All tagged InfoSec

Four Critical Cybersecurity Predictions for 2018

One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical.

Three cybersecurity predictions for 2018, according to Twitter

On December 12th, I moderated the #securityinsiderchat on Twitter, where more than twenty cybersecurity experts gathered to discuss their predictions for 2018. It’s always a pleasure and a privilege to learn from a diverse gathering of people and to read their ideas over the course of nearly 300 tweets. Plus, it’s an excellent opportunity to post animated cat gifs in the context of work.

Mind the gap: three actions to take today based on AT&T’s latest Cybersecurity Insights report

Taking these three actions immediately — investing in both cyber liability insurance and cybersecurity, investing in a trusted consulting firm, and getting people emotionally invested in cybersecurity training — will not prevent the next breach. However, these actions make it exponentially more expensive for criminals to breach your organization and are the socially responsible course of action to protect both your organization’s reputation and the public.

Launch your own privileged insider attacks for under $1,500 USD

This article will examine the costs and budgetary considerations for a new bad actor, lacking global resources, to set up a single privileged identity theft campaign to be able to launch insider attacks. The costs shown will assume corporate targets in the greater Seattle metropolitan area. This article will also briefly examine countermeasures.

The good news is that it is still possible to become an evil villain for an initial investment of under $1,500 USD, despite rising labor costs.

@Pebble is Shutting Down. Can They Take Two-Factor Authentication for #Cybersecurity With Them?

However, the biggest utility for my Pebble was two-factor authentication from my bank. My bank has had a somewhat tortured Consumer Identity and Access Management rollout over the years. They initially had single-factor authentication – a username and password. They briefly flirted with pictures, until they realized the Internet has an insatiable love of cats. They then deployed Knowledge-Based Authentication, safe in the knowledge that no-one would post their first spouse’s name, the name of their elementary school, and their favorite band on Facebook. Thus, they reluctantly deployed SMS-based two-factor authentication.