By Paul Calatayud
Behavioral analytics. Cloud governance. Machine learning. At this year’s Black Hat USA 2015, these were just some of the terms that dominated the sessions and exhibit hall alike.
For healthcare security professionals responsible for protecting incredibly sensitive and increasingly desired patient information, if these aren’t top-line concerns and agenda items, you and your team need to consider revising your to-do list.
First and foremost, from my experiences at Black Hat, the level of quality and professionalism that’s consistently displayed is worth noting. From educational talks to informational and dynamic booth displays, I am never disappointed with my decision to attend and always walk away with new information and connections. For me, this event is a can’t-miss.
By Cathy Hubbs
American University CISO
By now most of us have heard of the phrase kill chain. For those of you that haven’t heard of it, the kill chain is a phase-based model used to describe the stages of a data breach attack.
The goal is to break the attack chain by using the appropriate level of key controls for your industry. Lockheed Martin is credited with introducing the model and widely publicized how they thwarted an attack by using their homegrown Cyber Kill Chain framework.
The stages are typically characterized as:
By Paul Calatayud
Over the past few years, there has been an uptick in cybercrime on a mass scale, with hackers gaining access to personal information of millions of people. Breaches at well-known, successful companies such as Target and Home Depot make national news.
In more recent years, healthcare organizations are increasingly becoming the target of cyber-attacks. The threat of information leaking and security vulnerabilities are undeniable, advancing the need for strong leadership to help manage security initiatives and ensure companies are safeguarding valuable customer data.
This is where a chief information security officer (CISO) steps in -- to maintain processes across an organization to minimize IT security risks. Below I share my perspective on the evolving role as Surescripts’ security chief and how the position can and must fit into the organization’s overarching leadership framework.
By Daniel Conroy
Synchrony Financial CISO
Things were simpler in the past. I know we hear that sometimes and to a certain degree this is true. It is also true that he who forgets the past is doomed to repeat it. In the world of information security (IS), both adages apply.
Back in ancient history – in this case the 1980s (ancient in terms of IT evolution) – information security was an afterthought. The focus was on building “simple” networks with business enablement and functionality as the primary concerns. Back in those early days, hacking was more of a hobby than a malicious activity.
Those of us old enough to remember the movie WarGames will note its stark warning of how quickly things can unintentionally escalate. The first “simple” computer viruses began to emerge at this time as well. During the 1990s, we started to see more advanced network-aware code with the potential to cause real disruption.
By David Sherry
Brown University CISO
Life on a college campus changes in the Fall.
In a way, just like the seasons, life in higher ed is very cyclical, and the beginning of the semester is one of excitement. It also ends a busy season for the IT group, which is commonly known to all others as “summer break.”
Much of the major work for IT and the security team must be done while the students are not on campus, so summer and January are critical times. I know that this may be counter-intuitive to those who think we have the summers off, but when you look at it pragmatically, it makes perfect sense. We cannot get in the way of the teaching and learning!
I especially look forward to October. Each year as October approaches it brings a distinct feel to my role as a security officer on a college campus. We all enjoy it when the colors begin to appear on the trees, the days slowly begin to get cooler, and the sounds of the Fall sports are heard all over campus. However, I look forward to October for a specific reason: our annual campaign in support of National Cyber Security Awareness Month.
We take National Cyber Security Awareness Month (“NCSAM”) seriously here. We’ve been making this an awareness priority for 11 years, and are listed as an NCSAM Champion with Stay Safe Online. Our campus expects to be hearing a security message each year, and we try not to disappoint.
Will the next war be fought with bullets or mouse clicks?
Lendmark Financial Services VP of Information Security on Priorities when Starting a New Job
By John J. Masserini
MIAX Options CSO
So tell me - did you hear the news?? Apparently the rumors are indeed true.
2015 is the year of the Security Startup.
And in the words of the greatest British comedy troupe ever… and there was much rejoicing …
However, after meeting with dozens of startups at Black Hat a few weeks ago, I've realized that the vast majority of the leaders of these new companies struggle to articulate the value their solutions bring to the enterprise.
As many of us have, I have seen many new technologies in the security space that promise to ‘solve all of my problems’ or ‘revolutionize the space.’
Sadly, most of them have gone the way of the Betamax – superior technology that suffered from poor implementation.
By Tim Kropp
Financial Sector Deputy CISO
Internet of Things (IoT) means everything is potentially connected everywhere and with everyone. Assume it is all compromised.
As the volume of IoT grows, we should better understand the implications a bunch of tiny powerful computers connecting to each other brings with them. These devices need the same strong attention we are placing on smartphones, laptops, servers, and services.
Among the IoT devices are routers, thermostats, refrigerators, and automobiles. Routers are particularly unnerving, as they have gotten a lot smarter and are extremely capable. They are also a perfect place to sit, wait, and watch. If you have time, read Coding Horror’s Blog post on this topic.