performance improvement engagements in Australia, EMEA and in Silicon Valley. Extensive experience in messaging and content frameworks, sales enablement, inbound marketing implementation and execution.

Centrify Perspective

Cyber Risk Insights from the AIG 2017 Cyber Insurance Review

By , June 21, 2018

I read with interest AIG’s 2017 Cyber Insurance Review. In a one sentence summary: cyber insurance claims are up, due to systemic ransomware and wiper malware attacks, the cyber business is booming, but we are still early in the market evolution. Reading the report prompted me to ask three questions regarding Cyber Insurance: How well do insurance brokers understand cyber risk and cyber insurance? What percentage of businesses shopping for cyber insurance truly understand their cyber loss exposure in quantitative terms, and conversely how well do brokers understand their exposure What security controls and policies do businesses have in place…

Centrify Perspective

Insights from the Verizon 2018 Data Breach Investigation Report

By , May 2, 2018

The 2018 Verizon Data Breach Investigation Report (DBIR) was published in early April, reporting on 53,308 security incidents and 2,216 data breaches from 67 contributors in 65 countries. It’s an important read for organizational leaders, and cyber professionals to find data-driven evidence of industry-specific incident patterns. It’s also important to distinguish incidents from breaches. A breach is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. The remainder of this article will discuss data breaches. The following quote from Robert Novy, Deputy Assistant Director at the US Secret Service, is a good summary…

Centrify Perspective

Escaping Data-Breach Groundhog Day

By , February 2, 2018

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group report indicates that companies cyber budgets are being spent in areas that have been identified as least effective in securing data. “Clearly, doing what we have been doing for decades is no longer working. The more relevant question on the…

Hot Topics

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

By , October 4, 2017

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

Hot Topics

The Equifax Data Breach Disaster: ICIT’s Synopsis of America’s In-Credible Insecurity

By , September 26, 2017

The following are some of the key points excerpted from Part One of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Senior Fellow, Institute for Critical Infrastructure. This polemic 32-page report is an essential read for security practitioners, executives with responsibility for data security and privacy and a profound warning for CXO’s and board-executives in companies with responsibility for protecting Personally Identifiable Information, (PII). The recommendations offered in this ICIT report can help consumers and organizations alike mitigate some of the emerging attack vectors and regain a semblance of control over their identity, sensitive information and…

Hot Topics

Verizon 2017 DBIR: Key Takeaways

By , April 27, 2017

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories that were first identified in the 2014 report. These attacks are further categorized into key…

Centrify Perspective

Ponemon 2017 Report: The Need for a New IT Security Architecture

By , February 22, 2017

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

Hot Topics

How To Prevent Cybercrime: CFO Insights for Mid-Market and SMB Companies

By , October 12, 2016

Cybersecurity Risk From the Break Room to the Board Room How can CFO’s enable an organization to effectively combat cybercrime, while reducing IT security budgets? If this sounds too good to be true, let me explain how it can be done. Cyber risk is present at every level in every company from the break room to the board room. In retail, data breaches occur in companies of every size; from Yellowfront, a one-store grocer in Maine to the massive Home Depot and Target breaches. Cyber awareness of social engineering attack modes is a management priority, and all employees have responsibility in preventing…

Hot Topics

Why the New York Banking Cybersecurity Regulations Are Imperative and Timely

By , September 16, 2016

New York Governor Andrew Cuomo’s announcement of proposed new and far-reaching regulations to protect New York State banks, financial institutions and insurance companies against escalating threat of cyberattacks is both timely and imperative. The regulation requires institutions to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York’s financial services industry. The proposal is a landmark initiative to elevate the security posture and preparedness of New York’s thousands of financial institutions in combatting cyber-crime through a cybersecurity program that performs five core functions: Identification of cyber risks. Implementation of policies and procedures…

It's All About Identity

A Leader in the 2016 Forrester PIM Wave: What It Means for IT Security Teams

By , August 23, 2016

Little has changed in 30 years of massive data breaches From the earliest computer hackers to today’s sophisticated cyber-criminals, little has changed in the modus operandi used to access and monetize financial data. In the TRW 1984 incident, thieves stole access codes to a credit rating database from a TRW subscriber, a Sears and Roebuck’s store in Sacramento. They proceeded to paste them to an online noticeboard, so that others with personal computers could use the stolen credit history information of 90 million Americans to commit credit card fraud. Today, privileged user’s credentials are still the preferred target for cyber…