The Safari of Cybersecurity

Sitting on a shady porch overlooking the river and savanna of Samburo in Northern Kenya. To the left, several elephants lounge in the water. To the right, baboons gather along the riverbank and the safety of the trees beyond. In the middle, just across the river from the shady porch, a leopard stretches lazily to shake off a midday nap and surveys the evening’s offerings at what might be considered his food court. Dissatisfied with the current menu, the leopard retires to the shade of the saltbush and acacia tree to give the chefs at the circle of life cafe a chance to prepare a fresh offering.

(more…)

Cousin Eddie And Hurricane Names

Clark Griswald’s cousin meant well, but every time he pulled the RV into the driveway, chaos ensued. All Clark seemed to get out of the visits was a pair of white patent leather loafers. Ain’t family grand, especially when you’re on vacation.

(more…)

Justice

Politico and others report that the Department of Justice has indicted a Chinese national accused of selling malware to hack a number of American and European companies. The general sense is that Yu Pingan and friends conspired to create the Sakula malware used effectively in the OPM breach and others. (more…)

The Semantics Of Passwords

One of the hallmarks of successful cybersecurity is an organization’s ability to protect its assets while making them fully available to staff. The right people accessing the right data and moving the human ball forward. That’s the stuff dreams are made of. A key ingredient to that stuff is a mechanism that encourages and requires robust passwords at the consumer level. Not the general consumer, of course, but the staff who consumes your data in order to help your business thrive.

(more…)

Beyond The Political

Politics is one of those topics best avoided among polite company, and this post in no way espouses particular views or partisan sentiments. It is difficult to talk about federal efforts to enhance cybersecurity without drawing attention to national politics, but that is what we hope to do. (more…)

Harvey The Unimaginable

Back in the day, there was an offbeat Broadway show about an imaginary rabbit that occupied the house and lives of good people. It just sort of seeped in, like a rising tide, from the basement. That rabbit’s name was Harvey, and he was seen only by those who really wanted or needed to see him. (more…)

Riding Along On Easy Street

Your organization is a well-oiled machine. It’s nimble, responsive, and ready to follow in any direction you lead. Or lean. In many ways, it’s like a Segway. You don’t want to get too far ahead of it, and if you stay behind it, the machine will simply stand still. You have to confidently lean in the direction you want it to go, and you have to trust it to respond accordingly. When you reach that level of synergy, you and your Segway — your organization — become one.

(more…)

The Swede Smell Of Cyber

Checking into the hotel in Stockholm, visiting Scandinavia with the family, I couldn’t help notice the local papers. On the cover, above the fold, was the face of a man frustrated with a recent turn of events. Even though I couldn’t read the words — I don’t know Swedish — I could tell the man was a politician. It was that kind of picture. Given the current state of American politics, it was almost refreshing to see another country swimming in scandal. Imagine my surprise, though, when I discovered the punchline. There were no prostitutes or drunken junkets. There was only cyber. But it was just as messy.

(more…)

Cat Stevens: Cybersecurity Hero

Though he now performs under a different name, Cat Stevens once had his finger on the hippy, singer-songwriter pulse in America. Naturally, this made him something of a cyber savant as well. Naturally. It was his early encouragement of software and firmware updates and the direct correlation between those and network security. And he worked all of this early magic into his lyrics. Specifically one line, which suggested that, “The patches make the goodbyes harder still.” Many assumed he was only referring to the blue jeans of our passing youth, faded blue into the sky. But give that joint a rest and read between the lines.

(more…)

You Have The Power, Mostly

Just when you thought it was safe to go back in the water, Russian hacking resurfaces in waters beyond the political. Sure, it was devastating when we realized that Russia had wormed its way into our electoral and democratic process, but that was apparently just the beginning of the story. (more…)

The Future of Cyber- Part Two

During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has some interesting perspectives on the nature of cyber threats going forward. The concept of deterrence, for example is complicated, at least on a national or global scale. “Deterrence requires attribution supported by evidence, further supported by classified information and practices,” Zheng suggests, and governments know that for every action there is a reaction, often deploying the same technology. So global resolution of cyber threat potential seems problematic.

(more…)

The Future of Cyber- Part One

During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has also worked as a senate staffer on the Homeland Security Committee, in the Computer Associates software engineering process, and, most recently, on cyber moonshots at DARPA. So her perspective on cyber reflects and informs those of consumers, governments, and leading edge developers. (more…)

Marsha Marsha Marsha!

