February 18, 2015
February 11, 2015
In response to the ever-increasing number of breaches, including most recently Sony Pictures, The White House has formed the Cyber Threat Intelligence Integration Center to coordinate cyber threat data and assessments. This move is met with both praise and criticism. The frequency and increasing sophistication of the breaches across the private and public sectors leads many to suggest that the government is uniquely positioned to fill this role. Others cite redundancy and inefficiency as characteristic of government intervention and offer little hope that increased government involvement will mitigate the threat.
January 22, 2015
Analysts from the far reaches of the cybersecurity empire remind us of the many challenges we face daily, and some of these will no doubt wreak havoc in 2015 because the threat evolves rapidly to exploit weaknesses we don’t even know exist yet. Other, more predictable threats use proven strategies to exploit known weak links in our organizations. Human links. These are a couple of their stories. (more…)
January 26, 2015
Trouble in the Sandbox
Network security teams use virtual environments, or sandboxes, with their own guest operating systems to allow code to be scrutinized before entry into sensitive areas. If the code is malicious, the sandbox throws it out before it does harm. But sandboxes attract two things, clever kids and cats. Cats move the sand around when nobody’s looking and leave a little something extra, so you know they’ve been there. Clever, industrious kids sit on the edge and patiently move the sand around to suit them. Clever adults do the same thing. (more…)
January 15, 2015
When crossing the streets of Great Britain, it’s hard not to notice the strong encouragement painted on the curb at your feet to “Look Right,” or “Look Left,” depending on the flow of traffic. These directions have an explicit purpose. It’s amazing how many people, especially tourists, are struck by passing cars because they didn’t look in the correct direction. Remember, Britons drive on what Americans consider the “wrong” side of the road, and we are conditioned to look left initially when crossing the street. Fatal mistake for many. (more…)
January 13, 2015
James Franco: National Security Threat
Somewhere near the confluence of American entertainment and North Korean sensitivity, a cyber attack has sparked a national debate and an international incident, with fingers pointed and appropriate responses promised. The Interview has since been released online and in selected theaters, and the unexpected PR generated by the hacking has probably done a great deal to advance the profitability of the film. It even garnered a Presidential nod at a White House press conference. (more…)
December 17, 2014
In fact, you already do. You just don’t get credit for it. Every time you enter the ether, you leave a trace. But you already know that. It’s the reason you face the right ads the next time you cross the threshold. It’s why social media companies work so hard to keep you active on their sites, free of charge. You already know that in those settings where you don’t pay for a product or service, it’s because you are the product. But it’s about to get real (and probably has already). (more…)
December 23, 2014
It’s the night before Christmas. You’ve hung the stockings with care and set out the cookies and carrots. Your organization’s year-end results suggest that you’ve been good, but you better not cry, better not pout, and here’s why: you’re hoping for even more growth in 2015 and Santa’s coming to town. (more…)
December 12, 2014
Cybersecurity is approaching oxygen and water on the list of things we need to survive in this crazy world of ours. The threats are very real, whether deployed by governments around the globe or neckbeard hackers in the window booth at the corner coffee shop. The technology we create to make our lives easier now requires extraordinary vigilance, but it’s not the machines we should fear, as science fiction writers originally thought. The biggest threats seem to be the humans manipulating the good technology for bad purposes, and we can never completely isolate ourselves from them. Or can we? (more…)
December 4, 2014
Have you ever seen a movie you disliked so much that you wanted your money back? Maybe you kept hoping it would get better but finally you just had to get up and leave. We even use the previews to judge the movies by their covers, voting with our wallets to guide movie studios across our discriminating palates.
