Hey Alexa, How Do You Spell Sabotage?
Ever have one of those mind-melding journeys through time and space when it feels like someone is reading your mind, where your every thought manifests itself in unpredictable ways? You have if you use a smartphone, and especially if you engage social media on that smartphone. And it’s not really unpredictable. It’s commercial. (more…)
Exposure Of Digital DNA
The latest revelation about consumer-level DNA mapping — the kind advertised on television that track your origin back to exotic and unexpected continents — is the evolution of a database that exposes both the unsuspecting and the suspicious. Adopted children are reacquainted with birth parents seven decades removed and introduced to sisters that look just like them. (more…)
Light The Candles Of Cybersecurity
As we approach our national birthday, now 242 years in the making, let’s look at the trends and expectations settling out there on the horizon. Threats are up, breaches are increasing in size and scope, ransomware is hitting public and private organizations, and researchers struggle to keep pace with the clever people with bad intentions. Before we eat the cake, we ought to light the way to a more secure future.
All That Glitters Is Not Gold Lowell
The City of Atlanta was recently the victim of a ransomware attack. As reported by Wired and others, Atlanta paid over $2.7 million dollars in consulting and legal fees to settle a $52,000 ransom. The malware used was of the SamSam strain, and experts at SecureWorks, the response firm working with the City, (more…)
A Bite Of The Apple
One of Apple’s many selling points, beyond the cool factor and lifestyle connectivity, is the relative security of Apple products, partly because of architecture and partly because their market share of end users remains relatively low. More people, it seems, prefer other hardware and operating systems. The only outlier may be the iPhone, so let’s assume that to be the case — and forgo all the market data that might support it — for the sake of this discussion. (more…)
Do You Have Gas?
Let’s be honest. There are worse predicaments than having gas. One of them, perhaps, is not having gas. Another is surrendering to some bad actor the capacity to determine whether or not you have gas. The boys at the fourth grade lunch table would snicker and call it strategic flatulence, but we’re not in the fourth grade and, as it turns out, someone else may be eating our lunch. (more…)
The Subtle Irony Of Cybersecurity
You are the master of the manor, the king of the castle, and you will deploy the greatest weapons in your vast arsenal to protect your business, your people, and your customers. Back in the day, your would wrap your soldiers in chain mail and the heaviest of protective layers, and you would call it armor. In today’s world of threats and attacks, the armor isn’t always effective.
Not As Fast As You Might Think
In a recent Security Week article, Justin Fier holds forth on a topic that is at once both incredible and credible. The topic is data exfiltration, and the perspective the article casts makes it a worthy read. Most consumers and laypeople in the commercial streams of the Internet think data breaches occur with great haste, (more…)
Proven Exploits, Variable Payloads
Markets influence the choices hackers make in designing exploits and payloads. Ransomware is all the rage until cryptocurrencies rocket up the value chart. As those values recede, ransomware returns to the sexy side of the dark business. Newsweek makes the argument, in a recent story, that ransomware attacks draw more media attention. Maybe that’s because the mining of cryptocurrency is a tougher story to explain. (more…)
Fridge With A Mind Of Its Own
Well not exactly. Let’s just say the refrigerator may not always be focused on keeping your lettuce crisp.
Monetizing Uncle Larry’s Politics
Facebook, and social media in general, opened the floodgates of torrential conversation. As has been said of the technology, “The good news is, everybody has a voice. The bad news is everybody has a voice.” For many, Facebook has been slipping into a realm of political rants separated only by friend requests from high school sweethearts and pop-up ads. (more…)
The Dark Side Of Breach Victims
As a part of reconciling interests following a highly publicized breach, victim organizations often apologize with an offer to induce customers to remain or return to the fold. Retailers may reduce prices or offer subscription memberships, while banks may offer credit reporting or monitoring for a year or enhanced rates on accounts. (more…)
Stuxnet: The Gift That Keeps On Giving
Remember that time when the Iranian nuclear program was flummoxed by the speeding up or slowing down of their centrifuges? Though the actors have never been formally identified, the special sauce to that enterprise was Stuxnet, and the secret ingredient of that sauce was counterfeit cryptographic certificates from known companies that greased the skids for the malware. Ars Technica is reporting that the secret ingredients are now commonly available for all of your over-the-counter malware needs, if you know who to call. (more…)
This Is Only A Test
Imagine a scenario in which one of your employees — Madge in accounting, or Skip in sales, for instance — selects an incorrect option from a drop-down menu and opens your network and data to the world. Working with that set of menu options is part of his daily routine, but for some reason the mouse clicks on the “organizational armageddon” option instead of the “test network security” option. (more…)
Got Your Head In The Clouds?