You would think it would’ve been Jan Brady who wreaked havoc on the world this summer, trying anything to get the attention that always goes to Marsha. But, alas, it was Cindy, a tropical storm that stormed off the gulf coast like a teenager scorned, leaving a trail of devastation that even Gladys couldn’t fix. Homes were destroyed, businesses damaged, and lives lost, reminding us of the serious punch that Mother Nature can pack when she wants to. If you’re reading this, you’re among the lucky.

(more…)

The Smaller They Are, The Harder They Fall

While the media streams constantly with news of big-name breaches that threaten the global economy to the core, an even more significant story grows on the outer banks of public awareness. Sure, the big banks and retailers have lots of data to steal, but they also have the resources to protect their networks. The same is not always true of smaller enterprises. Perhaps in recognition of this, ransomware attacks on small businesses are increasing in greater numbers than their Goliath counterparts, according to Small Business Trends.

(more…)

No Such Thing As A Free Lunch

As remarkable as adware can be, both from the marketing side and the consumer side, the fact that banner ads and other promotions stem directly from your search habits is really the least of your worries. Imagine if the ads began to deploy code that controlled your computer, changed your default browser, and tracked your search habits for a Chinese marketing firm? (more…)

It’s A Family Affair

If you grew up in a large family, you know the sensation. Lots of aunts and uncles and thousands of cousins you saw on a limited basis, like every other year or so at a family reunion somewhere. Some of those kids were really weird, and they seem to come by it pretty naturally, since Uncle Fred and Aunt Eunice popped out of the RV with a gin and tonic in one hand and a fistful of political conspiracy theories in the other. Who knew Tolstoy was the second gun on the grassy knoll?

(more…)

Hacking Up Your Tex-Mex

Some breaches are just tough to stomach, and earlier this year that was especially true at Chipotle Mexican Grill stores across the country. Drawing details from a recent story on The Verge, every state in the Chipotle Nation, it seems, was affected by a credit card POS breach that garnered the hackers sensitive account information. No word yet on whether they wanted black beans or pinto beans with that data.

(more…)

Camp Songs For IT Professionals

It’s summertime, and the livin’ is easy. Fish are jumpin’, and the cotton is high. If you’re lucky, the old memories from summer camp return to the fore, as nostalgia delivers you from the daily stress of network security and constant threats.

(more…)

The Business Side Of Cyberthreats

The Wall Street Journal is not a publication prone to hyperbole, so a recent headline in the May 18th Business & Finance section screamed for attention. “Cyberthreats Breed Deep Unease” was the title of the article. The media would have us believe that all the really bad things seem to happen to multinationals or political parties. Nothing could be farther from the truth.

(more…)

When Cybersecurity Is Mainstream

Let’s face it. Most IT Departments feel undervalued or ignored. Like lawyers, you try to avoid them at cocktail parties until you need one. At least that’s the way it was in the old days, like back in 2015 or so. With the ever-advancing wave of cyberthreats and our reluctance to reduce the epic size of our digital footprints, cybersecurity is entering the mainstream in new and surprising ways. Consider a long but thorough examination of the current state of cybersecurity in, of all places, The New Yorker. Known more for it’s insights into western philosophy and the Upper Easy Side, even The New Yorker has recognized the growing ubiquitousness of cyberthreats. Have you?

(more…)

Hacking Ain’t What it Used to Be

Do you remember 1986? The first class was inducted into the Rock and Roll Hall of Fame, the Challenger Space Shuttle disaster rocked our world, and Top Gun was the highest grossing film of the year. That year also brought us the Computer Fraud and Abuse Act (CFAA), a law that many have suggested hasn’t kept up with the rapid pace of technological innovation. After all, ARPANET was in its infancy in 1983, and the World Wide Web wouldn’t become a consumer reality until around 1990. Protecting isolated computers is a wildly different thing from keeping networked devices secure in the IOT world. (more…)

The Imperfect Storm

There’s a storm brewing, potential chaos lurking in the wings. And I’m not talking about politics. Though, if we’re being honest, there’s a storm brewing there, too. We can argue cause and effect, but the world is changing in palpable ways, probably more rapidly than we imagine. (more…)

When The Chips Are Down

Ever had that feeling that someone is watching you, like the door is ajar and folks just passing by the office can see everything on your desk? Have you felt that way for the last seven years? If so, you’re not alone, especially if your computers use Intel chips with vPro technology. According to a recent Ars Technica report, Intel has only recently provided a patch to a backdoor in your network that has been open since the year Facebook was launched. Think about that.

