When William Darby went to work as a securities broker in October of 2018, little did he know that he was going to not only have a bad day, but ultimately a bad career. Darby’s firm fell victim to an increasingly common form of attack — a Business E-Mail Compromise, or BEC attack. An unknown hacker…
Details
When NSA security researchers learned that the methods used by Microsoft Windows 10 machines to examine digitally signed code (like that used to install patches) had a vulnerability which would have allowed the Agency to slip in malware, they had to debate the best method of protecting the nation. On the one hand, they could…
Details
Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. At some point many of these professionals achieve leadership roles. A cybersecurity leader must be able to rely on that technical acumen to enable the business goals…
Details
CISOs Praise Deception Technology Vendor for Importance to the Business and Ease of Use Security Current, the premier CISO knowledge-sharing community, today announced that CISOs from across industries selected TrapX as the winner of the Security Shark Tank® New York City 2019. In the Security Shark Tank, providers come face-to-face with CISOs seeking innovative solutions…
Details
CISOs Laud Fortanix for Innovation, Vision and Importance to the Business Chicago, Illinois – Security Current, the premier CISO knowledge-sharing community, today announced that CISOs from across industries selected Fortanix® Inc. as the winner of the Security Shark Tank® Chicago 2019. In the Security Shark Tank, providers come face-to-face with CISOs seeking innovative solutions for their…
Details
The Federal Government is increasing its oversight of federal contractors who gather and store information on its behalf. This is part of a trend in which data collection and storage regulations are constantly being tightened as cyber security becomes an ever-more important factor. The U.S. Federal Government collects an ever-increasing amount of data and as…
Details
Yesterday, I wrote about two employees of CoalFire who were arrested for performing a physical pen test of various courthouses in Iowa. The article focused on the need to have a well-defined Statement of Work and contract. Well, guess what. The State of Iowa Judicial Branch released exactly these documents. And guess what? Page 12 of the…
Details
I was recently asked why there has been a spike in incident alerts during the current month. As I gave my answer, I noticed that I was focusing on the reasons behind “why” the numbers had risen and it became apparent to me that when I explain risks, I tend to focus on the motive…
Details
On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…
Details
Your domain is your domain. Your website is your website. You decide who can access your site, who can access your data, and how they can do that. You make those decisions through both technology (e.g., code, access control, userIDs, passwords, multifactor authentication) and contracts (terms of use, terms of service, privacy policies, software license…
Details