A recent cloud security report, as you might expect, had some good news and some bad. Somewhere in the middle is the news that’s just that: news. The cases you hear the most about, like the ransomware attacks, make up only about 2% of the overall picture, while web applications represent about 75% of the vulnerability. As for cloud storage and cloud services, the report found that public clouds are more than 50% safer than private or onsite storage. A recent article by Security Intelligence summed it up nicely, and we commend that to your reading list. That’s good to know, especially if you are scaling up or outgrowing your current storage arrangement. But it’s not a perfect system. (more…)
The Most Interesting IT Guy In The World
You’ve seen him at conferences, sporting an ascot and a pocket protector and making it look good. He works the vendor pit like he owns the place, collecting cards and envy from everyone he meets, and connecting demand with supply in subtle but glamorous ways. He walks into a seminar like he was walking onto a yacht, his credentials strung unassumingly around his neck like a lift ticket from Davos. The panel surrenders a seat at the table and he holds forth on contemporaneous cyber issues. He is undoubtedly the most interesting IT guy in the world. (more…)
The Cure For What Ails You
History is rife with examples of enterprising salesmen rushing into lucrative markets to fill a void, real or perceived. Contractors and roofers who work the hurricane and tornado circuits, lawyers pitching the massive settlements they’ve secured for their clients, and even gameshow hosts selling reverse mortgages and arthritis balms. Like the Wizard in Oz, when you pull the curtain back, it’s a simple snake oil salesman with a good story. And the cybersecurity world has been a growth industry for those who overpromise but underdeliver. (more…)
And They Said Print Was Dead
You are the King of IT, the ruler of all things digital, and your organization offers you unconditional love and admiration for the many hours you put in. You monitor the network, manage passwords, fortify firewalls, educate the staff, and even help their Cousin Joey find an internship with a small security startup. You are the man and the woman. They sing your praises from the rooftop, and even wrote a song in your honor. (more…)
A Cross To Bare
Ever been on a cross-town bus? Ever sit criss-cross applesauce? Ever sing along to Christopher Cross as he went sailing? Ever cross a line in the sand, or a red line, or just a line you shouldn’t cross? Ever been to a CrossFit gym, where the patrons flip tractor tires and climb ropes to the sky for the fun of it? (more…)
Retailers And Fraud
It’s the classic plot detail from movies and television shows since the 1980s. A credit card is offered to the waitress or clerk and it is refused by the credit card company. The inverse scenario is now playing out, where credit card companies send a text or email to alert you to a suspicious transaction, asking you to respond and authorize the transaction. (more…)
Crash Test Hacking For Dummies
What if you could work really hard and reinvent the internal structure of your organization every two or three days? Okay, that seems unlikely or, at the very least, exhausting. But what if you could establish a system or protocol in your network and data infrastructure that reinvented itself in rapid and (more…)
Cyber Night At The Oscars
It’s been a big movie season, despite the ever-changing role of movie theaters, those large boxes of booming sound and melted butter. With awards season fully underway, it’s time to celebrate the cybersecurity variations of the famous movies and actors, the ones where costume directors get an award for best-placed pocket protector or best use of horn-rimmed eyeglasses in a romantic setting by an actor with an IQ above 125. You know the ones. (more…)
The Plot Thickens
If you got hacked, would it make you feel better or worse if the hacker left his fingerprints at the scene? What if you were a national political party? As it turns out, there is speculation that the hacker who breached the DNC — on behalf of Putin, he contends — left his passport and visa number buried in a file embedded in the code, so that he could later prove he did it and why.