(more…)

Arraigned On The Planes Of Spain

Back when Julie Andrews was in her theatrical prime, there was more than just The Sound of Music in the hills. In My Fair Lady, she repeated “the rains in Spain stay mainly on the plains” in an effort to lose her cockney accent. One could argue that Eliza Doolittle was trying to escape her past and enjoy the liberty associated with a new identity, a new language, a new sense of freedom. The same might be said of Peter Yuryevich Levashov, a Russian hacker whose fingerprints are said to be found on such exploits as the Russian intrusion into our 2016 elections. (more…)

Introverted Social Media

Even if we could isolate the recent activity of Russian hackers, imagine a mainstream marketplace for nefarious services provided by invisible people paid in Bitcoin.The information you seek is mined from the personal profiles and accounts of your target audience, whether that audience is a cheating spouse or a rebellious teenager with a hidden social media presence. It’s a complete violation of privacy, and we feed our own vulnerability with every trace of our digital footprint. (more…)

Is That Toaster Listening To Us?

In the interest of your organization’s OPSEC, step away from the microwave before you answer this question. There is no telling who might be listening right now. And if you’ve ever had Russian dressing on your salad, be sure you state that explicitly. Denial is not just a river in Egypt. Here’s the question: How confident are you that your cybersecurity practices are up to speed? (more…)

Who’s Baking Your Cookies?

So you say you’re not a Yahoo user, that the news of their latest breach is no concern of yours. That sound about right? Well, you may be right, but consider also that the exploit used in the latest breach (early February) has far-reaching implications for anyone who takes even the first step onto the Internet. (more…)

Who’s Watching The Watchers?

It’s been a strange month or two in the world, and that’s not simply a political statement. There is a very real sense that somebody’s watching, all of us, all the time, and that we should take that for granted. Increasingly, it seems, that voyeurism extends beyond our digital footprint and into our everyday physical spaces. While novelists and science fiction authors have been seizing on the approach of these days for decades, the Luddites are always the last to know. But, you might ask, who is watching the watchers? Apparently, that would be Wikileaks. (more…)

Executive Orders

great sealLots of talk about Executive Orders these days. They’ve been issued in such a flurry that it can be difficult to keep track of what’s being ordered and who’s being affected. On the drafting table, according to CyberScoop, is an EO that initiates President Trump’s efforts on cybersecurity. It doesn’t seem to have the aggressive edge that the others have had, if protests are to be used as a gauge. Nobody seems to be protesting the cybersecurity orders so far, and even former Obama administration officials have indicated that they agree with the order. Still, what does all this mean to folks in the trenches? (more…)

And In Other News

circusWhile the world has been watching the American political circus over the past several years, a recurring question put forth by all parties has been, “Can this or that person be trusted with the nuclear codes?” This is an important question, no doubt, but one that overshadows an even more significant question. Granted, the President is the single gatekeeper to the national arsenal, but enemies foreign and domestic seem to be making their own keys to nuclear infrastructure these days. (more…)

A Heartbeat Away

bitcoinAs an IT Professional and key voice in managing the ever-growing risks to your organization’s data, you probably have a number. Everybody’s got a number. The number represents the amount of money you would pay to simply make a problem go away. It’s a combination of risk/reward calculus and cost of doing business. How does that math change, though, when hackers hold your data for ransom? (more…)

That Time Again Already?

santaIt’s the beginning of the holiday season. The radio stations switched to Christmas carols around Halloween, Santa is ringing a bell over a red bucket on every street corner, and we haven’t even carved the first of the annual pair of turkeys, much less cleared the freezer of last year’s fruitcakes from Aunt Eunice. Our only consolation, apparently, is the conspicuous consumption masking itself as Black Friday.
(more…)

Acting on CyberTerrorism

ransomAs an IT professional, you are the leading edge of your organization’s defense against all things cyber. You’ve got John Wayne’s swagger, Liam Neeson’s focus, Harrison Ford’s nimbility, Harvey Keitel’s calm sense of urgency, and Samuel L. Jackson’s patent inability to suffer fools. Say what again. I dare you. I double dare you.

