205 Days. 69 Percent. $3.8 Million. These are important numbers that incident response company Mandiant highlights in their 2015 M-Trends Threat Report and the Poneman Institute identifies in their 2015 Cost of Data Breach Study: Global Analysis report.  Why are they important? 205 days is the median time between a ...

Jim Aldridge is a Director at Mandiant, a FireEye company, and focuses on incident response. Aldridge spoke with the Cipher Brief about the evolving cyber-threat, and what to do if you get hacked. The Cipher Brief: Are cyber attacks becoming more common, and what explains the rise in these incidents? Jim ...

Mayer Brown provides legal services to organizations across the globe and recently released a report entitled Preparing For and Responding to a Computer Security Incident: Making the First 72 Hours Count. The authors of the report, Marcus Christian and Stephen Lilley, spoke with the Cipher Brief about the key elements of ...

Does your organization have a cybersecurity program in place with the primary objective of proactively identifying and managing the cyber threats that you face every day?  Many enterprises harbor cybersecurity blind spots that leave them feeling unprepared amid a cyber incident. As threats continue to mount, organizations are responding by ...

Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks.    The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday.   It must now be reconciled with two similar ...

The emerging world of ever-growing connectivity, cybersecurity, and cyber-threats has initiated an uncontrolled transformation in the balance of global superpowers. The old notion of power relying on the number of aircraft and missiles a country owns has expanded to include new terms—terms such as the magnitude of a denial of ...

Ronen Nir is a General Partner at Carmel Ventures, a venture capital firm based in Israel. Prior to joining Carmel Ventures, he worked for several Israeli tech companies and served in the Israeli Defense Force’s Intelligence Unit for 13 years. We spoke with Nir about the state of the Israeli ...

Rhea Siers is the Scholar In Residence at the George Washington University Center for Cyber and Homeland Security and the Director of the GW Cybersecurity Initiative. She has worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency. ...

Bear in mind, when considering the relationship between Silicon Valley and Israel, this is not Detroit versus Tokyo. It’s not that sort of nationalistic, zero-sum rivalry. It’s an additive relationship – one that is emerging as an instructive, vitally important transnational model for developing and selling new, transformative technologies. This ...

The private sector perspective on encryption technology is critical to understanding the crux of the debate.  Amid news that Dell had agreed to buy RSA’s parent company, EMC, in the largest deal in the IT industry's history, RSA President Amit Yoran sat down with The Cipher Brief to talk about ...

Michael Chertoff, the former Secretary of the Department of Homeland Security, sat down with The Cipher Brief to explain why he believes a secure communications infrastructure protected by strong encryption is for the greater public good. The Cipher Brief: U.S. law enforcement has publicly expressed its concern that bad actors ...

When the Clinton Administration decontrolled encryption in the late 1990s after a long and acrimonious debate, it did so because it had decided that the benefits of making strong encryption available to internet users, and the benefits to U.S. companies operating in a global market, outweighed the cost to law ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

The ability of a business to respond with speed and agility after the discovery of a significant cyberattack is critical to its overall recovery and resilience. While the seriousness of cyber threats is becoming better understood, including at the Board of Directors and C-Suite levels, there is still a perception ...

Josh Lefkowitz is the CEO of Flashpoint, a cyber threat intelligence firm that specializes in providing insights from the Deep and Dark Webs. Josh spoke with The Cipher Brief to discuss how the cyber threat environment is changing, and how companies can leverage threat intelligence to improve their overall security. ...

Heroes in war movies rally the troops by pronouncing: failure is not an option. Heroes at the forefront of cybersecurity know better: failure is practically unavoidable.   To protect businesses, the new name of the game is visibility. Monitor your computing environment, recover from attacks quickly, and learn from breaches so ...

Our government should not want a backdoor to encrypted messages. The government says it wants to have a special set of keys to decrypt any encrypted data transmitted across the Internet. The computer industry says it isn’t possible.  The government says it is a matter of national security. The industry ...

