Following the SolarWinds Russian espionage campaign against the US government, the White House addressed possible executive action on February 17 in response to the most systemic hack of the US government in history. However, experts have criticized the Software Bill of Material’s (SBOM) ability to prevent similar incidents, or worse,
Michele Wucker is specialist in risk management and crisis anticipation and is author of the book “The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore”. While we’ve all become familiar with Taleb’s concept of Black Swans, we must equally become intimately aquatinted with Wucker’s Gray Rhinos as they provide more obvious opportunities for actually anticipating and managing risk.
During this interview, Michele takes us through the concept of Gray Rhinos with real-world historical examples, discussion of future Gray Rhinos, and strategies for engaging in real actions to identify, respond to, and mitigate future Gray Rhinos in business, society, and global affairs. The concept of a Gray Rhino is hugely important and has become embedded in how we evaluate risks at OODA with our customers.
What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations. With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community.
Earlier this week, separate data exposure incidents left a total of 2.7 billion email addresses, 1 billion passwords, and nearly 800,000 applications for copies of birth certificates were found on unsecured cloud buckets by security researcher Bob Diachenko. Organizations continue to fail to lock down their cloud servers, and researchers
After January 14, Windows 7 users will get no more security updates to the operating system for free, warns Microsoft. Even though users will be able to continue to run Windows 7 after January, they could potentially face more security problems. Microsoft plans to deliver a new pop up notification
The Microsoft threat team recently analyzed a database that contained leaked login credentials of over 44 million users, exposed from multiple security breaches. Microsoft disclosed that the information came from multiple sources, including law enforcement agencies and open source resources. In the first three months of 2019, Microsoft uncovered that
IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity
Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that
European security agency Enisa has identified the groups it believes are the biggest threat to 5G networks. Enisa warns that threats to telecoms infrastructure will increase with the arrival of 5G and next-generation mobile connectivity. 5G will present a wide array of risks, from automated factories to connected cars, attracting
The Homeland Security Systems Engineering and Development Institute (HSSEDI), under the Department of Homeland Security, updated the top 25 Common Weakness Enumeration (CWE) list for the first time in eight years. The CWE list compiles the most critical errors that lead to flaws in software. The CWE list is vital