Sage Advice - Cybersecurity Blog

Privacy is difficult to define, much less protect. In the business realm, data privacy is still regularly confused with data security and the titles of those charged with safeguarding it for customers vary widely. Meanwhile, many organizations continue to collect as much personal data as they can, just because they can.

In the rush to the cloud, infosec professionals struggle to translate their existing security capabilities, controls, and processes to the new environment.  One of the last processes they adapt? Incident response, said Dave Shackleford, as he kicked-off his 2019 CyberCrime Symposium presentation. A primary reason, he said, is they can’t get the same real-time visibility into events that they could in their traditional environments.

Some five years back, Don Anderson, CIO at the Federal Reserve Bank of Boston, sat down for the first time with the organization’s chief risk officer. As the IT head of one of the Fed’s 12 regional banks, he was there to provide input on risk, as part of an initiative to create an enterprise risk management framework.

For the first time in its 10-year history, the CyberCrime Symposium featured breakout sessions, a nod to past-audience requests for content tailored to different functional roles. The sessions, offered on both days of the event, comprised two separate tracks — one technical, the other on risk and compliance.

At his 2019 CyberCrime Symposium presentation, Jim Reavis saluted the audience for participating in the annual event, noting the high ratio of return attendees.

For its 10th anniversary, the CyberCrime Symposium took to the cloud, where security still concerns, confuses and confounds info-sec pros. For this year’s event, sponsored by AWS, Tyler Cybersecurity put together a stellar lineup of speakers, who took the stage to discuss the high stakes of cybersecurity in a world taken with the cloud.    

Ransomware attacks can have devastating consequences for organizations. Downtime is often more detrimental than ransom costs. Recovery is expensive, and there is a significant cost in system disruption, emergency response, and reputation damage.

Ransomware continues to be a significant threat to organizations of all sizes. Victims of an attack are denied access to their data. Many times, files are encrypted, and a ransom is demanded to restore access. If hit, the best-case scenario is that you have clean backups to restore your systems and can avoid paying the ransom.  However, downtime is often more detrimental than ransom costs. Recovery is expensive, and there is a significant cost in system downtime, emergency response, and reputation damage.

Local governments and school districts are falling victim to ransomware attacks with alarming frequency and devastating consequences. At any organization, having tools in place to improve cyber resilience is a necessity, especially as hackers get more sophisticated every day.

The epic Target breach raised our awareness that third-party service providers are a significant cybersecurity risk. It showed us how an employee at an HVAC vendor could click a phishing link and result in 40 million credit / debit card numbers and 70 million customer and employee records being compromised.