Recipe for Disaster: as Phishing & Ransomware Attacks Spike, Companies “Turn a Blind Eye”

According to a recent report by the the Anti-Phishing Working Group (APWG), phishing activity is at an all time high. APWG “observed more phishing attacks in the first quarter of 2016 than at any other time in history…the total number of unique phishing websites observed in Q1 2016 was a record 289,371, with 123,555 of those phishing sites detected in March 2016.” (Source: Phishing Activity Trends Report, 1st Quarter 2016, May 23, 2016).

At the same time, ransomware attacks have also spiked. “Kevin Haley, the director of product management at Symantec Security Response, said his group has seen an average of over 4,000 ransomware attacks per day since Jan. 1, a 300-percent increase over the approximately 1,000 attacks per day in 2015…” Ransomware attacks in the first quarter of 2016 are “coming at quadruple the rate seen last year…” according to figures from the group. (Source: fedscoop, “Ransomware attacks quadrupled in Q1 2016,” by By Greg Otto, April 29, 2016).

ransomware trends
Ransomware activity has spiked in the first half of 2016.

So are companies responding, training their people and prioritizing cybersecurity as one might hope? Apparently not, at least according to a newly published study by Experian Data Breach Resolution and Ponemon Institute.

The study, entitled “Managing Insider Risk Through Training & Culture,” found that 60% of companies surveyed believe that their employees are “not knowledgeable or have no knowledge of the company’s security risks…Additionally, the study showed a lack of concern by C-suite executives. Only 35% of respondents said that senior management sees it as a priority that employees are knowledgeable about how data security risks affect their organization.” (Source: info security magazine, “Orgs Turn Blind Eye to Risky Employee Behavior,” by Tara Seals, May 23, 2016).

blind eye
“While employee-related security risks are the No.1 concern for security professionals, organizations are not taking adequate steps to prevent negligent employee behavior.”

According to Info Security Magazine which reported on the study, other findings of concern revealed that:

  • less than half (46%) of surveyed companies make training mandatory for all employees;
  • 60% of companies do not require employees to retake security training courses following a data breach, “missing a key opportunity to emphasize security best practices;”
  • about 43% of companies provide only one basic course for all employees;
  • phishing and social engineering attacks are covered in less than half of basic programs; mobile device security in 38%; and using cloud services safely is covered in less than a third (29%);
  • 67% provide no incentives to employees for being proactive in protecting sensitive information or reporting potential issues; and,
  • only 29% mention security in performance reviews. (Source: Id.)

These findings are a real concern. They make clear that despite increasing cyberattacks, especially those like phishing and ransomware directed at employees, organizations are not taking the steps necessary to prepare those employees to defend themselves and their company. We can only expect employees to ‘play their part’ in cyberdefense if and when we train them and make them aware of the dangers. Successful, savvy business leaders will do that, and they will make cybersecurity a priority in the months and years to come.

The Internet of Things is Dead, Long Live the Internet of Things. Who’s Right?

Disclaimer: I don’t like naysayers very much. Or skeptics, for that matter. I understand and acknowledge their value, of course, in terms of ‘keeping us honest’ and ensuring we don’t ‘get ahead of ourselves’ with exuberance, excitement, enthusiasm and all that other stuff that makes life worth living. But I don’t like them, in truth, and I probably never will.

That’s why when I see articles calling  the Internet of Things (IoT) a “dead end” (Barron’s), or asking if the Internet of Things is “Just a Hype,” (Huffington Post), I do a double-take. Are the naysayers right? Is this “3rd wave of the Internet” (Goldman Sachs), touted as so revolutionary by so many (including me), really just another passing trend?

CRN article
“Intel has been hitting the Internet of Things fast and hard.”

Since this is truly one of those things in which ‘only time will tell,’ (sorry, no definitive answers here), we’re compelled to look for guidance in the marketplace, which often provides good (albeit admittedly not fool-proof) evidence of what is our best guess going forward on IoT.

And in the marketplace there is plenty to suggest that the IoT is in fact not dead, not a ‘dead end’ and, more likely than not, not ‘just hype’ (although uber-hyped might be right, at the moment). Consider the following recent headlines about corporate moves pertaining to IoT:

WSJ IoT HP article
“Hewlett Packard Enterprise Co. is joining a crowded race to help companies get a leg up on one of tech’s hottest trends, the Internet of Things.”

According to these recent stories, Intel, Amazon, HP, Vodacom, Microsoft and Nokia (estimated aggregate total market capitalization of just short of 3/4 of a trillion dollars) are all positioning themselves to win in the Internet of Things. They are buying other companies, investing in technologies, setting long term corporate strategies, all with the goal of succeeding in the age of the IoT.

It’s possible these corporate giants (and others) are wrong. That IoT doesn’t have sustaining value. That it won’t change our lives as we know it. But that’s not what the market is telling us, is it?

All of this IoT-inspired corporate activity sends me toward a different conclusion, one which reminds me of a movie quote from the 1997 sci-fi flick Contact, in which billionaire investor H.R. Hadden tells Dr. Arroway, “The powers that be have been very busy lately, falling over each other to position themselves for the game of the millennium.”

I don’t know for sure that the Internet of Things is the game of the millenium, but it sure looks a lot more like that than hype to me. Smart companies, organizations with a desire to be successful and relevant in the years to come, all will want to position themselves and their business with an eye towards IoT, at least based on what we’re seeing right now. Develop an IoT strategy, view your products and services through the lens of IoT, all as a contextual environment for the future.

