Upcoming Events:

AlienVault's Barmak Meftah Speaks with Security Current on Threat Detection and Response

Meftah, President and CEO, is interviewed by John Masserini, CSO MIAX Options

In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah.

An early adopter of threat intelligence, Masserini notes its challenges and asks Meftah what AlienVault is seeing in the market and how threat intelligence is being integrated into companies’ security organizations.

Meftah describes AlienVault’s crowdsourcing approach and how it is helping SMBs centralize and simplify their threat detection and response. They were speaking in this sponsored podcast at the Black Hat Conference in Las Vegas earlier this month.

                                                                Listen Now 

David Mahon, CSO CenturyLink, Speaks with Security Current on Spear Phishing and Ransomware

Mahon speaks with Podcast Host David Cass, Global CISO IBM Cloud & SaaS 

David Mahon, CenturyLink Chief Security Officer discusses what he sees as two of today’s critical security issues and how to tackle them with host David Cass, Global CISO IBM Cloud & SaaS.

Mahon points to phishing and ransomware as the most prevalent types of attacks he is seeing in the industry.

The two executives talk about the importance of security awareness training and Mahon provides tactical approaches to reduce the likelihood of a successful breach. They also discuss metrics, ROI and best practices for reporting to the board. 

                                                                Listen Now 

Will Corporate Security Models Move Toward the EDU Security Model?

By Randy Marchany
Virginia Tech CISO 

No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in an application-focused paradigm.

While prevention is crucial, timely incident detection of anomalous behaviors for data ex-filtration are key. Continuous monitoring assumes the attackers are already inside of the network and using the right tools, data, and strategies to interrupt the attackers communication channels are needed to mount a successful breach.

                                                                Read More 

Hackers Are Not Afraid of Frameworks

By David Sheidlower

Global Media and Advertising CISO

Is that news?  No, of course it isn’t. In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has.  

A guard with a gun.  That’s deterrence.  An armed guard standing next to a metal detector between the thief and the elevators to your office may convince the thief to try the building down the street. 

                                                                Read More 


 

 


Ransomware in Healthcare – Strategies for Protecting the Enterprise – Part One

 

By Mitch Parker

Academic Healthcare CISO

In this three-part series, Academic Health care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program.

Ransomware has been the buzzword du jour for the past year in computer security.  This mostly unsophisticated attack type uses deception and already-existing means of communication to destroy the integrity of systems and shut down businesses by holding their critical assets for cryptocurrency ransom via encryption. 

In my opinion, there has been little thought to either mitigating the risks caused by ransomware attacks, or an overall attempt to use products to fix what a good incident management process should. 

In addition, newer versions of ransomware are utilizing more sophisticated means to cloak themselves, bypass defenses, and cause damage, propelling this threat as one of the industry’s most critical.

The first important item to keep in mind is that most computers are based on the Von Neumann architecture, where memory holds both data and the programs that manipulate it.  Therefore, it is always possible to manipulate data to affect stored programs, and vice versa.  One doesn’t need Phrack 49, Smashing the Stack for Fun and Profit, to tell you that. 

                                                                                           Read More 

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

CISO of IBM Cloud & SaaS Speaks with Spirent on Hacking Medical Devices and Automated Cars

In this podcast, host David Cass speaks with Spirent Communications John Weinschenk 

David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application discuss the potential hacking of medical devices and automated cars.

In this Spirent-sponsored podcast, Weinschenk explains how they worked with a surgeon to hack a medical device. He also talks about a second hack they conducted on an autonomous car that allowed them to take control of the systems and vehicle itself.

They discuss what needs to be done to secure these Internet of Things (IoT) devices and how manufacturers need to start thinking about how these systems can be exploited.

Listen Now!

 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter