IoT DDoS – When Will We Learn?

In late September and late October 2016 two massive distributed denial-of-service (DDoS) attacks successfully targeted and impacted the operations of their targets. In the October DDoS against Dyn, a cloud-based Internet Performance Management company, several high profile organizational websites (Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, to name a few ) for a substantial part of the day. While Dyn was ultimately able to mitigate the three-wave attack, it did impact users’ abilities to access these sites.

Continue reading

Should We Just Accept Cyber Breaches as the New Normal?

An August article suggested that the due to the large amounts of cyber breaches that have impacted both public and private sectors that have put millions of individuals personal identifiable information at risk, the general attitude toward breaches is becoming more mainstream and accepted.  This is an unfortunate state of affairs when instead of compelling organizations to aggressively improve their network security practices, the public writ large is willing to accept credit monitoring for a period of time (usually 1-2 years) as a consolation prize.  According to one source, the first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

Continue reading

The Phishing Epidemic

Hello Fellow Readers,

I would like to start by thanking CyberDB, the leading databank of Cyber technologies and products for inviting me as a guest blogger on their website. Thanks CyberDB!

You are constantly bombarded by them. Every single second, minute, and hour. Yes, I am referring to phishing emails! As you may know, phishing scams have become a very big problem for organizations of all sizes. In fact, The Anti-Phishing Working Group (APWG)observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004.

Continue reading

Cybersecurity for SMBs - The next frontier?

SMBs play a critical role in national economies- as they comprise about 97% of all commercial enterprises. Until very recently SMBs did not consider themselves a prime target of cyber threats and rightly so- all the high-profile hacks were aimed at large enterprise, and it was widely assumed that cybercriminals wouldn’t bother with small stake targets. But, as the economy becomes more connected SMB are taking center stage in cyber activities as well. As SMBs are connected to both customers and larger enterprises and governmental organizations, they now become a compelling target for cybercriminals. In addition, low cost, mass production cyber weapons now make it economically feasible for cyber criminals to successfully target SMBs and even individuals. Of these, Ransomware has one of the highest return-on-investments ratio for criminals, regardless of the victim’s occupation or annual turnover.

Continue reading

Some months ago I had the pleasure of attending a GDS Engagement Evening hosted by Admiral Patrick Walsh (ret) from iSIGHTPARTNERS (prior to its acquisition by FireEye). It was fascinating to hear from Pat the role that threat intelligence played from his direct experiences in the Navy and I think I can speak on behalf my peers on our table when I say that we could all benefit from those insights in our own work.

Continue reading

Last week it was made public that the antivirus maker, Avast Software plans to acquire competitor AVG Technologies for $1.3 billion in cash. This is another in a series of M&A that are likely to change the face of the cybersecurity industry in the coming year.

A week ago CISCO announced it was buying Cloud security company Cloudlock for 300 million USD, and earlier in June security giant Symantec bought Bluecoat for approximately $4.65 billion.

Continue reading

Never cross the road alone! Always brush your teeth before bed! Never talk to strangers!

Every parent has shouted these ominous sentences at their kids more than once, and for a good reason- it is our responsibility to keep them safe from harm and sickness in the physical world. But what is becoming apparent is that this may not be enough anymore- as kids spend much of their time online they are exposed to new perils which we (as kids) were not taught to vigilant about-simply because there were none. But today? Every kid has access to the web, apps and social media. So should we teach our children about the perils of the online world? The answer is obvious. But at what age should we start and what should we actually teach? This is open for debate.

Continue reading