Cybersecurity Executive Insight, opinions and analysis l SC Media

Executive Insight

Balancing Digital Transformation with Security

With 2017 in full swing, it is hard to ignore the impact that digital transformation has on today’s businesses. Across the globe, companies of all sizes are transforming their processes, workflows, and cultures in favor of digital interaction.  Some examples:  Small – Midsize Businesses Selling products and services online Creating mobile-friendly loyalty program and coupon…

Phishing from the Middle: Social Engineering Refined

Phishing attacks have long been associated with malicious emails that spoof well-known institutions in order to trick users into coughing up credentials to banks accounts, email accounts, or accounts for major online services. Phishing emails that exploit the good name of trusted brands familiar to users have also been known to deliver ransomware, backdoors, and…

xDedic: How black markets for hacked machines are making the job of targeted APT actors much easier

The rise and commoditization of underground marketplaces for selling and buying access to compromised corporate machines introduces a new reality for security professionals – one in which corporate machines, infected with malware that is generally accepted to be “untargeted” or “low corporate risk” and hence typically get de-prioritized for remediation by security operation centers, can…

jerome segura

Malvertising: the invisible enemy

For years, cybercriminals have leveraged malvertising, or malicious advertising, to deliver malware.  Without a doubt, malvertising is the ultimate weapon for criminals to gain access to a wide audience visiting popular websites, and at the same time be able to precisely target potential victims. And they can do all of this without being seen. Malvertising…

Limor Kessem

IoT? I don’t care

Is lax consumer attitude piling up IoT risk? Internet of Things, or IoT, is the third, natural wave of progression in the development of the Internet. People all around the globe are already using the IoT, enjoying it, and expecting to see more convenience and utility from it. IoT is definitely popular, judging by statistics…

New York’s new cybersecurity requirements: Are you ready

The New York State Department of Financial Services (DFS), has implemented a new regulation requiring all its supervised companies to comply with the Financial Services’ Cybersecurity Requirements which goes into effect March 1, 2017. This is being publicized as the “First-in-the-Nation Proposed Rule Aims to Protect Consumer Data and Financial Systems from Terrorist Organizations and…

It’s 2017: Is anything not critical infrastructure?

Here is my question for each of us to ponder—with respect to our public and private lives alike. Have we contemplated the parameters of critical infrastructure in a connected world? You know, a world where your grandmother’s new “intelligent” refrigerator could be linked to the takedown of the U.S. Federal Reserve or a network-enabled HVAC…

Measuring Your Incident Response Program

Your company has done its homework and put a strong incident response plan in place. Great work. Time to move on until a crisis manifests and you need to “pull it off the shelf” right?  Unfortunately, the real work has just begun. Your company must constantly improve and test the effectiveness of its incident response…

Want to cripple your attackers R&D arm? Look for them on your network…

As I explained in a previous post, hacking back can not only constitute a crime, but it rarely does any significant damage to the somewhat advanced attacker, given the disposable, tactical nature of the attacker’s assets that are typically targeted and exposed during a hack-back operation.  Inflicting significant damage to a cyber attack organization is…

Next post in Executive Insight