The Current Intersection of Universal Design and Cybersecurity and Why It Must Expand

Many businesses develop cybersecurity programs without considering universal design. This results in programs that fail to meet the needs of the entire workforce. Even worse, inaccessible cybersecurity programs can force workers to miss out on important security tips and insights. This can lead to data breaches that damage a company’s brand reputation and bottom line. 
A clear understanding of the relationship between cybersecurity and universal design is a must, especially as more industries become common targets for cyberattack. Cybersecurity professionals can apply universal design best practices in their everyday work. In doing so, they can develop and maintain best-in-class cybersecurity programs.

Read more...

OT/ICS Security Training

This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.

Read more...

It’s Time to Secure the Water Sector from Cyber Threats

he Biden administration is reportedly considering a first-ever integrated action plan for global water security, linking global access to clean, reliable water to U.S. national security for the first time. At home, the linkage between national security and security of the water and wastewater sector is self-evident by its very definition as critical infrastructure. Yet decades of chronic underinvestment and under-resourcing of federal support to the industry has left this life-supporting and life-sustaining infrastructure vulnerable to cyber threats.

Read more...

Is Fully Homomorphic Encryption now a reality?

We all know the problems with users picking weak passwords, whether it is “PassW0rd123” or “JamesBond007”. We also know that there are lists of passwords which have been obtained from hacks into websites, and from these we can work out what are the most commonly used weak passwords in circulation. Surely there must be a way of checking, when a user chooses a new password for a website, whether the password lies on the known list of common weak passwords? There are two obvious solutions to this problem: Firstly, the browser could maintain the list of weak passwords locally on the user’s computer. This solution however does not scale as the list is huge, and needs to be continually updated. The second solution is for the new password to be sent to a central site and compared against the list of common weak passwords. But this solution then leaks the new (potentially strong) password to the central site doing the checking. Is there a better way?

Read more...

Pain-Free Cloud Security Transformation? There’s No Such Thing

Seemingly all companies today prioritize cloud security as part of a comprehensive cybersecurity strategy, and for good reason. The proliferation and sophistication of cyberattacks bring endless possibilities for hackers to steal and misuse data at a pace previously unimaginable. Ransomware alone rose more than 100 percent in volume globally in 2021, and the expectation is that with such “success,” the rate of attacks will only grow in 2022.
Yet, too many enterprises and smaller companies still struggle with the transformation to the cloud because of the variables that come along with choosing the best product. Lack of awareness about the complexities with the switch, namely technology-related issues and typical adjustments needed to workflows and processes, also contributes to the confusion. Adding to the quandary is the existence of very few companies that are dedicated to cloud security as opposed to general cybersecurity products.

Read more...

Closing the Cybersecurity Communications Gap: What Every CISO Needs the C-Suite to Know

The role of the Chief Information Security Officer (CISO) has evolved considerably in recent years. So much so that in many organisations CISOs now regularly consult with the CFO, CTO and CEO on security strategy, cyber risk, and how to approach digital transformation. However, while some CISOs have been given a seat at the table on many executive boards, this hasn’t been the case everywhere.
In the past, digital security was a high priority for highly regulated industries such as banks, insurance companies as well as utilities and public sector organisations. But the recent and rapid escalation of online channels in the wake of the global pandemic has made companies in every industry sector a potential target for cyber criminals. This means C-Suite executives need to be fully informed and educated on the preventative steps that need to be taken – and why.

Read more...

Ethics of the 0-day trade

This is an opinion piece, and an opinion that I am fully aware of, can be controversial in some sectors of the cybersecurity industry. Still, selling the state of the cybersecurity of customers, that most of us are doing our outmost to protect from the nefarious underbelly of the Internet, is actively undermining the security. And yes, I feel that it is actively undermining the security, to sell 0-days to brokers, on the darknet or companies on the Internet, instead of disclosing them to the vendors for patching.

Read more...