Health Insurers Under Attack

February set a new monthly record for the largest US healthcare breach to date in which the personal records of 80 million individuals were compromised. It also marked an apparent change in focus from attacks on delivery organizations to healthcare payers. A few weeks later, two additional health insurers reported that they too had been hacked, resulting in the possible compromise of a further 11.25 million personal records. In a period of less...

Read More

Security World

I had the honor of presenting the Keynote at "Security World" yesterday in Hanoi, Vietnam to a packed house of government Ministers, Generals and other military staff from Vietnamese and other ASEAN nations, corporate chieftains, and security and privacy professionals drawn from all over Asia, Australasia, the USA and Europe. In fact I had the honor of presenting twice - the morning keynote on how the Internet of Everything will change security...

Read More

Behind the Great (Fire) Wall

The Great Chinese Firewall. June 20, 2014 For anyone who hasn’t been to China yet, the realization when you get there that the ‘Internet’ isn’t the ‘Internet’ can be slightly alarming. China blocks many of the most popular web sites and services that the Free World uses on a daily basis. Forget updating your Facebook page, YouTube, or your personal blog to 'show and tell' your friends and family about your wonderful trip to the Great Wall, Forbidden...

Read More

Not Opting-Out doesn’t mean that I am Opting-In!

Does the fact that I didn't explicitly ‘opt-out’ of your email list mean that I agree implicitly to you sending me unsolicited spam email, or any partners you may decide sell my contact information to? Does the fact that I missed or failed to uncheck the tiny radio button in your 17 page agreement mean that I agree to providing you access to datamine my contacts, my bookmarks, or my internet history? Most users would say, “No!” However,...

Read More

Why is the Chinese Military so focused on the theft of Intellectual Property?

PLA Cyber Troops Yesterday’s indictment of five People's Liberation Army (PLA) cyber espionage officers on charges of hacking into US companies in order to steal trade secrets was no surprise to most of us in the cybersecurity business. Nor was it to China-watchers who have become used to seeing mainland China do whatever it takes to catch up with the rest of the world following its more than half-century of economic stagnation under communism....

Read More

PROVE IT!

In this age of commodity IT cybersecurity (cyber) is no longer immune to the C-level challenge to “Prove it!” Many industries are still making deep spending cuts, and plying customers with “Cyber is ROI” and “Think of it like insurance!” simply doesn’t resonate. Executives hear “investment” as code for “long time plus big price tag". Despite best efforts, there remains a major disconnect between cyber value and business value. If you want...

Read More

IE - A Single Point of Failure

The news this weekend of yet another Microsoft Internet Explorer Zero Day vulnerability and working exploit has been met by the IT community with the usual disdain. It was followed on Monday morning and much of Tuesday by frantic activity to update or completely remove Adobe Flash Player (needed by the current exploit to prepare memory prior to the installation of drive-by-Malware), and by the unregistering of VGX.DLL which provides support...

Read More

Healthcare's Continuing Heartbleed

It has been nearly two weeks since the Heartbleed vulnerability shook the global e-commerce industry with the realization that Web servers around the world were open to a vulnerability in OpenSSL’s heartbeat feature — and they’d been that way for the past two years. Fortunately, a large number of vulnerable systems have been fixed by now, and most healthcare websites across North America and Europe have been patched and use new server certificates...

Read More

What is Heartbleed and why is it different from just another cybersecurity vulnerability?

We have all, to a large degree, become numb to the constant stream of cybersecurity vulnerabilities and mass of patches forced upon us each month. As our IT systems become ever more complex and the code behind them ever longer, so too does the likelihood that the code will contain an unknown security vulnerability that could be exploited by hackers. If a security vulnerability is discovered in the operating system of your Windows laptop for...

Read More

New Guidelines for Securing Medical Devices and Networks

Medical Device Security The increased use of technology in healthcare over the past decade has resulted in greatly improved patient outcomes. However, the addition of IP-enabled devices has elevated concerns about security. The U.S. Food and Drug Administration recently published an advisory on Cybersecurity for Medical Devices and Hospital Networks and a new draft guidance document, Content of Premarket Submissions for Management of Cybersecurity...

Read More

The King is dead. Long live the King

Welcome to the new site. I retired and archived the old blog site in favour of the enhanced functionality of this new presentation template. I hope you agree that it presents information in a much cleaner forma...

Read More