From the Fall 2021 Issue

Cybersecurity: The Anatomy of Ransomware Attacks

Author(s):

Ricoh Danielson, Cyber Security Incident Responder,

The Academy of Ransomware Attacks

Ransomware is a form of malware that utilizes a number of vectors to access computers. With the rise of cloud, mobile, and remote work, ransomware attacks have significantly increased as have ransom demands. An example of a common vector is phishing which is delivered via email and allows a threat actor to control a victim’s … Read more

From the Fall 2021 Issue

Practicing What We Preach: Working Together to Mitigate Cyber Threats

Author(s):

Stacey Wright, Vice President, Cyber Resiliency Services, Cybercrime Support Network (CSN)

Practicing What We Preach

Pogo infamously stated in a 1970 cartoon “we have met the enemy and he is us.” As cybersecurity professionals, we recognize that humans are the weakest link when it comes to securing our businesses. We ask employees to not open suspicious attachments or click on suspicious links; to use strong, unique passwords; to follow rules … Read more

From the Summer 2021 Issue

A Supply Chain Cybersecurity Maturity Model for 2021

Author(s):

-Mike Kelly, CEO, ProcessBolt

Dan Gardner, COO, ProcessBolt

A Supply Chain Cybersecurity Maturity Model for 2021 Featured Image

The SolarWinds Sunburst hack made it painfully clear that supply chain cybersecurity threats are extremely dangerous. Perhaps the most alarming fact is that SolarWinds’ stock price dropped 40% in seven days after the breach became public. The price drop was not so much about SolarWinds being hacked. It reflected the anticipated damage to customer relationships … Read more

From the Winter 2021 Issue

What You Don’t Know About Ransomware Can be a Risk

Author(s):

-Dr. Michael C. Redmond, Director of Information Security and Risk Management, Redmond Worldwide (Author)

Bradford P. Meisel, Esq., Associate, McElroy, Deutsch, Mulvaney & Carpenter, LLP (Co-author)

Diane D. Reynolds, Partner, McElroy, Deutsch, Mulvaney & Carpenter, LLP (Co-author)

Dr. Bernard A. Jones, CBCP, Assistant Professor, St. John’s University (Co-author)

Syed Taha Ahmed Jafri, Information Security Specialist, First Women Bank (Co-author)

Ransomware

Unfortunately, organizations continue to suffer debilitating impacts on operations due to both natural and human-made threats. One human-made threat, which continues to top the list of risks that organizations fear the most, is cybercrime. Cybercrime comes in many different forms, with ransomware specifically cited as the preeminent threat that impacts organizations worldwide. The severe ransomware … Read more

From the Winter 2021 Issue

Top 5 Characteristics of Successful Insider Risk Management Programs

Author(s):

Shawn M. Thompson, Founder and CEO, ITMG

Top 5 Characteristics

Corporations are increasingly focusing their efforts on preventing, detecting, and mitigating threats from insiders. As a result, many are mandating the creation of formal insider threat or insider risk management programs. With a dearth of standards on the topic, corporations are largely relegated to a trial-and-error approach. Unfortunately, too many companies forget about the “program” … Read more

From the Winter 2021 Issue

The Quantum Security Risk to your Organization

Author(s):

Jeff Spivey, CRISC, CPP, PSP, Ret. CEO, Security Risk Management, Inc.

Jonathan D. Wright, Captain, USAF (Co-author)

Quantum Security Risk

Overall Security Principles Regarding security, it is important to discuss our approach to risk mitigation. To mitigate risk, we need to focus on building our overall situational awareness. To build situational awareness, we should look at what we know. Building comprehensive knowledge of current and future events provides agile spatial orientation. This, in turn, improves individual … Read more

From the Winter 2021 Issue

Reinventing Web Application Security

Author(s):

Malcolm Harkins, Chief Security and Trust Officer, Epiphany Systems

web-application-security

In the simplest terms, risk connotes the possibility of harm. How we account for risk and manage it is the result of understanding and quantifying the consequences. What are the effects likely to occur in the event of a cyber-attack or breach on a business ? Who will be harmed? In what way? To what … Read more