The SolarWinds compromise showed that supply-chain attacks are possible and the ramifications can be tremendously impactful. Other nation states will be investing in efforts to duplicate this success. That makes IT tools, security products, hardware & firmware vendors, and cloud service providers prime targets for…

In the aftermath of WhatsApp’s privacy notification to users, that they will again be sharing data with Facebook, there is still a lack of clarity.  I see a lot of statements from WhatsApp and general chatter regarding what data they will NOT be sharing.  But I have yet to find any specificity on what exact data they WILL be sharing with Facebook. …

Intangibles now account for 90% of the S&P’s total assets and it is no accident that the core of cybersecurity has evolved to protect those aspects of the business.  It is a natural progression for security to align with protecting the most important assets.  This is a crucial element when communicating the value and relevance to…

The cybersecurity field is dynamic and the roles and responsibilities are ever changing.  People coming into the cybersecurity field often expect clearly defined positions and are surprised at the significant variance when looking at job descriptions or talking with professionals. 

It is a chaotic and confusing mess.  But, if you are…

Some important aspects are changing in law enforcement, when it comes to cybercrime. 

In today's video I look at the social aspects within the law enforcement community, the criminal evolution of cybercrime, and the resulting changes in behaviors that are driving fundamental improvements to cybercrime investigations around the globe.

As 2020 comes to a close, we can reflect back on some of the important cybersecurity lessons that are intertwined with the rapidly growing digital cryptocurrency economy.

A recent incident involving city surveillance video data highlights some of the criminal privacy risks of public camera and biometric programs.  Without strong cybersecurity, everyone’s privacy could be undermined by cyber attackers, criminals, and malicious insiders.

What should a CISO do when the executive leadership chooses to ignore critical cyber risks? 

If the C-Suite and board are well informed of imperative vulnerabilities and yet choose a path to ignore security, the CISO is put in a position where they are incapable of effectively managing risk, yet still responsible when incidents…

It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.

Today I discuss the 4 primary reasons why Nation States conduct cyber warfare activities and evaluate that…

The SolarWinds hack has had a significant ripple effect on the cybersecurity community, with over 18k organizations discovered to be severely vulnerable and at the mercy of nation-state hackers.  The security community realized some of the biggest companies, most sensitive government agencies, and critical infrastructure were at risk.  Some…

The cybersecurity industry is consumed with scale and effectiveness of one of the biggest hacks in recent memory.  The emerging narrative and stories are missing important pieces of the puzzle.  The attackers, likely a nation-state, gained unprecedented access to the U.S. government, military, critical infrastructure, and most major…

There is an important transition that is happening with law enforcement’s adaptation to digital currencies.   Authorities are seizing billions worth of criminal’s cryptocurrency and their improving skills are proving crypto is not the safe haven that criminals thought it to be.

I am honored to be among Thinkers360’s Top10 Privacy Thought Leaders and Influencers.  Our digital world is filling with so much information, it represents a growing risk to the privacy and respect of people.  We can have the benefits of innovative technology and still protect the privacy of individuals, so they are…

Even the best security organizations can be hacked!  Watch my message to both the cybersecurity industry as well as those attackers that hacked FireEye and stole the RedTeam tools. 

This skirmish went to the hackers, but the battle continues.

Cyber attackers continue to move down the compute stack with the latest variant of TrickBot now targeting firmware for malicious manipulations.  This is when it gets serious.  The firmware sits below the operating system and is a perfect place for malware to hide from detection or eviction.  It is very tough to accomplish, but if successful, the…

You know those spam calls that threaten money is owed to the IRS and if you don’t pay over-the-phone you will be arrested?  How about the call that the US Immigration will deport you if you don’t pay.  All annoying scams.  But, highly profitable for the organized criminals behind them. 

One of the biggest offenders was an operation based…

The holidays are a time for increased online fraud and scams. All of us need to follow the best security practices to keep our holiday from turning into a digital disaster.

Be smart.  Know that the cybercriminals will attempt all manner of fraud.  Be suspicious.  There are resources available to you if you need help or have…

Governments can still pursue cybercriminals and fraudsters who use cryptocurrency.  China authorities have seized over 4 billion dollars worth of Bitcoin, Ethereum, and several other cryptocurrencies as part of a crackdown on the…

We are surrounded!  Smart devices are everywhere and being integrated into all facets of our lives, from toothbrushes to automobiles.  Entire cities are becoming ‘smart’, as are factories, governments, global retail, freight logistics, and all national critical…