Posts

It's Not Always What's On The Inside That Counts

Image
  While serving as the head of an Information Security department, I once had a Chief Technology Officer (CTO) tell me, "The organization doesn't need security controls as long as they have security awareness training." The statement will seem naïve and even laughable to many security professionals. However, his words reflect a growing misconception shared by technology leaders in a time where everyone is worried about employees clicking on ransomware, visiting infected websites, or compromising a network over the VPN. Even my own Doctoral Dissertation is about the need for mandatory cybersecurity awareness training courses in middle schools. Yet, a look at the news reminds us that securing employees inside a company is not enough to secure the company. One of the most concerning stories hitting the news this month is how ransomware groups are turning their focus toward firmware attacks. Leaked chats from the Conti ransomware group reveal that the organization is acti

Don’t Build Your Cybersecurity Confidence on the Sand

Image
               The Bible uses the now-famous parable of the house that was built on the sand. When the rains came and the storms hit, the house fell because it did not have a firm foundation. Unfortunately, the cyber departments of many organizations are running the same way. They have survived the last couple of years without a major incident and so they believe they are secure. A recent article released by Help Net Security revealed that Chief Information Security Officers (CISOs) are becoming increasingly confident that their organizations will not suffer from costly cyber attacks. In fact, the number of CISOs who believe they are likely to suffer an attack in the next twelve months has dropped by almost 16%! Yet, the problem with this stat is, as the article notes, very few of these CISOs have made any significant improvements to their security environments to reduce these attacks. Instead, the increased confidence in the resiliency of their departments stems from the idea tha

Remember the Mobile Devices

           There is probably no topic of contention that I encounter more as an IT security consultant and auditor than mobile device security. People and organizations just don’t want to secure themselves against mobile devices. The excuses are numerous: ·         Regulating employee mobile devices will lower morale. ·         Employees will think we are spying on them. ·         Other organizations allow their employees to use mobile devices freely. ·         No one worries about mobile device security anymore. I have even heard many of these statements from other information security professionals, including the last statement. DON’T BE FOOLED! Mobile devices are a serious risk to your organization. I have appeared on the news three times in the last few years to speak about attacks and threats targeting mobile devices. Two of those times were specifically about attacks targeting iPhones and Apple devices. Perhaps, for this reason, I was particularly alarmed by a recen

Sociotechnical Project Video

 This video is created for Unit 5 Discussion Board 2 post on our Sociotechnical Project. 

What Would I Do?

      My doctoral class is requiring me to post my assignments to this blog. I delete most of them after the grade is posted so that my blog will not be filled with these distractions from its purpose. However, I expect that I will leave this one up because I feel it is interesting.      The assignment for this week was "If you had unlimited time, money and talent, list 10 things you would do in each of these categories: Education, Job or Research, Philosophical/Religious, Travel and Home. Then, write a short post about what these articles reflect about you. Be sure to include at least 1 scholarly/peer-reviewed resource.".        Here is what I turned in. I'd be curious to get thoughts on it.  Education: 1)     Chess Lessons from a World Champion 2)     Attend Astronaut School 3)     Learn to Fly a Plane 4)     Learn Sky Diving, Deep Sea Diving, Mountain Climbing and Spelunking. 5)     Take Writing Courses from Best Selling Authors 6)     Learn to Build Video Games 7)   

Self Driving Future of Automation

          Today,  I wanted to discuss the story: "Fooling self-driving cars by displaying virtual objects" ( Paganini, 2020 ).            The ability to fool self-driving cars is well known and featured in DefCon presentations, Blackhat presentations and numerous news articles such as this one from "The Conversation" discussing how simply adding stickers to street signs or shining flash lights at cars, can fool the self-driving vehicles ( Daley, 2020 ). Still, these are bound to be fixed eventually. Why is the topic so important?           The answer comes from the economic impacts associated with these changes. Individuals working in IT often forget that technology doesn't exist in a vacuum. Technological factors have impacts on the economy. And the economy, in turn, has an impact on the IT industry. Computer Hope ( 2020 ) notes that the cheap cost of computers over people is already replacing significant numbers of human jobs among assembly workers, taxi drive