Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

By Max Emelianov

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide.

The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded.

Related podcast: The case for ‘zero-trust’ security

Obviously, on paper the castle with better defenses is the one that survives a siege. But what really makes the difference here is the people manning it. See, the soldiers in the second castle are unquestionably loyal to their king. While in the first castle, there is a turncoat in the ranks.

As you’ve probably surmised, the castles are meant to represent a business’s security infrastructure.

The soldiers are a business’s employees. Unless the two are in alignment with one another – unless your employees care about keeping corporate data safe and understand what’s required to do so – your business is not secure.

People power

It doesn’t matter how strong your walls are. It doesn’t matter how much money you invest into point solutions and hardened architecture. It doesn’t matter how many people you hire to man your IT department. …more

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

By Todd Feinman

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December.

Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora.

Related podcast: The need to lock down unstructured data

Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers. And, it was just before the holidays in 2013 that Target announced the infamous breach impacting more than a hundred million people.

The list goes on, and with each incident everyone is always asking the same question — Could this have been prevented and how? Every large brand is acutely aware that securing its data is of foremost importance in today’s world, and that by protecting data you are protecting the brand’s equity.  That should be obvious after what we see in the news, however, it’s not always so straightforward.

According to the Poneman analyst report, The Importance of DLP in Cybersecutiy Defense, many organizations still believe, “it’s probably not going to happen to me.” The first step toward fortifying one of the company’s most valuable assets — customer or employee data — is to get to know the data better. …more

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

By Angela Hill and Edwin Hill

The United States Intelligence Community, or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office.

The IC gathers, stores and processes large amounts of data, from a variety of sources,  in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Related video: Using the NIST framework as a starting point

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures.

The IC has been using this approach to generate reliable and accurate intelligence that is the basis for making vital national security decisions, in particular, those having to do with protecting critical U.S. infrastructure from cyber attacks.

In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. Such threats impact more businesses than you may think.

Per a 2017 CNN source, nearly 100,000 agents from as many as 80 nations operate within the United States with the intention of targeting businesses to gain …more

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

By Jonathan Simkins

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began.  While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated.

Related: How to get off of HIPAA’s hit list

The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutions, shows the healthcare sector remains acutely vulnerable to attacks exploiting third-party contractors even as their first-party security posture hardens.

Atrium Health operates over 40 hospitals and almost 1,000 other healthcare facilities, primarily in North Carolina and South Carolina.  AccuDoc kept payment records from several Atrium Health locations.  A hacker accessed AccuDoc’s databases from September 22-29.

The compromised databases included names, addresses, dates of birth, insurance policy details, medical record numbers, account balances and dates of service — of both guarantors and patients.  Additionally, the Social Security numbers of about 700,000 patients were also exposed.

Weak links

The Atrium breach demonstrates how any third party in a company’s digital ecosystem can be the weak link that gives attackers a clear path to exposed data.  The fact that this incident is being labeled “the Atrium breach” in the media also shows where the reputational risk lies. …more

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

By Rishab Gogoi

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees.  The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services.

PhishMe

This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. Wide varieties of scenarios are offered to make the employees more aware of such attacks.

Related: Gamification training gains traction.

PhishMe’s online forum provides a series of scenarios, landing pages, attachments and educational pages. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies.  Employees can account for any suspicious emails, through an easy report feature,

Knowbe4

This is a platform for security awareness training and simulated phishing tests focusing on the problem of social-engineering. Its cloud-based service helps its’ clients to schedule automated training campaigns and simulated phishing attacks.

A free test is provided for up-to 100 employees. Organizations select the phishing templates and landing page for simulation. …more

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

By Matt Dumiak

Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike.  News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large.

Related: Europe’s GDPR ushers in new privacy era

Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.  Several states including Virginia, Vermont, Colorado, and New Jersey have all introduced related privacy regulations recently. California recently set themselves apart in the privacy space with the adoption of the California Consumer Privacy Act (CCPA), which gave citizens the rights to not only protect their own data, but to obligate businesses to disclose exactly which information has been collected about them.…more

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

By Lance Cottrell

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.

A  string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use.

Related: Drivers behind facial recognition boom

Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way. Assuming privacy concerns get addressed, much wider consumer uses are envisioned in areas such as marketing, retailing and health services.

According to Allied Market Research, the facial recognition systems market is in the midst of rising at a compounded annual growth rate of 21% between 2016 to 2022. The research firm projects that the facial recognition market will climb to $9.6 billion by 2022.

Pieces in place

Ntrepid is focused on the privacy ramifications associated with these developments. As privacy concerns get addressed, facial recognition technologies are expect to emerge as a consumer favorite, when compared to other biometric authentication systems, such as voice, skin texture, iris and fingerprint systems.

This trend is rapidly unfolding because all of the required pieces are finally in place. Cameras have become cheap and ubiquitous. …more