The global pandemic has been dictating how the whole world is reforming, businesses included. Different forums and analyst reports are increasingly calling out the future of businesses as they are moving their workloads to the cloud gradually. IDC “expects 2021 to be the year of multi-cloud” as the global COVID-19 pandemic reinforces the need for business to

I grew up watching professional football back in the 70s, when defenses were so good they had their own nicknames. The Pittsburgh Steelers had the “Steel Curtain,” the Miami Dolphins had the “No-Name Defense” and the Dallas Cowboys had the “Doomsday Defense.” The Cowboys’ defense was based on a newfangled concept cal

There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to the business. This allows CISOs and other similar titles with leadership respo

The traditional threat landscape comprised of conventional IT assets is difficult enough to protect, detect and respond to, but the landscape seems to be quickly expanding beyond traditional IT. Those new domains are operational technology (OT), the internet of things (IoT) and the internet of medical things (IoMT). Devices from non-traditional IT environmen

The medical internet of things (IoT) is no longer a futuristic concept. It is here today, and it includes devices you may have never considered a part of the patient care ecosystem, such as elevators, beds, exit signs and clocks. Between those operational technologies and the devices the U.S. Food and Drug Administration (FDA) has already deemed critical, th

Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence. Following an uptick in data breache

The volume of threats that security teams see on a daily basis can make it especially difficult to look at the big picture when it comes to developing an effective cybersecurity strategy. To see through the flood of data and alerts, organizations depend on actionable threat intelligence to help them understand and mitigate risks. Looking at long-term trends

Today, I’m pleased to share some of the key findings from the 2020 Cost of Insider Threats Global Report. This is the third benchmark study, independently sponsored by IBM Security and ObserveIT to help understand the direct and indirect costs that result from insider threats. The first study was conducted in 2016 and focused exclusively on companies i

Artificial intelligence (AI) excels at finding patterns like unusual human behavior or abnormal incidents. It can also reflect human flaws and inconsistencies, including 180 known types of bias. Biased AI is everywhere, and like humans, it can discriminate against gender, race, age, disability and ideology. AI bias has enormous potential to negatively affect

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy

As organizations march into the digital age, data sprawl is accelerating. Information of all kinds is stored everywhere, accessed by multiple people many times a day and shared across corporate and international boundaries. Most organizations do not have a handle on data locations, ownership and flows outside of regulated or compliance-related information. T

When things go wrong with computer systems and networks, whether due to ordinary mishaps or malicious actors, the organizations that rely on those systems and networks are put at risk. They may suffer direct financial losses, reputational damage or both, with effects ranging from inconvenience to total loss and liquidation of the enterprise. Understanding th

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat be

Risk management is the process of identifying, assessing and controlling threats to an organization. It is also a way to increase the security maturity of an organization. Risk management allows you to think about security more strategically and answer the questions that come from your company board, such as: How many times was the organization attacked? Is

When confronted with the daunting task of developing a cybersecurity strategy, many people don’t know where to start. The quick answer is to make a list of the tasks required to accomplish the project, organize them by functional categories and determine what resources need to be brought together to accomplish the tasks on the list. This might seem lik