Thoughts on Breach of Trust vs. a Breach of Security
April 26, 2018
·
By
Peter Gregory ,
James Robinson
·
General thought: A breach of trust is different than a breach of security. Trust and security, while related, are very different from each other. In recent years, we have seen information security continuing to be defined with strong frameworks, guidelines, and support from regulators to security offices, while the concept of “trust” has just begun to emerge. In recent years we have seen Offices of Trust being defined in companies with the role of Chief Trust Officer.
Continue reading
The Business Trusts the Third Party – Should You?
April 10, 2018
·
By
James Robinson ,
Jeff Wichman
·
In this day and age we are faced with some hard facts within information security. One of those facts is that breaches are imminent and we must be prepared. Watching events unfold around us, organizations have taken to heart that breaches and incidents are a top priority, not only to prevent but to have a plan ready to respond if they are impacted. As a result, an increased number of organizations have invested in incident response (IR) tools, processes, skilled resources, as well as retainer and managed services. However, we still find there is progress to be made.
Continue reading
DDoS Threats: Are Your Third Parties Protecting You?
September 25, 2017
·
By
James Robinson
·
There’s evidence that ransomware may be evolving beyond holding data hostage. In recent news, DDoS attacks were used as a threat against organizations, shutting down their internet connections and holding the organization for ransom. DDoS attacks aren’t new. And while this new use of DDoS may be alarming, we need to pause and look at how business works in our interconnected world.
Continue reading
DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties
July 28, 2017
·
By
James Robinson
·
Every year I like to take a look at the talks at Black Hat and DEFCON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities.
Continue reading
Three Steps for Management and Remediation of Security Vulnerabilities with Third Parties
May 24, 2017
·
By
James Robinson
·
Over the years, security organizations have had to deal with many vulnerabilities that required quick response and remediation. Some examples that come to mind include Heartbleed, Shellshock, numerous specific vendor product vulnerabilities, and as we saw recently: WannaCry. All of these advisories require our organizations to quickly assess the exposure and impact; however, many of us stop at our own infrastructure. As we have seen with mobile, cloud and continued outsourcing, maintaining focus within our own virtual walls is not enough. There is significant risk and exposure to information if we have decided to leverage a service offering or third party.
Continue reading
Ransomware Kill Chain and Controls - Part 2: Once the Crying is Over, the Controls Must Kick In
May 17, 2017
·
By
James Robinson ,
Nick Hyatt
·
In the first part of the blog series, we alluded to the impending danger of ransomware campaigns. It appears the concerns were justified, given the size of the most recent cyber attack that hit countries worldwide on May 12. The WannaCry ransomware program, also called WannaCrypt, WanaCrypt0r and Wanna Decryptor, was launched by a group of cyber criminals causing computers in more than 100 countries to lock up and be held for ransom.
Continue reading
Three Steps to Enhancing Your Third-Party Risk Program
April 6, 2017
·
By
Peter Gregory ,
James Robinson
·
In the world of third-party and vendor risk management, many new practices are being adopted. Over the past few weeks, members of Optiv’s third-party risk team have initiated conversations with key industry leaders through a series of roundtable discussions. These thought leaders own or participate in their organizations’ third-party strategies. During these sessions, we shared leading practices and principles, and identified a number of common trends.
Continue reading
Ransomware Kill Chain and Controls - Part 1
April 20, 2016
·
By
James Robinson
·
With the rising threat of ransomware, we continue to see more and more coverage of the topic in the news and in marketing campaigns. I guess about half of all marketing emails I get are ransomware-oriented. It could be the lists I am on, but I think ransomware is shaping up to be the top marketed threat in 2016.
Continue reading
Reducing Your Personal Attack Surface
February 11, 2016
·
By
James Robinson
·
Many of us are consumers of technology, I would consider myself in the upper echelon of this group. I own multiple laptops, desktops, servers, cloud-based workstations, tablets, mobile devices, smart fashionware and social media accounts, to name a few. But, with this enthusiasm and love for the newest gadget or tool to stay connected comes a new risk – one that organizations have been fighting for years, and the consumer is starting to face. This is the risk of your personal attack surface.
Continue reading
Financially Motivated Whaling Attacks
January 14, 2016
·
By
James Robinson ,
Ping Look
·
On any given day, many people receive hundreds of emails. But when an employee receives an email from their CEO, CFO or another senior executive, they are more likely to notice and respond. Unfortunately, this natural human behavior is exactly what malicious actors are exploiting in the latest “whaling” attack.
Continue reading
(26 Results)
