Author Archives: Taylor Armerding

One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?

That scenario is starting to worry some organizations, for several reasons.

First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.

To read this article in full or to leave a comment, please click here

In the world of cybercrime, ransomware and DDoS attacks had the highest profile by far during the past year. There was an entire day devoted to a ransomware “summit” at the recent RSA conference in San Francisco.

But when it comes to money being lost (and made), bot fraud is king – by a lot.

Most estimates of losses in the US from ransomware during 2016 were in the $1 billion range. By contrast, a study published in January 2016 by White Ops and the Association of National Advertisers (ANA) titled “Bot Baseline: Fraud in Digital Advertising,” estimated global losses in 2016 would be $7.2 billion.

To read this article in full or to leave a comment, please click here

FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding.

Actually, he went further, declaring that such default encryption “shatters” the bargain.

“This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.

To read this article in full or to leave a comment, please click here

FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding.

Actually, he went further, declaring that such default encryption “shatters” the bargain.

“This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.

To read this article in full or to leave a comment, please click here

FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding.

Actually, he went further, declaring that such default encryption “shatters” the bargain.

“This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.

To read this article in full or to leave a comment, please click here

While plenty of controversy has surrounded President Donald Trump’s fledgling administration, it hasn’t yet faced a major crisis.

But according to Forrester Research, aside from any political or military events, the new president will face a cyber crisis sometime within his first 100 days.

The company made the prediction last fall, prior to the election, as part of its “Predictions 2017” brief, so it didn’t specifically focus on either Trump or Democratic candidate Hillary Clinton.

To read this article in full or to leave a comment, please click here

While plenty of controversy has surrounded President Donald Trump’s fledgling administration, it hasn’t yet faced a major crisis.

But according to Forrester Research, aside from any political or military events, the new president will face a cyber crisis sometime within his first 100 days.

The company made the prediction last fall, prior to the election, as part of its “Predictions 2017” brief, so it didn’t specifically focus on either Trump or Democratic candidate Hillary Clinton.

To read this article in full or to leave a comment, please click here

If you are a victim of ransomware, don’t pay!

That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.

But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.

To read this article in full or to leave a comment, please click here

If you are a victim of ransomware, don’t pay!

That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.

But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.

To read this article in full or to leave a comment, please click here

Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.

But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.

Unfortunately, none of them has worked very well so far.

In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.

To read this article in full or to leave a comment, please click here