How To Lower Cyber Insurance Premiums

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion. Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, what exactly these policies cover, as well as the cost of premiums, is coming under scrutiny. A key question is whether or not non-malicious human activity is covered. On one hand, cybersecurity policies that do not cover human error —  which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches…

Cybersecurity Awareness Month: Protecting Critical Infrastructure from Cyber Threats

It is interesting and at times bewildering, that in the many years following the failures of 9/11, we still have not found a way to share threat intelligence information without exposing classified information which may compromise the source. Look at these five primary pieces of infrastructure, which exist in every modern society, consider the interdependencies, and how a persist threat or disruption to one dependency can cascade throughout these infrastructure dominos. Primary Role: Electrical Power Generation/Distribution Dependencies on: Above and below ground electrical distribution wires. Network Access to connect power generation and distribution systems. Backup generation systems for internal systems….

Bad Rabbit Ransomware: Another Wake-Up Call For Organizations

Aside from the cool sounding name, the Bad Rabbit Ransomware has quickly become a problem across Russia and Eastern Europe. While not as many are being affected as with WannaCry or Petya, it is still causing headaches for hundreds of organizations. Ransomware is a particularly nasty type of cyber-attack that costs far more than the relatively minor payouts demanded. For example, as we have seen with WannaCry, certain organizations are particularly vulnerable to ransomware such as healthcare. Disruption of patient care, destruction of data and general disorder caused by a ransomware attack is felt particularly hard by targeted healthcare organizations….

The Internet Wants YOU: Consider a Career in Cybersecurity

Back in May, I blogged about the lack of women in technology and cybersecurity in particular. Weeks after that article was published, Cybersecurity Ventures released a report estimating that the number of unfilled cybersecurity jobs would increase from one million today to 3.5 million in 2021. That’s a lot of people required for an industry that already has a zero percent unemployment rate. And if the report is right, we have a few short years to address the problem before the current cybercrime epidemic truly explodes. Maybe it’s time to recognize that the number of women in tech is on a slippery…

Three Discussions CISOs Should Expect When Attending CyberConnect

I’m really excited to announce that CyberConnect 2017 is nearly sold out! And, I’m even more excited to attend the 30+ keynotes and panels, and collaborate with over 40 thought leader speakers during the event. In fact, collaboration is at the core of CyberConnect. Unlike traditional events, CyberConnect integrates thought leadership, collaborative roundtable sessions and in-depth training designed to arm executives and practitioners alike with the tools and confidence needed to defend their organizations against today’s hyper evolving adversary. So, with collaboration in mind, I’d like to share three topics that CISOs can expect to discuss at the conference. How…

Reevaluate Your Cybersecurity Spend in 2017

Without a doubt, the most frustrating fact I face every day is this: Companies spend a meager 4.7% of their total security budgets on identity and access management (IAM) – while compromised identities are responsible for 80 percent of all data breaches. Eighty percent. This glaring disconnect is almost more than I can wrap my head around. Here’s the math: According to Gartner’s “Forecast: Information Security, Worldwide, 2015-2021, 2Q17 Update,” in 2015, companies spent nearly $84 billion on security. Approximately 4.7 percent of that ($4 billion) went towards identity and access management. This year, the total security spend is projected to…

A Culture of Cybersecurity Is Now Mission Critical

Whether you’re a small business, a large business, an academic institution, a non-profit or a government agency, it is now absolutely critical that you weave a fabric of security throughout your organization. You’ve heard it a thousand times, but it can’t be overstated: Culture is created at the top and trickles down into the organization. Today’s executive leadership must do more than issue edicts and implement tools. They must truly embrace security. Leaders must deeply understand and regularly communicate its importance to the health of the organization. Executives from all departments in all industries should make it a goal to…

Equifax Breach Shows Firms Still Aren’t Getting the Basics Right Ahead of GDPR Deadline

As each week brings the 25 May 2018 deadline for GDPR compliance closer to hand, we seem to be faced with yet another report highlighting poor levels of preparedness among organisations. Recent findings reveal that an astonishing 64% of UK firms have not yet begun preparations for the sweeping new data protection law. Yet as shocking as these stats are, a far more effective way to focus the minds of IT security and business leaders is to highlight some recent big-name data breaches and consider how the companies affected would have been treated in a post-GDPR world. For Equifax, there’s particularly…

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

4 Tips to Stay Safe Online for National Cybersecurity Awareness Month

Help! I Love the Internet, But My Identity and Data Are Up For Grabs — Should I Just Unplug?! In honor of National Cybersecurity Awareness Month, we at Centrify are doing what we can to help you to be #CyberAware. The theme for the first week is around simple steps to online safety. Have you ever considered how to protect your privacy or identity while “online”? Have you noticed over the last few years how many times your data has been stolen or exposed by hackers? Have you observed that most of these breaches were from systems where you were…