Sage Advice - Cybersecurity Blog

Face It: Cameras are Everywhere

Christopher Pierson thinks facial recognition, as both a topic and a biometric, is “super cool,” and that enthusiasm energized his 2018 CyberCrime Symposium session, “The Privacy and Security Implications of Facial Recognition.” But because he’s worn so many professional hats — from inventor, CISO, CPO, and general counsel, to member of DHS’s Data Privacy and Integrity Advisory Committee and its Cybersecurity Subcommittee — he could exult in facial scanning technology’s cool factor while laying out some of the growing legal, ethical, and privacy concerns surrounding it. 

Read More

Topics: Privacy, CyberCrime Symposium

Blockchain Can Build Decentralized Trust

A pioneering force in VoIP, streaming media, and collaborative tools, Dan Harple has had a front-row seat to the evolution of the Internet. In his 2018 CyberCrime Symposium session, Harple, now CEO of Context Labs, compellingly argued that the Internet’s commercialization has created the very centralization that DARPA and its TCP/IP inventors wanted to prevent when they designed a decentralized Internet architecture. By concentrating critical assets and data in one place, centralized systems increase cybersecurity risks, because once cyber threat actors penetrate defenses, they’ve got the keys to the kingdom.

Read More

Topics: Blockchain, CyberCrime Symposium

Does Malware Have Citizenship?

In talks with information security professionals at security conferences, user group events, and customer sites, Chester Wisniewski frequently fields questions about country-based blocking as a network defense tactic. Though he couldn’t find any published data to confirm his assumptions, “I couldn’t see any meaningful correlation between the countries from which traffic originates and attack patterns,” said Wisniewski, a principal research scientist at Sophos.

Read More

Topics: CyberCrime Symposium, Threat Intelligence, Threat Hunting

Measuring Cybersecurity Success

Many CISOs struggle to build a compelling business narrative around their cybersecurity efforts. So when they stand before C-execs or board members, they turn to quantitative measures to craft a basic blocking-and-tackling story (check out how many suspicious connections our firewalls blocked last quarter) and watch eyes glaze over. What’s missing from these number-packed tales, according to 2018 CyberCrime Symposium presenter Summer Fowler, is any business context.

Read More

Topics: CyberCrime Symposium, Cybersecurity Culture, Security Policy

Privacy, Cybersecurity, and the Nation’s Central Bank

People will defend their right to privacy to the end. Yet, they love their technology and so willingly share personal information online that they’re part of a coalition of malicious and legitimate cyber-actors that threaten it. Nevertheless, with legal ramifications growing, CISOs must now secure personally identifiable information (PII) and intellectual property (IP) while protecting its owner’s privacy.

Read More

Topics: Privacy, Financial Sector, CyberCrime Symposium

Cybersecurity Awareness in the Workplace: Building a Cyber-Family

It’s a connected world, fueled by a connected workforce whose organizations live and die by their data. Now that they can plug-in from any device, traverse cyber-space, and communicate via email, IM, or VoIP, older employees forget they haven’t always worked this way. But Phil Bickford contends that the current digital age — marked by the mainstream adoption of technology, emerging social media, and mobility — is only around 15 years old. How mature, then, can workplace cybersecurity awareness be?

Read More

Topics: Privacy, Cybersecurity Culture, CyberCrime Symposium

Privacy’s Conflicting Interests

Strong cybersecurity programs tightly control financial assets, but more and more, it’s information that’s the target of various bad actors around the world. A lot of this data falls into the privacy realm and under the protection of privacy laws. As new laws like the EU’s General Data Protection Regulation (GDPR) expand these protections, they’re colliding with equally important but often-conflicting national security and crime-fighting interests, according to Lawrence Dietz, founder of DataPrivacyLaw.com.

Read More

Topics: Privacy, CyberCrime Symposium

Why CISOs Need to Care About Privacy

Why should information security officers care about privacy? That’s the loaded question Todd Fitzgerald posed to a packed audience in his opening keynote at the 2018 CyberCrime Symposium. The short answer: They have to.

Read More

Topics: Privacy, CyberCrime Symposium

Lessons from the 2018 CyberCrime Symposium

Arguments over the importance of security versus privacy will continue, but the debate’s losing steam by the second. In today’s data-driven world, cybersecurity and data privacy are interdependent, high-stake functions, and businesses and government entities must prioritize both. This mandate is transforming the CISO role, with business leaders restructuring their org charts to create new C-level partnerships, reporting structures, and seats at the big table.

Read More

Topics: CyberCrime Symposium, Privacy

Easy Tools to Help You Create Cybersecurity Checklists that Work

Documenting step-by-step processes that are easy to follow, repeatable, and transferable, is a great way to create institutional knowledge. It makes your organization more cyber mature, and therefore, more resilient. Checklists are one of the methodologies that you can use to make that happen.

Read More

Topics: Cybersecurity Culture, Risk Management