Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

GUEST ESSAY: “Chess Master Project’ should restore resiliency to U.S. power grid

By Paul Myer

The evolving risk of a coordinated, catastrophic, cyberattack on U.S. energy delivery systems (collectively known as “the power grid”) via vulnerable Industrial Control Systems (ICS), resulting in wide spread, prolonged power outages, is not a new concern to energy industry executives or government policy makers.

Owners and operators of energy sector assets understand the possible impacts of coordinated physical and cyber-attacks which threaten reliability and resilience of U.S. energy delivery systems. They experienced havoc and disruptive economic and social impacts from the prolonged power outages over wide-spread areas resulting from the 2003 North East Blackout and the 2011 Southwest Blackout events.

Related podcast: How Russia’s election tampering relates to Ukraine power grid attacks

However, with an industry-standing focus on grid reliability, a lack of qualified cyber security experts, and reliance on the fact that a hypothetical cyberattack event resulting in wide spread outages has not yet occurred on the U.S. power grid, energy sector utilities have become complacent in their cyber protection strategies. …more

Q&A: How the ‘PKI ecosystem’ could be the answer to securing the Internet of Things

By Byron V. Acohido

Google is making a big push to compel website publishers to jettison HTTP and adopt HTTPS Transport Layer Security (TLS) as a de facto standard, and it’s expanding use of this important encryption technology.

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are the underpinnings of secure online transactions. They come into play in the form of digital certificates issued by Certificate Authorities (CAs) —  vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

This robust protection gets implemented by leveraging an encryption and authentication framework called the public key infrastructure (PKI.) This all happens in the blink of an eye when you visit …more

Q&A: Savvy companies discover why locking down ‘privileged access’ boosts security

By Byron V. Acohido

Now is a terrific time for organizations to begin getting a much better grip on who has what level of access to sensitive nooks and crannies of the company network.

Wider, deeper use of Internet-centric systems has boosted corporate productivity to remarkable levels. Yet the rapidly growing complexity of corporate networks has also opened more opportunities for hacking – and threat actors continue to take full advantage. Breach attempts—and successful hacks—continue to rise steadily, despite billions spent by the corporate sector on the latest, greatest security systems.

That said, there is one area where savvy companies are making giant leaps in improving their security postures: getting incrementally smarter about identity and access management, or IAM.

IAM refers to the policies and technologies that …more

PODCAST: ‘Homomorphic encryption’ emerges as the Holy Grail of cloud computing

By Byron V. Acohido

I recently learned that there is an acute limitation to otherwise empowering cloud storage and processing services, such as Amazon EC2, Google Cloud and Microsoft Azure. It has to do with the circumstances under which business data gets transported to, and stored in, cloud storage facilities.

Some context: Organizations today do a terrific job encrypting data kept in storage (data at rest) and also encrypting data as it is being transported to and from cloud storage facilities (data in transit.) However, to actually do a simple search, or otherwise access and massage this data when it is stored up in the cloud, both the query and the stored data must be decrypted. And herein lies the security shortfall.

Related article: Encryption …more

GUEST ESSAY: How safeguarding user credentials can lower cyber insurance premiums

By Dean Thompson

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion.

Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, the cost and precise scope of coverage of these policies are coming under under scrutiny. A key question is whether or not non-malicious human activity is covered.

On one hand, cybersecurity policies that do not cover human error – which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches or updates – would be of far more limited value.

That’s because, according to a recent Verizon study, 81 percent of breaches …more

PODCAST: Why ‘defense in depth’ isn’t enough — how ‘SOAR’ will help

By Byron V. Acohido

‘Defense in depth’ and ‘layered defenses’ just aren’t cutting it anymore.

We’ve arrived at a point where many companies have invested substantial fortunes on overlapping tiers of cybersecurity technologies. Discreet systems, such as firewalls, anti-malware  suites and sandbox detonators are smarter and more sophisticated than ever before.

Yet network breaches continue to proliferate. Enterprises are finding it more difficult than ever to actually translate the cumulative intelligence at their fingerprints into action that curtails network breaches. There are just too many discreet security systems continually pumping out too much disparate data; security analysts just can’t make sense of it all.

Acohido and Corcoran

To address this shortfall, a new technology stack, dubbed SOAR, …more

Q&A: Cisco privacy chief Dennedy says good privacy practices can improve bottom line

By Byron V. Acohido

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.

That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.” Indeed, the privacy of any consumer who spends any time on the Internet is owned several times over by the likes of Google, Facebook, Microsoft, Apple, Twitter, LinkedIn and other media companies and cloud service providers.

Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in …more