Categories ArchivesSOS

What Does Your Perfect Setup Look Like? standard

The uses and appearances of information technology has changed dramatically over the last ten years. And the ten years prior to that, and the ten prior to that. It’s amazing to think that the devices most of us carry around in our pockets are more powerful than some desktops twenty years ago, and more powerful than rooms filled floor to ceiling with computer hardware forty years ago. The use cases have changed as well—so much so that we have monetized IT to the point where we cannot conduct business without it. Protecting our IT systems isn’t just a “nice to have” anymore, it’s required to protect the investments entrusted to us. Ten years ago phones were phones, and you had ...

Continue Reading

Collateral Damage is One Click Away standard

Social engineering is now recognized as one of the top threats to enterprise security. I think we all have had side conversations with security leaders inside companies validating this concept for years, but not until recently have we seen it pass other threats in such a public forum. Those same security leaders have struggled with mitigating the threat because they instinctively jump to a Draconian view of information security policy enforcement as the only solution. It certainly would be effective in some ways, but morale would plummet and the creative technophiles would find ways to free themselves from such Athenian legislation. The irony is that many of these controls are not only designed to protect our information assets, but also ...

Continue Reading

Man Up MDs! standard

Doctors have been the butt of jokes for years. But this post is no joke. Over the last five years I’ve been exposed to the back-of-house operations in healthcare in ways that helps put the front-of-house issues I observed into perspective. But one thing has always driven me batty, and I’ve never been able to figure out why. I’ve met some extremely talented doctors in my time that absolutely shocked me with their sheer intellect and problem solving abilities. But when it comes to protecting the information of the patients they serve, they just cannot be bothered. Even when they attempt to be bothered, many of them miss the point. MDs must understand that malpractice lawsuits aren’t the only thing ...

Continue Reading

Exploiting Human Trust and Complacency standard

I was speaking with an industry insider a few weeks ago and he started asking questions about supply-chain security. We kicked off a rather awkward discussion whereby I dipped into my SCM educational background and he tried to convey his actual meaning which was much closer to informational supply chains, or better yet, the flow of trusted information. This lead to a great hour of discussion about an attack vector that I call, Exploiting Human Trust and Complacency. I’ve blogged about social engineering and the new perimeter (Sally in Accounting) in the past, and this expands upon that very notion. How do attackers take advantage of this attack surface, and how are they so successful? Before we delve into that, ...

Continue Reading

Where is your Chaos Monkey? standard

Netflix has been in the news quite a bit lately. Regardless of the side you pick on this first world problem, there is something really neat that they do that I wanted to share with a larger audience. If you read Harvard Business Review, you already know what I am talking about. Andrew McAfee published an article entitled “What Every CEO Need to Know About the Cloud.” In this basic primer for business folks, McAfee describes something that Netflix created called the Chaos Monkey, a process largely credited for preparing the company to weather the Amazon ECC outage with minimal issues of their own while others, like Foursquare, experienced problems for days. McAfee talks about this in the section of ...

Continue Reading

Transformational Security standard

It seems like the industry always says things like, “the traditional way of securing things simply doesn’t work anymore.” I’ve been doing security for many years now, and we’re always behind. Even today in a landscape of targeted, advanced threats, we are too far behind the bad guys and are struggling to catch up. Those of you that have been reading my blog lately may have noticed that I finally made good on my promise to talk more than just PCI DSS. Payment security is something that I am passionate about, but I love some of the new things I am being exposed to and that means that I get to share them with you as well. It’s part of ...

Continue Reading

To Win, you must Know Everything standard

I hate when people use the term “cyberwarefare” outside of its original context—a true war of nations trading bombs for bytes in the tubes. Sure, organizations are being attacked by nefarious groups that seem to be marching toward specific and fruitful goals, but is it really cyberwarfare? Regardless of what you want to call it, you still must act and react like someone is launching a digital missile campaign against your information. You can either sit and wait for someone else to tell you that you have been compromised, or you can take ownership of the problem and start up-leveling your intelligence gathering and analysis. It’s the Big Data problem of security. Your enemy is doing this, so why aren’t ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!