At DEFCON, DHS Gets it Right on Cyber – We Need to Rethink Incentives

Posted on August 14, 2018 at 10:09 am

When DHS Assistant Secretary for Cyber Security Jeanette Manfra addressed the hackers at the annual Las Vegas showcase for modern wizardry, she didn’t focus on standards and bots. She talked about how digitization changes everything and the need to look at cybersecurity through an economic lens. She got it exactly right. “For the first time […]

Happy New Year: We Need a New Approach to Cybersecurity

Posted on January 2, 2018 at 11:05 am

By Larry Clinton   We all know we are losing the battle to secure cyber space – badly. Maybe our New Year’s resolution ought to be to recognize this fact and come up with a new approach to the problem. The old ones don’t seem to be working.   Specifically, we should consider moving away […]

Is it Time to Sunset Cybersecurity Awareness Month?

Posted on October 2, 2017 at 11:28 am

Sunsetting Cyber Awareness 2, 2017 By Larry Clinton Raise your hand if you know anyone who is unaware that we have a cybersecurity problem. In a field where we are often desperate for any sign of success, I think we can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? […]

Enabling better Cybersecurity Information Sharing with Small and Medium-sized Partners

Posted on September 1, 2017 at 12:11 pm

By Jeff Brown “Information sharing” is one of the most powerful tools organizations can use against cyber threats that can erupt without warning and cause disruption worldwide. Once an organization—any organization, whether public or private sector—spots the tell-tale patterns of a new attack, alerting other organizations of these warning signs can help halt the spread […]

Cybersecurity and the Resilient Mindset

Posted on July 17, 2017 at 10:37 am

By Cindy Fornelli If you spend some time around the issue of cybersecurity, it won’t be long before you encounter the notion of resilience. “Cyber resilience is a public good,” observed a 2017 white paper from the World Economic Forum. A 2013 Presidential Policy Directive declared that “it is the policy of the United States […]

Petya Provides Context for Briefing Council on Foreign Relations

Posted on June 29, 2017 at 10:00 am

It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […]

Maintaining Cybersecurity During Mergers & Acquisitions

Posted on June 27, 2017 at 10:56 am

Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […]

Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance

Posted on June 22, 2017 at 11:06 am

Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […]

Directors Need to Set the Standards and Expectations for Management to Establish Well-Staffed and Well-Funded Cyber-Risk Framework

Posted on June 20, 2017 at 10:44 am

Much like any response plan, a cybersecurity framework is only successful if it is well-staffed and well-funded. Otherwise, it simply will not be able to adequately handle the stresses caused by a breach. In a world where malware and ransomware are increasing both in frequency and severity – Wannacry, for example, affected 200,000 computers in […]

Boards Need Access to Adequate Cybersecurity Expertise – And Need to Give it Adequate Time on Meeting Agendas

Posted on June 19, 2017 at 12:56 pm

Cyber literacy can be considered similar to financial literacy – not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business. As we all know, cybersecurity is very much a moving target. The threats and vulnerabilities change almost daily, and the […]