Sage Advice - Cybersecurity Blog

Becky Metivier

Recent Posts

Why is Data Classification Important for Information Security?

Data classification is as fundamental a part of securing your organization's information as knowing what data you have and who can access it. It's the process of identifying and assigning pre-determined levels of sensitivity to different types of information. If your organization doesn’t properly classify your data, then you cannot properly protect your data.

Read More

Topics: Security Policy, Risk Management

Email Security – What Does the Future Hold?

Email completely changed the way we communicate and the way we do business. While it makes us more efficient, it comes with a cost. And that is the risk of a data breach. There are a myriad of studies that reach the same conclusion year after year. The majority of cyberattacks begin when someone clicks on a link in a phishing email.

Read More

Topics: Social Engineering, Risk Management

Why Email is a Cybersecurity Risk and How to Protect Yourself

Many successful cyberattacks start with someone clicking a link in an email. According to Verizon’s latest Data Breach Investigations Report, phishing and pretexting represented 93% of all social breaches they studied. And email was the most common attack vector (96%). But it’s impossible to imagine doing your job without email, so what can you do to mitigate some of the risk?   

Read More

Topics: Malware, Risk Management

Automation, Algorithms and AI — Oh My

Futurist, author, and consultant Mike Walsh spends 300-some-odd days a year traveling the globe researching technology trends, keynoting industry events, and guiding organizational leaders through the complexities of digital disruption. Appropriately, then, his 2018 CyberCrime Symposium presentation took attendees on a whirlwind tour of the transformative forces they’ll manage if they want to thrive in an increasingly AI-driven world. As he told the info-sec and privacy officers in attendance, the goalposts that marked 2020 as AI’s future zone have been pushed back a decade or so, but he warned them not to get complacent.

Read More

Topics: CyberCrime Symposium, IoT, Privacy

Face It: Cameras are Everywhere

Christopher Pierson thinks facial recognition, as both a topic and a biometric, is “super cool,” and that enthusiasm energized his 2018 CyberCrime Symposium session, “The Privacy and Security Implications of Facial Recognition.” But because he’s worn so many professional hats — from inventor, CISO, CPO, and general counsel, to member of DHS’s Data Privacy and Integrity Advisory Committee and its Cybersecurity Subcommittee — he could exult in facial scanning technology’s cool factor while laying out some of the growing legal, ethical, and privacy concerns surrounding it. 

Read More

Topics: CyberCrime Symposium, Privacy

Blockchain Can Build Decentralized Trust

A pioneering force in VoIP, streaming media, and collaborative tools, Dan Harple has had a front-row seat to the evolution of the Internet. In his 2018 CyberCrime Symposium session, Harple, now CEO of Context Labs, compellingly argued that the Internet’s commercialization has created the very centralization that DARPA and its TCP/IP inventors wanted to prevent when they designed a decentralized Internet architecture. By concentrating critical assets and data in one place, centralized systems increase cybersecurity risks, because once cyber threat actors penetrate defenses, they’ve got the keys to the kingdom.

Read More

Topics: CyberCrime Symposium, Blockchain

Does Malware Have Citizenship?

In talks with information security professionals at security conferences, user group events, and customer sites, Chester Wisniewski frequently fields questions about country-based blocking as a network defense tactic. Though he couldn’t find any published data to confirm his assumptions, “I couldn’t see any meaningful correlation between the countries from which traffic originates and attack patterns,” said Wisniewski, a principal research scientist at Sophos.

Read More

Topics: CyberCrime Symposium, Threat Intelligence, Threat Hunting

Measuring Cybersecurity Success

Many CISOs struggle to build a compelling business narrative around their cybersecurity efforts. So when they stand before C-execs or board members, they turn to quantitative measures to craft a basic blocking-and-tackling story (check out how many suspicious connections our firewalls blocked last quarter) and watch eyes glaze over. What’s missing from these number-packed tales, according to 2018 CyberCrime Symposium presenter Summer Fowler, is any business context.

Read More

Topics: Security Policy, CyberCrime Symposium, Cybersecurity Culture

Privacy, Cybersecurity, and the Nation’s Central Bank

People will defend their right to privacy to the end. Yet, they love their technology and so willingly share personal information online that they’re part of a coalition of malicious and legitimate cyber-actors that threaten it. Nevertheless, with legal ramifications growing, CISOs must now secure personally identifiable information (PII) and intellectual property (IP) while protecting its owner’s privacy.

Read More

Topics: CyberCrime Symposium, Financial Sector, Privacy

Cybersecurity Awareness in the Workplace: Building a Cyber-Family

It’s a connected world, fueled by a connected workforce whose organizations live and die by their data. Now that they can plug-in from any device, traverse cyber-space, and communicate via email, IM, or VoIP, older employees forget they haven’t always worked this way. But Phil Bickford contends that the current digital age — marked by the mainstream adoption of technology, emerging social media, and mobility — is only around 15 years old. How mature, then, can workplace cybersecurity awareness be?

Read More

Topics: CyberCrime Symposium, Cybersecurity Culture, Privacy