Large-scale cyber attacks like those experienced by OPM, Sony, Anthem, and Target have intensified the ongoing criticism that the US government lacks a coherent cybersecurity policy. The Cybersecurity Information Sharing Act (CISA), which is currently awaiting a vote in the Senate, is the latest effort to develop a strategy.  While ...

The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA) (S. 754) soon. Information sharing legislation that would fill gaps in existing law to make it easier for companies to share cyber threat indicators (CTIs) is probably necessary. Unfortunately, CISA is not the answer for many reasons. First, ...

It’s impossible to overstate the threat of cyber attacks to our economy and our national security. McAfee and the Center for Strategic and International Studies last year estimated cyber crime costs our economy more than $400 billion and 200,000 lost jobs. The cybersecurity company Symantec reported that just last year, ...

It helps in thinking about the future of cyber war if we break it into two parts: the future of cyber and the future of war.  Cyber means the collection of computers, software and connections that link people, economies and countries ever more closely together.  In cyber space, Beijing is ...

The Cipher Brief spoke with Dr. Paulo Shakarian, the author of Introduction to Cyber-Warfare, about the future of cyber war. Dr. Shakarain runs Arizona State University’s Cyber-Socio Intelligent Systems lab, which specializes in cyber security and social media. The Cipher Brief: What are your thoughts on the role of cyber ...

The Cipher Brief spoke with Rob Knake, the former Director for Cyber Security Policy at the National Security Council (2011-2015), about the future of cyber weapons and cyber warfare. The Cipher Brief: What are your thoughts on the role of cyber weapons in war, and what would a cyber war ...

The Cipher spoke with Frank Cilluffo, who runs George Washington University’s Center for Cyber and Homeland Security, to discuss the U.S. government’s cyber security posture. Prior to joining GW, Cilluffo served as Special Assistant to the President for Homeland Security. The Cipher Brief: What’s the role of cyber weapons in ...

The Cipher Brief sat down with Suzanne Spaulding, the Department of Homeland Security’s Under Secretary for the National Protection and Programs Directorate.  She shared her thoughts on areas of collaboration between the public and the private sector, and the ways DHS can help. The Cipher Brief: What is your role ...

The Cipher Brief sat down with Robert Cardillo, the Director of the National Geospatial-Intelligence Agency.  He shared his thoughts on the public-private partnership and the future of NGA. The Cipher Brief: In today’s complex threat environment, how does the IC stay at the technology curve? How does it manage to ...

The Office of Personnel Management (OPM) hack shocked the U.S., exposing the vulnerability of the U.S. government to cyber attack.  After thieves took the personal data of more than 20 million federal employees, what did we learn? 1. IT isn’t a priority until something goes wrong. OPM received several warnings from ...

Imagine this:  a private company discovers that detailed personal identifying information—including Social Security numbers, dates of birth, passport data, foreign travel histories, and other sensitive personal and private data—for more than 25 million people has been compromised in successive security breaches.  How swiftly do you think government officials, regulators, and ...

The Cipher Brief sat down with Michael Chertoff at the Aspen Security Conference to discuss emerging issues in cybersecurity. He feels that businesses and the government need to more proactively engage with cybersecurity problems and work closer together to minimize their vulnerability to hackers. TCB: What would you say for ...

Cybercriminals are now using more advanced methods, once the exclusive domain of the state, to steal and profit from personal and proprietary information, blurring the line between cybercrime and cyberespionage. Companies who fail to adapt their cyber defenses to match this upgraded threat will be bringing a knife to a ...

Seemingly a typical teen living in the Virginia suburbs of the nation’s capital, Ali Shukri Amin, 17, led a different life online as curator of a pro-ISIS twitter account. Last week, Amin pled guilty in federal court to providing material support to ISIS. This case, and others like the shootout in Dallas or the ...