Ian Thornton-Trump

A new year and new problems

Lou Covey

We open a new year and a new season with our friend, Ian Thornton-Trump, chief information security officer at the MSSP Inversion6 and in 30 minutes we take on some pretty meaty subjects.
First, we discuss how China strategically infiltrated technology systems in the US and other countries as a geopolitical message rather than attacks. He discusses the challenges of securing complex, interconnected systems and the need for proactive defense.
Next we review the rise of corporate power and influence and how the increasing wealth and influence of individuals like Elon Musk is disrupting the traditional balance of power in democracies. The ethical concerns around wealthy individuals wielding disproportionate political influence could result in something the oligarchs are not expecting.
Finally, we review potential trade wars and the possibility of Canada and Mexico joining the BRICS alliance.
2025 is going to be bumpy but very interesting.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...
Security expert collapsed from exhastion

Breach fatigue or too big to fail?

Lou Covey

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...
Cyberint midyear report shows declinen in ransomware attacks per victim

Have we reached peak ransomware?

Lou Covey

Cybercrime reports flowing out of marketing departments still highlight the danger of ransomware. However, a closer look at the numbers reveals a much different story and poses the question: Have we reached peak ransomware?

Last year, ransomware attacks hit all-time highs with paid ransoms exceeding $1.1 billion and attacks exceeding 5000, according to FBI and Interpol reports. However, looking at midyear reports from Cyberint, SonicWall and Check Point and a dozen others, attacks and ransoms paid have crashed. Still, the crime is not to be discounted, and industry recommendations are to double down on efforts to combat the “scourge”.

There are three reasons why the ransomware industry is hitting a wall.

Law enforcement agencies, working In cooperation, have found the means to identify and shutdown ransomware gang operations around the world.
Potential victims have learned hard lessons regarding the gangs’ willingness and ability to decrypt data, and becoming repeat targets. They are deciding in greater numbers to ignore ransom demands, cutting into revenue streams.

The “honor among thieves” philosophy does not relate to these criminals. Ransomware service providers are stiffing their affiliates, causing a fracturing of the criminal industry into multiple, independent gangs.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here
Read more...
Data thefts keep rising in spite of investment in security tools and services

Do corporations really care about your security?

Lou Covey

“Your security is important to us,” is a common phrase on corporate websites and emails, usually after some data breach that affects customers. To prove that statement, corporations invest billions of dollars in the cybersecurity industry. Most market projections say the industry is worth about $180 billion. About 15 percent of that market goes to data security. But all the indications are that we are losing the war in personal identity security That leaves is with the question: Do corporations really care about customer security?

Probably not

US Department of Health and Human Services reported recently that. in the US, there have been 2,213 breaches since 2020, with 152.1M affected individuals. That is almost half of the American population. But that is just breaches involving medical data.

The FBI reports, in the same period, more than 350 million stolen personal information records, exceeding the known population of the country. Worldwide, the number of personal identity information (PII) records exceeds one billion people.

So how bad is it? “I always tell people assume your social security number has been breached. Just assume that,” said John Meyer, senior director for Cornerstone Advisors, an organization providing security consultation to financial organizations.

So we are spending tens of billions of dollars to protect data from exfiltratation on almost a weekly basis from attacks bypassing current defenses. Is it worth the investment? Does protecting that data even matter?

Well, yes… sort of

Data security professionals say it is and it does. Communications, industry intellectual property, state secrets, and control of crucial systems must still be protected. Most professionals we talked to cite ransomware attacks as the primary reason for investing in security precuts and services.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...