Whether it’s your phone, your computer, TV, or even a refrigerator, all those connected devices that we depend on in our daily lives have become targets for an ever-growing cadre of cyber criminals.  The Cipher Brief spoke with two Flashpoint officials, Chief Scientist Lance James and Subject Matter Expert Vitali ...

Cyber threats pose a challenge to banks and firms operating in the financial sector, primarily due to the fact that “vulnerability really exists everywhere,” both on the technological side and the business side, says Michael Orozco, Managing Director in Accenture Strategy Security. To help improve security in the financial sector, ...

The Cipher Brief sat down with Steven Grossman, VP of Strategy and Enablement at Bay Dynamics, to discuss the current cyber threat landscape facing the financial sector. According to Grossman, insider threats pose the greatest risk to the global banking industry and that “being able to track, manage, and understand ...

The controversial new movie “Snowden,” which is provocative director Oliver Stone’s take on NSA leaker Edward Snowden, was released in the United States on Friday.   The release of the film, along with his recent departure from Booz Allen Hamilton,  prompted Snowden’s former boss to speak out for the first time ...

The Cipher Brief’s Luke Penn-Hall sat down with Steve Grobman, Intel Fellow and Chief Technology Officer for Intel Security, at the annual Black Hat cybersecurity conference, which took place in early August. Steve discussed how he views the threat from ransomware evolving. The Cipher Brief: How do you see ransomware ...

The Cipher Brief’s Luke Penn-Hall spoke to Tom Parker, Chief Technology Officer for FusionX, at the annual Black Hat cybersecurity conference that took place in early August. Parker shared his view of the threat landscape to Supervisory Control and Data Acqusition (SCADA) systems and other critical industrial infrastructure. The Cipher ...

Hillary Clinton may have dodged an indictment when the FBI announced it would not recommend criminal charges against her for using a private email server while Secretary of State, but the State Department itself took a hit on account of its overall security culture. During the FBI announcement last week ...

The Office of Personnel Management (OPM) was the victim of a cyber-attack in 2014.  Hackers (the Chinese are suspected) gained access to OPM’s local-area network on or about May 7, 2014 by stealing credentials and then planting malware and creating a backdoor for exfiltration.  Actual exfiltration of data on background ...

It has been a little over a year since the Office of Personnel Management announced that it had been breached. Since that time, the federal government has taken an array of steps to improve its cybersecurity posture and avoid another major breach. The Cipher Brief spoke to John Davis, Vice ...

One of the key lessons of 2015 was that cybersecurity is more important than ever – a lesson that Sony and the Office of Personnel Management learned the hard way. In the wake of these hacks, information sharing has become a very popular way for private companies and the government ...

Countering cyber-threats can be difficult, and information sharing has come to be seen as a constructive way to attack the problem. Elaine Lammert, a former Deputy General Counsel with the FBI, spoke with the Cipher Brief about the need for a holistic approach to cybersecurity and the importance of trust ...

Threat intelligence sharing has a complex history within the security industry. The premise is simple: cybercriminals will often launch attacks with similar components, using the same tactics, or even re-use the same malware or exploits over and over again. If every organization was sharing intelligence on the attacks being launched ...

Late last year, the text of the Cybersecurity Information Sharing Act (CISA) found its way into a consolidated spending bill and was signed into law by President Barack Obama on December 18, 2015.  CISA is designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity ...

The CEO of the XYZ Company, which relies on intellectual property for its corporate success, is frightened by increasing cyber attacks against major corporations like Sony and Target. He/She invests millions to enhance the company’s information security by hiring experts and installing the most sophisticated defenses on the market. One ...

President Barack Obama spent much of his last State of the Union address dwelling on domestic issues, but he also pointedly reminded Americans that the United States is the most powerful nation on earth.  Our commander-in-chief acknowledged that it’s still a dangerous world out there but pinned that on failing ...

Discussion and debate about international privacy-related standards have been around since the 1940s, when the recognition of privacy as a basic right was ratified by the United Nations (U.N.) Declaration of Human Rights of 1948.  Since then, the number of data privacy requirements has grown dramatically, as nations seek to ...

As the world becomes more connected, people are placing more and more information online. Gary Davis is the Chief Consumer Security Evangelist at Intel Security, and he spoke with the Cipher Brief about the biggest threats to your digital identity – and what you can do to protect yourself. The ...

