Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Steps forward


MY TAKE: The way forward, despite overwhelming cyber threats

By Byron V. Acohido

NEW YORK CITY – Cyber Connect 2017 cybersecurity summit that just wrapped up at the beautiful Grand Hyatt located adjacent to Grand Central Station here in the Big Apple. I got the chance to be on the other side of the interview, sitting down with John Furrier and David Vellante, co-hosts of The Cube. We did it live; here’s the recorded stream.

GUEST ESSAY: “Chess Master Project’ should restore resiliency to U.S. power grid

By Paul Myer

The evolving risk of a coordinated, catastrophic, cyberattack on U.S. energy delivery systems (collectively known as “the power grid”) via vulnerable Industrial Control Systems (ICS), resulting in wide spread, prolonged power outages, is not a new concern to energy industry executives or government policy makers.

Owners and operators of energy sector assets understand the possible impacts of coordinated physical and cyber-attacks which threaten reliability and resilience of U.S. energy delivery systems. They experienced havoc and disruptive economic and social impacts from the prolonged power outages over wide-spread areas resulting from the 2003 North East Blackout and the 2011 Southwest Blackout events.

Related podcast: How Russia’s election tampering relates to Ukraine power grid attacks

However, with an industry-standing focus on grid reliability, a lack of qualified cyber security experts, and reliance on the fact that a hypothetical cyberattack event resulting in wide spread outages has not yet occurred on the U.S. power grid, energy sector utilities have become complacent in their cyber protection strategies. …more

Q&A: How the ‘PKI ecosystem’ could be the answer to securing the Internet of Things

By Byron V. Acohido

Google is making a big push to compel website publishers to jettison HTTP and adopt HTTPS Transport Layer Security (TLS) as a de facto standard, and it’s expanding use of this important encryption technology.

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are the underpinnings of secure online transactions. They come into play in the form of digital certificates issued by Certificate Authorities (CAs) —  vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

This robust protection gets implemented by leveraging an encryption and authentication framework called the public key infrastructure (PKI.) This all happens in the blink of an eye when you visit …more

PODCAST: ‘Homomorphic encryption’ emerges as the Holy Grail of cloud computing

By Byron V. Acohido

I recently learned that there is an acute limitation to otherwise empowering cloud storage and processing services, such as Amazon EC2, Google Cloud and Microsoft Azure. It has to do with the circumstances under which business data gets transported to, and stored in, cloud storage facilities.

Some context: Organizations today do a terrific job encrypting data kept in storage (data at rest) and also encrypting data as it is being transported to and from cloud storage facilities (data in transit.) However, to actually do a simple search, or otherwise access and massage this data when it is stored up in the cloud, both the query and the stored data must be decrypted. And herein lies the security shortfall.

Related article: Encryption …more

PODCAST: Why ‘defense in depth’ isn’t enough — how ‘SOAR’ will help

By Byron V. Acohido

‘Defense in depth’ and ‘layered defenses’ just aren’t cutting it anymore.

We’ve arrived at a point where many companies have invested substantial fortunes on overlapping tiers of cybersecurity technologies. Discreet systems, such as firewalls, anti-malware  suites and sandbox detonators are smarter and more sophisticated than ever before.

Yet network breaches continue to proliferate. Enterprises are finding it more difficult than ever to actually translate the cumulative intelligence at their fingerprints into action that curtails network breaches. There are just too many discreet security systems continually pumping out too much disparate data; security analysts just can’t make sense of it all.

Acohido and Corcoran

To address this shortfall, a new technology stack, dubbed SOAR, …more

Q&A: Cisco privacy chief Dennedy says good privacy practices can improve bottom line

By Byron V. Acohido

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.

That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.” Indeed, the privacy of any consumer who spends any time on the Internet is owned several times over by the likes of Google, Facebook, Microsoft, Apple, Twitter, LinkedIn and other media companies and cloud service providers.

Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in …more

MY TAKE: The death of BYOD; how mobile security has impacted enterprise security

By Byron V. Acohido

Just five years ago, BYOD – Bring Your Own Device – was a rising security concern attracting an inordinate amount of attention.

Fast forward to today and BYOD has faded as a buzzword. However, employees’ use of mobile devices and web apps remains as big a security concern as ever.

Related article: Converting logs into actionable intel

Acohido and Smith

Companies and government agencies are addressing this exposure by taking advantage of technical innovations and by embracing practices that might surprise you.

I had the chance to visit with Gregg Smith, CEO of Silent Circle, at Black Hat 2017 in Las Vegas. Co-founded by a former Navy SEAL and a couple of …more