This cyberwar will be a continuous marathon war that will only compound and hyper-evolve in stealth, sophistication and easy entry due to the accelerated evolution of “as a service” attack strategies for sale on the dark web.
We’ve gone from a planet ruled by natural geography to political geography to kinetically functional geography to a cyber geography that is ruled by ideological variation rather than politically constructed boarders.
The way to stifle China’s growth is to inhibit the flow of their connectivity. In order to slow down Chinese expansion, we need to cripple their cyber-kinetic-political connectivity. Indirect polarization, in all forms, must be at the forefront of the agenda when conducting influence operations on all things China.
Cyber hygiene, patching vulnerabilities, security by design, threat hunting and machine learning based artificial intelligence are mandatory prerequisites for cyber defense against the next generation threat landscape.
America is a reactionary society which makes us prone and vulnerable to Hegelian dialectic style manipulation. I’m more concerned about the adversaries within our boarders than I am our adversaries from abroad.
I’d been an outcast my entire life. Growing up with technophobe parents in the dawn of a Cyborg Age did that to a person.
Cyber-confidence is crucial for finance.Consistency between security and threat is a key factor in Reputation and Customer Trust.
We need to move from the existing culture of compliance in cybersecurity to developing a culture of excellence in mitigating Cyber threats.
We have the technical sophistication of Tinker Toy’s protecting the IoT microcosms of America’s health sector organizations.
The gaping wound in America’s national security is without a doubt, the unregulated dragnet surveillance capitalists.
The security theater we are witnessing in our election system boasting the illusion of security via ‘clunky as heck’ and air gap defense will do nothing against the real and sophisticated adversarial landscape that is zeroing in on our democracy
Many members of Isis are not sophisticated attackers. The majority of members do not have a technical background. The UCC is predominately capable of hacking soft targets, such as Twitter accounts, and spreading propaganda or defacing websites
America’s treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted, while an organizational culture of ‘Participation Trophy Winners” managed by tech neophyte executives continue to lose one battle after the next.
The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully
If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked
Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to
As we've come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided
Employees make decisions every day that negatively affects their business’s security…As a result, we have known for a while that, to protect organizations, employees need online street smarts. However, the problem is that some in the industry treat employee awareness as a training concern or one-time activity. It is not. It is an ongoing cultural problem.
Employees can now easily leak company data through the use of insecure public Wi-Fi . If employees do not use VPNs to encrypt their data, they run the risk of exposing their traffic to cybercriminals. This means that passwords and usernames can be seen and intercepted by others on the network….. Although public WiFi hotspots are an invaluable services, there is a strong need for businesses to stay on top of the potential threats and security risks.
Creating back doors to hack in to secure devices will not only undermine consumer confidence in technology but most importantly empower cyber criminals and totalitarian regimes.
If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders
We didn't install the [Code Red] patch on those DMZ systems because they were only used for development and testing. — Anonymous client, shortly after spending 48 continuous hours removing 2001's Code Red worm from internal corporate servers
Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact
As our country increasingly relies on electronic information storage and communication, it is imperative that our Government amend our information security laws accordingly
Between the black box proprietary code, barebones computers we call voting machines and a mass of completely unqualified election officials, our election system is up for grabs to anybody with even a modest interest and some script kiddie capability. The cyber-kinetic attack surface here is wide open.
The collaboration between secretaries of state, election officials and the voting system manufacturers on the matter of enforcing this black box proprietary code secrecy with election systems, is nothing less than the commoditization and monetization of American Democracy
You think an Air Gap is a defense? Sofacy, Stuxnet, Uroburos, AirHopper, BitWhisperer and ProjectSauron…enough said!
Right and wrong isn’t a matter of ethics, rather it’s the geography in which you reside and whose control you’re under. Tallinn Manual 2.0 is based largely on western international humanitarian law.
We’re talking about the fate of our economy and the questionable resiliency of our Nation’s critical infrastructure. Why are experts so polite, patient, and forgiving when talking about cybersecurity and National Security? The drama of each script kiddie botnet attack and Nation State pilfering of our IP has been turned into a soap opera through press releases, sound bites and enforced absurdity of mainstream media. It’s time for a cybersecurity zeitgeist in the West where cyber hygiene is a meme that is aggressively distributed by those who have mastered it and encouraged to be imitated by those who have experienced it.
I don’t care how secure you think your organization is, I’ll social engineer my way inside in less than 24 hours regardless of the sophistication of your IoT microcosm security. Whatever obstacles I run into exploiting your technical vulnerabilities will be made up for by exploiting the vulnerabilities in the cyber hygiene of your staff.
You'll have the right to be angry about Vault 7 only after you boycott dragnet surveillance data providers like Google, Microsoft, Skype, Facebook and LinkedIn. The true threat is coming from the private sector surveillance profiteers.
A single spear-phishing email carrying a slightly altered malware can bypass multi-million dollar enterprise security solutions if an adversary deceives a cyber-hygienically apathetic employee into opening the attachment or clicking a malicious link and thereby compromising the entire network.
In an age of dynamic malware obfuscation through operations such as mutating hash, a hyper-evolving threat landscape, and technologically next generation adversaries, offensive campaigns have an overwhelming advantage over defensive strategies.
There's a compounding and unraveling chaos that is perpetually in motion in the Dark Web's toxic underbelly.
Few critical infrastructures need to expedite their cyber resiliency as desperately as the health sector, who repeatedly demonstrates lackadaisical cyber hygiene, finagled and Frankensteined networks, virtually unanimous absence of security operations teams and good ol’ boys club bureaucratic board members flexing little more than smoke and mirror, cyber security theatrics as their organizational defense.
If developed and implemented meaningfully, Cyber Shield Act could be a catalyst to incite responsible cybersecurity adoption and implementation throughout multiple manufacturing sectors.James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Real cybersecurity means that your Security Operations team is consistently pen testing your network with the same stealth and sophistication as the Russian nation state, the same desperation as China’s 13th Five Year Plan, the same inexhaustible energy of the Cyber Caliphate and the same greed and ambition for monetary payoff as a seasoned cyber-criminal gang.