Yahoo! The Cost of Silence

Yahoo! The Cost of Silence

Further Analysis of The Yahoo! Breach Continuing to follow developments in Yahoo’s recent breach, there are two things that happened since my “Yahoo! Password as a Service” post last week. The first was obvious and expected: multiple class-action lawsuits have been filed against the company. The second was expected, but...

Yahoo! Password as a Service

Analyzing the Yahoo! Breach This is one Yahoo! service that Verizon definitely didn’t bargain for in its planned $4.8 billion acquisition of struggling Internet giant. You can pick from the 450,000 Yahoo Voices accounts compromised in 2012, 22,000,000 Yahoo Japan logins lost in 2013, or 500,000,000 user accounts breached in...

Identify The “Who” in Risk Mitigation

When it comes to risk mitigation, organizations need to focus on several components in order to develop and implement an effective strategy to counter a diverse range of cyber threats. While there is considerable focus, and rightly so, on being able to identify mission critical information assets and accesses in...

Grandmothers, Gangsters, Guerrillas and Governments

I recently flew to Knoxville Tennessee to visit Oak Ridge National Laboratory (ORNL) and deliver a talk at the 11th Annual Cyber & Information Security Research (CISR) conference. The title of my presentation and this blog – Grandmothers, Gangsters, Guerrillas and Governments – is an analysis of the four primary...

Reducing Hay to Find Needles

I recently participated in a televised C-SPAN panel on counterterrorism and intelligence at the Center for Cyber and Homeland Security at George Washington University. One of the ideas we explored is an analogy that is often used in the security industry: how to “find the needle in a haystack” or...

Mitigating insider threats from a people perspective

Cyber threats come in various forms. A diverse threat actor landscape consisting of criminals, espionage actors, hacktivists, and more have demonstrated how successful they can be launching remote attacks. Gaining unauthorized access into networks, stealing sensitive intellectual property, financial, and personal identifiable information, and conducting defacements and denial-of-service attacks, are...

Cyber Threats Come From All Angles in The Financial Services Industry

As data breaches target all sectors of society, cyber threats to financial institutions continue to garner especially close scrutiny due to the potential damages suffered by both the institution itself as well as its customers. According to a 2014 news article, the Federal Bureau of Investigation estimated that more than...

Damn Data: Security Analytics & Big Data

There, I did it: I finally wrote a security blog with a reference to Internet sensation Damn Daniel. While I’m under no illusions that this blog will have the love/hate, viral impact of Daniel and his white Vans, there seems to be a love/hate relationship between organizations and their data....

Data Rich & Intelligence Poor

Insider Threats and the Pharmaceutical Industry This week I traveled to New Jersey to lead discussions with security leaders in the pharmaceutical industry. Our conversations were focused on insider threats and what pharmaceutical companies are doing to better protect themselves. The pharmaceutical industry generates a vast amount of valuable intellectual...

Five keys to addressing insider threats

On Wednesday March 30th, 2016 from 10:00 AM – 11:00 AM PDT Forsythe and Securonix will be conducting a webcast. John Pirc, Director, Security Solutions, Forsythe and Brian Contos, Vice President, Chief Security Strategist, Securonix will be the speakers. REGISTRATION The webcast will cover insider threats. Cyber attacks carried out by nation-states...

How to keep your highly skilled and paid security team happy and engaged

The demand for skilled information technology (IT) personnel (including cyber security professionals) is at an all-time high, particularly after the publicized breaches of global companies that have resulted in the exposure of millions of sensitive files. A recent study by BeecherMadden, a leading global recruitment firm observed a noticeable rise...

Weaponizing Data

In this video, Terry Roberts from CyberSecurityTV.net speaks with Brian Contos, Securonix’s Chief Security Strategist, about some of the trending topics from RSA 2016. Weaponizing Data Low-contrast Enemies such as Malicious Insiders Security Analytics Predictive and Prescriptive Analytics