Sage Advice - Cybersecurity Blog

Privacy’s Conflicting Interests

Strong cybersecurity programs tightly control financial assets, but more and more, it’s information that’s the target of various bad actors around the world. A lot of this data falls into the privacy realm and under the protection of privacy laws. As new laws like the EU’s General Data Protection Regulation (GDPR) expand these protections, they’re colliding with equally important but often-conflicting national security and crime-fighting interests, according to Lawrence Dietz, founder of DataPrivacyLaw.com.

Read More

Topics: Privacy, CyberCrime Symposium

Why CISOs Need to Care About Privacy

Why should information security officers care about privacy? That’s the loaded question Todd Fitzgerald posed to a packed audience in his opening keynote at the 2018 CyberCrime Symposium. The short answer: They have to.

Read More

Topics: Privacy, CyberCrime Symposium

Lessons from the 2018 CyberCrime Symposium

Arguments over the importance of security versus privacy will continue, but the debate’s losing steam by the second. In today’s data-driven world, cybersecurity and data privacy are interdependent, high-stake functions, and businesses and government entities must prioritize both. This mandate is transforming the CISO role, with business leaders restructuring their org charts to create new C-level partnerships, reporting structures, and seats at the big table.

Read More

Topics: CyberCrime Symposium, Privacy

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: CyberCrime Symposium, Security Policy, Compliance

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Disrupt and Transform but Don’t Neglect Cybersecurity

Information security professionals can hardly be blamed if they’re ambivalent about digital disruption and digital transformation. On one hand, they’re getting traction with disruptive security technologies, whose automated, real-time capabilities help transform the security function. On the other, they’re facing mounting cybersecurity challenges as their organizations leverage IoT, AI, social tools, and mobility to become more efficient, effective, and engaging, said Don Anderson, a presenter at Sage’s 2017 CyberCrime Symposium.

Read More

Topics: Cyber Defense, CyberCrime Symposium

Assume Compromise: Protect, Detect and Respond

In 2012, when Sean Sweeney became CISO for a large university, info-security strategies focused on preventing breaches. At that time, “CISO stood for ‘chief information scapegoat officer,’” said Sweeney, a presenter at Sage’s 2017 CyberCrime Symposium.  “It was my job to prevent every possible attack against the university 24x7x365. That’s an unwinnable job, right?”

Read More

Topics: Cyber Defense, CyberCrime Symposium

Red Team Reality Check

At the very least, a high-profile, bull’s-eye breach teaches the victimized organization some hard lessons. Though it’s not an easy exercise for most SOC teams, C-suites, and boards, it’s far better to learn these tough security lessons upfront, by thoroughly testing their people, processes, and technologies.

Read More

Topics: CyberCrime Symposium, Cyber Crime, Technical Testing

Dispatches from the Dark Side of the ‘Net

For a brisk morning tour of Tor, darknets, and dark marketplaces, attendees of the 2017 CyberCrime Symposium couldn’t have asked for a more entertaining, informative guide than Neil Wyler. Grifter, as he’s known in the security community, launched his impressive career at age 11, when he began hacking computer systems. Eventually, he switched sides. Currently a threat hunting and incident response specialist at RSA Security, he’s been running technical operations for the Black Hat Security Briefings for 15 years, and serves as a senior staff member for DEF CON.

Read More

Topics: CyberCrime Symposium, Cyber Crime

Cybercrime-as-a-Service... Can You Spot the Cybercriminal?

Though it’s a natural evolution, the very existence of cybercrime-as-a-service (CaaS) shocks people. Never mind the annual global costs attributable to CaaS, or how much it hampers innovation. In his keynote at the 2017 CyberCrime Symposium, McAfee Chief Scientist Raj Samani made sure attendees understood the CaaS threat — calling his content the “most depressing 45 minutes” they’d ever get at a security event — by mapping its rise and rapid expansion.

Read More

Topics: CyberCrime Symposium, Malware, Cyber Crime