 

 

(more…)

Penetrating Proximity

chaseYou’re an IT professional, so you know the man behind the curtain. In some cases you are the man behind the curtain. But I bet you still tense up if somebody’s standing a little too close when you’re at the ATM. You still get curious when others get curious about your personal information, like your address or phone number or date of birth. And if they ask for your SSN, the hair on the back of your neck stands up. All natural responses for someone at the leading edge of cyber defense.

(more…)

Very Personal Assistant

coffee
 Ever wonder what your team is doing when they are just out of earshot? Ever wonder what they’re talking about when the earbuds are deployed and their attention is elsewhere? Sure you have. It’s human nature. But hackers can now use inhuman technology to address those curiosities, leaving you to reconcile the creepy insecurity.

(more…)

Planning for DEFCON Twelve

Inevitably Incidental

redphoneIn response to the ever-increasing number of high-profile cybersecurity breaches, The White House has formed the Cyber Threat Intelligence Integration Center to coordinate cyber threat data and assessments. Regardless of your position on government intervention, the move reflects a heightened national awareness of the pervasive nature of cyberthreats in our world.  (more…)

The First Time It Crosses Your Mind

 

hackerSomeone asked a reputed “Captain of Industry” when it was appropriate to fire somebody. His response was simple. “The first time is crosses your mind,” he said. If you supervise people, lead a team, herd vendors, or manage customer relationships, you’ve probably asked yourself the same question, and maybe you came up with a better answer. It is more likely that you made an effort to avoid conflict and hoped for the best. Human nature. (more…)

Ghost in the Machine

machineYou’re probably recalling where you were the first time you heard Sting and The Police, or what the funky red graphics were on the cover of that album. That’s what most folks recall. We are, after all, Spirits in the Material World. The expression was actually coined by Gilbert Ryle in his 1949 book The Concept of Mind, an examination of Rene Descartes’ dualistic separation of mind and body. At the core of this philosophical marvel is the notion that the mind and body work independently of one another, and their connection is speculative at best. This concept takes on new relevance in the digital world.

(more…)

A Swing and a Miss!

baseballJune is usually a big month for baseball, but sometimes the biggest news is found beyond the box scores. This year the boys of summer, or at least their front office representatives, took a swing at a slider and hit a really foul ball, making the statistics-obsessed management of America’s game seem like child’s play.

Allegedly, the St. Louis Cardinals hacked the Houston Astros, breaching interior databases that housed trade speculations, scouting reports, and other sensitive, proprietary information about the team. The breach is still under investigation, so the reasons behind the attack remain as elusive as a knuckle ball. It seems likely, though, that the Cardinals were mining Astro data in hopes of building a better team. Or maybe a senseless jab by disgruntled former colleagues.

(more…)

Follow the Money

moneyLooking for a good business model with a market poised to explode in the next five years? No, it’s not the latest social media platform or even a cryptocurrency. It’s cybercrime, and your business is rapidly becoming their business. (more…)

Hacking the IRS History

April 15th lurks in the shadows of every year, as inescapable as the Grim Reaper and only slightly less popular. The IRS has conflict in its DNA, as our nation’s first revenue commission was established in 1862 to pay for the Civil War. Repealed ten years later and even ruled unconstitutional by the Supreme Court in 1895, the IRS began collecting income taxes in 1913, after the 16th Amendment was ratified, and the steady gathering of data began.

(more…)

Nude Photos of Cybersecurity Hacked

Cybersecurity is a beautiful thing…

…but is it as beautiful as Jennifer Lawrence or Kate Upton? As always, beauty is in the eye of the beholder, but in recent days, beauty has also been in the hands of the hacker. While you may or may not have nude photos of yourself stored safely in the lofty and presumably secure ether in the sky, unauthorized access of your fully clothed data could leave you just as exposed and vulnerable as Hollywood’s publicists suggest their clients are.

(more…)

What’s my weight got to do with Cyber Security?

Our company graciously provides first-class health coverage to team members and their families.  One aspect of our health plan is the opportunity for each member to have an annual check up.  As I have gotten older (and wiser, I hope), I have taken advantage of this perk in hopes of getting an early jump on something that could impact my physical health, ability to work, and ability to provide for my family, etc. Common sense, right?  But what the heck does this have to do with cyber security? (more…)

Technology Industry InnovatorsVeteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor