Why we need to downplay intense rivalries — to improve cybersecurity

January 2nd, 2017

By Byron Acohido

Imagine if no one in your organization felt compelled to compete for an operating budget, and each and every employee fully understood and embraced cybersecurity best practices?

Sound like a far-fetched fantasy? A security consultancy called New Context Services actually is promoting this radically new type of corporate culture, which it calls “lean security.”

An e-book outlining New Context’s “Lean Security Principal of Awareness” is being prepared for release at the giant RSA cybersecurity conference in February in San Francisco.

Ben Tomhave, security architect for New Context Services, recently gave a preview at the DevOps Connect conference in Seattle. I sat down with him just before he presented. Here’s a synopsis of our conversation. Text editing for clarity and length.

LastWatchdog: Cyber exposures continue to expand, with no end in sight.

Ben Tomhave: Every time we introduce a new platform, we seem to start at square zero, and assume security eventually will come into play. Companies are creating IoT products and not thinking about doing security by default, for instance. It’s not because there is a lack of security technologies, or a lack of standards, …more


Video: privacy regulations stiffen in Canada, Europe

By Byron Acohido

As a partner at the Canadian law firm Borden Ladner Gervais, Éloïse Gratton advises her clients on legal, practical and ethical ways to protect an individual’s privacy while conducting business nationally and internationally. She has testified before Canada’s House of Commons and other federal bodies and conducted training workshops attended by judges and members of the Parliament.

LastWatchdog sat down with Gratton just after she appeared on a privacy panel at CyberScout’s …more

NYDFS cybersecurity rules have teeth, set precedent

By Byron Acohido

sh_new-york-regulations_750’Twas a few days before Christmas 2016, and the banking and insurance industries were in a tizzy.

The New York State Department of Financial Services was on the verge of spoiling the holidays for these verticals by implementing an unprecedented set of rules requiring financial services firms to adopt first-class cybersecurity policies and practices.

Related video: New York state shakes up security paradigm

Responding to eleventh-hour lobbying, NYDFS Superintendent Maria T. Vullo …more

Video: cyber insurance can offset data breach risk

By Byron Acohido

More organizations than ever, especially small and medium-size ones, will seek to account for the fast-rising risk of suffering a cyber attack in 2017 by buying a cyber liability policy.

The general state of security of U.S. business networks remains anemic when compared to the vast and growing capabilities of hackers with malicious intent. Companies are beginning to realize the value of offsetting this risk to an insurance carrier—and insurance companies and underwriters recognize …more

Video: NY holds companies accountable for cybersecurity

By Byron Acohido

Banks and other financial services companies wishing to do business in the state of New York will soon have to prove they are using first-class cybersecurity policies and practices.

Officials at the New York State Department of Financial Services (NYDFS) were so concerned that a catastrophic network hack in the financial sector could have dire consequences that they took it upon themselves to draft a far-reaching set of mandatory cybersecurity requirements.

Two years in the …more

Video: good guy Chris Vickery hunts exposed data

By Byron Acohido

Two more stunning disclosures from self-styled internet watchdog Chris Vickery underscore how organizations continue to routinely expose sensitive data in the cloud, risking dire consequences.

“My findings clearly demonstrate that data breaches happen more often than the general public realizes, and companies are quick to deny and cover up these issues,” Vickery says.

Last Friday, Vickery revealed how Habitat for Humanity of Michigan had been making use of two backup virtual hard drives without taking …more

Why dormant SSH keys represent a nightmarish exposure

By Byron Acohido

cybersecurity150pxA nightmarish new exposure affecting virtually all major networks is just beginning to get the attention of the security community.

It involves a fundamental networking protocol—Secure Shell, or SSH. Invented in 1995 by a Finnish programmer named Tatu Ylönen, SSH is an encrypting routine that enables one software application to securely connect and transfer data to the next. Currently, Ylönen is CEO of SSH Communications Security, which develops …more