Reservation For A Nigerian Prince
Ever gotten one of those emails that lets you know your account has been hacked? Maybe it was your email account, and all of your contacts received a quirky email from you unawares, touting the benefits of a particular enhancement drug or the prospects of a Nigerian fortune. Those are pretty common. But how about something a little less ordinary. (more…)
Today’s Data Brought To You By…
Net Neutrality has been a big topic of late, and that is unlikely to change in the near term. There are probably good arguments on all sides of the debate, but no matter where your opinion shakes out on the spectrum, your business is likely to be affected in some way. (more…)
I Ship You Not
It’s a new year, and the time is right for thinking about how you might do things differently as your organization rides the tides and the stormy seas of commerce that lay ahead. This maritime metaphor is intentional and informative, so let’s see where it goes. To “strengthen the cybersecurity of federal networks and critical infrastructure,” the Trump Administration issued Executive Order 13800. (more…)
Resolve On New Year’s Eve
If you could ring in the new year with cyber certainty, would you do it? Yeah, we would too, but the only degree of certainty that seems to creep into the cyber conversation is the certainty that everyone is vulnerable. And the number and cost of threats seems to often outpace the good guys. We still see the glass as half-full, though, and if you’re reading this, you probably do as well. As you cultivate resolutions for 2018, what can you do to improve your odds? (more…)
Santa Claus, Cyber Savant
‘Tis the night before Christmas. You’ve hung the stockings with care and set out the cookies and carrots. Your organization’s year-end results suggest that you’ve been good, but you better not cry, better not pout, and here’s why: you’re hoping for even more growth in 2018 and Santa’s coming to town. (more…)
Budgeting For A Breach
There is a heightened national awareness of the pervasive nature of cyberthreats in our world. Just as important, though, is heightened awareness at the local level, in the minds and eyes of the small business and independent government contractor. The risk for them, for you, is just as real if not as heavily funded. (more…)
Everybody’s Home, But Nobody’s Knocking
As we roll into the holiday season, with Black Friday behind us and stockings soon to be hung from the chimney with care, all eyes are on retail. Santa works hard year-round, but the elves make most of their big-money between Thanksgiving and New Year’s. Customers are hard won, and marketing dollars are stretched as far as they will go.
Even if you are not in the retail business, your organization only grows if you are able to attract and retain the customers. To keep customers, you have to earn their trust with each and every transaction, each and everyday. Once the trust is been violated, the road may no longer rise up to meet you. Just ask the friendly folks at Equifax.
In reporting their recent earnings and projecting for the next quarter, Equifax indicated that the economic impact of the recent breach may exceed $75 million. Among the more difficult tasks will be earning the trust of their customers. They also gave no indication that this will be the end of the revenue drain posed by the breach. The interim CEO described the process as a “Journey.” Have you got the right tools?
A Map And A Compass
Maybe your organization is bigger than a quick fax. Maybe it’s not. And maybe insurance would cover some of your exposure. Then again maybe not. This is just the tip of the iceberg of the questions you should be asking.
That’s the great thing about ICS. Not only do we have the right answers, we have the right questions. Why don’t you call today? See what I just did there?
