The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its hacking tools via WikiLeaks. It’s ironic that the CIA’s hacking guides have been hacked, but it just goes to show how difficult it can be to prevent.
As we embark on 2017, it’s time to reflect on a year where cybersecurity has played a major role. Even presidential campaigns haven’t been free from hacking scandals and data leaks. The average cost of a data breach for companies grew from $3.8 million last year to $4 million in 2016, according to the Ponemon Institute.
20 Critical Security Controls and your information is secure. Sounds easy, right? Critical Security Controls is a set of best practices devised by the Center for Internet Security, a nonprofit dedicated to improving cybersecurity in the public and private sectors. Can your employees translate them into best practice?
Everyone agrees that there is a dangerous shortage of employees with security skills. More than 209,000 cyber security jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a 2015 analysis of numbers from the Bureau of Labor Statistics.
At our latest Towerwall InfoSec Session, SnoopWall’s CEO Gary Miliefsky had a great presentation on his “7 Secrets of Offensive Security”. We have partnered with Gary to offer this as a complimentary whitepaper so that you can learn how to stay ahead of today’s security threats.
With billions of devices being connected together, what can people do to make sure that their information stays secure? Will someone be able to hack into your toaster and thereby get access to your entire network? The IoT also opens up companies all over the world to more security threats. Then we have the issue of privacy and data sharing. (Jacob Morgan, Forbes)
Issue 08 | Sept 2015
Hello again, As usual, summer flew by. As I sit at my desk waiting for the leaves to begin to turn, I am barraged by paperwork. With the beginning of the new school year come all of the forms that need to be filled out: emergency contact, physicals, bus routes etc. All important for a successful, secure school year. As a business owner, it is a reminder that now is the time to review our written information security policy (WISP). In accordance with most regulatory requirements, we recommend that an annual review be performed to ensure security and privacy policies and programs are up to date and current with any business or regulatory changes. Just think of it as another necessary piece of paperwork.
Issue 07 | June 2015
I know that I am dating myself, but do you remember the gas shortage of the 70’s? My parents would wake me up at dawn to get in line to fill the car’s gas tank before they ran out. If only filling the shortage of talented, available Information Security professionals were as easy. The gaps in data security range from missing policies, unprotected applications to unfilled Security Officer seats. At Towerwall, we are coming up with creative solutions to solve the problem. Let me know if you are interested.
Issue 06 | April 2015
Here in New England, our epic winter is coming to an end and the snow is beginning to melt. As this occurs, the ground underneath has uncovered a desolate landscape of trash. This was not the green spring that I was hoping for. When your top layer of security melts, what is underneath? Is your data security layers deep or have you just ticked off the data compliance checkboxes?
Issue 05 | December 2014
As the year is coming to an end, I am thinking about the state of data security. According to 60 Minutes, 97% of all companies are getting breached. This sounds as if there is nothing that we can do. The question remains, what information was breached? At Towerwall, keeping your “crown jewels” safe is our main goal…
Issue 04 | September 2014
Hard to believe September is upon us. Over the summer we performed multiple application penetration and vulnerability tests – not one came out without battle scars (high vulnerabilities). In our ongoing effort to keep you apprised of the latest developments we have compiled insights on a host of areas including: secure development with the introduction of OWASP (Open Web Application Security Project)…
Issue 03 | June 2014
As I was packing for vacation the other day, I was thinking about all of the opportunities that exist for my personal data to be compromised. I will be bringing my phone, my laptop, my tablet and my reader onboard the cruise ship. Traveling with mobile devices has become a necessity to stay connected while we are away, yet many situations we encounter make our devices vulnerable for attack…
Issue 02 | April 2014
It seems that every time you turn around there is a new data security threat in the news, like Cryptolocker and Heartbleed. Our customers are always asking us how to identify the next “big” threat. Our answer is that you cannot keep up with the hackers, they have infinite time. A sound approach is to know your own network and where your critical data lies, then build the controls to protect that data. Vigilance is vital.
Issue 01 | January 2014
As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated security products, it is the congenial receptionist who is going to give unauthorized access to the crown jewels. How are you addressing this problem?