Cybersecurity and Risk Management

Ramping up Risk, pre-COVID-19 and mid-COVID-19 Enterprise organizations pour hundreds of millions into their cybersecurity initiatives, protecting  everything from remote and cloud-based resources to IoT devices to collaboration applications. At the same time, they're also transforming interactions with their employees and customers. They're increasingly enabling employees to...

Trust No One At least, not implicitly. And when we say "no one" we mean "nothing and no one" -- entities in your meshwork of IT services are more often software or hardware entities than they are humans, after all. Extending no implicit trust to an entity...

I am writing this as I prepare to travel for work, and so of course COVID-19 is on my mind. Beyond all the worries of the moment for family and community, I am thinking about IT (that's my job, after all) and wondering: will the...

On January 6, 2020, NYC-based private equity firm Insight Partners acquired the Israeli IoT cybersecurity  firm Armis for an eye-popping $1.1 billion. Armis is privately held, so it doesn't publish revenue numbers, but estimates are on the order of $30 million annually--meaning this is not only...

Yesterday I moderated a panel discussion at a Wall Street Technology Association event on cloud-first design. I was asked to give an industry perspective to lay the ground work for our wonderful panel of technologists. With 10 minutes and no slides, I offered these 10...

Last week I wrote about the threat that nation-state actors pose to enterprise organizations, and included a brief taxonomy of attackers. This week, the FBI alerted cybersecurity folks of two compromises, likely by APT27, in 2019. I'd like to highlight two interesting facts about the attacks. First, they...

When I talk about the cybersecurity threats posed by nation states, I can almost see the inner eye-roll, and hear my listener thinking, "Come on! What's she going on about now?" They view the entire issue as something out of science fiction; scary in some alternate...

If your organization is moving to cloud, you're not alone. In our most recent Cloud and Cybersecurity research study, we note that 2019 is "the year of cloud". Specifically, 56% of workloads are now in cloud, versus 44% on prem, either within data centers, or...

In the wake of out most recent round of cloud and cybersecurity research, I've been thinking about the slow evolution of application security and the evocative, if misleading, concept of "zero trust." Trust and Application Security, v. 1.0 I am (to my occasional astonishment) old enough to...

With a toll fraud prevention and mitigation strategy, enterprises can identify and mitigate potential toll threats – sometimes before they even happen. As No Jitter contributor Joyce Osenbaugh noted earlier this year, telecom fraud is on the rise. The Communications Fraud Control Association (CFCA)’s annual survey...

Should you outsource your SOC? As in so many things, the answer depends. In our most recent Cloud and Cybersecurity research study, we looked at which factors correlated to a cybersecurity organization's success, as measured by Mean Total Time to Contain (MTTC) security incidents.  We divided...