Security


HBR has a great article up from a few days ago: “The Behavioral Economics of Why Executives Underinvest in Cybersecurity.” It’s an interesting read. If you’re too lazy or swamped to go read it, the gist is that natural human biases are such that the default state of behavior when it comes to investing in security is below that which is required to meet real-world risks.  For example, since we don’t always...

Read More

So I totally had another topic entirely queued up for the day… and then I noticed Bitcoin.  Have you noticed that BTC is trading at 2445?  This is down from SUNDAY where it was over 3k.  ETH is actually doing worse percentage-wise – at least today ($337.47, down about 15% on the day). This is major. And, if you think I’m being overly flip, I call your attention to the fact that I had holdings at Mt....

Read More

There’s an article this morning on Forbes from the CEO of UpGuard called “Cybersecurity Is Dead”.  The message is one you’ve heard: that looking for specific vendor solutions to plug holes isn’t super useful, that the future has to be a more holistic integration of security into all areas of the organization, that old models of “building moats and walls” don’t solve today’s...

Read More

So first of all, let me start by saying that I get it that Stephen Fry playing the role of Jeeves from like a billion years ago has nothing to do with anything.  That said, it came up in my google image search for “you’re doing it wrong” while looking for an image to use in conjunction with commenting on people’s use of the NIST CSF.  Frankly, I couldn’t resist: it lured me in almost as much as the giant,...

Read More

So the Active Cyber Defense Certainty Act (the “ACDC” Act) is now apparently making the rounds.  The gist is that it would make it legal for someone to attack someone else provided two things are true: 1) that “someone else” is in the process of conducting a cyberattack against you and 2) the attack is done for the purposes of “attribution” (i.e. for gathering information to give to law...

Read More

In the continuing saga of why the lack of security in biomed will eventually start killing people, we have yesterday the results of a security analysis of a pacemaker where they found apparently 8600 flaws — of which some are potentially deadly.  It’s an interesting report.  I urge you to read it. Now, WhiteScope is of course in the business of doing firmware research and assessments — so it’s arguably good for...

Read More