Evolving Enterprise Cyber Security Challenge: The Lack of Professional Resources and the Impact on the Organization

CybeRiskBlog, Cybersecurity

Enterprise Cyber Security

In what’s been described as an “existential threat” to enterprise, national, and even global security, the past few years have seen a continuous drain on the pool of enterprise cyber security talent. Figures from 2016 confirmed that 86% of companies reported a shortage of professionals available to fill the growing need for skilled information security personnel. And a study conducted by the Enterprise Strategy Group (ESG) in 2017 cited 70% of cyber security professionals as saying that the skills shortage has had an impact on their organization. More worrying than this was the claim by 45% of organizations that there was “a problematic shortage of cyber security skills.” This dearth of talent is occurring at a time when cybercriminal networks … Read More

Cryptojacking – What is it and How Can it Co-Opt Your Devices?

CybeRiskBlog, Cybersecurity


The recent discovery of the Loapi mining Trojan – a multi-faceted piece of malware with potentially device-killing consequences for users of Android hardware – has thrown the spotlight onto an emerging trend in malicious software design. This involves the engineering of malware code aimed at co-opting the system resources of a victim’s hardware, for the purpose of mining cryptocurrencies. This process has been dubbed “cryptojacking”, and its methodology and implications for cyber-security will form the basis of discussion for this article. Cryptojacking – Incentives for Bad Behavior Frenetic activity continues in the cryptocurrency sector, with recent dramatic hikes and plunges in the value of Bitcoin and other denominations hitting the mainstream news. With such wild fluctuations and the relative immaturity … Read More

What is Cyber Resilience and Why Is It Important to My Company?

CybeRiskBlog, Cybersecurity

Cyber Resilience

Even with the best will in the world, the most comprehensive and stringent policies, and the latest and most powerful tools and techniques, eliminating risk in the corporate environment remains an impossibility. It’s not even necessarily a desirable state of affairs, as a certain amount of risk must be present to inspire and bolster innovation and to promote enterprise agility. So rather than adopting an all or nothing approach to the assessment and management of risks and the enforcement of threat management and cyber-security policies, a more adaptable, far-reaching, and forward-thinking mindset is required in order to maximize the benefits and minimize the negative aspects of the digital landscape. It’s in this regard that the philosophy of cyber resilience comes … Read More

Top 6 Reasons to Use a VPN

CybeRiskBlog, Cybersecurity

Top Reasons to Use a VPN

Besides the ever-present dangers of espionage, hacking, and data theft, users of the internet are now increasingly aware of the fact that their online activities and personal information are no longer necessarily their own. From the trade in purchasing habits and anonymized consumer data to the stockpiling of subscriber information by Internet Service Providers (ISPs), mobile carriers, and government agencies, online privacy faces a growing number of threats and complications. Due diligence, anti-malware applications, and the use of “incognito” browsing modes can only go so far to prevent the possibility of intrusion and surveillance. So growing numbers of internet users are adopting the Virtual Private Network or VPN as a major line of defense for their online privacy and security. … Read More

Darknet – Is it all “dark” or is there some light in there?

CybeRiskBlog, Cybersecurity


For several years now, the internet has played host to a parallel ecosystem – an overlay network of zones accessible only by users in the know with specific hardware or software configurations, special software, authorizations, or protocols. This alternate or “dark” net (Darknet) has typically been used for the peer-to-peer file sharing of content and resources, beyond the restrictions of more formalized channels, or for the setting up of so-called “privacy networks” like Tor, which enable members to conduct their affairs without the scrutiny and governance of law enforcement or established authorities. Having gained a reputation as the online haven for drug dealers, terrorists, people traffickers, cyber-criminals, child pornographers, and miscreants of all kinds, the Darknet might be assumed to … Read More

Top 10 Cyber Security Trends for 2018

CybeRiskBlog, Cybersecurity

cyber security trends

2017 was once again a turbulent period for the cyber security sector. Data breaches affecting the health-care sector and over half the population of the United States, the co-opting of hundreds of thousands of Internet of Things (IoT) devices in massive Distributed Denial of Service (DDoS) attacks, and the emergence of ransomware as an enduring threat and money-spinner for cyber-criminal networks were just some of the developments seen over the past twelve months. As the holiday season approaches and the year draws to a close, it’s time to put the spotlight on the Top Cyber Security Trends and the issues and threats likely to feature prominently in the information security landscape for 2018. Top 10 Cyber Security Trends for 2018 … Read More

The Active Cyber Defense Certainty Act – What is it and What are the Pros and Cons?

CybeRiskBlog, Cybersecurity

Active Cyber Defense Certainty Act

Until very recently for computer users in the United States, taking steps to strike back proactively at hackers has been a risky strategy, in legal terms. Specifically, the Computer Fraud and Abuse Act (CFAA) of 1986 prohibits individuals from taking retaliatory/defensive actions against hackers or cyber-criminals, other than preventative protective measures, such as using ant-virus software or anti-malware. But in October 2017 – as a part of the year’s Cyber Security Awareness Month – politicians Tom Graves (a Republican Party member of the U.S. House of Representatives, representing the state of Georgia) and Kyrsten Sinema (a Democratic Party Representative, from Arizona) formally introduced a new piece of legislation designed to extend the powers of victims of cyber-assault beyond the limits … Read More

General Data Protection Regulation or GDPR

CybeRiskBlog, Cybersecurity


With information having developed into an asset equal to or even more valuable than conventional currencies, organizations across the globe are engaged in an ongoing race to acquire and exploit more data – often with little regard for the people that they’re collecting this information from. In an effort to strengthen up and unify legislation regarding online privacy, consumer rights, and data protection across the continent, officials of the European Union (EU) approved a draft proposal covering over 90 articles on customer data collection and security on April 27, 2016, with the aim of improving customer privacy for European citizens. This new EU privacy policy was formalized as the General Data Protection Regulation (GDPR), which was issued in May 2016 … Read More

Gray Hat Hackers and the Gray Areas of Security Vulnerability Reporting

CybeRiskBlog, Cybersecurity

Gray Hat Hackers

While the criminal exploits of black hat hackers and the beneficial, officially sanctioned and/or independently commercial activities of white hat hackers gain a lot of attention and publicity, the work of those who ply their trade as independent security researchers and sometime contractors in the capacity of gray hats remains largely unsung – and often problematic. Much of the difficulty lies in the fact that the work done by so-called gray hat hackers is largely unauthorized, and that the activities in which they engage – however well-meaning in intent or beneficial in effect – may stray into areas which actually contravene the letter of the law, or may be sufficiently contrary to the spirit of the law that they can … Read More

The Security vs Customer Experience Dilemma – What Comes First in Software Design?

CybeRiskBlog, Cybersecurity

Security and Customer Experience

The digital economy of information exchange, electronic transactions, targeted content, and real-time communications is a customer-centric ecosystem in which satisfying the consumer is a dynamic process, capable of making or breaking the success of a commercial enterprise. Self-service, rapid fulfillment, and ease of access are paramount to the customer experience (CX) – but the mechanisms required to make these services work may expose corporate networks to unmanageable traffic loads, and put a strain on enterprise resources at any number of levels. Security is a consideration which must be factored into the delivery of goods and services in the consumer-centered economy. In the design of websites, eCommerce portals, self-service hubs, and other online presence points, business owners must face the dilemma … Read More