How many sites do you log into everyday? Between work email, personal email, Twitter, Facebook, LinkedIn, and all the other accounts the average person has online, the number is probably fairly large. With that in mind, how many passwords do you have? That number is almost certainly smaller. Therein lies ...

Last fall brought news that the victims of the OPM fingerprint breach expanded to over five million prints. It’s for this reason that the safety of biometric data should be questioned and discounted as a viable means for authentication. Multiple techniques are available for using this type of information to ...

As data breaches become more common and cyber-criminals become more adept at stealing personal data, there’s a need to develop better ways to protect people’s identities online. Brett McDowell is the Executive Director of the FIDO Alliance, an organization that develops strong authentication standards to better protect individuals’ digital identities. ...

As the number of corporate data breaches continues to mount, boards and management teams around the world are justifiably concerned about the reputational risks from mishandling a breach. In the wake of a string of high-profile breaches across a range of sectors, from entertainment and health care to retail and ...

Estonia packs a punch in the cyber domain. The country is a world leader in cyber-related innovation, and it has charted that course without compromising security. Estonia initially gained global attention as a cyber-target, seeking to overcome a series of organized attacks in 2007 widely attributed to Russian groups.  Estonia ...

For years, I slept fitfully after a “friend” told me that it wasn’t the noisy mosquitos buzzing in my ears at night that were a problem.  Instead, it was the female mosquitos that made no noise at all but laid eggs in your ears at night.  That image wrecked my ...

Scott Kessler and Eric Rachner are the co-founders of Secure Senses Inc, which provides human intelligence-based cybersecurity services. In an interview with the Cipher Brief, they indicated that “hacking as a service” is on the rise in the Russian hacker community, and that the scale of the problem this represents ...

The Russian government is considered to be one of the most advanced cyber actors globally, with highly sophisticated cyber capabilities on par with the other major cyber powers. Open source information about Russian cyber programs and funding is scarce, but an ultimate goal of the government is to gain information ...

The legacy of the Cold War has left many enduring images in the minds of most Americans, images that are usually associated with Russia and its nuclear arsenal.    But a key threat, from what many believe is the new Cold War, could very well be from Russian hackers. When listing ...

In 2016, the gap between threat actors and the cybersecurity industry will continue to expand. The security industry continues to fight the cyber battles with strategies that are 10 years old, while threat actors change their strategies on a monthly basis. This situation isn’t given the attention it desperately requires. ...

With the proliferation of many advanced security tools, enterprise and C-Suite managers have recently turned to deploying the most fashionable, powerful, and popular tools on the market, bolstering their defense capabilities and impressing shareholders. The story is typical: A CIO or CISO is lured by clever marketing gimmicks or a ...

Large businesses in the United States are putting substantial resources into protecting their information from cybersecurity threats. As a result, they are tougher targets for malicious attacks, so hackers and cyber criminals are now focusing their unwanted attention on smaller, less secure businesses. Small businesses have money and information of ...

Justin Zeefe is a co-founder and Chief Strategy Officer for the Nisos Group.  Zeefe spoke with The Cipher Brief about the evolving cyber-threat and how smaller businesses can best protect themselves. His main advice?  Make cybersecurity a priority and be proactive about protecting your assets. The Cipher Brief: It seems ...

Few businesses today would think of operating without liability, property, or workers’ compensation insurance and yet, according to a recent survey by CSO magazine, only 59 percent of organizations have some form of cybersecurity insurance. Part of the problem is that cybersecurity insurance continues to be a maturing market that ...

Cybersecurity has not only dominated the headlines in the wake of the U.S. Office of Personnel Management (OPM) and Sony hacks, it has become a big business opportunity as well. The demand for protection in the cyber domain is rising across the world. According to current projections, cybersecurity firms can ...

Davis Hake is the Director of Cybersecurity Strategy for Palo Alto Networks and a former official at the Department of Homeland Security.  Hake spoke with The Cipher Brief about the importance of information sharing and creating a coordinated response to the changing cyber-threat. The Cipher Brief: It seems like cyber-attacks ...

Periodically, The Cipher Brief profiles an up and coming leader in the cybersecurity and national security fields.   This week we introduce you to Angela Knox, the Senior Engineering Director at Cloudmark, a network security company.  Computer Business Review recently named Knox as one of the five top women leading the ...

