Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Q & A

 

Q&A: Savvy companies discover why locking down ‘privileged access’ boosts security

By Byron V. Acohido

Now is a terrific time for organizations to begin getting a much better grip on who has what level of access to sensitive nooks and crannies of the company network.

Wider, deeper use of Internet-centric systems has boosted corporate productivity to remarkable levels. Yet the rapidly growing complexity of corporate networks has also opened more opportunities for hacking – and threat actors continue to take full advantage. Breach attempts—and successful hacks—continue to rise steadily, despite billions spent by the corporate sector on the latest, greatest security systems.

That said, there is one area where savvy companies are making giant leaps in improving their security postures: getting incrementally smarter about identity and access management, or IAM.

IAM refers to the policies and technologies that …more

Q&A: Cisco privacy chief Dennedy says good privacy practices can improve bottom line

By Byron V. Acohido

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.

That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.” Indeed, the privacy of any consumer who spends any time on the Internet is owned several times over by the likes of Google, Facebook, Microsoft, Apple, Twitter, LinkedIn and other media companies and cloud service providers.

Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in …more

ROUNDTABLE: Will massive Equifax breach be the wake up call for companies, regulators, consumers?

By Byron V. Acohido

The pain has only just begun for Equifax. Last Thursday, the giant credit bureau disclosed that hackers stole personal information for 143 million of its customers, presumably mostly Americans, but also Canadians and Europeans.

In less than 24 hours, two Oregonians, Mary McHill and Brook Reinhard, filed a federal class-action lawsuit accusing the Georgia-based company of failing to maintain adequate electronic security safeguards as part of a corporate effort to save money.

Then on Friday, Consumer Watchdog called on California state Attorney General Xavier Becerra to investigate. The advocacy group believes Equifax may have violated California’s benchmark data loss disclosure law, which …more

Q&A: Why the HBO hack is destined to accelerate the fledgling cyber insurance market

By Byron V. Acohido

Following on the heels of the two globe-spanning ransomware worms, the HBO hack—with its distinctive blackmail component—rounds out a summer of extortion-fueled hacks and destruction and theft of valuable data at an unprecedented scale.

WannaCry and Petya raced around the planet demanding ransoms after locking up servers at hundreds of organizations. The HBO hackers pilfered 1.5 terabytes of intellectual property and business documents from the television giant. Next, they heaved samples — including unreleased scripts of Game of Thrones —  into the internet wild, and demanded $7.5 million to halt disclosures of even more highly perishable intellectual assets.

Related article: How WannaCry used NSA cyber weapons to spread ransomware

These high-profile …more

Q&A: Why WannaCry signals a coming wave of nation-state cyber weapon hacks

By Byron  V. Acohido

Companies would be remiss to downplay the profound implications of last month’s headline-grabbing WannaCry ransomware attack.

WannaCry was a mere harbinger; the tip of the iceberg. WannaCry happened a few weeks after the Shadow Brokers hacking collective stole dozens of the National Security Agency’s ace-in-the-hole hacking tools.

Shadow Brokers futilely tried to sell these cyber weapons piecemeal. But after getting no takers, publicly released them. Someone then quickly snapped up two of the free spy tools—code named EternalBlue and DoublePulsar—and whipped up WannaCry, which spread, in a matter of days, into government, utility and company networks in 150 countries.

Related article: Why insecure software is the root of all problems

The initial version of WannaCry …more

Q&A: Why you should think twice about taking your laptop, smartphone on business travel

By Byron Acohido

International business travelers take heed: Starting now, and even more so going forward, you’ll need to carefully consider how your computing devices serve as a conduit to sensitive company data.

This includes everything stored directly on your smartphones and laptops—and everything reachable from your personal computing devices that may be stored in the internet cloud.

Electronic media searches by government authorities already were on a steeply rising curve due to terrorist threats. For instance, digital device searches at U.S. border crossings rose to 23,877 in 2016 vs. just 4,764 in 2015.

Related article: Snowden expounds on government surveillance at Privacy XChange Forum

Then in early March, President Trump issued an executive order signaling …more

Q&A: NYDFS cybersecurity rules have teeth, set precedent

By Byron V. Acohido

’Twas a few days before Christmas 2016, and the banking and insurance industries were in a tizzy.

The New York State Department of Financial Services was on the verge of spoiling the holidays for these verticals by implementing an unprecedented set of rules requiring financial services firms to adopt first-class cybersecurity policies and practices.

Related video: New York state shakes up security paradigm

Responding to eleventh-hour lobbying, NYDFS Superintendent Maria T. Vullo did concede to postpone implementation of her agency’s Cybersecurity Requirements for Financial Services Companies by three months—to March 1. And on Dec. 28, Vullo released a heavily revised set of rules, presumably aimed at ameliorating industry complaints.

However, the core …more