Top 10 Cyber Security Trends for 2018

CybeRiskBlog, Cybersecurity

cyber security trends

2017 was once again a turbulent period for the cyber security sector. Data breaches affecting the health-care sector and over half the population of the United States, the co-opting of hundreds of thousands of Internet of Things (IoT) devices in massive Distributed Denial of Service (DDoS) attacks, and the emergence of ransomware as an enduring threat and money-spinner for cyber-criminal networks were just some of the developments seen over the past twelve months. As the holiday season approaches and the year draws to a close, it’s time to put the spotlight on the Top Cyber Security Trends and the issues and threats likely to feature prominently in the information security landscape for 2018. Top 10 Cyber Security Trends for 2018 … Read More

The Active Cyber Defense Certainty Act – What is it and What are the Pros and Cons?

CybeRiskBlog, Cybersecurity

Active Cyber Defense Certainty Act

Until very recently for computer users in the United States, taking steps to strike back proactively at hackers has been a risky strategy, in legal terms. Specifically, the Computer Fraud and Abuse Act (CFAA) of 1986 prohibits individuals from taking retaliatory/defensive actions against hackers or cyber-criminals, other than preventative protective measures, such as using ant-virus software or anti-malware. But in October 2017 – as a part of the year’s Cyber Security Awareness Month – politicians Tom Graves (a Republican Party member of the U.S. House of Representatives, representing the state of Georgia) and Kyrsten Sinema (a Democratic Party Representative, from Arizona) formally introduced a new piece of legislation designed to extend the powers of victims of cyber-assault beyond the limits … Read More

General Data Protection Regulation or GDPR

CybeRiskBlog, Cybersecurity

GDPR

With information having developed into an asset equal to or even more valuable than conventional currencies, organizations across the globe are engaged in an ongoing race to acquire and exploit more data – often with little regard for the people that they’re collecting this information from. In an effort to strengthen up and unify legislation regarding online privacy, consumer rights, and data protection across the continent, officials of the European Union (EU) approved a draft proposal covering over 90 articles on customer data collection and security on April 27, 2016, with the aim of improving customer privacy for European citizens. This new EU privacy policy was formalized as the General Data Protection Regulation (GDPR), which was issued in May 2016 … Read More

Gray Hat Hackers and the Gray Areas of Security Vulnerability Reporting

CybeRiskBlog, Cybersecurity

Gray Hat Hackers

While the criminal exploits of black hat hackers and the beneficial, officially sanctioned and/or independently commercial activities of white hat hackers gain a lot of attention and publicity, the work of those who ply their trade as independent security researchers and sometime contractors in the capacity of gray hats remains largely unsung – and often problematic. Much of the difficulty lies in the fact that the work done by so-called gray hat hackers is largely unauthorized, and that the activities in which they engage – however well-meaning in intent or beneficial in effect – may stray into areas which actually contravene the letter of the law, or may be sufficiently contrary to the spirit of the law that they can … Read More

The Security vs Customer Experience Dilemma – What Comes First in Software Design?

CybeRiskBlog, Cybersecurity

Security and Customer Experience

The digital economy of information exchange, electronic transactions, targeted content, and real-time communications is a customer-centric ecosystem in which satisfying the consumer is a dynamic process, capable of making or breaking the success of a commercial enterprise. Self-service, rapid fulfillment, and ease of access are paramount to the customer experience (CX) – but the mechanisms required to make these services work may expose corporate networks to unmanageable traffic loads, and put a strain on enterprise resources at any number of levels. Security is a consideration which must be factored into the delivery of goods and services in the consumer-centered economy. In the design of websites, eCommerce portals, self-service hubs, and other online presence points, business owners must face the dilemma … Read More

Securing Mail Relay is a Priority For Any Enterprise Security Program

CybeRiskBlog, Cybersecurity

Securing Mail Relay

Despite advances in telecommunications which have made real-time exchange media like video chat and Instant Messaging available, email remains one of the principal methods of establishing and maintaining personal and business contact. Individual and corporate identities and reputations may hinge on the way in which email communications are perceived by their recipients – in terms of content, etiquette, and relevance. Because of their central role in corporate affairs – and because of their potential to reach multiple potential victims – mail servers are often targeted by cyber-criminals and saboteurs. So securing mail servers and securing mail relay should be a priority consideration in any enterprise security program. Securing Mail Relay – The Menace of Spam Besides its capacity to annoy … Read More

Penetration Testing – The Connection Between Pen-Testers and Lockpicking

CybeRiskBlog, Cybersecurity

penetration testing

In an environment where innovation and collaboration are as much a part of the cyber-criminal ecosystem as they are a part of the tool-kit of the security professionals who must manage it, there’s a need for rapid response, real-time interventions, and awareness of the real-world applications and threat vectors used by today’s cyber-criminals. This is why some form of stress or penetration testing is a necessary factor in enabling organizations to maintain a robust security posture. Traditionally, pen-testers have had to think and act like hackers in order to fulfill their remit – and it’s no coincidence that many in the profession have a background which takes in at least some aspects of the darker side of Information Technology. With … Read More

The Chief Information Security Officer – What Role Does the CISO Play Today?

CybeRiskBlog, Cybersecurity

Chief Information Security Officer

With a job title as varied as the organizations which define it – chief security officer (CSO), security manager, chief security architect, information security manager, or corporate security officer, to name a few – today’s Chief Information Security Officer (CISO) is also increasingly called upon to wear an alternating series of hats, in negotiating the intricate web of enterprise security and corporate hierarchy. While overseeing the policies, tools, and practices that safeguard enterprise cyber-security, the CISO is simultaneously required to speak the language and enact the practices of the business arena. So anyone occupying this position must tread a wary and complex path, in order to fulfill their remit. As so much hinges on a successful tenure for the CISO … Read More

Financial Sector Cybersecurity – Does Regulatory Compliance mean we are secure?

CybeRiskBlog, Cybersecurity

financial sector cybersecurity

Simply in terms of good business practice, banks and other institutions in the financial sector have an obligation to safeguard the privacy and information of their customers, protect their assets, and provide restitution in cases where it’s justified. But throughout the world, these obligations are also enshrined in law and enforced through various sets of legal and procedural guidelines, criteria and specifications for regulatory compliance, and fines or penalties for deviating from any of these. The laws and compliance regimes for financial sector cybersecurity may be in place – and financial institutions may be taking steps to meet all of the conditions they lay down – but it’s open to debate whether simply adhering to the demands of regulatory compliance … Read More

Blockchain and Virtual Currency – Origins of the Cryptocurrency “Boom” and Some Murky Realities

CybeRiskBlog, Cybersecurity

Blockchain

Attention – both positive and negative – continues to be drawn to the emerging blockchain technology, and its potential to disrupt and transform the way we do business, and the ways in which cyber-security may be enforced and deployed. Much of the negative attention has been focused on the blockchain’s application in financial circles – most especially in the proliferation of so-called virtual or “cryptocurrencies” being traded outside the jurisdiction of traditional regulatory frameworks. As recently as last week, federal authorities in the United States shut down the operations of one of the highest ranking virtual currency traders (the Bitcoin platform BTC-e), in a move that highlights the need for greater oversight and governance in at least some aspects of … Read More