November 22, 2017
Cyber insurance is improving

Maybe we can just “insure everything” and call it a day…

An associate, hopefully in jest, recently commented to me: “Remind me sometime to show you the scars from every time I’ve slit my wrists after reading […]
February 28, 2017
Many inputs to computers

Don’t be asleep at the wheel, Big Data privacy issues are critical for businesses and individuals to grasp

By now, you’ve probably heard the term “Big Data”, and may even be getting sick of hearing about it. Whether you’re new to it or not, […]
February 14, 2017
Goldfish with hooks around

Why do so many people click on phishing email messages?

Your UPS delivery was missed… The IRS says you owe them thousands of dollars… You’ve reached your computer disk storage limit… Your Apple account information has […]
January 16, 2017
Safe with USB cables

Working with extremely sensitive data

A friend of mine is developing some complex software that he hopes to license to other companies. When I asked him how he was protecting it […]
December 1, 2016
Robot at keyboard

Employees need to learn to handle Cyber Threat Overload or they will be replaced

Remember back in that simpler time – 5 years ago – when botnets simply sent out spam or collected credit card numbers; or 10 years ago, […]
November 30, 2016
Subway train

Like a slow-speed chase, the San Fran hacker story is mesmerizing

What makes a good hacker story? Is it when the hacker has a much bigger impact than everybody expects? Or is it when they get caught […]
November 1, 2016
Recycling-devices

Three reasons you may need to throw away your Smart Devices

While I have been pointing out the risks of using Smart Devices and adopting the Internet of Things (IoT) over the past year, there has definitely been a gathering recognition among the security industry - and now the news media - about these risks. Certainly, the high profile outage of Twitter, Spotify, Pinterest, Google and Netflix last week focused attention on the security vulnerabilities within IoT devices. Now people are starting to realize the potentially scary scenarios that are just wait to happen thanks to the poor security around these devices. It's great that more people now share my concern, and many are trying to identify solutions. But here are my reasons why many of the devices you've already purchased may always be vulnerable - and you may need to throw them away to stay safe.
October 30, 2016

Don't take everything security experts say at face value, even me

TL:DR - Sometimes security people make sweeping statements without considering how they will be interpreted, or their effects on people in different stakeholder groups. We need to stop saying "Security education and studies are a waste of time" when we really mean, "Developers should do a better job of building security into their technologies". For as many years as I can remember, security professionals have been arguing about whether or not security awareness training has value. Even still, security experts feel that individual users or employees should not be required or counted on to learn about security threats and vulnerabilities. Their rationale seems to be that security technologies should really be able to compensate for vulnerabilities well enough that humans should not need to worry about the risks they face. In fact, Bruce Schneier one of the most respected security thought leaders, has taken this position more than once. But I'm not sure that making these kinds of statements is helpful to anyone, except perhaps developers of security products.
September 30, 2016

Yahoo learns poor security can affect business value

As you may have heard, Yahoo recently disclosed that it had suffered a major security breach affecting the personal data (and possibly passwords) of 500 million […]
September 30, 2016

Insider threats may come from people you don't suspect

How would you expect an insider threat to materialize in your organization? Could it be the recent new hire who just seems too keen? Or do […]