Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Q & A


Q&A: NYDFS cybersecurity rules have teeth, set precedent

By Byron V. Acohido

’Twas a few days before Christmas 2016, and the banking and insurance industries were in a tizzy.

The New York State Department of Financial Services was on the verge of spoiling the holidays for these verticals by implementing an unprecedented set of rules requiring financial services firms to adopt first-class cybersecurity policies and practices.

Related video: New York state shakes up security paradigm

Responding to eleventh-hour lobbying, NYDFS Superintendent Maria T. Vullo did concede to postpone implementation of her agency’s Cybersecurity Requirements for Financial Services Companies by three months—to March 1. And on Dec. 28, Vullo released a heavily revised set of rules, presumably aimed at ameliorating industry complaints.

However, the core …more

Q&A PODCAST: The caring, feeding and replenishing of modern-day botnets

Byron V. Acohido

Part of the reason cyber attacks remain unstoppable is because our own computing devices help supply the bad guys’ processing power—as part of botnets.

A bot is a computing nodule with a small bit of coding that causes it to obey instructions from a command and control server. A botnet is a network of thousands upon thousands of bots under control of an attacker.

Related video: What you should know about battling botnets

Bots actually derive from two primary sources. The classic source — so-called “pwned” PCs. Infections lurk everywhere: in email-borne attachments and web links; in social media postings; on popular and obscure web pages. A pwned PC operates normally for the unwitting user, though he or …more

Q&A: Why we need to downplay intense rivalries — to improve cybersecurity

By Byron V. Acohido

Imagine if no one in your organization felt compelled to compete for an operating budget, and each and every employee fully understood and embraced cybersecurity best practices?

Sound like a far-fetched fantasy? A security consultancy called New Context Services actually is promoting this radically new type of corporate culture, which it calls “lean security.”

An e-book outlining New Context’s “Lean Security Principal of Awareness” is being prepared for release at the giant RSA cybersecurity conference in February in San Francisco.

Ben Tomhave, security architect for New Context Services, recently gave a preview at the DevOps Connect conference in Seattle. I sat down with him just before he presented. Here’s a synopsis of our conversation. Text editing …more

Q&A: JavaScript-based ransomware targets schools, local agencies

By Byron V. Acohido

As 2016 draws to a close, ransomware continues to pose a pervasive threat to consumers and companies.

Ransomware purveyors have become stunningly efficient at encrypting computer files, and then demanding an extortion payment to deliver a decryption key. For all too many victims, paying off these cyber extortionists has become a viable resolution.

Related infographic: How ‘malvertising’ spreads ransomware

Security analysts at messaging security vendor Proofpoint have kept a close watch on ransomware campaigns leveraging the Locky, CryptFile2, and MarsJoke families of ransomware.

One key finding: small and midsize organizations, such as local government agencies and schools, remain particularly vulnerable.

ThirdCertainty asked Patrick Wheeler, Proofpoint’s director of threat intelligence, to discuss evolving attack patterns. This text …more

Q&A: Why insurance giant Aon acquired cyber forensics stalwart Stroz Friedberg

By Byron V. Acohido

In a full-throated, clear-as-day affirmation that the nascent cyber insurance market is truly poised to blossom, insurance giant Aon last week announced that it will swallow up cyber forensics stalwart Stroz Friedberg for an undisclosed sum.

The acquisition puts the London-based carrier in a prime position to help bring to fruition PriceWaterhouseCoopers’ prediction that companies will spend $7.5 billion on cyber liability policies by 2020, up from $2.5 billion in 2014. European financial services giant Allianz goes a step further predicting that cyber insurance sales will top $20 billion by 2025.

Related: Cyber insurers offer value-added services to stand out

Keep …more

Q&A: Why dormant SSH keys represent a nightmarish exposure

By Byron V. Acohido

A nightmarish new exposure affecting virtually all major networks is just beginning to get the attention of the security community.

It involves a fundamental networking protocol—Secure Shell, or SSH. Invented in 1995 by a Finnish programmer named Tatu Ylönen, SSH is an encrypting routine that enables one software application to securely connect and transfer data to the next. Currently, Ylönen is CEO of SSH Communications Security, which develops advanced security solutions that enable, monitor and manage encrypted networks.

Because SSH derives from the open-source coding community and is thus license-free, it got baked deep into the plumbing that enables digital systems to interconnect.

The problem is no one has …more

Q&A: How treating customers’ privacy with respect can boost the bottom line

By Byron V. Acohido

In early 2010, Mark Zuckerberg, founder of Facebook, brashly announced that “privacy is no longer a social norm.” Not to be outdone, Eric Schmidt, then Google’s CEO, a few weeks later boasted that “the Google policy on a lot of things is to get right up to the creepy line and not cross it.”

Those proclamations signaled the degree to which Americans had so easily abandoned long-held, hard-won notions of personal privacy. Indeed, lack of privacy has come to be accepted as the required price for participating in an internet-centric economy.

But the pendulum may have started swinging the other way. A recent consumer survey, conducted by the legal firm …more