Takeaways from the Russia-Linked US Senate Phishing Attacks

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns. On January 12, 2018, cybersecurity firm Trend Micro revealed that Russia-linked hackers tried to infiltrate the US Senate, leveraging phishing attacks to harvest access credentials. These tactics suggest that the hackers were laying the groundwork for a widespread compromise of Senate employees. And while these findings might further bolster the public view that the Kremlin is trying to influence our democracy, security professionals should not get distracted by the media frenzy that these revelations created and instead focus on the real…

What do Equifax, HBO, Uber and Yahoo All Have in Common?

A consumer ratings agency, a cable network, a transportation company and a web services provider. What ties them together? Sure, they were all impacted by very high-profile security breaches. But, if you dig a little deeper, you’ll find these organizations had a lot in common before, during and after their respective breaches. And those commonalities can teach us valuable lessons. A quick recap Equifax became the latest poster child for cybersecurity after it announced criminals had gained access to the financial data of 143 million people. The massive breach led to 23 class-action lawsuits, a $4.3 billion loss in market…

Data Breaches Plague Organizations for Years

Once an organization’s network is breached, extinguishing the flames is just the first step in a long, painful and costly journey to recovery. There’s still the wreckage to sift through, investigators to perform analyses, insurance claims and, of course, a business to reconstruct and secure. It isn’t business as usual once operations are restored; a breach can plague an organization for years. Financial Aftermath Smolders Not long after the event, the breach’s impact on stock price and earnings becomes clear. In July, just weeks after it was breached by the NotPetya malware, FedEx announced it expected a material loss associated…

Six Cybersecurity Questions for the C-Suite

Countless breaches of the past year demonstrate that C-suite executives and company directors must rethink their security. Earlier this year, Equifax saw its share price drop by 13 per cent within a day of revealing a data breach while last year Yahoo suffered a $350 million cut in its sale price to Verizon after reporting data breaches affecting one billion accounts — a number that was later increased to all three billion accounts with critical information stolen, including names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. The devastation of these incidents, alone,…

How the Uber Data Breach Could Have Been Prevented

Background on the Uber Breach History is replete with examples of individuals and organizations turning manageable problems into serious crises simply by trying to hide the truth. While the Uber data breach was large in terms of the 57M customer and driver records lost, if Uber had followed standard breach protocol by notifying authorities and impacted users, remediated the problem and laid out steps that they were taking to avoid future breaches, the impact would have been much less. Uber was under a legal obligation to notify regulators and to the impacted users and drivers. Instead they took extreme measures…

How To Lower Cyber Insurance Premiums

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion. Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, what exactly these policies cover, as well as the cost of premiums, is coming under scrutiny. A key question is whether or not non-malicious human activity is covered. On one hand, cybersecurity policies that do not cover human error —  which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches…

Bad Rabbit Ransomware: Another Wake-Up Call For Organizations

Aside from the cool sounding name, the Bad Rabbit Ransomware has quickly become a problem across Russia and Eastern Europe. While not as many are being affected as with WannaCry or Petya, it is still causing headaches for hundreds of organizations. Ransomware is a particularly nasty type of cyber-attack that costs far more than the relatively minor payouts demanded. For example, as we have seen with WannaCry, certain organizations are particularly vulnerable to ransomware such as healthcare. Disruption of patient care, destruction of data and general disorder caused by a ransomware attack is felt particularly hard by targeted healthcare organizations….

Three Discussions CISOs Should Expect When Attending CyberConnect

I’m really excited to announce that CyberConnect 2017 is nearly sold out! And, I’m even more excited to attend the 30+ keynotes and panels, and collaborate with over 40 thought leader speakers during the event. In fact, collaboration is at the core of CyberConnect. Unlike traditional events, CyberConnect integrates thought leadership, collaborative roundtable sessions and in-depth training designed to arm executives and practitioners alike with the tools and confidence needed to defend their organizations against today’s hyper evolving adversary. So, with collaboration in mind, I’d like to share three topics that CISOs can expect to discuss at the conference. How…

Reevaluate Your Cybersecurity Spend in 2017

Without a doubt, the most frustrating fact I face every day is this: Companies spend a meager 4.7% of their total security budgets on identity and access management (IAM) – while compromised identities are responsible for 80 percent of all data breaches. Eighty percent. This glaring disconnect is almost more than I can wrap my head around. Here’s the math: According to Gartner’s “Forecast: Information Security, Worldwide, 2015-2021, 2Q17 Update,” in 2015, companies spent nearly $84 billion on security. Approximately 4.7 percent of that ($4 billion) went towards identity and access management. This year, the total security spend is projected to…

Equifax Breach Shows Firms Still Aren’t Getting the Basics Right Ahead of GDPR Deadline

As each week brings the 25 May 2018 deadline for GDPR compliance closer to hand, we seem to be faced with yet another report highlighting poor levels of preparedness among organisations. Recent findings reveal that an astonishing 64% of UK firms have not yet begun preparations for the sweeping new data protection law. Yet as shocking as these stats are, a far more effective way to focus the minds of IT security and business leaders is to highlight some recent big-name data breaches and consider how the companies affected would have been treated in a post-GDPR world. For Equifax, there’s particularly…