Posts

Prophylactic AI Security: Why a Proactive Strategy Matters More Than Ever

-
Image
Tigran Petrosian Before working in IT security, I was a tournament chess player. One of my greatest influences was World Champion Tigran Petrosian—known not for flashy attacks, but for his near-supernatural ability to anticipate his opponent's plans and neutralize threats before they happened. That skill, known in chess as prophylaxis , is one that the world of cybersecurity desperately needs to adopt. From Chess to Cybersecurity: The Power of Prophylaxis Prophylaxis in chess is the ability to anticipate your opponent’s strategy and block it before they execute it. Petrosian’s style wasn’t dramatic or aggressive, but it was extremely effective. He rarely lost. In much the same way, cybersecurity professionals must anticipate and neutralize risks before they evolve into threats. Unfortunately, the current state of information security remains largely reactive. A scan finds vulnerabilities; the team patches them. A penetration test reveals gaps; the team scrambles to close them. An a...
Post a Comment
Read more

It's Not Always What's On The Inside That Counts

-
Image
  While serving as the head of an Information Security department, I once had a Chief Technology Officer (CTO) tell me, "The organization doesn't need security controls as long as they have security awareness training." The statement will seem naïve and even laughable to many security professionals. However, his words reflect a growing misconception shared by technology leaders in a time where everyone is worried about employees clicking on ransomware, visiting infected websites, or compromising a network over the VPN. Even my own Doctoral Dissertation is about the need for mandatory cybersecurity awareness training courses in middle schools. Yet, a look at the news reminds us that securing employees inside a company is not enough to secure the company. One of the most concerning stories hitting the news this month is how ransomware groups are turning their focus toward firmware attacks. Leaked chats from the Conti ransomware group reveal that the organization is acti...
1 comment
Read more

Don’t Build Your Cybersecurity Confidence on the Sand

-
Image
               The Bible uses the now-famous parable of the house that was built on the sand. When the rains came and the storms hit, the house fell because it did not have a firm foundation. Unfortunately, the cyber departments of many organizations are running the same way. They have survived the last couple of years without a major incident and so they believe they are secure. A recent article released by Help Net Security revealed that Chief Information Security Officers (CISOs) are becoming increasingly confident that their organizations will not suffer from costly cyber attacks. In fact, the number of CISOs who believe they are likely to suffer an attack in the next twelve months has dropped by almost 16%! Yet, the problem with this stat is, as the article notes, very few of these CISOs have made any significant improvements to their security environments to reduce these attacks. Instead, the increased confidence in the resiliency ...
Post a Comment
Read more

Remember the Mobile Devices

-
           There is probably no topic of contention that I encounter more as an IT security consultant and auditor than mobile device security. People and organizations just don’t want to secure themselves against mobile devices. The excuses are numerous: ·         Regulating employee mobile devices will lower morale. ·         Employees will think we are spying on them. ·         Other organizations allow their employees to use mobile devices freely. ·         No one worries about mobile device security anymore. I have even heard many of these statements from other information security professionals, including the last statement. DON’T BE FOOLED! Mobile devices are a serious risk to your organization. I have appeared on the news three times in the last few years to speak about attacks and threats targetin...
Post a Comment
Read more

Sociotechnical Project Video

-
 This video is created for Unit 5 Discussion Board 2 post on our Sociotechnical Project. 
Post a Comment
Read more

What Would I Do?

-
      My doctoral class is requiring me to post my assignments to this blog. I delete most of them after the grade is posted so that my blog will not be filled with these distractions from its purpose. However, I expect that I will leave this one up because I feel it is interesting.      The assignment for this week was "If you had unlimited time, money and talent, list 10 things you would do in each of these categories: Education, Job or Research, Philosophical/Religious, Travel and Home. Then, write a short post about what these articles reflect about you. Be sure to include at least 1 scholarly/peer-reviewed resource.".        Here is what I turned in. I'd be curious to get thoughts on it.  Education: 1)     Chess Lessons from a World Champion 2)     Attend Astronaut School 3)     Learn to Fly a Plane 4)     Learn Sky Diving, Deep Sea Diving, Mountain Climbing and S...
Post a Comment
Read more

Self Driving Future of Automation

-
          Today,  I wanted to discuss the story: "Fooling self-driving cars by displaying virtual objects" ( Paganini, 2020 ).            The ability to fool self-driving cars is well known and featured in DefCon presentations, Blackhat presentations and numerous news articles such as this one from "The Conversation" discussing how simply adding stickers to street signs or shining flash lights at cars, can fool the self-driving vehicles ( Daley, 2020 ). Still, these are bound to be fixed eventually. Why is the topic so important?           The answer comes from the economic impacts associated with these changes. Individuals working in IT often forget that technology doesn't exist in a vacuum. Technological factors have impacts on the economy. And the economy, in turn, has an impact on the IT industry. Computer Hope ( 2020 ) notes that the cheap cost of computers over people...
Post a Comment
Read more