Now imagine disliking a preview so much that North Korea orders its national army’s cyberwar unit to hack into the Sony Pictures network and create as much chaos as possible without leaving a trail. That’s a strong vote with a big wallet and even bigger repercussions. (more…)
December 1, 2014
Cyber Monday. The masterful creation of marketing professionals, designed to tap your wallet before the turkey and dressing settle in your tummy. Think of the sheer volume of sensitive consumer information that will be wafting through the ether on this day, searching out bargains and tantalizing hackers. Imagine millions of people walking through a big mall with their purses and wallets wide open and you begin to get the picture. But who doesn’t love a deal? And in today’s digital, global, Internet-of-Things, consumption-driven economy, who are we to argue with the ease with which we transact? (more…)
December 9, 2014
Jeremy Hammond. A name you’ve probably never heard of. And he was recently the FBI’s most-wanted cybercriminal. As a hactivist for more than a decade, Hammond breached Stratfor, a security company with clients like Homeland Security and the Defense Department. At one point he knew the credit card information for the United States Marine Corps. Hackers with that kind of chutzpah are few and proud, indeed. (more…)
November 27, 2014
Your organization has weathered some storms, am I right? The valleys between the peaks, when sales slow and payroll weighs heavy on the mind. You’ve hired through the good times and had to cut back in the lean times, but you and Michael have rowed your boat ashore, leaving the roiling seas of fiscal uncertainty behind you. Welcome to Plymouth Rock, Pilgrim. How about some steady quarterly earnings and revenue growth to go with that maize? (more…)
November 19, 2014
Utility companies are tearing up 9th Avenue in Midtown Manhattan, fueling the frustration of cabbies and pedestrians alike. The pasta bowl that is the highway system surrounding Atlanta is almost always under construction, locking traffic up around the clock, it seems. Both examples show the impact of interrupting the flow of traffic. As we build and grow our human presence, infrastructure never seems adequate, but we are always hesitant to change or upgrade because we don’t want to interrupt the flow. We close our eyes and cross our fingers. (more…)
November 6, 2014
The media is not short on cybersecurity horror stories, from Home Depot getting hammered to big bank back room holdups, all by nefarious hackers working from their parents’ basements. Or so it would seem. Truth is, 80% of all corporate breaches find their root cause in employee negligence, not hackers working alone. (more…)
October 23, 2014
Tis the season and all the more reason to correlate Halloween with Cybersecurity. You’ve got the bucket of candy by the door and the neighborhood streets are awash with flashlights and Jack O’Lanterns, so settle in for a harrowing tale of mischief and mayhem. You’ll have to imagine Vincent Price’s voice. Sorry. (more…)
October 16, 2014
Chicks Dig the Front Man
Your sales team has sold the project, and it’s a big one. Kudos to the people people, the extroverts with the skill to reel in the whales as the technical terms from the carefully wrought spec sheet fall trippingly off their tongues. Somewhere somebody’s writing a beer commercial about their sales prowess, but for now you’ve got to get the band back together because you’ve got a show to do. And the lull between projects hasn’t been kind. (more…)
October 9, 2014
The Eyes Have it
Have you ever been banking at an ATM and felt like the people in line behind you were standing a little too close? Or the card swipe at the grocery store? How about the catalog salesperson who asks for your card info AND the secret number. Does a little wisp of doubt ever cross your mind that the whole thing is some elaborate scam? (more…)
September 24, 2014
Deep in the SWAG bag from last month’s conference, next to the pens and sticky pads but well below the cleverly-branded drink can insulators, lurks a quiet but deadly threat to your organization that even the little bottle of hand sanitizer is powerless against. And there are three more just like it hiding at the back of your top desk drawer. And one more in each of your kids’ backpacks. The kids, really? You put the kids at risk? (more…)
September 17, 2014
Remember the novelty of the knock knock joke, the thousands of iterations and puns that could be generated from the simplest of phrases? Orange you glad I asked? It’s all coming back to you, isn’t it? The response always starts with a chuckle, a reward for the cleverness of the wordplay. Near the end of the joke series (because there is never just one) a groan ensues, patience ends, and clever children are banished to the kids’ table or told to go play outside. (more…)
September 10, 2014
If you’ve been following trends in higher education (or sending kids to college), you probably know that we are experiencing an almost post-Sputnik emphasis on science and technology, a national push for more kids to pursue engineering and technology degrees. But is this the death of the humanities? Is there no room for liberal arts in the Silicon Valleys and Alleys of the world? (more…)
September 3, 2014
Cybersecurity is a beautiful thing…
…but is it as beautiful as Jennifer Lawrence or Kate Upton? As always, beauty is in the eye of the beholder, but in recent days, beauty has also been in the hands of the hacker. While you may or may not have nude photos of yourself stored safely in the lofty and presumably secure ether in the sky, unauthorized access of your fully clothed data could leave you just as exposed and vulnerable as Hollywood’s publicists suggest their clients are.
