Questions to Ask Your Cyber-Insurance Provider
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading
Security Researcher Allegedly Hacks Into Commercial Passenger Airplane Flight Systems
According to the FBI, a security researcher may have hacked into commercial airplane flight systems from poorly-designed and poorly protected inflight entertainment systems (IFEs). If even the high-flying airline industry can’t protect its critical systems, what does that say… Continue reading
It Takes a Network to Fight Networks
At the RSA pre-conference Cloud Security Alliance (CSA) Summit both Philippe Courtot (CEO, Qualys) and Marc Goodman (Author, “Future Crimes”) highlighted the need for a paradigm shift in how enterprises and societies address cloud security.
Courtot finds… Continue reading
Is Security Architecture Failing?
“One of the discussions that never happen in relationship to the numerous successful hacks is: What was the security architecture? Security architecture – or any architecture for that matter – is the foundation upon which we should secure and protect… Continue reading
A Two Factor Authentication Makeover for your Protection
Cybercrime. SpyEye. Zeus. Anonymous. APT1. PRISM. Bullrun. Hackers of every sort are everywhere. As I wrote in “TrustNo One Device (Part 2)” and “Direct Memory Access (Again)” you have no assurance your device isn’t … Continue reading
Mitigate Common Attack Paths at the Core
Last week I wrote that encryption probably wouldn’t have prevented the Anthem breach. The details of that attack haven’t been released, but I found some CSO Online’s analysis that pieces together how it may have… Continue reading
Pressures and Pitfalls for Early Disclosure in the Wake of the Anthem Breach
As the investigation continues into yesterday’s announcement of the #AnthemHack, Security Architects Partners will be monitoring to see what it portends for early breach notification. By disclosing early, Anthem broke the typical mold of companies waiting to complete a full… Continue reading
Je suis Charlie – In Cyberspace
Sony of cyberattack fame is not French, nor as sympathetic as Charlie Hebdo and didn’t suffer a loss of human life in its (latest) breach. Otherwise, “Je suis Sony” might have rhymed just as well as #jesuischarlie.
Turkish Pipeline Attack – The Hour is Later Than You Think
The alleged attack on the Baku-Tbilisi-Ceyhan (BTC) pipeline has it all: geopolitical and ethnic conflict, potential nation state or terrorist involvement, environmental and economic disaster potential. Is is said to be comparable in destructive effect to Shamoon… Continue reading
The Sandbox Wars, They Have Begun
Since writing “What’s in the Sandbox?” I’ve been waiting for the sandbox shootout: “Zscaler vs FireEye – Insights from the experts at Miercom Labs.” Now its here: According to Miercom Zscaler is… Continue reading