As the number of corporate data breaches continues to mount, boards and management teams around the world are justifiably concerned about the reputational risks from mishandling a breach. In the wake of a string of high-profile breaches across a range of sectors, from entertainment and health care to retail and ...

Estonia packs a punch in the cyber domain. The country is a world leader in cyber-related innovation, and it has charted that course without compromising security. Estonia initially gained global attention as a cyber-target, seeking to overcome a series of organized attacks in 2007 widely attributed to Russian groups.  Estonia ...

For years, I slept fitfully after a “friend” told me that it wasn’t the noisy mosquitos buzzing in my ears at night that were a problem.  Instead, it was the female mosquitos that made no noise at all but laid eggs in your ears at night.  That image wrecked my ...

The legacy of the Cold War has left many enduring images in the minds of most Americans, images that are usually associated with Russia and its nuclear arsenal.    But a key threat, from what many believe is the new Cold War, could very well be from Russian hackers. When listing ...

Scott Kessler and Eric Rachner are the co-founders of Secure Senses Inc, which provides human intelligence-based cybersecurity services. In an interview with the Cipher Brief, they indicated that “hacking as a service” is on the rise in the Russian hacker community, and that the scale of the problem this represents ...

The Russian government is considered to be one of the most advanced cyber actors globally, with highly sophisticated cyber capabilities on par with the other major cyber powers. Open source information about Russian cyber programs and funding is scarce, but an ultimate goal of the government is to gain information ...

With the proliferation of many advanced security tools, enterprise and C-Suite managers have recently turned to deploying the most fashionable, powerful, and popular tools on the market, bolstering their defense capabilities and impressing shareholders. The story is typical: A CIO or CISO is lured by clever marketing gimmicks or a ...

Large businesses in the United States are putting substantial resources into protecting their information from cybersecurity threats. As a result, they are tougher targets for malicious attacks, so hackers and cyber criminals are now focusing their unwanted attention on smaller, less secure businesses. Small businesses have money and information of ...

Justin Zeefe is a co-founder and Chief Strategy Officer for the Nisos Group.  Zeefe spoke with The Cipher Brief about the evolving cyber-threat and how smaller businesses can best protect themselves. His main advice?  Make cybersecurity a priority and be proactive about protecting your assets. The Cipher Brief: It seems ...

Few businesses today would think of operating without liability, property, or workers’ compensation insurance and yet, according to a recent survey by CSO magazine, only 59 percent of organizations have some form of cybersecurity insurance. Part of the problem is that cybersecurity insurance continues to be a maturing market that ...

Thomas Mahnken is the Jerome E. Levy Chair of Economic Geography and National Security at the U.S. Naval War College and served as Deputy Assistant Secretary of Defense for Policy Planning, giving him a unique perspective into changes in naval warfare. He shared this insight, along with his expectations for ...

Three dramatic developments have occurred in the employment of U.S. air power in the past 25 years: the vulnerability of air defenses faced, leading to far less attrition of U.S. aircraft than was suffered previously; the ability to strike ground targets with great precision, day or night; and the ability ...

After the United States emerged from the Vietnam War, it witnessed the events of the 1973 Yom Kippur War—a state-level conflict fought against Israel by a coalition of Arab states led by Egypt and Syria. That war underscored how far potential enemies had advanced in terms of weapons and tactics. ...

Cybersecurity has not only dominated the headlines in the wake of the U.S. Office of Personnel Management (OPM) and Sony hacks, it has become a big business opportunity as well. The demand for protection in the cyber domain is rising across the world. According to current projections, cybersecurity firms can ...

Davis Hake is the Director of Cybersecurity Strategy for Palo Alto Networks and a former official at the Department of Homeland Security.  Hake spoke with The Cipher Brief about the importance of information sharing and creating a coordinated response to the changing cyber-threat. The Cipher Brief: It seems like cyber-attacks ...

Periodically, The Cipher Brief profiles an up and coming leader in the cybersecurity and national security fields.   This week we introduce you to Angela Knox, the Senior Engineering Director at Cloudmark, a network security company.  Computer Business Review recently named Knox as one of the five top women leading the ...

