Microsoft Threat Intell: GALLIUM: Targeting global telecom
I guess this is important for Telcos (and others): GALLIUM: Targeting global telecom
Still relying on the network? It is the user!
It is not the first time I am talking about Zero Trust here. And often it is absolutely clear to the customers that the next perimeter is the identity and not necessarily the network to the same extent anymore. Read this article: More Than 99% of Cyberattacks Need Victims’ Help – the network protection will…
Using multi-factor authentication blocks 99.9% of account hacks
This is not fundamentally new but the figure is really high…
So, why are you still using username/password?
Politician’s Reactions on VIP Hack in Germany
I recently complained about the Swiss government and our inability in Switzerland to really drive Cybersecurity forward (Federal Council not deciding again – Switzerland falling behind on Cybersecurity). It was one of the most-read blog posts I wrote during the last few years… In one of the discussions on LinkedIn I talked about one of…
Security in the Supply Chain
Supply chain security is a very complex and difficult topic. The industry started to focus more and more on it and different approaches start to materialize. Mainly, security becomes part of the contract negotiation and part of the responsibilities of the supplier. In some cases, certifications like ISO 27001 are requested and the certificate must…
Microsoft Security Intelligence Report v23 available!
I still remember the first one and now we reach version 23… It has a lot of insights into the malware and cybercrime landscape with really actionable recommendations. The Microsoft Security Intelligence Report can be accessed in different ways: Infographic – https://aka.ms/SIRv23Info Full Report – https://aka.ms/SIRv23 Webinar (April 10th at 10 am PDT) – https://aka.ms/SIRv23webcast…
Leverage Artificial Intelligence for Cyber Defense
We all see a lot of chatter on Artificial Intelligence and the impact on Cyber Defense and anomaly detection. I am not clear yet how far it really takes us. I have great hopes but I do not think that it is the silver bullet. However, there are interesting success to look into like that…
Preventing Unwanted Porn from Spreading
I think it was around 2009 when Microsoft offered to leverage PhotoDNA to help law enforcement to fight child porn. PhotoDNA is a clever technology which helps to fingerprint any picture and keep the fingerprint stable even if you modify the picture (crop, change colors, brightness etc.). The idea is to build a database of…
Cybercrime Price List with Crime Economics
The question about underground prices is often coming up – often only for curiosity. However, this pricelist is extremely important if we try to understand at least the motivation and the business case of criminals. Let’s look at a simple business case for a criminal. On the upside we have two bullets: Economical gain –…
The Role Change of the CSO
I am in this business for almost two decades, which is frightening by itself. On the other hand, it is absolutely fascinating, how the security industry and especially the role of the CSO changed. I do not want to go into long stories of security itself but look at it: Initially it was all about…
Expected Threats in the Next 6 Months
As Threat Intelligence is one of the key assets to be built in companies, the right information sources will be key. The challenge there is not only to get information but to transform it into actionable intelligence. It needs to be targeted to the industry you are working in as well as to the situation…
Blackmailing happens everywhere today
We have seen ransomware and other vectors for the bad guys to make money. Additionally, the criminals are trying to make money from stolen data, wherever they can. That’s the latest one: Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients Nasty if you are one of them……
Interesting Facts on Data Breaches
The 2017 Data Breach Investigations Report by Verizon was just recently published and it contains a few interesting data points: 75% of the breaches were conducted by outsiders. So, the outsider threat is by far bigger than the insider. However, if you would assume breach, you kind of kill both attacks with one approach 51%…
Do we tackle the right Threat Intelligence?
As you might know, I am deeply convinced that better threat intelligence allows us to take better security decisions – and I am not the only one making this statement. I am trying to get my head around threat intelligence since a while now and realized that depending on with whom I talk, they have…
Criminals getting closer to State Actors
A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and…
Security – The CEO’s Responsibility
We always talk about it, right? Security is a top management responsibility but who is really taking this responsibility? Typically the CSO gets under pressure, once incidents happen. Well, Marissa Mayer – the CEO of Yahoo – does, now: Yahoo CEO Loses Bonus Over Security Lapses And with GDPR just around the corner with fines…
Threat Intelligence – The Next Big Thing and a Game-Changing Acquisition by Accenture
I made this statement often: To me a good and sound threat intelligence, which is linking to the business will be absolutely key in the future. Therefore we entered into agreement to acquire iDefense – so read on. A study we published last autumn made it clear: We are investing more and more money in…
Is Cyber Crime worth the effort?
Most of us most probably think that people committing Cyber Crime make a lot of money. The contrary seems to be the case. Looking at Report: Most cybercriminals earn $1,000 to $3,000 a month it seems that the income is fairly minimal. There is one statement in there, which I would challenge: In many ways,…
Christmas Wishes for Cyber Defense?
First of all I have to apologize: I had quite some technical issues with my blog and therefore had some time between now and the last post…. Today I would like to tap your brains: It is close to Christmas and therefore a typical time to hand your wish list to Santa (in our case…
IoT and the impact on the broader society
Nobody actually would argue with the challenge regarding IoT and security. There are plenty of examples out there proving how easy it is to compromise devices connected to the Internet, especially as security is really not at the forefront of companies developing these devices. We often talk about the impact this development could have when…