Boards Are Interested in Cybersecurity Too

Dateline: September 29, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. With all the media attention focused on recent cyber events, it's no wonder our Boards are getting involved.  Certainly a catastrophic event such as Equifax experienced recently shows Board leaders that a large vulnerability might exist in their company.  Making sure these … [Read more...]

Cybersecurity: Don’t Leave the Keys Under the Mat

Dateline: September 22, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. With information security in the headlines over the past few weeks, it's also time to remind ourselves that all the technology in the world won't help our organizations be cyber resilient if the people in the organization inadvertaintly create vulnerabilities.  That was the … [Read more...]

Equifax’s Reminder: European GDPR On the Horizon

Dateline: September 15, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. The barrage of articles about Equifax reminds us that our data is not protected, even when we think it is.  As this breach becomes better understood, it raises all types of questions such as how do we protect ourselves? to who would do this? to what is the liability? to will … [Read more...]

Reducing Cybersecurity Threats From Ex-Employees

Dateline: August 4, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Most cybersecurity breaches are aided by insiders...either intentionally or unintentionally.  But a recent study showed that ex-employees may also be a threat, but this one is more easily managed with the right processes in place.  According to Bob Violino, a free-lance writer … [Read more...]

Machine Learning Shows Promise for Data Security

Dateline: July 28, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Security of our data continues to be a struggle for many information systems leaders.  Recently an article was published at CIO.com titled, Machine Learning is Transforming Data Security. In this article,  data security was thought to be a big problem in part because of the cost, … [Read more...]

The Business Mindset of Cyber-Criminals

Dateline: July 21, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Cyber-criminals are organized, smart and well-funded.  If we think of cyber attacks as the 'service' of a 'well-organized business' then we can come up with strategies to 'compete' against it.  By compete, we mean become more cyber-resilient, not go into the cyber-crime business, … [Read more...]

Threat Hunting Needs Technology and People

Dateline: July 14, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Continuing on our theme of the organizational side of cybersecurity leadership, this week we look at threat hunting.  A blog titled Threat Hunting and the Pyramid of Pain (written by flOx2208, a "common human being wanting to share my knowledge and experience") suggests that … [Read more...]

Cybersecurity Basics

Dateline: July 7, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Next week I'm leading a session on building a cybersecurity culture at of the annual meeting of the Cybersecurity Consortium at MIT's Sloan School (Full disclosure: I am the Executive Director of the Consortium, you can learn more about (IC)3 activities and membership here).   In … [Read more...]

Changing Corporate Perception of Cybersecurity

Dateline: June 30, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. This past week a new ransomware cyber threat made its way through hundreds of computers.  While not surprising that another attack was launched, what was surprising is that NotPetya exploited the same vulnerability as WannaCry just a few weeks earlier.  It was successful because … [Read more...]

Cybersecurity is Not Just a Technical Problem

Dateline: June 23, 2017 Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend. Getting our hands around cybersecurity is a top priority for many executives.  CIOs and CISOs understand cybersecurity is more than a technical problem to solve.  Other C-suite executives are quickly coming up to speed, understanding that being cyber-resiliant is the … [Read more...]