Blog Layout
Do We Need to Redefine Trust? A Cybersecurity Perspective
Can I trust you?
This is a tricky one that we need to define better as we look to thwart cyber threats. In the digital era because you have an email or Facebook account and sound nice on the phone doesn’t imply trustworthiness. Unfortunately, that is how majority of our business and social interactions are conducted today. Just to get a context one of the easiest ways for an Insider Threat or an external hacker intending to do harm to get into an organization’s digital jewels are the people. We grow up with a context of “being nice” and our customer service and appraisal systems are built around being of service. We often think, Hey they sound legitimate over the phone? Or surely Physical security had to look at their official ID how else would they get here to me? Well when you are helpful and of service you also tend to be considered unhelpful when you question people’s intent or motive for obtaining information. You are also not being very helpful or responding quickly if you deny information while you check out the veracity of the request. A great example is a real world example given by Kevin Mitnick on Social Engineering. In this example he identifies how in a 15 minute walk home he got to the project manager of a major mobile company during his hacking days and got them to release source code, through exploiting this “being of service model.” I think we are long overdue to question this model in light of the world we now live in digitally. Can I trust you? Can I ? and What does this mean for how we train staff to remain responsive, but vigilant? This is truly a slippery slope, but one all organizations must cross to be successful in cyber protection in a digital era. Organizations seeking to protect information, but define their internal and external trust models. How do I identify and vet, whom we are going to trust and why?
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