Chris Young is the general manager of the Intel Security Group at the Intel Corporation, where he leads the company’s security practice. Young sat down with The Cipher Brief to discuss the evolving nature of the cyber threat and what businesses can do to better protect themselves. The Cipher Brief: ...

To understand what domestic and strategic factors may have encouraged Iran to seek stronger cyber-capabilities, it helps to look at the several ways Iran uses such capabilities. First, Iran wants to keep its citizens under surveillance. Second, Iran wants to know the intentions and capabilities of other countries. Third, Iran ...

Iranian hacks into the social media accounts of U.S. State Department officials are the latest signal from Tehran that it is not looking to turn the page on its embattled relationship with Washington. They also reflect the diversification underway in Iranian cyberwarfare tactics, which in recent years have expanded from ...

Iran is a second tier cyber power. By the standards of other state actors, its capabilities—both offensive and defensive—are relatively modest, but they are growing steadily. Cyber operations have also become an integral component of Iranian military doctrine and strategy, which place a heavy emphasis on the principles of asymmetry ...

Through a series of attacks over the last three years, Iran has revealed a limited offensive cyber capability but a willingness to use it to meet its geopolitical goals. In testimony calling out Iran for attacks on Sands Casinos, Director of National Intelligence James Clapper put Iranian cyber capability in ...

The U.S.-China summit has concluded and the announced results provided little good news on the cyber front, at least for us. Beijing certainly got what it wanted: no executive order sanctions against its officials and companies for benefitting from its planetary-scale cyber espionage campaign.  The Obama Administration apparently got what ...

The European Union and the United States have been close allies for decades and "partners of first resort," to use the words of both former Secretary of State Hillary Clinton and current Secretary of State John Kerry. We are the largest trading bloc in the world and the primary destination ...

Twelve days after the Paris attacks, I was waiting for a flight at London's Heathrow Airport, which seemed to be running with its customary sedate orderliness despite Brussels being on "lockdown" and police raids still taking place in Paris and Belgium.  While checking online for the latest developments in the ...

The safe harbour was a convenient fiction that enabled business-as-usual processes to take place between the EU and the U.S. Many were shocked when the Court of Justice of the European Union (CJEU) ruled it invalid, but in reality, the judgment should not have come as a surprise. The reasoning ...

The U.S. technology sector received a surprise jolt in October when the European Court of Justice struck down the Safe Harbor Framework, setting off a scramble to accommodate this sudden shift in privacy regulations. The framework was established in 2000 to provide guidance on how companies could transfer customer information ...

You would probably be surprised to know what a logistical feat it is to manufacture a smart phone. The base materials are mostly silicon, plastic iron, aluminum, copper, lead, zinc, tin, and nickel. There are also a number of rare earth elements that are present in small amounts but are ...

Joe Jarzombek, a cybersecurity expert at the Department of Homeland Security, recently participated in the 2015 SSCA (Software and Supply Chain Assurance) Winter Working Group Session, which focused on improving cooperation between government and industry in the area of information and communication technology assurance. The Cipher Brief spoke with Jarzombek ...

Over the past several decades, quality, health and safety, and environmental issues have topped the list of supply chain concerns. However, increasingly two issues are rising to the fore of the agenda for multinationals working with third parties across the globe. According to the PwC 2015 State of Compliance Survey, ...

Critical infrastructure organizations have large and complex IT networks built on top of an assortment of heterogeneous technologies.  Many large enterprises also extend their in-house IT assets to an external web of connected business partners, customers, outsourcers, and suppliers.  This multifaceted amalgamation of participants is sometimes known as the cyber ...

Nearly a year ago, we witnessed an act of cyber destruction directed against the networks of Sony Pictures Entertainment.  The destruction was serious and somewhat unprecedented – frozen computers, leaked proprietary and personal information accompanied by threats against movie theaters.   After the attack came an argument about attribution—whodunit?—lasting several weeks ...

At the Department of Homeland Security (DHS), Caitlin Durkovich leads the Department’s efforts to strengthen public-private partnerships and coordinate programs to protect the nation’s critical infrastructure, assess and mitigate risk, build resilience, and strengthen incident response and recovery.  She spoke with The Cipher Brief about what DHS is doing to ...