Search Results

Results 21-40 of 169 for Ed Moyle
ANALYSIS

When Is the Time to Hire a Cyber Specialist?

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. ...

Cybersecurity Economics: The Missing Ingredient

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation. ...

ANALYSIS

Protecting Against ‘Natural’ Cybersecurity Erosion

Every child who's ever played a board game understands that the act of rolling dice yields an unpredictable result. In fact, that's why children's board games use dice in the first place: to ensure a random outcome that is (from a macro point of view, at least) about the same likelihood each time the die is thrown. ...

ANALYSIS

What Can Chrome 68 Teach Us About Election Security?

If you're a technologist, you've probably noticed (or have been asked about) a few new things associated with Chrome 68's release last month. One of the more notable changes is that it now uses a "not secure" indicator for any site not using HTTPS. So instead of providing a notification when a site is HTTPS, it now provides the user with a warning when it isn't. ...

ANALYSIS

Security Economics: The Key to Resilience

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation. ...

ANALYSIS

Realistic ‘Zero Trust’ for Your Cybersecurity Program

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. ...

ANALYSIS

Closing the Enterprise Security Skills Gap

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations -- and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to the operational controls they put in place, and potentially numerous other things about their security programs. ...

ANALYSIS

Fileless Malware: Why You Should Care

It's a truism that just like organizations adapt, so too do criminals. For example, anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient...

OPINION

Don’t Pay the Hackers

Those who follow security news may have noticed a disturbing trend. Late last year, we learned that Uber paid attackers US$100,000 to keep under wraps their stealth of the personal information of 50 million Uber riders. More recently, we learned that Hancock Health paid approximately $55,000 in bitcoin to bring hospital systems back online. ...

ANALYSIS

Full Disclosure Applies to Internal Security Too

If you've been keeping up with the news, you've probably noticed a few recent reports about companies that may have been a little less than candid about security issues. For example, we recently learned that Uber experienced a breach in 2016. As we've also learned from subsequent press reports, the company may have paid the attacker to remain silent about that breach instead of acknowledging it publicly and openly. ...

ANALYSIS

Offsetting Asymmetry With Automation

In the security world, there is a truism that defense (protecting systems) is harder than offense (breaking into systems) because it's an asymmetric playing field. The bad guys need only find one path into an environment -- one place where everything hasn't been done exactly "just so" and perfectly -- while those charged with securing that environment need to protect against intrusions everywhere they have a technology footprint. ...

ANALYSIS

‘Invisible’ Technologies: What You Can’t See Can Hurt You

There are times when it seems like technology can work almost too well. Now, if working too well sounds to you like an impossibility -- along the lines of being too rich or too good looking -- reflect that there's more to a technology than end-user experience. ...

ANALYSIS

The War Room: Experiential Security Planning

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally. ...

EXPERT ADVICE

3 WannaCry Talking Points to Win Security Buy-In

By this point, most technology practitioners -- and nearly all security practitioners -- know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing "lessons learned" about it, and otherwise laying out suggestions -- in some cases, contradictory -- about what you might do differently in the future. To the security practitioner, the level of unsolicited advice (frankly) borders on the annoying. ...

ANALYSIS

Surviving the Security ‘Skills Desert’

If you've ever spent time in a desert, it may seem inconceivable to you that creatures actually can live there. The fact that animals not only survive, but also thrive in those conditions seems counterintuitive. In fact, a number of animals do so -- in many cases, they are aided by an array of specialized adaptations that allow them to leverage the environment to their advantage. ...

ANALYSIS

Intelligence-Driven Supply Chain Resilience

It may not be apparent to all observers, but information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. ...

ANALYSIS

The Old Man and the Tsunami: A Security Story

There's a folk-story that all Japanese schoolchildren learn about a man called "Gohei Hamaguchi" (sometimes called just "grandfather") who saves his village. In brief, there's an old man who lives in a village by the sea, and one day, an earthquake hits. He's the only person in the village to realize that a tsunami will soon follow. ...

ANALYSIS

Turning ‘Shadow IT’ into ‘Better IT’

There is an ancient Chinese proverb about a farmer who loses his horse. For those who haven't heard it, the story goes like this: There's an old farmer who lives with his son close to the borderlands. One day, his horse runs away. His neighbors come to console him, but he only says, "how do you know it isn't fortunate?" ...

ANALYSIS

IoT: Why Security Pros Need to Prepare Now

Have you ever heard of the Cullinan diamond? If you haven't, it was the largest diamond ever discovered: a 3106 carat diamond found in 1905 in South Africa. What's interesting about the Cullinan diamond (at least to me) isn't so much the discovery of the stone itself but what happened afterward: specifically, the cutting of the diamond. ...

ANALYSIS

Heartbleed: SaaS’ Forbidden Experiment?

Have you ever heard the term "The Forbidden Experiment"? If you're not familiar with it, it's a concept originating in the behavioral sciences relating to challenges in understanding human language development. Specifically, the "experiment" in question refers to actually testing empirically what would happen if a child were raised without language -- i.e., if someone deliberately interfered with normal language development as a vehicle to learn how language development works and how a person might be different without it. ...

CRM Buyer Channels