August 5, 2014
According to the global consortium on digital marketing, the headline above should pique your interest with its combination of keywords, adjectives, and promises. You know better than that. The irony, you probably recognize, is that the assumption that such a headline will predictably capture your attention, one supported by lots of data, also contributes to the increased vulnerability of your network. Here are three ways that happens. (more…)
August 12, 2014
It was not that long ago that IT was the young kid who knew how to connect the desktop to the spool printer using the serial cable. Then computers started talking to each other, so the crazy kids had to understand routers and modems, and they ran miles of CAT 5 through the walls and under the floors. Then came servers and websites and metadata, and the growing band of resources became known as the “Folks in IT,” retaining their discrete set of responsibilities that somehow remained separate from the central mission of the organization. (more…)
August 25, 2014
What if life offered a financial safety net, an assurance that the path would be relatively smooth, even if things didn’t play out as planned along the way? What if you could set your business up to benefit from such a structure, promoting current-staff stewardship of your network and data while protecting the same assets and opportunities for the next generation? These questions are especially poignant during the annual budgeting process, and they become part of a more holistic planning process for your organization.
August 1, 2014
It has been reported that nearly 74,000 new viruses or strains were created every day of 2013. Every day. Granted, most of these are readily eliminated or mitigated by antivirus software and proper digital hygiene, but the fact remains that every day new threats emerge, with lessons learned from the previous day’s failures, ready to knock on your door once again. And these are bad actors that manipulate the infrastructure, seem to work only in their personal best interest, and very often show no signs of any redeeming value. Like Congress.
July 25, 2014
Okay, so it’s probably not the CIA you’re thinking of. This CIA is potentially even more vital to the success of your business or organization than the one with the secret agents and covert operations. CIA is an acronym used in the cyber community to characterize security,* and it serves as a good starting point in exploring the important role ICS can play in protecting your team’s vital network infrastructure.
July 10, 2014
That buzzing in your ear punctuated by the tiny sting on the back of your neck serves as a reminder that summer is upon us. We break out the bug spray and even send pesticide-laden trucks into the evening streets to protect us against the onslaught of mosquitoes. Turns out they’re not the only pests on the horizon.
July 18, 2014
If we use social media in the hiring process, does employee presence in that space increase organization vulnerability?
Increasingly, recruiters and employers are using social media to screen candidates. On the bright side, candidates can and are rewarded for the creativity and writing skills they display. The dark side is the overwhelming tendency to dismiss candidates whose expressed views or social habits differ from the employer’s. Like it or not, this seems to be the new normal.
June 30, 2014
As we celebrate our national spirit now 238 years in the making, let’s look nostalgically at the business of yesterday, before markets were global, when deals were sealed with handshakes, and algorithms were just complicated math problems. These were the halcyon days of punchcard data and paper files, Leviathan computers and two-martini lunches.
It was a time of innocence. Like Mad Men with pocket protectors.
Threats were visible, precautions quantifiable. Budget decisions were easier. (more…)
June 19, 2014
Data Yard Sale
eBay recently revealed that in February or March of this year their site was breached and personal information from 145 million of their users was exposed. While frantically changing passwords and circling the security wagons, I sought a cultural correlation from my college Western Civ textbook. You too? Now that’s a coincidence. Here’s what I came up with. (more…)
June 26, 2014
In the world of college football, we have learned never to underestimate the power of a rolling tide. On the political playing field, though, we’re not sure what to make of a rising tide. It has been described as both global warming and climate change, but the inconvenient truth remains that our world is experiencing some rather dramatic short- and long-term changes. Your organization needs to prepare for both. (more…)
June 12, 2014
Meanwhile, Back at the Ranch:
Before the break, our hero and ICS front man was engaged in some of the vital mechanisms of IT security. He was assessing risk, providing forensic services, modernizing legacy applications, slaying dragons, and rescuing damsels in distress. All in a day’s work for an ICS Specialist. Let’s pick up the action with danger hanging in the balance. (more…)
June 5, 2014
IT Security looms large on the world stage. Cyber attacks on commercial and governmental concerns make almost daily appearances in the media. The importance of securing networks and data cannot be overstated, but cyber security suffers a paralyzing lack of star power, a desperate dearth of the glitz and glamour that might elevate our status. Here at ICS, we’ve decided to hitch our wagon to a star.
Enter Tom Cruise as our unsolicited, uncompensated, uninvolved, involuntary, and imaginary spokesperson. His movie roles have been diverse, action-packed, and compelling, and these characters are the faces of our portfolio of services. Dim the house lights and roll the film. (more…)
May 28, 2014
May 21, 2014
It’s 2014. Do You Know Where Your Data Is?
