Category Archives: Greg Touhill

As FireEye grapples with breach investigation, questions remain

Posted on by

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S. government should do more to protect cyber industry titans like FireEye, one of the top cybersecurity firms in the world with customers that counts Fortune 500 companies among its clients. The hack adds FireEye to the list of cybersecurity companies that have experienced their own breaches, a roster stretching back to at least the beginning of the last decade. “This news has rocked the cybersecurity industry to our core, unlike anything since the RSA hack” from 2011, said Tom Bossert, president of Trinity Cyber and the former homeland security adviser to President Donald Trump. “It’s a pretty big deal.” FireEye revealed on Tuesday […]

The post As FireEye grapples with breach investigation, questions remain appeared first on CyberScoop.

Continue reading As FireEye grapples with breach investigation, questions remain

Advice for the U.S. government: Stop talking and start doing

Posted on by

When it comes to cybersecurity, the United States government is great at talking the talk, yet consistently falls short of walking the walk. Unless the U.S. government actually implements the cybersecurity best practices it touts, the nation and its citizens will continue to be at an increased risk of a cyberattack.   The government has already acknowledged the need for multi-factor authentication. In 2003, it started fielding Common Access Cards (CAC) in the military, as well as Personal Identification Verification (PIV) cards in civilian agencies. At that time, the game plan was to complete the MFA implementation across the government before the end of 2008. In April 2015, MFA implementation levels hovered below 50 percent. The massive breach at the Office of Personnel Management (OPM), which leveraged compromised user name and password credentials, could have been stopped with more rigid MFA practices. It wouldn’t have made this attack impossible, but […]

The post Advice for the U.S. government: Stop talking and start doing appeared first on Cyberscoop.

Continue reading Advice for the U.S. government: Stop talking and start doing