Hybrid Access Solutions Are the Cat’s Pajamas

As companies journey to the cloud, enterprise security teams find IT environments increasingly difficult to secure. It’s not hard to see why. Company resources and data are moving to cloud-based applications, scattered outside of the firewall.  Employees, contractors and partners are all demanding access – from their mobile phone while they wait for their coffee…

The P Word, in an Online World

It’s true: the younger generation of 20 somethings over-share. Not just their birthdates and addresses, but also what they listen to, movies they like to watch, people they like, where they hang out, places they go (or are planning to go to), businesses they used that were awesome, and those that “failed” in serving them.…

Reducing the Risk of Fraud in the 3D Secure Ecosystem – The Issuer Perspective

3D Secure is a boon to online retailers who benefit from the shift in chargeback liability to card issuers. Participation in 3D Secure is almost a no-brainer from the merchant perspective in that sense. What about card issuers though? According to the Nilson report, issuers absorb over 66% of the more than $5 billion a…

The On-going Threat of Social Engineering

I spoke recently at a meeting of the Dublin, Ireland chapter of ISACA about the continued (and increasing) use of social engineering in cyberattacks discussed in several recent reports, including the joint report by ISACA and RSA that documents the results of a survey of cybersecurity professionals, conducted in the first quarter of 2015. Those…

CVSS Scoring: Why your Smart Refrigerator does not need to be Patched (Yesterday)

Is a CVSS score of 10, really a 10 in your environment? Vulnerability Risk Management is a work in progress for most organizations. Having dealt with many customers in this space, we have seen it all – the mature folks who utilize asset management to define ownership to multiple remediation teams – all the way…

Passwords & Pins are dead (Are they really?)

Increasingly, we’ve been hearing the drumbeat, announcing the imminent death of passwords and pins, as we know them today. In 2012, I started a company, primarily to help hammer in the nails on the password-based auth coffin, using modern mobile & biometric authentication methods, in large part due to my personal frustration with passwords. 3…

Getting it Right with VDI and BYOD: A Security Driven Approach

Virtual Desktop Infrastructure, or VDI, is a technology that presents desktops or individually entitled applications from a central management server to remote users’ browser-enabled devices over the internet. Think of it as client-server for the new digital age with the chief advantage being that – in these times of the oft painful breach – all…

Passwords don’t work!

I was at a security conference last week and the keynote speaker was addressing the concerns we all share about the security climate…we are losing ground. In his conversation he mentioned that two-factor authentication is a minimum baseline security measure that got a lot of nods in the crowd but completely forgot that statement when he…

RSA’s Cybersecurity Poverty Index Indicates Organizations Worldwide Need a ‘New Deal’ for IT Security

According to the Oxford English Dictionary, the word ‘Cybersecurity’ was first used in 1989. For the past 26 years, cybersecurity teams in governments, and organizations of all kinds in the private sector, have been engaged against determined adversaries. As the war drags on, one clear trend is emerging: we’re losing many battles for lack of…

Please Don’t Take my Mobile eComm Away

While the rest of us are enjoying the lazy days of summer, retailers are already thinking about Cyber Monday and the holiday shopping season it heralds. This summer, I’d like to make a public plea to all online retailers – in between all of the planning around holiday web store design and cyber door busters,…