Key Security Trends in the Verizon Data Breach Investigations Report

A Q&A with David Hylender

2017 marked the tenth year for the Verizon Data Breach Investigation Report, an invaluable resource for understanding the current landscape in cyber security. This year 65 organizations from around the world reported 1,935 confirmed breaches and 42,068 data loss incidents. I asked David Hylender, senior risk analyst at Verizon Business, about the findings and key takeaways from this most recent edition.

Continue Reading

Popcorn Time: A New Scheme in Ransomware

A Q&A with Asaf Cidon of Barracuda

The recent reports about Popcorn Time—a ransomware attack that involves a Ponzi scheme encouraging targets to in turn spread the malware to contacts—show that criminals are becoming ever more creative in their approaches to cybersecurity exploits. I spoke with Asaf Cidon, VP of Content Security at Barracuda about Popcorn Time and what companies need to know about the current threats from hackers.

Continue Reading

Ransomware: What Can Go Wrong, Might

Q&A with Chris Novak of Verizon

Even as public awareness around ransomware grows, many companies find they are still unprepared for this malicious exploit when it hits. Often, organizations find that despite their best intentions to cooperate with the perpetrators, they still may not get their data back. I talked to Chris Novak, global director of the RISK Team at Verizon Enterprise Solutions, about some of the pitfalls associated with this increasingly common crime.

Continue Reading

WannaCry and Why the Surprise Ransomware Attack Shouldn’t Have Surprised Anyone

A Q&A with Matt Ahrens, The Crypsis Group

Last week, the devastating WannaCry attack— considered unprecedented in its scale and speed—hit more than 230,000 computers in 150 countries, including the National Health Service, FedEx, Deutsche Ban and LATAM Airlines, among others. I asked Matt Ahrens of The Crypsis Group about the attack, what made it so dangerous and what it means for organizations trying to improve their cyber security posture.

Continue Reading

Ransomware v2: Facing the Latest Cyber Security Threats

A Q&A with Winston Krone of Kivu Consulting

There’s no doubt that ransomware attacks are on the rise and they’re becoming more insidious. I spoke with Winston Krone, global managing director of Kivu Consulting about what the latest version of ransomware looks like and what risk managers should do if it strikes their organization.

Continue Reading

Ransomware Dos and Don’ts

A Q&A with John Mullen of Lewis Brisbois

In recent months, ransomware attacks have become more frequent, particularly in the healthcare space. While these attacks with their demand for payment give their victims few options for responding, companies can still prepare themselves to act quickly and effectively. Better yet, they can avoid ransom-seeking malware in the first place with sound security policies. I spoke with attorney John Mullen of Lewis Brisbois about best practices.

Continue Reading

Paying Ransom

RansomwareA Q&A with Luke Emrich of RSM

Recently, a lawyer contacted us, inquiring about how to find and obtain bitcoins for a client’s data that was being held ransom. As ransomware becomes more common, more organizations will need to ask hard questions about how and when to pay off criminals to protect their data. I spoke with Luke Emrich, security and privacy supervisor at RSM US about this growing phenomenon and what organizations need to know.

Continue Reading

Don’t Ring the (False) Alarm: When a Data Loss Event Isn’t a Breach

A Q&A with Darin Bielby and Jeremy Batterman of Navigant Consulting’s Information Security & Investigations Practice
During a recent Risk and Insurance Management Society (RIMS) panel discussion, Navigant Managing Director Darin Bielby asserted that 50 percent of the organization’s information security forensic investigations yield evidence that enables legal counsel to counsel companies that a data breach did not occur. These findings typically demand no further action or notification about the event, though some organizations proceed with additional precautionary measures. I talked with Bielby and his colleague Jeremy Batterman about the reality of data privacy events and what forensic investigators are seeing.

Continue Reading

Ransomware: A Law Enforcement Perspective

Ransomware medA Q&A with Benjamin Stone of the FBI
It’s becoming an increasingly common story: Cyber perpetrators lock systems down with malware and then demand payment to release them. I asked Benjamin Stone, Supervisory Special Agent of the FBI’s Cyber Criminal Squad in Philadelphia, about ransomware and current conditions for cyber criminal activity.

Continue Reading

Zero-Day Malware Worries

A Q&A with Greg Wasson of ICSA Labs
The term zero-day malware refers to threats that take advantage of existing but unknown (to the owner or developer) loopholes in the system. I spoke to Greg Wasson, program manager at ICSA Labs, about zero-day vulnerabilities and the risks they pose for companies.

Continue Reading

No more posts.