Category Archives: CSO/CISO Perspectives

Are Ransom Payments Supporting Terrorists?

– Organizations, particularly those that recognize that they don’t have essential security and data recovery measures in place, have taken out cyber insurance, which they are regularly using to pay off ransomware attackers. I find it curious that these insurance companies seem to be willing to pay…

“All for One and One for All”

– … So chanted the Three Musketeers. One of my main issues with cybersecurity risk management is that organizations seek to secure their own systems, data and networks, hoping that attackers will move on and attack more vulnerable victims. I have heard this notion explicitly stated by senior…

Cybersecurity is Failing—Time for a Reset?

– When you read what’s happening in cybersecurity, you could cry. We are being bombarded with cybersecurity fails. Recent egregious examples are Equifax and Capital One. To quote an August 2, 2019 article by Tom Foremski “A dismal industry: The unsustainable burden of cybersecurity” which is…

The Why and Wherefore of Cybersecurity Risk

– There is a song in Gilbert and Sullivan’s “HMS Pinafore” light opera that begins “Never mind the why or wherefore.” Perhaps that has been a problem all along with cybersecurity risk management. We discuss ad nauseum the how, what, when and where of cyberattacks, but seldom do we really…

Cyberwarfare—Yes? Cyber Insurance—No!

– Just when you think that you are covered, you discover that you may not necessarily be protected by your cyber insurance. That was the startling message in an article by Adam Satariano and Nicole Perlroth with the title “Cyberattacks Reveal an Insurance Gray Area” in the SundayBusiness section…