Tag: cybersecurity

Latest Read: Cybersecurity: The Insights You Need

Post author By Don Kasprzak
Post date March 16, 2024

Cybersecurity: The Insights You Need from Harvard Business Review.

So let’s start with the end in mind to avoid all misunderstandings: this is targeted to every leader and board member regardless of market or industry. They simply must fully comprehend why cybersecurity has been and always will be an ongoing risk.

This is a well written, high level and most importantly a non-technical overview of cybersecurity. This risk can no longer be overlooked by organizations and delegated like it was 1994. Today more than ever before cybersecurity impacts your bottom line, including non-technology based organizations.

And in 2024 we can simply cut to the chase. If your organization’s cybersecurity service is not AI based, it is time to pivot to a vendor that deploys machine learning services to protect your organization, your data and most importantly, your customer data. Just query your insurance carrier for a list of approved vendors that deploy AI cybersecurity services. For the most part the pandemic made this pivot mandatory.

In fact, cyber risk management can no longer be isolated to your organization’s CIO and CISO. This is simply an organization-wide issue. Today every organization’s technology services group have become the key component for organizational success.

Tags cybersecurity, Harvard Business Review, risk management

Education Innovation Reading

Latest Read: Cyber Crisis

Post author By Don Kasprzak
Post date November 9, 2023

Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World by Eric Cole. He holds a Masters in Computer Science from New York Institute of Technology and PhD in Information Technology from Pace University.

Eric is the founder and CEO of Secure Anchor Consulting and today is a member of the Forbes Technology Council.

He began his career as Program Manager & Technical Director for the CIA. His career moved to cybersecurity leadership roles at several companies including his role as Chief Scientist & Senior Fellow at Lockheed Martin.

For over ten years he held leadership positions at SANS including Dean of Faculty and Director of Research; Architecture Director of Cyber Defense Curriculum. He has been interviewed on CNN, Fox, CBS, and NBC. In fact, Eric was one of the authors of the Nuclear Regulatory Commission’s cybersecurity guide.

The world we live in today post pandemic is different. Most do not realize the ground has shifted under their feet. Eric is simply addressing that while you may read about major cybersecurity attacks perhaps five times a year. However the stories shared certainly indicate attacks are happening every day. Since the pandemic, ransomware attack are occurring every ten minutes.

Tags Cyber Crisis, cybersecurity, Eric Cole

Education Reading Technology

Latest Read: The New Normal in IT

Post author By Don Kasprzak
Post date September 9, 2023

The New Normal in IT: How the Global Pandemic Changed Information Technology Forever by Gregory S. Smith. Gregory is CIO for the American Kidney Fund and previously served in the same role for Pew Charitable Trusts and the World Wildlife Fund.

He is an adjunct professor at Georgetown University and a former adjunct professor at Johns Hopkins University. The New Normal in IT is part of Wiley’s CIO Series.

The pandemic certainly changed everything. The information technology industry was no exception. The downstream impacts placed tremendous pressure on IT teams to maintain service delivery as the world went home and Zoom entered our lexicon.

Reflecting upon this move away from the office, how have IT leaders communicated the change necessary now and moving forward? Change is indeed hard.

We all witnessed the fundamental shift regarding remote work. From optional to mandatory over the next 18 months. How many organizations scrambled like mad to secure and deploy to every employee a laptop?

Can you recall the immediate infrastructure upgrades stood up in weeks versus months? IT faced many critical challenges starting in March 2020. Yet, our IT infrastructure teams kept delivering in those early weeks in order to keep their organization alive and employees functioning.

Tags cloud, cybersecurity, Information Technology, mobile, pandemic, The New Normal in IT

Cyberinfrastructure Education Reading Technology

Latest Read: Click Here to Kill Everybody

Post author By Don Kasprzak
Post date July 31, 2021

Click Here to Kill Everybody, Security and Survival in a Hyper-connected World by Bruce Schneier. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, lecturer in Public Policy at the Harvard Kennedy School, and board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project. He is also an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.

Consequently, Bruce details many key issues in computer security that require the leadership and legislative pen of Congress. I certainly could not have picked a better time to read this book. My review is certainly just scratching the surface of his book. Bruce has communicated a much needed story for every consumer.

Above all, consider the 2021 Colonial Pipeline ransomware attack, the 2016 attacks upon our voting infrastructure, or even China’s digital espionage stealing almost every aspect of American innovation.

Do you think the internet is still growing in size? It is not the number of people, but rather the millions of new devices that pose increased risks. Therefore Bruce is calling for policies to protect these devices, knows as the Internet of Things (IoT). Examples of cyber attacks upon automobiles, electric and nuclear plants, medical devices and even airplanes is certainly proof that we are at greater risk.

A different era of industrial controls

Above all, cyber risk originates from different time in history. Besides, in the 1950s did consumers in South America have access to the internet? Any talented programmer in South America had no means to hack conventional hydroelectric dam controllers. However, today this is a reality. So then, the programmatic controls for any damn in American could not have envisioned this threat:

former National Cybersecurity Center director Rod Beckstrom summarized it this way: (1) anything connected to the Internet can be hacked; (2) everything is being connected to the Internet; (3) as a result, everything is becoming vulnerable.
p. 27

At the same time, we really don’t have to look forward, but rather back at the innovations created in the 1950s and 1960s that launched the connected internet.

Tags Bruce Schneier, Click Here to Kill Everybody, cybersecurity

Education Network Ransomware Technology

Philips ISCV and Xcelera flaws

Post author By Don Kasprzak
Post date February 10, 2019

Philips has yet to patch a flaw that allows cybercriminals to inject ransomware or backdoors which can result in PHI at risk of compromise.

The Philips ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions. The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Philips confirms these vulnerabilities affect their IntelliSpace Cardiovascular system version 2.3.1, 3.1 and earlier. Also impacted are version 4.x and 3.x Xcelera systems (PDF). In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services flaws allow hackers to run the computer with local admin rights.

Tags cybersecurity, medical device, nist, philips, ransomware