Whenever a company suffers a headline-grabbing data breach, its reputation takes a serious blow. If you’re a big company, evidence suggests the impact is short-lived. But if you’re a small company doing business with large partners, it could be a different story. Retail giant Target saw its sales decline after suffering a breach in 2013 that compromised payment card information of 110 million customers, but one year later the company’s sales had increased. In a March 2015 article, Fortune magazine reported that breaches cost big companies “shockingly little.” Citing a study by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs, Fortune reported that breach-related expenses cost Sony, Target and Home Depot “less than 1 percent of each company’s annual revenues” after suffering major cyber attacks. Even though the study measured revenue, there is a correlation to reputation. If customers abandoned a company in droves after it suffers a breach, the impact wouldn’t be this low.

READ MORE [fa icon="chevron-right"]

Part II – Identity

As the business world continues to embrace cloud and mobile technologies, and any semblance of a secure network perimeter is being obliterated, it is imperative for cyber security pros to focus their efforts on the technologies and techniques that will have the greatest impact in the shortest amount of time for the greatest number of users. This is why focusing on identity management is increasingly seen as a sound cyber security practice. In a perimeter-less world, if you can know what people are doing on the network and can limit that activity and their access based on roles or other privileges, you will be far more able to thwart a cyberattack before it gets out of hand or even gets started.  According to one highly placed security industry CTO, "If you could achieve that guarantee at all times, your problems would more-or-less be solved. And identity is foundational in that regard." 

READ MORE [fa icon="chevron-right"]

 Part I – Visibility

As has been made abundantly clear by the 2016 presidential election, hacking has entered new territory. This land grab shouldn't come as a surprise to anyone responsible for cyber security but, if it does, what they need to realize is cyber security today is about a lot more than protecting a few credit card numbers. Thankfully, the seriousness of countering these bad actors is finally getting the Board Room notice it deserves. So now that a beachhead in the battle for basic awareness is finally being established, the focus can shift to mounting an effective counter-offensive? We use this term deliberately. Up until the past few years, most cyber security measures have been defensive in nature: firewalls, IDS/IPS, anti-virus, monitoring, alterting, etc. According to analyst Zeus Kerravala writing NetworkWorld, the average company deploys security products from 32 different vendors.

READ MORE [fa icon="chevron-right"]

Traditional cybersecurity approaches revolve around building a defensive posture. Cybercriminals come up with new, inventive ways to break into networks, and cybersecurity professionals scramble to stop them.
But what if you flipped this approach on its head? What if rather than a defensive approach, you went on the offensive? Is that even possible?

READ MORE [fa icon="chevron-right"]

Euro Banking Cloud Misperceptions Abound

[fa icon="calendar'] Jun 13, 2016 9:58:06 AM / by David Strom
posted in Finance

[fa icon="comment"] 0 Comments

The European Union Agency for Network and Information Security (ENISA is their French acronym) sponsored a report entitled “Secure Use of Cloud Computing in the Finance Sector.” Published in December 2015, it shows that many European banking institutions still have several wrong ideas about cloud security. In some cases, they are behind their American counterparts and lack some of the basic knowledge about cloud technologies and best practices.

READ MORE [fa icon="chevron-right"]

According to the report by the Cloud Security Alliance, while the financial services industry is still in the early stages of moving to the cloud, the shift has begun in earnest. At 61 percent, most financial services companies are developing a cloud strategy that involves a hybrid approach; some on-prem private cloud with either public or hosted options mixed in.

READ MORE [fa icon="chevron-right"]

The increase in regulatory legislation in the years since the 2008 financial crisis, should not come as a surprise to anyone. Yet they have brought increasingly tough challenges to financial services organizations that must implement them.  These and other vital topics are being addressed at FICO World, which is going on now in Washington DC.

READ MORE [fa icon="chevron-right"]

For IT security professionals today, one thing that is of minimal concern is an attack that goes undetected. That certainly is a concern, but it's trivial compared with the much bigger threat: an attack that is detected by software but is ignored by IT staff. The problem of systems that over-alert is huge and amounts to a much bigger threat than almost anything else.

READ MORE [fa icon="chevron-right"]


An article in Above the Law, 7 Cybersecurity Tips For Lawyers, offers some valuable guidelines for law firms to help them observe best practices in protecting the sensitive data they store and transmit every day. Data breaches like the recent attack on Biglaw, illustrate how vulnerable law firms can be and as the article points out, law firms involved in market-moving, transactional data are being targeted by Russian hackers who hope to trade on the information they steal. For the firms that get hacked, the consequences can be serious and prolonged.  Right now, class action litigators are preparing suits against several firms on the grounds they provided inadequate cybersecurity.

READ MORE [fa icon="chevron-right"]

A new article in Data Center Knowledge, Are Security Data Breaches Hastening a Shift to the Cloud?, poses the interesting hypothesis that the continuous parade of data breaches, rather than discouraging cloud computing adoption, is actually prompting more organizations to embrace the cloud. This is an interesting take on security in the cloud, because organizations more often have expressed concern about a lack of cloud security, citing it as a reason for not embracing the cloud.

READ MORE [fa icon="chevron-right"]