Chris Young is the general manager of the Intel Security Group at the Intel Corporation, where he leads the company’s security practice. Young sat down with The Cipher Brief to discuss the evolving nature of the cyber threat and what businesses can do to better protect themselves. The Cipher Brief: ...

To understand what domestic and strategic factors may have encouraged Iran to seek stronger cyber-capabilities, it helps to look at the several ways Iran uses such capabilities. First, Iran wants to keep its citizens under surveillance. Second, Iran wants to know the intentions and capabilities of other countries. Third, Iran ...

Iranian hacks into the social media accounts of U.S. State Department officials are the latest signal from Tehran that it is not looking to turn the page on its embattled relationship with Washington. They also reflect the diversification underway in Iranian cyberwarfare tactics, which in recent years have expanded from ...

Iran is a second tier cyber power. By the standards of other state actors, its capabilities—both offensive and defensive—are relatively modest, but they are growing steadily. Cyber operations have also become an integral component of Iranian military doctrine and strategy, which place a heavy emphasis on the principles of asymmetry ...

Through a series of attacks over the last three years, Iran has revealed a limited offensive cyber capability but a willingness to use it to meet its geopolitical goals. In testimony calling out Iran for attacks on Sands Casinos, Director of National Intelligence James Clapper put Iranian cyber capability in ...

David Navetta is an attorney who focuses primarily on technology, privacy, information security, and intellectual property law at Norton Rose Fulbright.  In an interview with The Cipher Brief, Navetta discussed the legal and liability issues associated with businesses attempting to utilize offensive cyber capabilities. The Cipher Brief: Recently, there have ...

Does the cyber domain call for a fundamentally different framework for achieving international order in the 21st century, requiring statesmen to critically rethink the art of statecraft?  Most likely not, for as in past eras when new technologies and global threats have arisen, statesmen are still occupied with the great ...

As President and CEO of FusionX, Matt Devost focuses on cybersecurity and risk management.  Devost told The Cipher Brief that offensive cyber operations should rest exclusively with the federal government. The Cipher Brief: It seems like there is a lot of confusion about what offensive cyber-operations would look like, with ...

Hollywood has a clear idea of what it would look like if someone used cyber-capabilities against us: a man in a room full of screens would be typing madly, planes would fall out of the sky, there would be explosions everywhere, and so forth. According to Director of National Intelligence, ...

The U.S.-China summit has concluded and the announced results provided little good news on the cyber front, at least for us. Beijing certainly got what it wanted: no executive order sanctions against its officials and companies for benefitting from its planetary-scale cyber espionage campaign.  The Obama Administration apparently got what ...

The U.S. technology sector received a surprise jolt in October when the European Court of Justice struck down the Safe Harbor Framework, setting off a scramble to accommodate this sudden shift in privacy regulations. The framework was established in 2000 to provide guidance on how companies could transfer customer information ...

The European Union and the United States have been close allies for decades and "partners of first resort," to use the words of both former Secretary of State Hillary Clinton and current Secretary of State John Kerry. We are the largest trading bloc in the world and the primary destination ...

Twelve days after the Paris attacks, I was waiting for a flight at London's Heathrow Airport, which seemed to be running with its customary sedate orderliness despite Brussels being on "lockdown" and police raids still taking place in Paris and Belgium.  While checking online for the latest developments in the ...

The safe harbour was a convenient fiction that enabled business-as-usual processes to take place between the EU and the U.S. Many were shocked when the Court of Justice of the European Union (CJEU) ruled it invalid, but in reality, the judgment should not have come as a surprise. The reasoning ...

You would probably be surprised to know what a logistical feat it is to manufacture a smart phone. The base materials are mostly silicon, plastic iron, aluminum, copper, lead, zinc, tin, and nickel. There are also a number of rare earth elements that are present in small amounts but are ...

Joe Jarzombek, a cybersecurity expert at the Department of Homeland Security, recently participated in the 2015 SSCA (Software and Supply Chain Assurance) Winter Working Group Session, which focused on improving cooperation between government and industry in the area of information and communication technology assurance. The Cipher Brief spoke with Jarzombek ...

Over the past several decades, quality, health and safety, and environmental issues have topped the list of supply chain concerns. However, increasingly two issues are rising to the fore of the agenda for multinationals working with third parties across the globe. According to the PwC 2015 State of Compliance Survey, ...

Critical infrastructure organizations have large and complex IT networks built on top of an assortment of heterogeneous technologies.  Many large enterprises also extend their in-house IT assets to an external web of connected business partners, customers, outsourcers, and suppliers.  This multifaceted amalgamation of participants is sometimes known as the cyber ...

The debate about “Going Dark” has reignited following the tragic attacks in Paris last week. There have been claims the terrorists used encrypted communications to coordinate their attack and avoid detection by intelligence services– creating what is, essentially, the worst case scenario envisioned by advocates for government access to encrypted ...

205 Days. 69 Percent. $3.8 Million. These are important numbers that incident response company Mandiant highlights in their 2015 M-Trends Threat Report and the Poneman Institute identifies in their 2015 Cost of Data Breach Study: Global Analysis report.  Why are they important? 205 days is the median time between a ...

Jim Aldridge is a Director at Mandiant, a FireEye company, and focuses on incident response. Aldridge spoke with the Cipher Brief about the evolving cyber-threat, and what to do if you get hacked. The Cipher Brief: Are cyber attacks becoming more common, and what explains the rise in these incidents? Jim ...

Mayer Brown provides legal services to organizations across the globe and recently released a report entitled Preparing For and Responding to a Computer Security Incident: Making the First 72 Hours Count. The authors of the report, Marcus Christian and Stephen Lilley, spoke with the Cipher Brief about the key elements of ...

Does your organization have a cybersecurity program in place with the primary objective of proactively identifying and managing the cyber threats that you face every day?  Many enterprises harbor cybersecurity blind spots that leave them feeling unprepared amid a cyber incident. As threats continue to mount, organizations are responding by ...

Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks.    The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday.   It must now be reconciled with two similar ...

The emerging world of ever-growing connectivity, cybersecurity, and cyber-threats has initiated an uncontrolled transformation in the balance of global superpowers. The old notion of power relying on the number of aircraft and missiles a country owns has expanded to include new terms—terms such as the magnitude of a denial of ...

Ronen Nir is a General Partner at Carmel Ventures, a venture capital firm based in Israel. Prior to joining Carmel Ventures, he worked for several Israeli tech companies and served in the Israeli Defense Force’s Intelligence Unit for 13 years. We spoke with Nir about the state of the Israeli ...

Rhea Siers is the Scholar In Residence at the George Washington University Center for Cyber and Homeland Security and the Director of the GW Cybersecurity Initiative. She has worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency. ...

Bear in mind, when considering the relationship between Silicon Valley and Israel, this is not Detroit versus Tokyo. It’s not that sort of nationalistic, zero-sum rivalry. It’s an additive relationship – one that is emerging as an instructive, vitally important transnational model for developing and selling new, transformative technologies. This ...

Michael Chertoff, the former Secretary of the Department of Homeland Security, sat down with The Cipher Brief to explain why he believes a secure communications infrastructure protected by strong encryption is for the greater public good. The Cipher Brief: U.S. law enforcement has publicly expressed its concern that bad actors ...

When the Clinton Administration decontrolled encryption in the late 1990s after a long and acrimonious debate, it did so because it had decided that the benefits of making strong encryption available to internet users, and the benefits to U.S. companies operating in a global market, outweighed the cost to law ...

The private sector perspective on encryption technology is critical to understanding the crux of the debate.  Amid news that Dell had agreed to buy RSA’s parent company, EMC, in the largest deal in the IT industry's history, RSA President Amit Yoran sat down with The Cipher Brief to talk about ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

The ability of a business to respond with speed and agility after the discovery of a significant cyberattack is critical to its overall recovery and resilience. While the seriousness of cyber threats is becoming better understood, including at the Board of Directors and C-Suite levels, there is still a perception ...

Josh Lefkowitz is the CEO of Flashpoint, a cyber threat intelligence firm that specializes in providing insights from the Deep and Dark Webs. Josh spoke with The Cipher Brief to discuss how the cyber threat environment is changing, and how companies can leverage threat intelligence to improve their overall security. ...