Select Page

Disrupting Advanced Persistent Threats

The Cybercrime Revolution

Introducing CISO Blogs

This Is How All CISOs Should Build a Business Case

 

CISO Perspectives

The Dramatic Evolution of Cyber Insurance

The Dramatic Evolution of Cyber Insurance

Cyber insurance has changed drastically over the past decade. The days of justifying why your organization needs cyber insurance and demonstrating cyber-insurance ROI are a distant memory. In recent years, the discussion around cyber insurance has gone from a small back-room discussion between individuals to involving multiple departments. Cyber insurance is no longer seen as a nice to have—it’s a must have.

The Two Biggest Misconceptions About Zero Trust

The Two Biggest Misconceptions About Zero Trust

“Zero Trust” is a term on the tip of every CISO’s tongue. However, certain misconceptions about zero trust continue to circulate in the cybersecurity community and into board rooms. CISOs in turn must educate their senior executives and directors on what the term means and doesn’t mean. For example, there is no such thing as zero trust products. In addition, implementing zero trust does not make a system trusted. Identifying and dispelling these misconceptions are critical when deciding if a zero trust approach is right for your organization.

Zero Trust: Marketing Buzzword or Realistic Strategy?

Zero Trust: Marketing Buzzword or Realistic Strategy?

Zero trust is not a new concept, but as times change, so too must cybersecurity strategies. The antiquated “trust but verify” model, for example, has proven insufficient. CISOs are now taking a secure by design approach. They don’t trust anyone or anything unless that trust happens through policy-based access control. Make sure people have access to what they need and only what they need, and not more than that. This approach makes sense given the heightened risk of unauthorized data access.

These Risks Are Changing the Threat Landscape

These Risks Are Changing the Threat Landscape

The threat landscape has changed dramatically since the start of the pandemic. Ransomware attacks have sharply increased and shifted in severity from standard to double extortion attacks. As organizations transitioned to a remote workforce, the threat landscape moved into the home, creating a whole host of vulnerabilities. A growing reliance on third parties, including cloud and SaaS services, put access to sensitive data like PII, PHI, and IP outside the corporate firewall. The best way to defend against this new threat landscape is to get in front of these risks. This means security needs to be top of mind all the time.

Are You Doing Enough To Prevent Ransomware Attacks?

Are You Doing Enough To Prevent Ransomware Attacks?

There is no silver bullet when it comes to preventing ransomware attacks. The best way to thwart an attack is to get back to basics. Require multi-factor authentication. Limit access to the network. Implement a zero-trust policy. Run user training programs. These are not the only steps CISOs should take, but they are necessary for building a secure foundation. Threat actors have banded together for decades to engineer attacks, but now it’s the “good guys’” turn to come together, share knowledge, and create processes to mitigate the risk of a ransomware attack.

Ransomware: To Pay or Not To Pay?

Ransomware: To Pay or Not To Pay?

Picture this: you’re a CISO at a hospital rushing from meeting to meeting, fielding calls in between, when suddenly you get the call. Bad actors infiltrated your system and are holding your digital assets for ransom. They’re demanding $500,000 or they’ll release your data. Data recovery isn’t your only concern. Many of these systems are literally keeping patients alive. What do you do?

Women in Cyber

A Conversation with Anne Marie Zettlemoyer

A Conversation with Anne Marie Zettlemoyer

Anne Marie Zettlemoyer is the Vice President of Security Engineering and Divisional Security Officer at Mastercard. She is a cyber strategist with over 20 years of experience and has served as a trusted advisor for Fortune 500 companies, government agencies, law enforcement and security vendors. Anne Marie holds an MBA from the University of Michigan and BAs in Accounting and Finance.

In this spirited interview, Anne Marie equates her cyber career path to a pretzel and tells an inspiring story about the importance of showing up. She also highlights two things vendors need to improve on, discusses the initiatives at Mastercard to stop cyber criminals, and shares the one quality you need if you want to make it in cybersecurity.

A Conversation with Katie Arrington

A Conversation with Katie Arrington

In this interview, Ms. Arrington shares her view from the Pentagon of the pandemic and how the experience mirrors the terrorist attacks on 9/11. She also shares an interesting story about how she got her start in cybersecurity, how FaceTime, telehealth and food delivery apps have become essential services during COVID, and the surprising individuals who inspire her the most.

CISO BLOGS

The Risk of Measuring Risk

The Risk of Measuring Risk

Automated measuring of control effectiveness is a very good idea conceptually. When you can combine control gaps with relevant threat information, you get a very good picture about the actual technical cyber risks your business faces. If done correctly, it provides...

read more
Stagehand: Episode 4

Stagehand: Episode 4

Keith and I left the scene like we found it: the two kidnappers dead on the floor, their shotgun up against the wall, and the rope used to tie up Carl Timmons sprawled out on the floor. We tipped off local law enforcement and were gone before they arrived, leaving no...

read more
SecOps Needs More Democratization, Not Less SOC

SecOps Needs More Democratization, Not Less SOC

An increasing complexity of technologies, as well as an increasing number of failures and attacks followed by an increasing dependency on business goals is changing the way we run Security Operations Centers. I previously discussed the concept of a Fusion Center as an...

read more
Measuring a Cyber Awareness Culture

Measuring a Cyber Awareness Culture

Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...

read more
Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

read more

CISO Sillies

Can You Hear Me Now?

Can You Hear Me Now?

Since the global pandemic chased everyone indoors, Zoom web meetings have become the new normal. We will figure this out. Eventually.

Beware The CISO’s Wrath

Beware The CISO’s Wrath

CISOs have a lot of patience. Patience however is a virtue that can be tested from time to time. As the old saying goes, if you’re not a part of the solution…