First, security professionals should understand that people’s resources are limited. Moreover, people tend to struggle with making effective decisions when they are tired. To test the validity of this argument, psychologists designed an experiment in which they divided participants into two groups. The first group was asked to memorise a two-digit...

It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge. Earlier in the day, Brown - who was responsible for the bank's IT systems - had attended a work performance review with his supervisor. It hadn't gone well. Brown was now a ticking time bomb...

I’m working with a couple of organizations faced with NIST 800-171 compliance. The first is a small manufacturing company doing business with a prime contractor. The second is a tribal business unit with federal contracts. Both must be compliant by December 2017 or risk losing their federal business. From what I can tell, neither organization was...

According to new guidelines issued by the United States Department of Health and Human Services (HHS), ransomware incidents in HIPAA regulated organizations are now classified as a data breach. HIPAA is the Health Insurance Portability and Accountability Act, that must be followed by any health care provider who transmits health information in...

In the first and second part of this series, we introduced the risks of the IoT / IoE world and addressed the mandatory security design considerations around the C-I-A triplet; the concepts of “openness;” the secure system and SDLC; the 4 “A”s; as well as the term “non-repudiation.” To continue with our overview, we will describe the important...

Breaches involving stolen credentials don’t surprise anyone these days. Those of us in infosec know too well that it’s a thousand times easier for the bad guys to gain access to a network and fly under the radar with a stolen login—often obtained through social engineering—than it is to get through cyber defenses. From the bad actors’ perspective, why...

It has been eight months since the Court of Justice for the European Union struck down the 15-year-old Safe Harbor arrangement between the EU and US. At the time, there was a good deal of consternation over the future of EU-US data exchange and just how businesses would continue to operate. Despite several fits and starts, parties on both sides of...

In May 2016, the Federal Bureau of Investigations issued an alert warning hospitals, state and local governments, law enforcement, small businesses, and individuals to be on the lookout for a rise in ransomware attacks. The FBI acknowledges in its letter that in the absence of data backups, victims of a ransomware attack have no option but to pay...

Organized cybercrime is a business just like any other legitimate business; they want to have low-risk and efficient operations in order to maximize their profits. The main caveat for criminals is that pesky problem of getting caught and spending the rest of your life in jail. Data is the currency of the 21st century – historically, cyber criminals...

The Internet as we know it is only possible thanks to cryptography and specifically TLS (formerly known as SSL). Without this crucial technology providing a means for private online communications, e-commerce would quite simply not be a thing, and the Internet would likely be little more than a world-wide party line for sharing bad jokes. Despite...

As is often the case in cybersecurity, just when you think you are writing or talking about the "issue of the day" (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money. That is...

Well, if you're reading this blog, then I suggest you should! The European Union General Data Protection Regulation (EU GDPR) takes effect on 25th May 2018. But don’t be misled by the title. The EU reference should be treated as an indication of the Regulation's birth place, not some form of virtual boundary restricting its influence. This...

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...

We sold our house and moved to an apartment in January, waiting for our new home to get built. Cleaning up the house for a move is a big chore, and one of my tasks for a weekend before the sale was cleaning up a big pile of post-it notes left in a box. I chanced upon a post-it note with a 1-888 number that was an AT&T teleconferencing line. I had...

Our story begins when Xu Jiaqiang, 29, decided to resign from his employer. Xu began working as a developer for a United States company in November 2010. During that time, he enjoyed access to the company's proprietary software, a clustered file system which enhanced computer performance by coordinating tasks across multiple servers. The developer...

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...

On Thursday, June 23, the United Kingdom will hold a referendum that will decide whether Britain will remain a member of the European Union. In the lead-up to this important vote, many are wondering how Britain's exit, or "Brexit," would affect the United Kingdom's national information security posture. Some are worried, for instance, that if...

A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated...

In a previous article, we discussed building a deeper understanding of distributed denial-of-service (DDoS) attacks, what they do, who’s behind them, and what they all come down to. To follow, here’s how to prepare your website for DDoS attack. According to the results of a study conducted by Kaspersky Lab and B2B International, a DDoS attack can...

Tattoos are a complex form of art in modern society. First of all, they are expressive. People can incorporate certain words and symbols into a tattoo so that its design communicates something personal about their lives. In that sense, tattoos are also free speech, a legal right which is protected under the U.S. Constitution. The fact that people...