Malware Reaches Disapproval Rating of U.S. Congress

It has been reported that nearly 74,000 new viruses or strains were created every day of 2013. Every day. Granted, most of these are readily eliminated or mitigated by antivirus software and proper digital hygiene, but the fact remains that every day new threats emerge, with lessons learned from the previous day’s failures, ready to knock on your door once again. And these are bad actors that manipulate the infrastructure, seem to work only in their personal best interest, and very often show no signs of any redeeming value. Like Congress.

(more…)

ICS protects CIA

Okay, so it’s probably not the CIA you’re thinking of. This CIA is potentially even more vital to the success of your business or organization than the one with the secret agents and covert operations. CIA is an acronym used in the cyber community to characterize security,* and it serves as a good starting point in exploring the important role ICS can play in protecting your team’s vital network infrastructure.

(more…)

Dragonfly Joins Mosquito as Seasonal Nuisance

That buzzing in your ear punctuated by the tiny sting on the back of your neck serves as a reminder that summer is upon us. We break out the bug spray and even send pesticide-laden trucks into the evening streets to protect us against the onslaught of mosquitoes. Turns out they’re not the only pests on the horizon.

(more…)

Restricting the Social Media Diet

If we use social media in the hiring process, does employee presence in that space increase organization vulnerability?

 

Increasingly, recruiters and employers are using social media to screen candidates. On the bright side, candidates can and are rewarded for the creativity and writing skills they display. The dark side is the overwhelming tendency to dismiss candidates whose expressed views or social habits differ from the employer’s. Like it or not, this seems to be the new normal.

(more…)

Yankee Doodle Data

As we celebrate our national spirit now 238 years in the making, let’s look nostalgically at the business of yesterday, before markets were global, when deals were sealed with handshakes, and algorithms were just complicated math problems. These were the halcyon days of punchcard data and paper files, Leviathan computers and two-martini lunches.

It was a time of innocence. Like Mad Men with pocket protectors.

Threats were visible, precautions quantifiable. Budget decisions were easier. (more…)

eBay Data Yardsale

Data Yard Sale

eBay recently revealed that in February or March of this year their site was breached and personal information from 145 million of their users was exposed. While frantically changing passwords and circling the security wagons, I sought a cultural correlation from my college Western Civ textbook. You too? Now that’s a coincidence. Here’s what I came up with. (more…)

A Rising Tide

In the world of college football, we have learned never to underestimate the power of a rolling tide. On the political playing field, though, we’re not sure what to make of a rising tide. It has been described as both global warming and climate change, but the inconvenient truth remains that our world is experiencing some rather dramatic short- and long-term changes. Your organization needs to prepare for both. (more…)

Tom Cruise: IT Specialist – The Sequel

Meanwhile, Back at the Ranch:

Before the break, our hero and ICS front man was engaged in some of the vital mechanisms of IT security. He was assessing risk, providing forensic services, modernizing legacy applications, slaying dragons, and rescuing damsels in distress. All in a day’s work for an ICS Specialist. Let’s pick up the action with danger hanging in the balance. (more…)

Tom Cruise: IT Specialist

IT Security looms large on the world stage. Cyber attacks on commercial and governmental concerns make almost daily appearances in the media. The importance of securing networks and data cannot be overstated, but cyber security suffers a paralyzing lack of star power, a desperate dearth of the glitz and glamour that might elevate our status. Here at ICS, we’ve decided to hitch our wagon to a star.

Enter Tom Cruise as our unsolicited, uncompensated, uninvolved, involuntary, and imaginary spokesperson. His movie roles have been diverse, action-packed, and compelling, and these characters are the faces of our portfolio of services. Dim the house lights and roll the film. (more…)

Social Engineering – A Penetrating Politeness

Imagine the scene. You’re walking from the car to the side entrance of the third hotel this week, last stop on a sales junket that has raised more cholesterol than warm leads. You switch suitcase hands and struggle to fish the key card out of your pocket. You slide the card and hear the click, then you hear from behind you a request to hold the door. You look back to see a fellow traveler wrestling a large duffle up the walk. You hold the door to save him the trouble of fishing out his key. He offers an appreciative smile and thanks and returns the favor by holding the elevator door for you. You get off on the second floor and he rides to the third where, later that night, he pulls assorted weapons from the heavy duffle bag and kills eleven people before taking his own life. They find the duffle in the third-floor vending room because the killer was not a registered guest. You learn this when the investigator asks why you held the door for him. You were just trying to be polite.

(more…)

Passwords and Protection

It’s 2014. Do You Know Where Your Data Is?

You have racks of servers and migrate data religiously to the cloud and off-site storage. Your IT staff builds a firewall and posts a guard. Your commitment to network security is unparalleled in the industry. That’s the good news. The bad news? Security is always about the weakest link.

Studies suggest that even in the dark ages before tablets and smart phones, more than 60% of your core data was housed on or readily accessible through the personal computers and laptops of your employees, machines that exist in the world beyond your walls, in coffee shops and carpool, hotel lobbies and airport lounges. Imagine how that number has expanded now that we all have exponentially more computing power in the palm of our hands. Your data is everywhere. Are you using protection?

