The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money on. In a perfect and very geeky world, I would likely come up with a method of...

Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on...

As we introduced in part 1 of this “word crimes” series, cybersecurity terminology is important. Cybersecurity, IT professionals and legal professionals routinely abuse the terms “policy” and “standard” as if these words were synonymous. In reality, these terms have quite different implications, and those differences should be kept in mind since the...

Black Friday is a big day for shoppers. In 2016, 154 million consumers shopped over Thanksgiving weekend and spent $9.36 billion, constituting a year-over-year increase of 16.4 percent. More than half of that money spent ($5.27 billion) occurred online. Building on those figures, Black Friday 2017 looks like it will be even bigger than in previous...

The Australian Broadcasting Corporation (ABC) leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket. Public search engine Censys indexed the misconfigured asset on 14 November during a regular security audit of the S3 environment. Researchers at the Kromtech security center don't know who might have accessed...

In the first part of this blog series, we discussed some core objectives, characteristics and principles of the GDPR, which is due to take effect on 25th May 2018. In this second article, we will discuss in greater depth some of the core IT security objectives relating to GDPR. The purpose of the GDPR is to establish directions to protect “natural...

Security researchers have discovered a new banking Trojan that is actively targeting U.S. financial institutions. Dubbed IcedID, the malware is believed to have emerged in the wild back in September 2017, when its first test campaigns were launched. According to IBM X-Force, IcedID was developed with “modular malicious code and modern capabilities”...

Security patches and updates leave companies at risk when they're running systems designated as end of life (EOL), such as .Net systems, Windows Server 2003, and Windows XP. When Microsoft releases an update or patch after the operating system (OS) is no longer supported, cybercriminals and malicious software develops dissect the update and reverse...

46.2 million mobile numbers have appeared online following a data breach that affected several Malaysian telecommunication companies. The incident involves 15 Malaysian telcos and mobile virtual network operators (MVNO). Included in the leak are customers' mobile numbers along with their personal and device information. Of note, those exposed...

Last time, I had the opportunity to speak with Carrie Roberts. She's a red team engineer at Walmart with lots of penetration testing experience. This time, I had the pleasure of speaking with Glenda Snodgrass. She's a founder and the president of The Net Effect, a cybersecurity services company that's based in Alabama. They must be doing something...

Halloween is upon us! It isn’t just a time for Steven King movies and trick-or-treating, but it's also a time to reflect back on some of our own horror stories in IT. To help celebrate Halloween, we have asked some folks from the security industry to share their scary security stories with us. We hope you enjoy. Feel free to share your own stories in...

On October 2-4, 2017, the Retail Cyber Intelligence Sharing Center (R-CISC) hosted Securing Retail 002, the second iteration of its annual summit first held in April 2016. Speakers from Microsoft, Target and other Fortune 500 companies shared their thoughts on the retail digital security landscape with attendees over the course of the two-day event....

Words have meaning. Cybersecurity and IT professionals routinely abuse the terms “policy” and “standard” as if they are synonymous. The same holds true for compliance terms since these terms tend to get thrown in the same bucket even though there are significant differences that should be kept in mind. Why Should You Care? Beyond just using...

In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency...

Continuing the discussion around the skills gap our industry is facing, I’m excited to share our final set of results from the Tripwire skills gap survey. My previous post highlighted the need for technical skills. But as this next set of findings indicates, soft skills in cybersecurity are not be overlooked. Every single participant in our survey...

If you've read a security blog anytime in the last year, you haven't escaped mention of the dreaded skills gap for cybersecurity professionals. There seems to be consensus that it's getting harder to hire skilled security staff, though the reason for that is up for debate – some say we're just going about it the wrong way, while others claim it is an...

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank's servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...

Last time, I spoke with Kim Wong, a woman who recently acquired a cybersecurity role in Britain's financial services industry. This time, I'm honored to speak with Keren Elazari. Not only has she given TED talks but also founded BSidesTLV in Tel Aviv, Israel. We had a wonderful chat! Kimberly Crawley: Please tell me a bit about what you do. KE: I'm...

In 2016, I shared just a few of the exciting presentations planned for the Retail Cyber Intelligence Sharing Center's (R-CISC) inaugural Retail Cyber Intelligence Summit. The event brought together CISOs and their IT security teams from the retail and consumer services industries in North American. For two days, these notable attendees shared best...