• Aug 01
    2017
    Nearly a year ago, I wrote a blog post about how criminals are changing their approach to cybercrime. They are increasingly well capitalized, and they are investing resources in research and development, both in the areas of social engineering and the technical investigations of system vulnerabilities. Since I wrote that blog post, the criminals have continued to change. Cybercrime looks different today than it did a year ago. It will ...
  • Jun 13
    2017
    If you’ve ever taken a trip to Paris and found your two years of undergraduate French to be utterly useless, you have encountered the training transfer problem. Your French classes may have been excellent and your teacher dedicated, but once you left school (or even the course), the environment encouraged skills decay. The transfer of training, i.e., the application of new skills back on the job, depends more on post-training ...
  • May 09
    2017
    The 2017 Data Breach Investigations Report is out. Verizon Enterprise Solutions performs a service to the community by publishing this report every year. It is one of the most comprehensive reports of its type that I have ever seen. This year’s compilation covered 42,068 incidents and 1,935 breaches. I advise you to visit http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ and download the entire report, but I wanted to pull out one or two highlights that ...
  • Apr 19
    2017
    A recent opinion piece in Computerworld by Ira Winkler asks, “What prevents breaches: process, technology or people? One answer is PC, and one is right.” Most people — and most security experts — when asked the most important element in cyber security will say “people.” Winkler says it’s not people, it’s process: “Before you can focus on the people in a security program, you must be able to define exactly ...
  • Apr 14
    2017
    In March, the U.S. Senate voted to roll back broadband provider privacy regulations promulgated by the FCC. This means ISPs will not be prohibited from selling customers' web-browsing histories and other data without their permission. In terms of your life on the web, there are three things you should understand about this development: It’s largely symbolic; the privacy regulations had not yet gone into effect, so the rollback is unlikely ...
  • Apr 04
    2017
    There are millions of mobile apps available now through the Apple App Store, Google Play, and Windows Phone Store. But the major commercial app outlets are only part of the story. Increasingly, organizations are harnessing employee connectivity by creating their own proprietary mobile apps. Organizations find that developing a mobile app is a lot like developing a traditional desktop app, in that best practices include start with security in mind, ...
  • Feb 28
    2017
    Stephen Cobb, writing in December for WeLiveSecurity, said there is currently a global shortage of one million cyber security workers. Cobb, who does regular surveys on this subject, said the US alone needs something like 200,000 more people skilled in cyber security. These are not just people that IT managers fantasize about hiring. They are funded positions that remain empty because there aren’t enough qualified applicants to fill them. Cobb ...
  • Dec 15
    2016
    Any experienced executive will tell you that it is a major challenge of management to control the centrifugal forces at work in an organization — to make sure that the parts are contributing to the organization’s mission rather than going off on their own. Where is the centrifugal force greatest? In many organizations, it’s IT. In IT, it’s especially easy to displace the organization’s mission with a project mission. The ...