Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Q & A

 

Q&A: The case for rethinking security — starting with smarter management of privileged access logons

By Byron V. Acohido

Two cybersecurity trend lines have moved unremittingly up the same curve over the past two decades — and that’s not a good thing.

Year-in and year-out, organizations have steadily increased spending to defend their networks — and they continue to do so, with no end in sight. Research firm MarketsandMarkets estimates that the global cybersecurity market size will grow from $137.85 billion in 2017 to $231.94 billion by 2022, a compound annual growth rate of 11.0%.

Related podcast: Much stronger security can come from simple ‘Identity Access Management’ improvements

At the same time, the damage and disruption caused by malicious hackers has also continued to rise, with no end in sight. One recent measure of this comes from a survey of senior officials at 120 large enterprises, conducted by research firm Forrester and sponsored by Centrify, a leading supplier of identity and access management (IAM) technologies.

 

C-level executives disclosed to Forrester that two thirds of their companies had been breached multiple times –  a startling five times on average over the past two years. What’s more, respondents indicated these break-ins occurred evenly all across the network, at endpoints, servers, data bases and in software-as-a-service systems. …more

Q&A: Meet insurance underwriters newest obsession — vulnerability assessments

By Byron V. Acohido

From very early on, cyber criminals have been smart enough to focus their attention on vulnerabilities – the endless coding weak points arising from our increasing dependence on complex software and software-run systems.

Finally, the good guys are doing the same. One security vendor I recently spoke to — Risk Based Security – is among the innovative vendors involved in helping companies identify, assess and patch vulnerabilities.

Related article: Insurance giant Zurich partners with Deloitte cybersecurity

Obviously, a comprehensive understanding of the vulnerabilities your organization is exposed to, at any given time, is a vital layer of defense. What’s really interesting is that the insurance industry has come to recognize this, and has begun using vulnerability assessments as a key measure for qualifying companies looking to offset cyber risk via a cyber insurance policy.

Jake Kouns, CISO at Risk Based Security, walked me through the context of this emerging trend. Here are excerpts of our conversation, edited for clarity and length. For a deeper drill down, please listen to the accompanying podcast. …more

Q&A: How the ‘PKI ecosystem’ could be the answer to securing the Internet of Things

By Byron V. Acohido

Google is making a big push to compel website publishers to jettison HTTP and adopt HTTPS Transport Layer Security (TLS) as a de facto standard, and it’s expanding use of this important encryption technology.

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are the underpinnings of secure online transactions. They come into play in the form of digital certificates issued by Certificate Authorities (CAs) —  vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

This robust protection gets implemented by leveraging an encryption and authentication framework called the public key infrastructure (PKI.) This all happens in the blink of an eye when you visit …more

Q&A: Savvy companies discover why locking down ‘privileged access’ boosts security

By Byron V. Acohido

Now is a terrific time for organizations to begin getting a much better grip on who has what level of access to sensitive nooks and crannies of the company network.

Wider, deeper use of Internet-centric systems has boosted corporate productivity to remarkable levels. Yet the rapidly growing complexity of corporate networks has also opened more opportunities for hacking – and threat actors continue to take full advantage. Breach attempts—and successful hacks—continue to rise steadily, despite billions spent by the corporate sector on the latest, greatest security systems.

That said, there is one area where savvy companies are making giant leaps in improving their security postures: getting incrementally smarter about identity and access management, or IAM.

IAM refers to the policies and technologies that …more

Q&A: Cisco privacy chief Dennedy says good privacy practices can improve bottom line

By Byron V. Acohido

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.

That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.” Indeed, the privacy of any consumer who spends any time on the Internet is owned several times over by the likes of Google, Facebook, Microsoft, Apple, Twitter, LinkedIn and other media companies and cloud service providers.

Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in …more

ROUNDTABLE: Will massive Equifax breach be the wake up call for companies, regulators, consumers?

By Byron V. Acohido

The pain has only just begun for Equifax. Last Thursday, the giant credit bureau disclosed that hackers stole personal information for 143 million of its customers, presumably mostly Americans, but also Canadians and Europeans.

In less than 24 hours, two Oregonians, Mary McHill and Brook Reinhard, filed a federal class-action lawsuit accusing the Georgia-based company of failing to maintain adequate electronic security safeguards as part of a corporate effort to save money.

Then on Friday, Consumer Watchdog called on California state Attorney General Xavier Becerra to investigate. The advocacy group believes Equifax may have violated California’s benchmark data loss disclosure law, which requires timely notification of the victims in these types of breach …more

Q&A: Why the HBO hack is destined to accelerate the fledgling cyber insurance market

By Byron V. Acohido

Following on the heels of the two globe-spanning ransomware worms, the HBO hack—with its distinctive blackmail component—rounds out a summer of extortion-fueled hacks and destruction and theft of valuable data at an unprecedented scale.

WannaCry and Petya raced around the planet demanding ransoms after locking up servers at hundreds of organizations. The HBO hackers pilfered 1.5 terabytes of intellectual property and business documents from the television giant. Next, they heaved samples — including unreleased scripts of Game of Thrones —  into the internet wild, and demanded $7.5 million to halt disclosures of even more highly perishable intellectual assets.

Related article: How WannaCry used NSA cyber weapons to spread ransomware

These high-profile cyber attacks have sent shockwaves through the insurance industry. Inga Goddijn, executive …more