(more…)

The Data Apocalypse

Imagine an older Marlon Brando lounging languidly atop your server racks, slicing an apple and waxing poetically about the tyranny of data, while your IT manager, buried up to his chin in untested security procedures and antiquated protocols, an RJ-45 crimper clinched in his teeth, struggles to eliminate the threat of man’s heart of darkness. You can almost hear the whispered prognosis: The Horror, The Horror.

(more…)

A Bitcoin for Your Thoughts

Collateral Influence

In an age when it costs more to mint a penny than the penny is actually worth, Satoshi gave us money that moves freely through the ether and will never languish in the folds beneath sofa cushions. Encrypted currency for the digital world. Hermetically sealed and seemingly inviolable in the wonder of cryptography, Bitcoin rose quickly from absolute obscurity to media fame and very real fortune, peaking at over $1,200 a coin late last year. Though currently hovering at a third of that value, and struggling to reconcile its status as currency or commodity, the real worth of Bitcoin has yet to be felt. Success or failure, Bitcoin has ushered in a revolution. We will never look at currency in exactly the same way. This is a story of collateral influence.

(more…)

Lynyrd Skynyrd and Malaysian Air

The human tragedy of a plane crash acknowledged but set aside for the moment, consider the contrasting types of loss generated by similar events. For a business or an organization assessing its risk threshold, the real issue is operational recovery and stability.

Statistical Inevitability and Unanswered Questions

Ronnie Van Zant, the front man of Lynyrd Skynyrd and crooner of such favorites as Free Bird and Sweet Home Alabama, died at 29 in a plane crash. The loss devastated the music world, but the surviving band members fought back and reached some level of closure, in part because the crash was the result of a clear line of cause and effect requiring little to no technology to understand. Engine fails, plane falls, tree wins.

(more…)

Breach is a Heartbeat Away

heartbleedOpenSSL, the vehicle through which the Secure Sockets Layer protocol protects most websites that encrypt data, has reminded us again of both the vulnerability and security of open source development. The Heartbleed bug, an accidental code addition about two years ago, exploits the heartbeat option within OpenSSL, a mechanism that allows fluid connectivity between user and server via small, hidden signals or pings. Hackers breach the system by sending false signals that fool a website’s server into releasing sensitive information. Hence the vulnerability.

Heartbleed, though, also demonstrates the security of open source development. While its revelation created initial fear and chaos, the Heartbleed bug was fixed within about four days, largely because lots of eyes were on the prize, each pair of which had a vested interest in the elimination of the Heartbleed threat. Imagine if the SSL vehicle had been proprietary, owned by a quiet company with no taste for conflict or liability. Now that’s a hot mess. (more…)

What’s my weight got to do with Cyber Security?

Our company graciously provides first-class health coverage to team members and their families.  One aspect of our health plan is the opportunity for each member to have an annual check up.  As I have gotten older (and wiser, I hope), I have taken advantage of this perk in hopes of getting an early jump on something that could impact my physical health, ability to work, and ability to provide for my family, etc. Common sense, right?  But what the heck does this have to do with cyber security? (more…)

I’m probably already in your network, and you don’t even know it

networkaccessCan I get in your network? You betcha I can. As a matter of fact, there’s a good chance I’m already there. Now, here’s the really fun part: you let me in. (more…)

5 Easy Steps to Creating Complex Passwords that are Easy to Remember but Hard to Hack

complex-passwordsRecently, Splash Data released a list of the 25 worst passwords for 2013. It contained all the usual suspects for “so easy to hack as to be utterly useless.”  If your password is on this list, please keep reading:  http://splashdata.com/press/worstpasswords2013.htm (more…)

How a $5 cup of coffee could cost your company $10,000+ dollars

coffeeWe’ve all been there. Racing between appointments, suddenly realizing that you forgot to send one of your best clients an important document that needs to arrive within 10 minutes.  Being the super resourceful all-star executive (although sometimes forgetful), you stop off at your local coffee shop, order your mocha latte and quickly connect your laptop to the free Wi-Fi. You draft your email, attach your important document, and press send with one minute to spare. The day is saved!

Upon returning to the office, you see your IT security staff running around with their hair on fire yelling something about an intruder who breached the network and stole a 10,000-record database of sensitive customer information and how it can cost the company up to $3 per record to mitigate and protect your valuable customers. (more…)

Risk Assessment: What is it and why does my organization need it?

why-risk-assessment Consider a Risk Assessment like checking the doors and windows on your network. With all of the confidential corporate and customer information in your database, you would never consider leaving those doors and windows open. But beyond the entryways that are easy to see, are there other access points that are not so obvious? Is your network at risk of experiencing a devastating breach? (more…)

Penetration Testing Demystified

Penetration-Testing-DemystifiedIf you’ve been considering the various technical security assessments available to your organization, then chances are good you’ve heard of a Penetration Test, but do you know whether you need an internal or an external penetration test? How often should these tests be scheduled? What can you expect the test to find? (more…)

Qualifying a Business Contiunity Planning Firm

choosing-a-bcp-firmWhen searching for the right Business Continuity Planning (BCP) firm, there are several important factors that should be taken into consideration–not the least of which are location, experience, and support structure. It is important to know that the expectations of your organization will be met, if not exceeded, and that the firm will educate you in the Business Continuity planning process. (more…)

Choosing the Right Security Assessment

choosing-a-technical-security-assessmentNavigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available services and defining your organization’s needs at the beginning can help you get started on the right foot, which will ultimately save both time and money. (more…)

Page 4 of 41234
Veteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor