November 12th, 2013
On November 13-14, the North American Electric Reliability Corporation (NERC) will host a Grid Security Exercise, called GridExII, with Electricity Sub-sector entities across the U.S., Canada and Mexico. The goal is to simulate both a cyber-incident and physical attack for the purposes of testing organizational readiness and response. Some pretty good movies have been made [...]
July 22nd, 2013
When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been [...]
May 6th, 2013
We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp [...]
The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside
February 1st, 2013
In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective, especially [...]
December 5th, 2012
Welcome to the November edition of the state of cyber security awards. We’ve got a few well-done’s to hand out as well as a lesson learned. As is always the case here, cyber security is an on-the-job learning process for most. Download the podcast. Government Action Impacting Our Industry News reports indicate President Obama is [...]
June 27th, 2012
Thanks to my colleagues, Paul Henry and Paul Zimski for a great discussion on weaponized malware yesterday. While the threats that dominate our headlines … Stuxnet (2009), DuQu (2010) and Flame (2011) seem like story lines that spy movies are made of, they are in fact something enterprise should be concerned about. The weaponization of [...]
June 21st, 2012
Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history [...]
August 1st, 2011
The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion. The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security, [...]
U.S. Cybersecurity Proposal – A Plan about Plans: We Need More Action and Talent If We’re Serious about Securing Our Nation’s Data
May 18th, 2011
My mother use to always say, actions speak louder than words and in reading the recent cybersecurity proposed plan, I can’t help but think of that age-old phrase. To date, there has been very little meaning behind our nation’s efforts to secure the American people, industry and critical infrastructure from cyber criminals. In fact, according [...]
April 27th, 2011
The original attack against Sony was a massive Distributed Denial of Service Attack that quickly changed vectors and became a penetration of their environment.
May 3rd, 2010
Steve Antone, Vice President of Federal Solutions Group provides insights into the Federal Cyber Security Outlook for 2010 survey.
April 6th, 2010
In this video interview, Matt Mosher, SVP of the Americas, Lumension, takes an in-depth look at how organizations can make compliance a continuous process by correlating compliance with security posture.
April 5th, 2010
We’ve reported on the need for a non-toxic public sector/private sector bridge to help counter cybersecurity threats, and it’s encouraging to see signs we’re finally moving away from all the chatter to actually put a structure in place. The government needs to work with business to come up with effective strategies to keep information safe, [...]
March 25th, 2010
As both a guest speaker and attendee at the Security Innovation Network’s fourth annual IT Security Entrepreneur’s Forum, I found the conference provided a great deal of insight on important cybersecurity issues. Two panels I found particularly relevant were: “An Industry and Government Perspective on the Emerging Cyber Threats, Risks and Vulnerabilities” and “Moving Forward [...]
March 22nd, 2010
Ryan Naraine, Editor-in-Chief of Threat Post describes his view of the cybersecurity landscape, and immediate actions the cybersecurity czar should consider in regards to public-private partnerships to bridge the gaps and strengthen security.