Cybersecurity and Risk Management

Most CIOs have at least heard the term technical debt. And if you're from a programming background, you might know all too well what technical debt is. But technical debt extends far beyond programming.  Technical debt is often a major source of strain in your...

It's not nuclear weaponry, but for an enterprise developing a critical application that will handle sensitive data, application developed in-house can create existential-level institutional peril. No One Plans To Leave Gaping Security Holes ...

Edge computing is vital not just to the burgeoning world of real-time responsive IoT, but to enterprise network security, as these IoT systems multiply and spread. Edge computing creates a distributed infrastructure with centralized management and lights-out -- or remote -- operations built on private cloud infrastructure. Edge...

Everything is different now. That's true for all of us, as we cope with the enduring presence and lingering aftereffects of the Covid-19 pandemic. But it's particularly true for enterprise technologists, who are witnessing a once-in-a-generation set of paradigm shifts that are transforming how companies and...

The concept of threat-informed defense is near and dear to my heart, given that it aligns with three themes I've been preaching about for years: the importance of matching cybersecurity investments (in both technology and operations) with risk;  the value of aligning one's cybersecurity practices...

In the past few years, there has been an explosion of cloud service offerings to match the wide variety of industry cloud infrastructure needs. Today, the average enterprise uses external clouds to deliver more than 56% of its workloads. Plus, nearly all organizations operate multi-cloud...

According to Nemertes' Cloud and Cybersecurity 2019-2020 Research Study, 2019 was the year the average enterprise for the first time found more than half its IT workloads running outside the data center. This ongoing shift of enterprise IT work into cloud environments -- whether SaaS,...

The ultimate end state of software-defined network security is what we at Nemertes Research call deep segmentation. The term refers to the ability to finely control what entities can see, who they communicate with and how they do this, end to end across the enterprise network. With...

In my previous post, I pointed out that the Twitter hack was just an example of a phishing scam--the same old scam that's been around since the dawn of the Internet. The basic flaw is gullible (if smart) humans trusting people they shouldn't, for stupid...

  "Water, water, every where, nor any drop to drink." This line from Samuel Taylor Coleridge's The Rime of the Ancient Mariner could just as easily apply to CIOs seeking to fill crucial spots in their IT organizations. The world may seem full of systems engineers, network specialists...

The big news tonight is that Twitter was hacked, and the accounts of various celebrities (Elon Musk, President Obama, Warren Buffett, Kanye West, and many others) sent out bogus requests for Bitcoin to their followers. As of right now the damage is $10 million and...

As described in Security Magazine, "In recognition of the growing convergence of cyber and traditional financial crimes, the U.S. Secret Service is formally merging its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into a single unified network, which will be known...