CISO Says: Cyber Insurance and the Hunt for Affordable Coverage

“People who live in glass houses should take out insurance” and right now, the winds are blowing at hurricane strength.   Between two years of COVID and the seemingly daily headlines of breaches and ransomware attacks, healthcare organizations are reeling. According to a report from Comparitech, attacks in 2020 were double those in 2019, impacting…

Details

And now for a public service announcement…

T-Mobile recently confirmed that a threat actor stole the full names and driver’s license information for 40 million people last week.  While AT&T is currently denying it, another Threat Actor claims to have stolen the names, phone numbers, physical addresses, email addresses, and Social Security numbers for 70 million of their customers.   Ransomware makes…

Details

Darkside: Why is this time different from last time?

During the Jewish holiday of Passover, it’s traditional for the youngest child to ask the four questions, seeking to understand the symbolism behind the story of the exodus from Egypt. “Ma Nishtana” they ask in Hebrew. Why is this night different from all other nights?   That phrase popped into my head as the Colonial…

Details

Beware The No Name Hacker

Kevin Mitnick, Adrian Lamo, Albert Gonzalez, Mathew Bevan, and Richard Pryce.  Are these guys household names in your household? These five (and dozens of others), are among the most notorious hackers on the planet, people who spark fear into the hearts and minds of the most sophisticated technology organizations on the planet. These online villains…

Details

Is it Time to Rid Healthcare of Email?

I know, I might be accused of heresy for even bringing it up. But the statistics are so alarming these days, it’s a discussion that needs to be held at the very highest level of every healthcare organization in America.   For security’s sake, isn’t it time to get rid of email? There, I’ve said…

Details

Burning Down the House

After a week of dealing with attacks on Microsoft Exchange servers,  I got in my car,  turned on the radio, and heard that classic song by the Talking Heads. David Byrne says he wasn’t really singing about a house on fire but instead, about breaking free from whatever was holding you back. And I thought……

Details

Don’t Just Phish

Recently, a fellow CISO asked a group of us if we “punished employees who consistently failed to recognize phishing emails.” This created a great discussion with most folks agreeing that punishment rarely works and often has negative effects (including potential for legal action). After all, hackers take advantage of people’s willingness to be helpful or…

Details

Protect Yourself by Protecting Your Smartphone

Talk to any Chief Information Security Officer and they’ll tell you that the weakest link in their organization is always the individual. Take smartphones for example. They’re designed with security in mind but that protection is compromised each and every day. 70 million smartphones are lost each year, with only 7 percent recovered Users are…

Details

Be Cautious Using Google Search

The “bad guys” constantly look for ways to trick users into giving up information or download malicious software that will steal information.  One of the easiest ways for them to do this is to get you to click on links that show up using a search engine.  Given the popularity of Google search, bad actors…

Details

Vishing, Smishing, and Phishing. It’s more than Alphabet Soup!

I’ve talked a number of times about Phishing and we’ve talked about Smishing.   Today, I want to touch on the subject of Vishing.  Vishing is Phishing using voice.  This isn’t new.  You’ve all either received or know of folks who’ve received, phone calls from folks pretending to be from “Microsoft Support” or “Visa”.  You may…

Details