Not only Russia, I would say…
Leverage Artificial Intelligence for Cyber Defense
We all see a lot of chatter on Artificial Intelligence and the impact on Cyber Defense and anomaly detection. I am not clear yet how far it really takes us. I have great hopes but I do not think that it is the silver bullet. However, there are interesting success to look into like that…
DetailsWhy the Cloud is more secure than On Prem
Most of you might know it in the meantime: I am back at Microsoft working as an Executive Security Advisor in the Western European region. One of the reasons why I re-joined was that I want to be able to have a real impact with one of the leading providers of technology, especially in the…
Details
Digitalization and Security Regulation
This month the Swiss Federal government organized a Swiss Digital Day to help to drive the discussion within Switzerland on the impact of digitalization on the different aspects of our life.Cybersecurity is all over the place, which is very good – something which would not have been the case a few years ago. Everybody knows…
DetailsPreventing Unwanted Porn from Spreading
I think it was around 2009 when Microsoft offered to leverage PhotoDNA to help law enforcement to fight child porn. PhotoDNA is a clever technology which helps to fingerprint any picture and keep the fingerprint stable even if you modify the picture (crop, change colors, brightness etc.). The idea is to build a database of…
Details
Protecting USB Sticks
It is in my opinion a controversial discussion: Do you allow the use of USB sticks in a corporate environment and if yes, how? Obviously, today there are a lot of other means to exchange information but the USB stick still seems to be important for users. To have a presentation for an event on…
Details
Cybercrime Price List with Crime Economics
The question about underground prices is often coming up – often only for curiosity. However, this pricelist is extremely important if we try to understand at least the motivation and the business case of criminals. Let’s look at a simple business case for a criminal. On the upside we have two bullets: Economical gain –…
DetailsOrdering Technology Off a Government Organization
I guess we all read the news of President Trump ordering governmental organizations to migrate off any Kaspersky security software ASAP. This is basically an interesting move as it highlights the challenges regarding supply chain security, however, is this an effective was to protect an organization? I hope President Trump and/or his advisors consider a…
DetailsWhat great leaders do
I have seen different talks by Simon Sinek and I have to admit, I really like him. I just recently found a TED Talk by him on leadership. He had a few really remarkable quotes on leadership: In military, they give medals to people who sacrifice themselves so others may gain. In business, we give…
DetailsWell, another one: CIO or C-Suite: To Whom Should the CISO Report?
At least the security community seems to agree…
The Role Change of the CSO
I am in this business for almost two decades, which is frightening by itself. On the other hand, it is absolutely fascinating, how the security industry and especially the role of the CSO changed. I do not want to go into long stories of security itself but look at it: Initially it was all about…
Details
Careful what you do with your boarding pass
A lot of people just throw away their boarding pass after a flight. I mean, what information do you find on it? Name, seat, date and flight. So what? You can find this information for a lot of people on social media anyway, right? Well, not really. There is other information on it as well…
Details
Expected Threats in the Next 6 Months
As Threat Intelligence is one of the key assets to be built in companies, the right information sources will be key. The challenge there is not only to get information but to transform it into actionable intelligence. It needs to be targeted to the industry you are working in as well as to the situation…
DetailsHotel Security – The Protocol
Me just a few minutes ago (real life, just the room number is not real): At the reception: Me: Sorry, my key does not seem to work anymore. Reception: What is your room number, sir? Me: 683 Reception: Mr. Halbheer? Me: Yes Reception: Let me give you a new key I understand: A scammer would…
Details
Spread of Eternal Blue – Patching Still a Huge Issue
Back in the early days at Blaster we told the customers that they must do three things: Switch on your firewall Apply security updates Have an anti-virus software installed and keep it updated It seems that even after Wannacry and Petya people have not learned, yet: Look at these statistics with computers still being vulnerable…
Details
Attacks on the Critical Infrastructure happen!
It is not new that in December 2015 and December 2016 Ukraine suffered a power outage due to a cyber-attack. Researchers now figured out that both attacks leveraged the same framework to base their attacks on. It is not as sophisticated as Stuxnet for different reasons (only leverages one vulnerability, the way it communicated, etc.)…
DetailsGDPR – Avoiding False Promises
It is interesting how many companies offer privacy services since the EU announced GDPR and the number is still growing. Almost every company today has a GDPR practice or at least is offering GDPR services. The question shall be asked, whether they are up to the task. I would expect – as companies will get…
Details
Blackmailing happens everywhere today
We have seen ransomware and other vectors for the bad guys to make money. Additionally, the criminals are trying to make money from stolen data, wherever they can. That’s the latest one: Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients Nasty if you are one of them……
Details
Interesting Facts on Data Breaches
The 2017 Data Breach Investigations Report by Verizon was just recently published and it contains a few interesting data points: 75% of the breaches were conducted by outsiders. So, the outsider threat is by far bigger than the insider. However, if you would assume breach, you kind of kill both attacks with one approach 51%…
Details