Tuesday, June 25, 2019

Advanced Persistent Threats: Calling The Hackers' Bluffs

In poker, the key to success is not just about the cards you hold; it's also about the cards you can make your opponent think you hold. Effective bluffing with a weak hand is a strategy that every card sharp learns to master in order to hold a psychological edge over the adversary, as an appearance of strength can provoke poor decision making. That kind of subterfuge has played out throughout the history of warfare, as well.

The Bible recounts the story of Gideon, who, with a Hebrew force of just 300 men, routed a force of over 100,000 thanks to a bold bluff. More recently, as the allied armies prepared to liberate Europe during World War II, General George Patton was given command of a "ghost army" that fooled the Germans into thinking the landings at Normandy were not Operation Overlord’s main invasion force, delaying reinforcements while the allies

Read the full article at Forbes here

Saturday, May 25, 2019

When Good Tech Goes Bad

Have you ever needed to troubleshoot an issue with your computer, and your IT services pro was able to get direct access to your system from somewhere else and tackle it from their computer? While they did so, you were able to see their pointer track across the screen and go through the steps needed until ... voila! They were done, and you were back in business.

That’s a convenient ability. Giving a trusted expert direct access to your computer to take care of technical issues is a great way to facilitate IT services and quickly solve problems. That kind of support, facilitated through what is known as remote desktop protocol (RDP), has been a mainstay of technical and customer support organizations for years.

But what if that privileged access fell into the wrong hands and was abused? What if, instead of a trusted adviser, RDP was used by a criminal hacker?

Read the full article at Forbes here

Friday, March 1, 2019

Do You Do Security Due Diligence Before A Merger Or Acquisition?

If a thorough cybersecurity audit isn’t a part of your mergers and acquisitions due diligence process, I think it should be. I’m not talking about the kind of halfhearted scan that checks a box for the board of directors. There’s too much at stake to do anything less than a deep examination of all network and endpoint elements that can reveal undetected compromises and lurking threats.

Global mergers and acquisitions activity in the first three quarters of 2018 was valued at $3.3 trillion. That’s a lot of capital in play, and for every deal made, the due diligence process focuses on finances and compliance to ensure that the acquiring party knows as much about the target organization as possible. Due diligence is necessary to set a fair price, protect shareholder interests and establish confidence that the purchase makes sense — or not. Due diligence also gives management a basis from which to establish a strategy for successful business and market integration.

Read the full article at Forbes here