You have racks of servers and migrate data religiously to the cloud and off-site storage. Your IT staff builds a firewall and posts a guard. Your commitment to network security is unparalleled in the industry. That’s the good news. The bad news? Security is always about the weakest link.
Studies suggest that even in the dark ages before tablets and smart phones, more than 60% of your core data was housed on or readily accessible through the personal computers and laptops of your employees, machines that exist in the world beyond your walls, in coffee shops and carpool, hotel lobbies and airport lounges. Imagine how that number has expanded now that we all have exponentially more computing power in the palm of our hands. Your data is everywhere. Are you using protection?
May 14, 2014
Imagine an older Marlon Brando lounging languidly atop your server racks, slicing an apple and waxing poetically about the tyranny of data, while your IT manager, buried up to his chin in untested security procedures and antiquated protocols, an RJ-45 crimper clinched in his teeth, struggles to eliminate the threat of man’s heart of darkness. You can almost hear the whispered prognosis: The Horror, The Horror.
May 5, 2014
April 29, 2014
The human tragedy of a plane crash acknowledged but set aside for the moment, consider the contrasting types of loss generated by similar events. For a business or an organization assessing its risk threshold, the real issue is operational recovery and stability.
Statistical Inevitability and Unanswered Questions
April 22, 2014
OpenSSL, the vehicle through which the Secure Sockets Layer protocol protects most websites that encrypt data, has reminded us again of both the vulnerability and security of open source development. The Heartbleed bug, an accidental code addition about two years ago, exploits the heartbeat option within OpenSSL, a mechanism that allows fluid connectivity between user and server via small, hidden signals or pings. Hackers breach the system by sending false signals that fool a website’s server into releasing sensitive information. Hence the vulnerability.
Heartbleed, though, also demonstrates the security of open source development. While its revelation created initial fear and chaos, the Heartbleed bug was fixed within about four days, largely because lots of eyes were on the prize, each pair of which had a vested interest in the elimination of the Heartbleed threat. Imagine if the SSL vehicle had been proprietary, owned by a quiet company with no taste for conflict or liability. Now that’s a hot mess. (more…)
March 31, 2014
Our company graciously provides first-class health coverage to team members and their families. One aspect of our health plan is the opportunity for each member to have an annual check up. As I have gotten older (and wiser, I hope), I have taken advantage of this perk in hopes of getting an early jump on something that could impact my physical health, ability to work, and ability to provide for my family, etc. Common sense, right? But what the heck does this have to do with cyber security? (more…)
March 12, 2014
Can I get in your network? You betcha I can. As a matter of fact, there’s a good chance I’m already there. Now, here’s the really fun part: you let me in. (more…)
March 5, 2014
Recently, Splash Data released a list of the 25 worst passwords for 2013. It contained all the usual suspects for “so easy to hack as to be utterly useless.” If your password is on this list, please keep reading: http://splashdata.com/press/worstpasswords2013.htm (more…)
February 27, 2014
We’ve all been there. Racing between appointments, suddenly realizing that you forgot to send one of your best clients an important document that needs to arrive within 10 minutes. Being the super resourceful all-star executive (although sometimes forgetful), you stop off at your local coffee shop, order your mocha latte and quickly connect your laptop to the free Wi-Fi. You draft your email, attach your important document, and press send with one minute to spare. The day is saved!
Upon returning to the office, you see your IT security staff running around with their hair on fire yelling something about an intruder who breached the network and stole a 10,000-record database of sensitive customer information and how it can cost the company up to $3 per record to mitigate and protect your valuable customers. (more…)
January 18, 2014
Consider a Risk Assessment like checking the doors and windows on your network. With all of the confidential corporate and customer information in your database, you would never consider leaving those doors and windows open. But beyond the entryways that are easy to see, are there other access points that are not so obvious? Is your network at risk of experiencing a devastating breach? (more…)
January 10, 2014
If you’ve been considering the various technical security assessments available to your organization, then chances are good you’ve heard of a Penetration Test, but do you know whether you need an internal or an external penetration test? How often should these tests be scheduled? What can you expect the test to find? (more…)
December 15, 2013
When searching for the right Business Continuity Planning (BCP) firm, there are several important factors that should be taken into consideration–not the least of which are location, experience, and support structure. It is important to know that the expectations of your organization will be met, if not exceeded, and that the firm will educate you in the Business Continuity planning process. (more…)
December 8, 2013
Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available services and defining your organization’s needs at the beginning can help you get started on the right foot, which will ultimately save both time and money. (more…)