network

Mining data is daunting but crucial

The cybersecurity industry seems addicted to research but isn’t all that good at it. Mining the massive amount of data produced is daunting but crucial to everyone.

Surveys and studies are an important part of marketing form the cybersecurity industry. Cyber Protection magazine receives a lot of them. We read them all. In the two months before the RSA Conference, more than one a day came into our inbox. However, they are not a great source of independent data and insight.

Ignoring the cherry-picked data highlighting a particular company’s product or service, there are a few nuggets that, taken together, produce some interesting insights. Out of 60+ reports, we took a pass on any that were repetitive, were suspect methodologically, or effectively plagiarized from another source. We chose to look at seven with a solid methodology, representation of industry-wide concerns, and originality. The reports came from Dynatrace, Black Kite, SlashNext, Metomic, Originality AI, Logicgate, and Sophos. We found three common themes: The impact of AI on security, government regulation compliance, and understanding of security concerns on the C-suites and board levels.

Understanding security issues.

Almost every study has a common complaint. CISOs say application security is a blind spot at the CEO and board levels. They say increasing the visibility of their CEO and board into application security risk is urgently needed to enable more informed decisions to strengthen defenses.

However, Dynatrace’s study said CISOs fail to provide the C-suite and board members with clear insight into their organization’s application security risk posture. “This leaves executives blind to the potential effect of vulnerabilities and makes it difficult to make informed decisions to protect the organization from operational, financial, and reputational damage.”

Recent news shows the study may have a point. Marriott Hotels admitted that a 2018 breach was the result of inadequate encryption of customer data. In 2018 the company claimed their data was protected by 128-bit AES encryption when customer identity was only protected by an outdated hashing protocol. One can imagine the discussion between the CEO and the IT department:

CEO: is our data encrypted?
IT manager: Yeah, sort of.
CEO: OK, good enough

If the CEO doesn’t understand the difference between a hash and AES encryption, that’s a problem.

And there many be evidence that ignorance is widespread. Apricorn reported that the number of encrypted devices in surveyed companies had dropped from 80 percent to 20 percent between 2022 and 2023. Some of that could be attributed to work-from-home (WFH) growth in companies. It is also likely that companies over-reported what was encrypted simply because they did not understand what “encryption” meant. Once they learned the meaning, adjustments were made.

That lack of a foundational security technology could be a reason for the devastating growth in ransomware in the past two years.

This content is for Free and Premium members only.
Login Join Now
Read more...

The Dynamic Duo – Why Modern Businesses Need the CIO and CISO to Collaborate

For any cybersecurity or data protection strategy to succeed, organisations need to rely on strong internal collaboration and communication processes. In particular, the CIO/CISO dynamic can have a significant impact on both short- and long-term decision making, from strategic investment decisions to leading the response to security incidents.

This content is for Free members only.
Login Join Now
Read more...

GDPR and the need for Cyber Insurance in Europe

GDPR, with its rigorous data protection standards and hefty fines for non-compliance, has heightened awareness about data privacy and reshaped the demand for cyber insurance.

Cyber insurance offers a financial safety net that can help organisations mitigate the potentially devastating financial impacts of cyber incidents, including data breaches, ransomware attacks, and other forms of cybercrime.

Organisations should consider cyber insurance as an integral component of their risk management strategy, particularly given the escalating landscape of cyber threats and regulatory requirements.

This content is for Free and Premium members only.
Login Join Now
Read more...

Data Security Posture Management (DSPM) Explained

In 2022 Gartner (who else?) coined a new term: Data Security Posture Management (DSPM), a new, data-centric approach that gives security teams full visibility into cloud environments. Through DSPM, security teams can focus on securing the "crown jewels" of their data.

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Read more...

Social media hangs itself in TikTok legislation

The debate over the appropriateness of the Congressional action against TikTok can be debated for a long time and probably will until the Senate takes action—which could be weeks. What is less debatable is TikTok’s, and pretty much all of the social media industry’s contribution to the situation. In essence, social media has hung itself with its own lifeline.

The industry has long embraced Section 230, a section of Title 47 of the United States Code that classifies them as part of the telecommunications industry. That particular law immunizes social media platforms and users from legal liability for online information provided by third parties. The section also protects web hosts from liability for voluntarily and in good faith editing or restricting access to objectionable material, even if the material is constitutionally protected. These protections do not apply to what is traditionally known as “the media.” That is an important distinction.

The FCC also regulates related to the foreign ownership of telecommunications companies, broadcast, and cable companies, in that it is not allowed. If TikTok expects protection under Section 230, it has to abide by all the FCC regulations, including ownership. In that case, the legislation is consistent with US law.

News media or Telecom?

However, the CEO of TikTok has made the case that the legislation infringes on the First Amendment rights of the company, creators, and users because… wait for it … TikTok is a major source of news for users. In other words, it is a news medium. According to TikTok, 43 percent of users rely on the app for daily news. But that sets up an entirely different problem.

Print, broadcast, and cable media are bound by ethics and laws to print truth. If they knowingly publish defamatory and untrue information, they can be sued by the injured party. That was most recently and famously demonstrated in the lawsuits against Fox News and Rudy Guiliani for intentionally spreading lies about election technology related to the 2020 US election.

Those same lies were and still are spread on social media platforms, including TikTok, with impunity under the protection of Section 230. But if they are a news medium, the protections of Section 230 go away and TikTok and creators who spread disinformation can now be held accountable for libel and slander.
Social media companies can adjust algorithms limiting what kind of information can be distributed on their networks and they reluctantly apply those restrictions when they are pushed to. But they can’t be sued for disseminating that information under Section 230. If they

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Read more...

Like Digital Cicadas, Cybercriminals Lie In Wait Before Unleashing Their Presence

A curious parallel can be drawn between cybercriminals and the intriguing phenomenon of Cicadas. Akin to the periodic insects that emerge from the ground after years of dormancy, cybercriminals often resurface with renewed vigor, unleashing their disruptive activities on unsuspecting organizations.

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Read more...