Roger Halbheer on Security
It is interesting how many companies offer privacy services since the EU announced GDPR and the number is still growing. Almost every company today has a GDPR practice or at least is offering GDPR services. The question shall be asked, whether they are up to the task. I would expect – as companies will get…
DetailsWe have seen ransomware and other vectors for the bad guys to make money. Additionally, the criminals are trying to make money from stolen data, wherever they can. That’s the latest one: Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients Nasty if you are one of them……
DetailsThe 2017 Data Breach Investigations Report by Verizon was just recently published and it contains a few interesting data points: 75% of the breaches were conducted by outsiders. So, the outsider threat is by far bigger than the insider. However, if you would assume breach, you kind of kill both attacks with one approach 51%…
DetailsAs you might know, I am deeply convinced that better threat intelligence allows us to take better security decisions – and I am not the only one making this statement. I am trying to get my head around threat intelligence since a while now and realized that depending on with whom I talk, they have…
DetailsA few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and…
DetailsWe always talk about it, right? Security is a top management responsibility but who is really taking this responsibility? Typically the CSO gets under pressure, once incidents happen. Well, Marissa Mayer – the CEO of Yahoo – does, now: Yahoo CEO Loses Bonus Over Security Lapses And with GDPR just around the corner with fines…
DetailsOne of the discussions I have with a lot of customers is around managed security services. Especially themes like Security Operation Centers seem to be fairly emotional as quite some customers want to build and run one themselves (and yes, I know the challenges around regulation). One of the points I often make is the…
DetailsI made this statement often: To me a good and sound threat intelligence, which is linking to the business will be absolutely key in the future. Therefore we entered into agreement to acquire iDefense – so read on. A study we published last autumn made it clear: We are investing more and more money in…
DetailsThe Accenture Technology Vision is a visionary piece of work showing where we see technology develop over time. It is interesting to see that more and more people are getting back to the center of what we do and where we go. So, the Technology Vision this year carries the title “Technology for People –…
DetailsIn the context of an event in Berlin, where I had a presentation, I was asked for an interview (in German):
A “thank you” to ISACA German for producing this interview.
Andi t will happen again; I would expect: Ukraine Power Outage Confirmed as Cyber Attack …and not “only” in Ukraine. Swiss TV did a series called Blackout on January, 2nd – three days the power is gone and what happens, what happens afterwards etc. There were seven “fictions documentaries“, which were really interesting. What was…
DetailsJust a quick one. I was aware that a few data points in an anonymized data set can already be enough to identify a single person. However, what you can get out of Facebook is amazing. If you do not know it yet, go to https://applymagicsauce.com/ and apply the magic to your Facebook profile. Just…
DetailsMost of us most probably think that people committing Cyber Crime make a lot of money. The contrary seems to be the case. Looking at Report: Most cybercriminals earn $1,000 to $3,000 a month it seems that the income is fairly minimal. There is one statement in there, which I would challenge: In many ways,…
DetailsFirst of all I have to apologize: I had quite some technical issues with my blog and therefore had some time between now and the last post…. Today I would like to tap your brains: It is close to Christmas and therefore a typical time to hand your wish list to Santa (in our case…
DetailsActually the article I was looking at was called: The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints. However, a major part – in my opinion – is not only true for the endpoint but for security in companies as such: Underestimating Human Error: Well it starts with the administrator who is taking wrong…
DetailsWhat I see in my daily life is, that a lot of banks are focusing heavily on compliance when it comes to security. The way I put it is that compliance does not bring security – but good security brings compliance. However, the financial crisis and the situation a lot of banks are in make…
DetailsAre networks air gapped, really? Do you build critical systems on commercial products? Often critical systems are built on commercial products and air gapped networks are almost air gapped – except for the few bridges that were built for convenience reasons… Look at recent news: These classified networks are definitely not connected to the Internet,…
DetailsNobody actually would argue with the challenge regarding IoT and security. There are plenty of examples out there proving how easy it is to compromise devices connected to the Internet, especially as security is really not at the forefront of companies developing these devices. We often talk about the impact this development could have when…
DetailsOne of the key challenges on the Internet is that law enforcement does hardly work on the Internet. This has different reasons: The legal frameworks – if they exist – are hardly aligned internationally but the criminals are. Law enforcement, even though they made great progress still has a hard time to work across the…
DetailsSince quite some years, governments are building Cyber forces – either within the military or within national intelligence. This is a normal trend and was expected even back then. When I met these governments, I typically asked them how they see the risks that the people they train actually leave the government (or get fired)…
Details
