Blog Layout
Down the Cyber Rabbit Hole
Some aspects of our lives have not translated so well from the physical to the digital. I want to share a few, so as you look at your life, company policies, you get a perspective to help shape a way to protect yourself in #cyberspace. Let's go down the #cybersecurity rabbit hole, shall we?
In reflecting on this week’s entry, it has been apparent throughout my life the African proverb, “It takes a village to raise a child,” is so true. I think this is not true just for children, but for our very survival; whether we want to admit it or not, we rely on each other for our very existence. From the time we enter this world until death, we have others who care for, hopefully, nurture, and support us to reach our potential. This web of connectivity is the very fiber that makes us thrive even under difficult circumstances like COVID. It is also the backbone of why we have adopted and utilize the world wide web, i.e., the internet. This technology has allowed us to make an already small world smaller and more intimate and personal in ways we are just discovering.
However, for all its ability to connect us and create relationships halfway across the world, it’s challenging too. Some principals have not translated so well from the physical to the digital. I want to share a few, so as you look at your life, company policies, you get a perspective to help shape a way to protect yourself.
Nothing is more appropriate to help share these concepts than Lewis Carroll’s “Alice in Wonderland.”
1. Identity. “Who in the world am I? Ah, that’s the great puzzle.” – Alice This is a question that should lead every online interaction. An email address or online profile does not verify who is on the other end of any internet communication. There are tools, e.g., two-factor authentication like a pin and password, to help provide greater assurance, but be clear, it helps, but nothing is genuinely full proof. The best way to try to stay alert, look for how a person usually communicates. Do they typically send communication with lots of spelling errors? Are there words they never would use? These sometimes can help you create more confidence in whom you are communicating. Of course, it never hurts to just pick up that old telephone and call to confirm. The offense is sometimes the best defense.
2. Integrity. “I am not crazy; my reality is just different from yours.” -Chesire Cat In the world of “Fake News,” we’ve gotten a glimpse of this timeless wisdom from Lewis Carroll’s Chesire Cat. In reality, these alternate perspectives run rampant on the internet and even within our organizations. One thing to always be mindful of is the impact the lack of integrity with information can have on you personally and corporately. The basis of every action is a decision, and decisions are based on information. Be clear on where your sources are and if you are the source, establish protections to ensure this data maintains it’s value to you and your organization. If you are looking at this personally, be careful what you post. Think a bit like Chesire Cat; you may be happy to share your new car online, but a criminal may be pleased because it is something they now can steal. Some things require detailed work in an organization, and this is one, data flows are king. Know where critical information flows and who has access from creation to purging.
3. Accountability. “There might be some sense to your knocking,” the Footman went on, without attending to her, “if we had the door between us. For instance, if you were *inside,* you might knock, and I could let you out, you know.”- Footman This is a bit of a problem for Alice, isn’t it? This is true for most companies and individuals in regards to protection. You set up the “door” of cyber protections between you and a potential attacker and assume if someone breaches the door, the expectation is someone should be held accountable. Just like in this passage, the reality is stranger than fiction. In fact, in most jurisdictions, unless you are a huge organization, e.g., a Sony, Target, or Equifax, you don’t get that support. In reality, you hire your own investigative team, and you find out how to get the hacker caught and brought to justice if found. Yes, in our interconnected world, you are the victim and the person having to find your own justice. Unfortunately, this is a rabbit hole; I wish I didn’t have to share if you, unfortunately, fall down it. The information is high-level to point you in the right direction of things to consider. I invite you to take a free risk assessment or reach out to one of our Advisors to help you learn more and strategize on protecting yourself and your organization. Thank you for reading, and I invite comments and ask you to share. We are all in this together..#Weareone #covsec
However, for all its ability to connect us and create relationships halfway across the world, it’s challenging too. Some principals have not translated so well from the physical to the digital. I want to share a few, so as you look at your life, company policies, you get a perspective to help shape a way to protect yourself.
Nothing is more appropriate to help share these concepts than Lewis Carroll’s “Alice in Wonderland.”
1. Identity. “Who in the world am I? Ah, that’s the great puzzle.” – Alice This is a question that should lead every online interaction. An email address or online profile does not verify who is on the other end of any internet communication. There are tools, e.g., two-factor authentication like a pin and password, to help provide greater assurance, but be clear, it helps, but nothing is genuinely full proof. The best way to try to stay alert, look for how a person usually communicates. Do they typically send communication with lots of spelling errors? Are there words they never would use? These sometimes can help you create more confidence in whom you are communicating. Of course, it never hurts to just pick up that old telephone and call to confirm. The offense is sometimes the best defense.
2. Integrity. “I am not crazy; my reality is just different from yours.” -Chesire Cat In the world of “Fake News,” we’ve gotten a glimpse of this timeless wisdom from Lewis Carroll’s Chesire Cat. In reality, these alternate perspectives run rampant on the internet and even within our organizations. One thing to always be mindful of is the impact the lack of integrity with information can have on you personally and corporately. The basis of every action is a decision, and decisions are based on information. Be clear on where your sources are and if you are the source, establish protections to ensure this data maintains it’s value to you and your organization. If you are looking at this personally, be careful what you post. Think a bit like Chesire Cat; you may be happy to share your new car online, but a criminal may be pleased because it is something they now can steal. Some things require detailed work in an organization, and this is one, data flows are king. Know where critical information flows and who has access from creation to purging.
3. Accountability. “There might be some sense to your knocking,” the Footman went on, without attending to her, “if we had the door between us. For instance, if you were *inside,* you might knock, and I could let you out, you know.”- Footman This is a bit of a problem for Alice, isn’t it? This is true for most companies and individuals in regards to protection. You set up the “door” of cyber protections between you and a potential attacker and assume if someone breaches the door, the expectation is someone should be held accountable. Just like in this passage, the reality is stranger than fiction. In fact, in most jurisdictions, unless you are a huge organization, e.g., a Sony, Target, or Equifax, you don’t get that support. In reality, you hire your own investigative team, and you find out how to get the hacker caught and brought to justice if found. Yes, in our interconnected world, you are the victim and the person having to find your own justice. Unfortunately, this is a rabbit hole; I wish I didn’t have to share if you, unfortunately, fall down it. The information is high-level to point you in the right direction of things to consider. I invite you to take a free risk assessment or reach out to one of our Advisors to help you learn more and strategize on protecting yourself and your organization. Thank you for reading, and I invite comments and ask you to share. We are all in this together..#Weareone #covsec
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