No File Left Behind
When you’re hiking the Appalachian Trail, it’s important to leave no trace. LNT has become a maxim of sorts among those who engage the outdoors, but over the last several months, the implications for cybersecurity have emerged. Or not. Maybe they haven’t emerged, and that’s the problem. (more…)
Remember the presidential election of 2016? With new books out and some cable talk shows unable to let it go, chances are pretty good you do. And you probably remember the little hack at the heart of much of the controversy, so let’s focus on that, without placing blame or extrapolating any political fodder in the process. Just the facts and what they mean for your cybersecurity posture. (more…)
When the CEO is also the CIO
We’ve dedicated some recent blog real estate to the threats faced by CEOs of big companies and directors of IT departments within larger companies. These threats abound, and ICS works with companies within those spaces to protect networks and data. But sometimes the boardroom table is also the kitchen table. (more…)
From Oslo With Love
Let’s say you’re in the widget business. You studied widgets in college, made Lego widgets as a child, even named your dog Widget. If there’s anything you know a thing or two about, it’s widgets. And you’ve built a great business building widgets. Those in the know call you the Widget King. You’ve put three kids through college on widgets and even bought yourself a little widget bungalow on a coastal island somewhere. You are the man, or the woman! (more…)
Not Enough Caffeine
You finally snag the quiet corner at the coffee shop, you local retreat when you really need to get work done. Something about the ambient noise and the fact that nobody around you works with, near, or for you. Just a collection of pilgrims on the road to revenue, beneficiaries of the gig economy hopped up on espresso and pumpkin spice. Take the guy next to you, the one sporting skinny jeans over Chucky T’s and a faux flannel shirt beneath an emerging beardlet. He’s got the right glasses, an open Moleskine notebook in front of him, and just the right number of stickers on the opened lid of his MacBook Pro. Probably working on a social capital start-up, right? (more…)
Nobel Prizes And Cybersecurity
What can well-intentioned Swedes tell us about improving global cybersecurity? Quite a bit, probably, but specifically we should consider the recent award of the Nobel Prize in Economics to Richard Thaler, a professor at The University of Chicago. Thaler’s work in human behavior led to a bestseller titled “Nudge,” a book about helping people make better decisions. Among his findings was the reality that people didn’t voluntarily enroll in 401Ks until their employers made those decisions for them, essentially nudging the employees to be more proactive about the financial health. Once the companies made enrollment essentially mandatory, employees understood the benefit. (more…)
Dirty Deeds Done Dirt Cheap
There are two types of electrical power. The first is AC, or alternating current. It’s what comes out of the plug in the wall. The second is DC, which is stored and distributed by batteries. The combination of the two would be, well, shocking, and it might even generate classic hits like “Back in Black” and “Hell’s Bells.” But those are not the relevant stories about ACDC these days. (more…)
It’s called the connector. The section of highway where I-75 and I-85 join together to pass through the booming metropolis of Atlanta. It is almost always congested, and it carries a lot of information, not unlike the building that used to rise above the north end of the massive swath of concrete. That’s where the Equifax building used to be, and might still be. (more…)
Harvey The Unimaginable
Back in the day, there was an offbeat Broadway show about an imaginary rabbit that occupied the house and lives of good people. It just sort of seeped in, like a rising tide, from the basement. That rabbit’s name was Harvey, and he was seen only by those who really wanted or needed to see him. (more…)
Riding Along On Easy Street
The Swede Smell Of Cyber
Cat Stevens: Cybersecurity Hero
You Have The Power, Mostly
Just when you thought it was safe to go back in the water, Russian hacking resurfaces in waters beyond the political. Sure, it was devastating when we realized that Russia had wormed its way into our electoral and democratic process, but that was apparently just the beginning of the story. (more…)
The Future of Cyber- Part Two
During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has some interesting perspectives on the nature of cyber threats going forward. The concept of deterrence, for example is complicated, at least on a national or global scale. “Deterrence requires attribution supported by evidence, further supported by classified information and practices,” Zheng suggests, and governments know that for every action there is a reaction, often deploying the same technology. So global resolution of cyber threat potential seems problematic.
The Future of Cyber- Part One
During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has also worked as a senate staffer on the Homeland Security Committee, in the Computer Associates software engineering process, and, most recently, on cyber moonshots at DARPA. So her perspective on cyber reflects and informs those of consumers, governments, and leading edge developers. (more…)
No Such Thing As A Free Lunch
Camp Songs For IT Professionals
It’s summertime, and the livin’ is easy. Fish are jumpin’, and the cotton is high. If you’re lucky, the old memories from summer camp return to the fore, as nostalgia delivers you from the daily stress of network security and constant threats.
When Cybersecurity Is Mainstream
When The Chips Are Down
Bundle Up To Avoid The Cold
With every passing week, it seems, cyberthreats and hacks inundate the news cycle and bring home the absolute insecurity that most of us experience (or should) when we take even the smallest of baby steps with our digital footprints. Of late, it’s the Russians who seem to take center stage, hacking our politics and manipulating our elections. Though we could debate the extent of the success, nobody seems to doubt the intent any longer. If those chilly diplomatic breezes seem to intimate a second cold war, will cyber be the weapon of choice? Is it already?