720-891-1663

Enterprises Are Still Failing At The Security Basics

VentureBeat wrote an interesting item pointing out some of the obvious things that Target messed up.  Fixing these items won’t stop every attack, but it certainly would slow the attackers down. According to a lawsuit filed in federal court recently Target missed the ball on a few things.  Of course, at this point, these are […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Mitigating Over-Enthusiastic Airport Security

Katie Moussouris, formerly an executive at Microsoft and Symantec and now an executive at HackerOne, which as best as I can tell manages bug coordination with third parties for very large, well respected companies, tells a story about an over enthusiastic security person at Charles de Gaulle airport in Paris.  She was tapped for secondary […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Problem Of Attribution Of Cyber Attacks

In some sense, cyber attacks are no different that physical world attacks;  in other ways, they are completely different. Let’s assume that you did not physically catch some bad guys that broke into a building.  Do you know who broke in?  On rare occasions they leave something behind – there have been instances so rare […]

Continue reading → [DISPLAY_ACURAX_ICONS]

First Party vs. Third Party Cyber Liability Insurance

For those of us who are not insurance experts, the distinction may not be obvious.  As explained in more detail here, the difference is in who experiences the loss. First party coverage covers damage to your business such as costs of notifying customers, purchasing credit monitoring services, repairing reputational damage or paying a cyber extortionist. […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Board Of Directors Role In Cyber Security

The National Law Review has a great article on board member’s responsibility in the area of cyber security. One quote from the article: a 2012 Carnegie Mellon poll of how U.S. boards are managing cyber risks found that 71% rarely or never review privacy and security budgets, 80% rarely or never review roles and responsibilities, and nearly […]

Continue reading → [DISPLAY_ACURAX_ICONS]