Sage Advice - Cybersecurity Blog

Conducting a Cyber-Crime Exercise in a Smaller Enterprise

When we talk about designing a great cyber-crime exercise, we always say that you need eight things to make it work. That sounds like good advice for a larger company, but what if you are in a smaller organization, say one with less than 300 employees? Can you still do this type of exercise? The answer is a resounding “yes!” A well-designed cyber exercise CAN be conducted in a smaller organization; it just takes a little readjusting of the eight basic things to make it all work.

Read More

Topics: CyberCrime Symposium, Incident Response

What You Don’t Know: Cyber Defense Against Unknown Threats

Even with all the traditional cybersecurity defenses, breaches still occur.  “So, why haven’t these traditional security products adequately protected you?” asked Jack Walsh, New Initiatives and Mobility Programs Manager at ICSA Labs, during his talk at the 2016 CyberCrime Symposium.  According to Walsh, it’s due, in part, to the fact that while they do an okay job against known threats, they “don’t do a good job at all against unknown and new threats.”

Read More

Topics: CyberCrime Symposium, Malware, Cyber Defense

Cyber Insurance: Are You Covered?

Back in the late ‘90s, the insurance industry came out with an early cyber insurance product. As it was a product for Y2K losses, “it was a dud, and when it died, everybody thought that cyber insurance would never take off,” said Peter Foster, in the opening remarks of his session at the 2016 CyberCrime Symposium on cyber insurance realities. "Today," said Foster, who helps large companies manage risk in his role as EVP and FINEX Cyber Leader for Willis Towers Watson, "US companies are paying a total of $3 billion in cyber insurance premiums and insurance companies are covering losses caused by breaches."

Read More

Topics: CyberCrime Symposium, Risk Management

Behind the Scenes: Demystifying Malware

The frequency and size of malware attacks and the havoc they wreak are generating a continuous stream of media coverage, attracting eyeballs with often shocking details of breach size. What’s often missing in news stories on data breaches are critical behind-the-scenes “players” – the employee roles and IT systems targeted, the technology infrastructure that supports an attack, the malware tools, and the attackers that create and use the infrastructure.

Read More

Topics: CyberCrime Symposium, Malware, Cyber Defense

Cybercrime Attribution Analysis:  The Cyber Who Done It

As much as cybersecurity professionals need to be concerned about insider threats, the bulk of data breaches are still the work of outside forces. "In 2015, 77.7% of all the data breaches we tracked came from the outside,” said Jake Kouns, CISO for Risk Based Security, a consultancy that helps organizations apply analytics to real-time data to monitor activity, and CEO of the Open Security Foundation, which oversees the Open Source Vulnerability Database (OSVDB.org) and DataLossDB.org. “While insiders may hurt you worse because they know where the crown jewels are, breaches are much more likely to be coming from the outside.”

Read More

Topics: CyberCrime Symposium, Cyber Defense, Cyber Crime

Don’t Blame Bitcoin for Ransomware

Though it’s been around in various incarnations for a couple of decades, ransomware is one of the hottest topics in the world of cybersecurity, and for good reason. It’s malware on the rise, thanks to its role in a growing number of successful cyber-attacks and the high ROI it delivers.

Read More

Topics: CyberCrime Symposium, Malware, Ransomware

Cybersecurity Awareness Can Be Fun and Games

Like most cybersecurity experts, Ira Winkler has a wealth of stories that illustrate how dangerous user behavior can be to cybersecurity. He’s also got something more. A “modern-day James Bond,” Winkler is indeed a straight shooter, with a humor-laced delivery style that’s well suited to the topic of gamification – a tool he sees as instrumental to cybersecurity awareness and the subject of his presentation at the 2016 CyberCrime Symposium.

Read More

Topics: CyberCrime Symposium, Cybersecurity Culture

Mobile Malware’s Getting Smarter

Despite their immense popularity, ubiquity, and ability to find their way into just about any IT conversation and industry content, mobile devices haven’t attracted much interest from the attack side. Though device infections did reach a new high in April 2016, they comprised just 1.06% of total malware infections, explained Kevin McNamee, director of Nokia’s Threat Intelligence Lab, during his presentation at the 2016 CyberCrime Symposium.

Read More

Topics: CyberCrime Symposium, Malware, Mobile Security

Managing IoT Risk: The Internet of Things is a Lot of Things

The Internet of Things (IoT) is, both literally and figuratively, a lot of things. At this point in its evolution, it’s something of a paradox. While IoT as an infosec topic pursues cybersecurity professionals wherever they go, its nature is to blend into its surroundings. In fact, in his presentation at the 2016 CyberCrime Symposium, Chris Poulin likened it to the iconic chameleo-creature from the Predator film franchise.

Read More

Topics: CyberCrime Symposium, IoT

Lessons from the 2016 CyberCrime Symposium

Cybersecurity professionals get no relief. For every threat they counter, there are hundreds more waiting to strike, or some new point of vulnerability to consider. With the IP-enabling of every manner of device, machine, and facility, physical security managers are in the same pressure cooker as their IT counterparts. We’ve entered the era of cyber convergence, where both groups will have to join forces to protect their organizations as the battle escalates.

Read More

Topics: Sage News, CyberCrime Symposium, Cyber Crime