Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

For consumers

 

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

By Byron V. Acohido

CISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors.

Related: The ‘cyber’ case for D&O insurance

Vanessa Pegueros knows this all too well. She serves on the board of several technology companies and also happens to be steeped in cyber risk governance.

I recently attended an IoActive-sponsored event in Seattle at which Pegueros gave a presentation titled: “Merging Cybersecurity, the Board & Executive Team”

Pegueros shed light on the land mines that enshroud cybersecurity presentations made at the board level. She noted that most board members are non-technical, especially when it comes to the intricate nuances of cybersecurity, and that their decision-making is primarily driven by concerns about revenue and costs.

Thus, presenting a sky-is-falling scenario to justify a fatter security budget, “does not resonate at the board level,” she said in her talk. “Board members must be very optimistic; they have to believe in the vision for the company. And to some extent, they don’t always deal with the reality of what the situation really is.

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

By Byron V. Acohido

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering.

Related: AI makes scam email look real

Fresh evidence comes from  Mimecast’s “The State of Email and Collaboration Security” 2024 report.

The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found:

•Human risk remains a massive exposure. Some 74 percent of cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

•New AI risks have lit a fire under IT teams. . Eight out of 10 of those polled expressed concerned about AI threats posed and 67 percent said AI-driven attacks will soon become the norm.

LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

By Byron V. Acohido

Congressional bi-partisanship these day seems nigh impossible.

Related: Rising tensions spell need for tighter cybersecurity

Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance Ltd., relinquishes its stake.

President Biden has said he will sign the bill into law, so its fate is now in the hands of the U.S. Senate.

I fervently hope the U.S. Senate does not torpedo this long overdue proactive step to protect its citizens and start shoring up America’s global stature.

Weaponizing social media

How did we get here? A big part of the problem is a poorly informed general populace. Mainstream news media gravitates to chasing the political antics of the moment. This tends to diffuse sober analysis of the countless examples of Russia, in particular, weaponizing social media to spread falsehoods, interfere in elections, target infrastructure and even radicalize youth.

Author Q&A: A patient’s perspective of advanced medical technology and rising privacy risks

By Byron V. Acohido

A close friend of mine, Jay Morrow, has just authored a book titled “Hospital Survival.”

Related: Ransomware plagues healthcare

Jay’s book is very personal. He recounts a health crisis he endured that began to manifest at the start of what was supposed to be a rejuvenation cruise.

Jay had to undergo several operations, including one where he died on the operating table and had to be resuscitated. Jay told me he learned about managing work stress, the fragility and preciousness of good health and the importance of family. We also discussed medical technology and how his views about patient privacy evolved. Here are excerpts of our discussion, edited for clarity and length:

LW: Your book is pretty gripping. It starts with you going on a cruise, but then ending up on this harrowing personal journey.

Morrow: That’s right. I was a projects manager working hard at a high-stress job and not necessarily paying any attention to the stress toll that it was taking on me over a number of years. Professionally, my plates were full. I was working 60 to 70 hours a week and that was probably too much.

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

By Zac Amos

Charities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals.

Related: Hackers target UK charities

Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization.

•Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. Many nonprofits are exposed to potential daily threats and don’t even know it. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. These worrying statistics underscore the need to be more proactive in preventing security breaches.

•Keep software updated. Outdated software and operating systems are known risk factors in cybersecurity. Keeping these systems up to date and installing the latest security patches can help minimize the frequency and severity of data breaches among organizations. Investing in top-notch firewalls is also essential, as they serve as the first line of defense against external threats.

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

By Byron V. Acohido

Achieving “digital trust” is not going terribly well globally.

Related: How decentralized IoT boosts decarbonization

Yet, more so than ever, infusing trustworthiness into modern-day digital services has become mission critical for most businesses. Now comes survey findings that could perhaps help to move things in the right direction.

According to DigiCert’s 2024 State of Digital Trust Survey results, released today, companies proactively pursuing digital trust are seeing boosts in revenue, innovation and productivity. Conversely, organizations lagging may be flirting with disaster.

“The gap between the leaders and the laggards is growing,” says Brian Trzupek, DigiCert’s senior vice president of product. “If you factor in where we are in the world today with things like IoT, quantum computing and generative AI, we could be heading for a huge trust crisis.”

DigiCert polled some 300 IT, cybersecurity and DevOps professionals across North America, Europe and APAC. I sat down with Trzupek and Mike Nelson, DigiCert’s Global Vice President of Digital Trust, to discuss the wider implications of the survey findings. My takeaways:

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization.