Categories ArchivesUncategorized

The Breach Research We Need standard

I’m not afraid to point out misleading or questionable research findings funded by marketing groups strictly to gain headlines. Studies like the cost per record or cost per breach white papers come to mind here that give us excellent, attention grabbing headlines supported by a house of cards (specifically the cost per record studies). The information presented is unusable for risk management purposes, and is a quick way to get laughed out of a room if you quote these studies. What risk managers need is something that is comparable to their companies when trying to think about costs. Simply taking an average cost per record or an average cost per breach is not concrete enough to make risk management decisions. ...

Continue Reading

Pushing Vendors to Abandon SMS standard

SMS-based authentication continues to be a great way to placate a user into thinking they are safe while creating an avenue for attackers to gain access to their accounts. Fabio Assolini and Andre Tenreiro from Kaspersky published some research that puts numbers in fraud losses to these threats. SIM Swaps cost criminals $10-15/SIM with gains from fraud being over $1,000. That’s a good return on investment. It’s why I’ve become a huge fan of U2F and other non-SMS authenticators (see my guide here). Companies like Yubico have made real multi-factor authentication doable for the masses with zero client-side infrastructure. Major companies like Google and Facebook are leading the charge to remove SMS-based authentication and account recovery options by allowing users ...

Continue Reading

Dear Santa, 2015 standard

Lots of time for reflection and requests during this time of year. For those that recognize the elf-herder named Santa, what do you wish for this year? Did you have any infosec wishes? I have one, and the awesome folks at SecureWorld Expo included me in their series for 2015. Go check out my Santa wish for 2015! Need some levity in your office? Check out this call back to a great Steve Martin skit where he discusses his Christmas wishes (transcript). Possibly Related Posts: The Breach Research We Need Pushing Vendors to Abandon SMS The Impacts of Breaches: New Research!

Continue Reading

The Impacts of Breaches: New Research! standard

Part of the reason why I went through the enlightening process of my third run through academia as a learner was to be able to contribute research back to the field. I’m happy to announce that my first paper is now public for download. Available for download through the Merchant Acquirers’ Committee is this piece that examines the economic impacts of breaches entitled, The Impacts of Breaches: A Survey of MAC Members on the Realities of Data Breaches. In it, I reveal research that helps to explain some of the economic realities of breaches. Here’s a preview, it’s not as bad as you probably think! I’ve also built an academic manuscript for this paper which goes into much more detail ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!