Capital One Breach Highlights the Danger of Insider Threats
by Josh Higgins When companies think about cybersecurity threats, they often think of a hacker in some far-off place using sneaky tactics to gain access to their systems. However, Capital One’s announcement Monday of a major data breach highlights another major, yet often overlooked, cyber threat: The insider. Similar to other cyber incidents, the newly […]
Accountability in Cybersecurity is a Two-Way Street
The biggest story in cybersecurity this past week was the eye-popping $5 billion dollar (that’s billion with a B) fine the FTC placed on Facebook for not adequately fulfilling its responsibilities to protect its consumer’s data. Probably just as painful to Facebook, and its CEO, as the fine itself is having to publicly acknowledge their […]
Regulators: Don’t Make the Same Cyber Mistakes Over Again
It’s not news that cyber-attacks are increasing both in number and sophistication and that the increasing criticality of the attack methods demands increased attention especially with respect to critical infrastructures. Also, due to the uniqueness of information systems, the speed with which attack methods and technologies change the traditional regulatory model has been deemed to […]
MAN BITES DOG: State Regulators Want Cyber Reg Reform
Yesterday Congressman Cedric Richmond, Chair of the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Innovation announced in the wake of the recent ransomware attacks on local jurisdictions like Atlanta and Baltimore that he is going to propose a series of legislative efforts to assist the municipalities because “we can’t expect under-resourced, understaffed, state and […]
Brush with Greatness: A Chat with a Man Who May Be the Tipping Point Toward Effective Cybersecurity
by Larry Clinton The greatest cyber risk an organization can have is doing a faulty cyber-risk assessment. This is one of the key insights from Doug Hubbard’s paradigm-shifting book “How to Measure Anything in Cybersecurity Risk”. While in Chicago this week to do a series of Master Classes on the Economics of Cyber Risk for […]
Corporate Directors Take the Next Step on Cybersecurity: Where’s Congress?
by Larry Clinton In Chicago this week the National Association of Corporate Directors (NACD) will host the first in a series of nationwide events on the economics of cybersecurity. The courses start with a brief discussion of the now well-known existence of cyber-attacks on enterprises. However, they quickly move beyond the problem and instruct board […]
We Need Sensible Cybersecurity Regulations – More Is Not Necessarily Better
by Larry Clinton When the ISA published the Cybersecurity Social Contract three years ago, one of the facts we documented was that some in critical industries were being forced to divert between 30%-40% of their scarce cybersecurity resources to largely redundant regulatory compliance. This fact highlights the twin maladies of undermining efforts to strengthen cybersecurity without improving either […]
Experts from GE and FIS Help Students Deal with the Inevitable: Cyber Attacks
Once upon a time, industry experts would caution students and conference attendees that with cyber-attacks, it was not a question of if, but when. That adage has now matured into a more modern version: There are only two types of companies — those who know they have been successfully compromised, and those that don’t know […]
Cyber Experts Will Help Wharton Students Address the “Most Vexing Challenge”
The insider threat has become one of the biggest threats in the realm of cybersecurity. Despite the amount of risk posed by insiders, corporate executives often lack the awareness of the threat to adequately address it. That is why the Internet Security Alliance’s upcoming course on cybersecurity at the ABA Stonier Graduate Program at the […]
The EU Privacy Law is Not Working, But Why?
by Larry Clinton In 2016 the European Union enacted arguably the most stringent privacy law in the western world. Following a two-year transition, the law went into full effect last May. Although advocates had suggested the stringent penalties in the General Data Protection Regulation (GDPR) would deter individual privacy invasions and reduce market domination from […]
