Where There’s a Data Breach, Litigation Follows

We’ve seen a number of reports on the rise in the number of data breaches. But perhaps the statistic that hits hardest is this: More organizations are finding themselves in court after suffering a breach. InfoSecurity Magazine’s Phil Muncaster reports the number of cases that have come before The High Court (the third highest court …

The Dangers of a “Trust and Forget” Approach to Data Security

“Set it and forget it” is a marketing catchphrase that software vendors use to assure IT administrators that neither they, nor their users, will have to constantly manage notifications and install updates. It was especially popular in the mid-2000’s after Microsoft launched the Vista operating system that was infamous for overwhelming users with a steady …

2018 Imperative – You Need Speed to Avoid the Icebergs

The famous iceberg scene in the movie “Titanic” is a good analogy for why so many organizations struggle to contain the damage caused by a data breach, even after detecting it. The lookouts in the crow’s nest can’t see through the nighttime fog, and when they finally spot the enormous iceberg, the procedure for changing …

What is “Simplicity”? Security Sealed with a KISS

In the 1960’s, a Lockheed engineer named Kelly Johnson overseeing the design of top secret military aircraft instructed his designers to always follow one principle: Keep It Simple Stupid (KISS). He wanted whatever they made, including the S-71 Blackbird spy plane (built in 1964 and still the fastest plane that has ever flown) to be …

Visibility is Critical to GDPR Compliance

May 25, 2018 – If your organization does business in any of the 28 European Union (EU) countries, just seeing that date may cause you to break out in a cold sweat. That’s the deadline for companies that collect data on EU residents to demonstrate compliance with The General Data Protection Regulation (GDPR), which establishes …

What Exactly is “Visibility”? A Security Perspective

I’m not sure when “visibility” became a unit of measurement for your ability to predict, identify and investigate a data breach. But if you attended an industry conference like Black Hat, you heard analysts, journalists and vendors tell you about the importance of getting it. Before you ask “How do I get visibility?” and “Once …

There Has Been an Awakening… Have You Felt It?

After watching (and rewatching) the new Star Wars – The Last Jedi trailer, I was reminded of the excitement Disney created in late 2014 with the very first trailer for Star Wars: The Force Awakens. It was the first glimpse of the first new Star Wars movie in years, and it generated a level of …

Simple Math: Data Breach + “Negligence” = Lawsuits

There’s no way to guarantee your organization will never suffer a data breach, or the resulting PR black eye to your brand’s reputation. The faster your investigation can determine what happened and what specific records were exposed, the faster you will regain your customers’ trust. But, as Equifax is learning the hard way, if the …

The 3 Personas of the Insider Threat

The security industry’s primary focus has long been on defending an organization’s assets from outside threats. As a result, the industry has largely missed the fact that internal actors are to blame for an increasing number of data breaches. According to Verizon’s 2017 Data Breach Investigations Report, 25 percent of breaches were attributed to people …

ThinAir at (ISC)2 Security Congress: Don’t Let Your Breach Investigations Conclude with “We Don’t Know…”

This statement that California-based CPA firm Hilderbrand & Clark recently issued following its discovery of a data breach represents every CISO’s worst nightmare: “Unfortunately, the forensic IT firm cannot determine which files were accessed so they are notifying everyone whose information was accessible out of an abundance of caution.” One of the main tracks at …