The Truth in the Numbers: Data Breach Analysis

A Q&A with Patrick Florer of Risk Centric Security

While it’s easy to get caught up in the splashiest current news story about a particular breach, analyzing a broader swath of cyber security data can give us a more vivid and sometimes more precise picture of the real risks facing organizations today. I spoke with Patrick Florer of Risk Centric Security about what precisely constitutes a data breach and what the statistics show us.

Read more »

Cyber Risk , , , , ,

Man in the Middle Attacks: A New Line of Defense

A Q&A with Norm Brogdon of Data Stream Protector

Much like eavesdropping, man in the middle (MITM) attacks allow a perpetrator to imperceptibly steal data—a malicious and insidious threat that has been underreported in the media. I spoke with Norm Brogdon of Data Stream Protector about the MITM exploit and how it can be stopped.;

Read more »

Cyber Risk , , , ,

Baseline Security Training for Small Business and Public Entities

A Q&A with Steve Leventhal of SkillBridge®

Almost every organization can benefit from additional training in security matters, but many small businesses and public entities overlook this essential. Steve Leventhal, principal of SkillBridge in Waltham, MA, explains the benefits and considerations of security training.

Read more »

Cyber Risk , , , ,

Ethical Innovation and Big Data Privacy

Guest Author: Jamie Sheller Esq. NetDiligence®

‘Big Data’ may be changing the world but it is not changing American’s belief in the value of protecting privacy.

In one of the few areas of liberal and conservative consensus, Americans stand firmly behind the Fourth Amendment to the Constitution which protects the “right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures.”

Read more »

Cyber Risk , , , ,

Key Takeaways in Newly Released Homeland Security Insurance Industry Report

Guest Author: Vince Vitkowsky, Partner, Seiger Gfeller Laurie LLP
The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) has convened a series of sessions focusing on developing the first-party cyber insurance market.  The most recent session was held on April 7, 2014, and it included representatives from 10 insurance brokers, 10 insurance underwriters, and 10 reinsurers.  On July 22, DHS released its Readout Report of that Session.  The entire 44-page Report, together with the Reports of three earlier sessions, can be found here on the Homeland Security website. The April 7 Session focused on three subjects, and the distilled essence is described below.

Read more »

Cyber Risk , , , , , ,

The Return of HIPAA Audits: What Covered Entities and Business Associates Need to Know

A Q&A with Michael Whitcomb of Loricca
The Department of Health and Human Services’ Office for Civil Rights will resume its HIPAA compliance audit program this fall, focusing on both covered entities and business associates with a limited number of narrowly focused “desk audits” as well as comprehensive onsite audits. I asked Michael Whitcomb, founder and president of the IT security and compliance firm Loricca, Inc., what healthcare organizations need to do in anticipation of this increased scrutiny.

Read more »

Cyber Risk , , , , , , , , ,

Protecting the Point of Sale

A Q&A with Chris Novak of Verizon RISK Team
According to the 2014 Verizon Data Breach Investigations Report, point of sale (POS) intrusions accounted for fourteen percent of the 63,437 sampled data breach incidents. To get a better sense of this threat and how organizations can arm against it, I spoke with Chris Novak, global managing principal of Investigative Response at Verizon RISK Team.

Read more »

Cyber Risk , , , ,

Sizing Up Security Threats

A Q&A with Tom Kellermann of Trend Micro
With a constantly evolving cache of weaponry, cyber criminals always seem to have the edge over their victims. I asked Tom Kellermann, Chief Cybersecurity Officer at Trend Micro for a forecast of the most pressing threats facing organizations in the coming months, and what they can do about them.

Read more »

Cyber Risk , , , ,

Heartbleed: Why Some Experts Are Ringing the Alarm

A Q&A with Chris Novak of Verizon RISK Team
The Heartbleed bug recently hit the headlines with the Canada Revenue Service breach, in which hundreds of social insurance numbers were stolen. Yet despite the media buzz, the long-term ramifications of this vulnerability are not fully understood yet, says Chris Novak, global managing principal of Investigative Response at Verizon RISK Team. I asked him to explain how Heartbleed works and why everyone should be aware of this insidious vulnerability.

Read more »

Cyber Risk , , , ,

SQL Injection Issues: Same Achilles Heel 15 Years Later

A Q&A with Michael Sabo of DB Networks
Every month there seems to be some major company that suffers a catastrophic breach of their network, and the investigation very often confirms that the bad guys exploited a SQL issue. Yet SQL injections have been the method of choice for hackers for more than a decade. To find out why networks are still vulnerable and what companies can be doing to better protect themselves from this risk exposure, I spoke to Michael Sabo, VP of marketing for DB Networks, which creates behavioral analysis technology solutions.
Read more »

Cyber Risk , , , ,