Sage Advice - Cybersecurity Blog

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: Compliance, Security Policy, CyberCrime Symposium

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Disrupt and Transform but Don’t Neglect Cybersecurity

Information security professionals can hardly be blamed if they’re ambivalent about digital disruption and digital transformation. On one hand, they’re getting traction with disruptive security technologies, whose automated, real-time capabilities help transform the security function. On the other, they’re facing mounting cybersecurity challenges as their organizations leverage IoT, AI, social tools, and mobility to become more efficient, effective, and engaging, said Don Anderson, a presenter at Sage’s 2017 CyberCrime Symposium.

Read More

Topics: CyberCrime Symposium, Cyber Defense

Assume Compromise: Protect, Detect and Respond

In 2012, when Sean Sweeney became CISO for a large university, info-security strategies focused on preventing breaches. At that time, “CISO stood for ‘chief information scapegoat officer,’” said Sweeney, a presenter at Sage’s 2017 CyberCrime Symposium.  “It was my job to prevent every possible attack against the university 24x7x365. That’s an unwinnable job, right?”

Read More

Topics: CyberCrime Symposium, Cyber Defense

Red Team Reality Check

At the very least, a high-profile, bull’s-eye breach teaches the victimized organization some hard lessons. Though it’s not an easy exercise for most SOC teams, C-suites, and boards, it’s far better to learn these tough security lessons upfront, by thoroughly testing their people, processes, and technologies.

Read More

Topics: CyberCrime Symposium, Technical Testing, Cyber Crime

Dispatches from the Dark Side of the ‘Net

For a brisk morning tour of Tor, darknets, and dark marketplaces, attendees of the 2017 CyberCrime Symposium couldn’t have asked for a more entertaining, informative guide than Neil Wyler. Grifter, as he’s known in the security community, launched his impressive career at age 11, when he began hacking computer systems. Eventually, he switched sides. Currently a threat hunting and incident response specialist at RSA Security, he’s been running technical operations for the Black Hat Security Briefings for 15 years, and serves as a senior staff member for DEF CON.

Read More

Topics: CyberCrime Symposium, Cyber Crime

Cybercrime-as-a-Service... Can You Spot the Cybercriminal?

Though it’s a natural evolution, the very existence of cybercrime-as-a-service (CaaS) shocks people. Never mind the annual global costs attributable to CaaS, or how much it hampers innovation. In his keynote at the 2017 CyberCrime Symposium, McAfee Chief Scientist Raj Samani made sure attendees understood the CaaS threat — calling his content the “most depressing 45 minutes” they’d ever get at a security event — by mapping its rise and rapid expansion.

Read More

Topics: CyberCrime Symposium, Malware, Cyber Crime

Lessons from the 2017 CyberCrime Symposium

Cybercrime’s a global pandemic, and no organization, large or small, is immune. When everyone’s at risk, everyone’s responsible. And how they handle this responsibility has global implications.

If there’s any good news, it’s that everyone’s in it together. By making “Think Global, Act Local” the theme of its 2017 Cybercrime Symposium, Sage Data Security issued a call to action. Every organization’s charged with investing in the right people, training, technologies, and services to protect themselves, while striving to be an asset to a global community where collaboration’s critical.

Read More

Topics: CyberCrime Symposium, Cyber Defense

Conducting a Cyber-Crime Exercise in a Smaller Enterprise

When we talk about designing a great cyber-crime exercise, we always say that you need eight things to make it work. That sounds like good advice for a larger company, but what if you are in a smaller organization, say one with less than 300 employees? Can you still do this type of exercise? The answer is a resounding “yes!” A well-designed cyber exercise CAN be conducted in a smaller organization; it just takes a little readjusting of the eight basic things to make it all work.

Read More

Topics: CyberCrime Symposium, Incident Response

What You Don’t Know: Cyber Defense Against Unknown Threats

Even with all the traditional cybersecurity defenses, breaches still occur.  “So, why haven’t these traditional security products adequately protected you?” asked Jack Walsh, New Initiatives and Mobility Programs Manager at ICSA Labs, during his talk at the 2016 CyberCrime Symposium.  According to Walsh, it’s due, in part, to the fact that while they do an okay job against known threats, they “don’t do a good job at all against unknown and new threats.”

Read More

Topics: CyberCrime Symposium, Malware, Cyber Defense