What Really Led to WannaCry?

Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts…

Business-Driven Security™ to Lead through Chaos

My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident…

Leading in an Era of Chaos

Consider… American Authorities are confident that the Russian Government was behind the cyberattack on the Democratic National Committee. Did that attack change the course of the U.S. presidential election? We’ll never know. But it definitely changed the discourse that followed. The idea of a foreign power mounting a cyberattack to undermine a U.S. election went…

Hacking the Mr. Robot Season 2 Premier

The psychological thriller Mr. Robot, which airs on the USA Network, is a fan favorite among cybersecurity professionals. What differentiates the show from its predecessors in the cyber-thriller genre is the depth of technical research involved in developing each episode. I’ll plan to dissect each episode from a technical perspective, examining the extent to which…

Play Pokemon Go? Know the Risks and How to Mitigate Them

Unless your home has been inside of a cave for the past week, you’ve certainly heard of Pokemon Go. Scratch that. Even if you have been living inside of a cave, chances are that someone inadvertently entered in hopes of locating Pikachu. While the game has become seemingly ubiquitous, you should be cognizant of some…

Cybersecurity’s Poverty Gap

As we pass the halfway point of 2016, the United States Presidential election process is in full swing. Candidates continue to make the case for why their worldview is in the best interests of the nation. Perhaps no other topic polarizes the candidates and receives more prominence in this context than wealth inequality. Within cybersecurity,…

Security at Scale: Making Security Analytics Work for the Internet of Things

This year more than 10 billion devices will connect to networks around the world. And in the next few years, that number will increase by over an order of magnitude. With the veritable explosion of smart devices, many of which connect not just to the network, but to each other, significant security concerns arise. Despite…

Exceptional Access: An ‘Exceptionally’ Bad Idea

We the people — citizens, residents, visitors — have fundamental needs and inalienable rights. To give these concepts any meaning, we need to be secure from our adversaries and free to communicate. As such, we’ve given the government a mission: the money, mandate, and framework to help keep us safe. This vital work is performed…

The Apple iMessage Encryption Vulnerability

A team of researchers at Johns Hopkins (Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan) discovered a profound vulnerability in how Apple’s iMessage encrypts data. The flaw allows the attacker to correctly guess the cryptographic key that decrypts iMessage attachments, which enables the attacker to determine the contents of the underlying data.…

How Organizations Think About Threat Detection: Results from the RSA Threat Detection Survey

The famous British naturalist Charles Darwin believed that it isn’t the strongest or fastest who survive, but rather it’s those who are most adaptable to change. For RSA’s customers, that requires acknowledging and understanding how effective they are at detecting as well as investigating cyber threats today, and determining how they should best evolve moving…