Our Thinking

Are your privileged accounts under control? - Part Two

Posted by Dan Legault on Mar 24, 2017 3:39:59 PM

In our last blog, we introduced and expanded our analysis of how organizations keep their privileged accounts under control. We exposed the magnitude of the sensitivity of these accounts and the capabilities that may be required by them. Then, we introduced leading practices to get the accounts under control, mainly by executing a sound strategy. Now we will continue the discussion and reveal what the strategy should cover as well as how to manage its success.

Read More

Topics: Security

When an Asset Becomes a Liability: Up-time is Important, but Unsecure Up-time May Be a Liability

Posted by Larry Skelly on Mar 22, 2017 11:22:06 AM

A note from the author: As I talk to more and more organizations a new challenge is emerging: balancing the need to be secure with the need to have operational systems. I’ve written this blog post from an internal perspective (CEO) to provide an “insider” view on the problem. While not meant to describe operations at any firm specifically, the challenges identified and the solutions required to resolve them are real and attainable with the right team and the right skills. 

Read More

Security Breaches Cost Organizations Far More Than Just Money

Posted by Kim Scott on Mar 17, 2017 12:09:26 PM

Data breaches can be very costly and are unfortunately becoming a common trend in the news. Not only do they cost companies millions of dollars in fines, but they can cost enough reputational damage to jeopardize sales. A recent article on Bloomberg.com discusses how last year’s security breach of Yahoo! Inc. forced the company to drop their sale price to Verizon by $350 million dollars. There would likely be additional costs incurred to resolve the issue itself and repair any damage to the brand image. The article even goes on to say that Verizon, at one point, considered cancelling the purchase of Yahoo! Inc. altogether. 

Read More

Topics: Security, Service Management

Are your privileged accounts under control? - Part One

Posted by Dan Legault on Mar 15, 2017 3:03:12 PM

Are your privileged accounts under control? This seems like a straightforward question but before you answer it, let’s take a step back and put the question into context.  

Read More

Topics: Security

Taking an IAM View of Verifone's Breach

Posted by Dan Legault on Mar 9, 2017 5:24:15 PM

Another major breach was disclosed on this week’s Krebs blog by acclaimed cybersecurity reporter Brian Krebs. He reported that Verifone is investigating a breach of its internal computer networks.  According to the article, it appears to have impacted several companies running Verifone’s point-of-sale solutions. The company says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. It also appears that social engineering tactics were employed to gain initial access.

Read More

Topics: Security

HIMSS17 is Alive and Well

Posted by Adam Kehler on Mar 7, 2017 1:41:17 PM

Another HIMSS Conference has come and gone, complete with thousands of attendees, hundreds of sessions, a trade floor that measured in acres, and headliner keynotes. There is something for everyone at HIMSS and each attendee will have gotten something different out of attending. For me it was a chance to connect with colleagues, make some new acquaintances, meet some people in person that I had only worked with virtually, attend some sessions, and speak with vendors.

My focus for the conference was Privacy and Security. For anyone in this field, there is always a lot to take in at the HIMSS conference. Several sessions were offered that focused on Privacy and Security and there are countless vendors touting “secure this,” “secure that,” and “HIPAA Compliant everything.”

Read More

Topics: Security

Have You Heard of Floki Bot Yet?

Posted by Shawn Lukaschuk on Mar 3, 2017 5:06:38 PM

In September 2016, a user identifying themselves as flokibot advertised some new malware for the Windows operating system named Floki Bot. The malware was based on ZeuS 1 but with a new and improved dropper. Available for a low price of only $1,000 USD, the malware has evolved rapidly since incorporating new antidetection features, it is also expected to implement TOR connectivity soon.

Read More

Topics: Security

Post-RSA Conference 2017 Q&A with Dan Lapierre

Posted by Dan Lapierre on Feb 23, 2017 4:44:03 PM

Last week a record number of more than 43,000 participants attended the RSA Conference 2017. Many Onliners attended the event, including Dan Lapierre from our Risk, Security, and Privacy practice. We had a chance to sit down with Dan this week to get his thoughts on the conference.

Read More

Topics: Security

Protecting the empire goes beyond securing the castle walls: Understanding the importance of audit controls

Posted by Adam Kehler on Feb 14, 2017 5:08:03 PM

Is your information security program stuck in the middle ages? Are you still just protecting the castle walls or have you taken a step forward into the modern times where you must assume your outer perimeter will be breached.

Healthcare organizations are notorious for applying minimal security measures, which generally consist of firewall and anti-virus precautions to prevent attackers from penetrating their systems. This is an antiquated method that simply doesn't work. You need to think more strategically and prepare your organization for impending attacks by assuming that your defenses will be breached. In fact, 56% of organizations say it is unlikely or highly unlikely that they would be able to detect a sophisticated attack. On top of that, it takes an average of over 200 days for an organization to simply detect an attack of any severity. Those are some scary stats to consider when people’s personal information is at stake.

Read More

Topics: Security

Cyber Risk is no board game – you need to know when to accept, mitigate, or transfer risk to a 3rd party

Posted by Steve Levinson on Feb 9, 2017 3:57:45 PM

The risk landscape continues to evolve with each and every passing day. Yesterday’s secure platform has now become today’s weakest link. Every moment, your organization faces some degree of security risk. The boardroom is ultimately responsible for having an inherent understanding of the various risks to the organization, and therefore is challenged with determining the ideal strategies to address the risk. Once a threat or vulnerability becomes publicly known*, the fuse is lit; and business leaders need to be prepared to make prudent decisions to protect their organizations.

Read More

Topics: Security

Our Thinking - The Online Blog is a source for insights, resources, best practices, and other useful content from our multi-disciplinary team of Onliners.

Subscribe to Blog Updates