Perhaps H.R. Hadden posed the question best when he asked, “Wanna take a ride?” So, do you?

Small Texas Law Firm Used in International Cyberattack

It started a couple of days ago. The folks at the James Shelton law firm in Clarendon, Texas, about 60 miles east of Amarillo, began receiving calls. Thousands of calls from all over the place, including Canada and the U.K.

According to what’s known so far, cybercriminals apparently gained access to and used a law firm email account to email an unknown number of recipients with the subject “lawsuit subpoena.” The subject is company specific, and it asks if the “legal department” has received it yet. The email says the matter is, of course, “urgent,” and it includes a Word document attachment.

Actual email used in the cyberattack, intended to deceive recipients into clicking the attachment and downloading a malware infected payload.

In fact, the email (one was sent to our company here in Dallas) contains malware that is, according to sources, “a variant of Dridex… [It is a] virus [that] relies on macros in MS Office to propagate.”  “Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.” (emphasis added) (Source: Webopedia).

The law firm’s website now displays a warning banner about the cyberattack.

I spoke with Jim Shelton in Clarendon late this afternoon, who confirmed the attack. Working with his provider, they have disabled the email account and placed a bright red warning  banner on their website directing folks “not to click any links or download any attachments.” Jim told me he was also contacted by the State Bar of Texas, which had received calls about the email.

This attack is a serious one with the potential to cause significant damage and harm to folks who receive it and the companies they work for. If you or anyone you know receives an email like the one posted above, please do not open it and do not click on any attachments. Please do pass along word of this attack so that others might be made aware of and avoid it at all costs.

People are Worried about IoT, and that’s a Good Thing….

Apparently not everyone is super jazzed about the Internet of Things (IoT), a world in which billions of devices are ‘talking’ to one another, autonomously, silently, in the hidden background of our everyday lives.

Consumers dont trust IoT
“Even though consumers see tangible benefits of the Internet of Things (IoT) adoption, many have their doubts regarding security, trust and safety…”

According to a recently released study, “60 percent of consumers [globally] are worried about [the Internet of Things]…The biggest concerns are [privacy] (62 percent) and security (54 percent), followed by physical safety (27 percent), and not being able to fix the technology (24 percent).” (Source: betanews, “Consumers do not trust Internet of Things,” by Sead Fadilpašić, April 8, 2016, citing Mobile Ecosystem Forum (MEF)’ study entitled, “The Global Consumer Survey.”)

In the United States, the percentage of those concerned about the IoT is even higher than the global average, at 63%.

Other study findings revealed that:

  • Women are more concerned about the IoT then men (64% of women are concerned about a world where everyday objects are connected to each other and the Internet, compared to 57% of men concerned about the same);
  • Privacy is the biggest concern among those polled in the United States (70%, compared to a global average of 62%); and,
  • Of all the IoT connected devices, the smart home was of most concern to those polled (30% were concerned about connected home security and 15% about connected house doors, followed by cars, tv’s and ‘smart’ irons, 3rd – 5th on the list of concerns).
IoT Journal
“Consumers are increasingly aware of the value of the personal data they share via smart-home devices and platforms, and are wary of the security robustness of those systems…”

Another recent study seems to support these findings of consumer concern and mistrust of the IoT. “In July 2015, Intel Security hired Vanson Bourne, an independent market research provider specializing in the technology sector, to interview 9,000 consumers,” including 2,500 from the United States, regarding topics related to smart-home technology. “66 percent said they were very concerned about the security of their home being compromised by cybercriminals, while 92 percent said they are concerned about the security of their personal data that is collected and shared via smart-home platforms.” (Source: IoT Journal, “Smart Homes, Cybersecurity and Personal Data: What Consumers Care About,” by Mary Catherine O’Connor, March 31, 2016).

While it’s clear that concern about and mistrust of the Internet of Things is real and may slow adoption of the technology, that may well be a good thing, as more and more cybersecurity professionals and privacy advocates warn that the growth in IoT tech is far outpacing the security and regulation of the same. For only if we are all deliberate and careful going forward can we be sure to realize the many valuable and even life-saving solutions a world of connected devices (see connected cars, by way of example) has to offer without, at the same time, creating a vast platform for those seeking to abuse it.

Here Come the Feds: DIGIT Act, CFPB No-Breach Enforcement Order a Sign of Things to Come

Federal regulators and legislators have been promising for some time now that additional, formal action would be coming on the Internet of Things (IoT) and in the realm of cybersecurity enforcement. Last week, both the United States Senate and the Consumer Financial Protection Bureau (CFPB) made good on those promises.

On the IoT front, a bipartisan group of Senators including Sens. Deb Fischer, R-Neb., Cory Booker, D-N.J., Kelly Ayotte, R-N.H., and Brian Schatz., D-Hawaii, introduced the Developing Innovation and Growing the Internet of Things Act, or the DIGIT Act.

nextgov on DIGIT ACT
“The DIGIT Act is one of many recent congressional actions related to the Internet of Things.”

According to news reports, the new bill introduced on March 1, “directs the Federal Communications Commission to report on the spectrum required to support the Internet of Things. It also proposes creating a working group, made up of public and private sector representatives, to advise Congress on planning for and encouraging the growth of that network as well as how the federal government can adopt the Internet of Things.” (Source:, Senators Introduce Another Internet of Things Bill, March 1, 2016 by Mohana Ravindranath).

“The bill proposes that the working group examine topics such as spectrum needs, federal technology grants, consumer protection, and privacy and security. The FCC study would address spectrum issues, such as the role of licensed and unlicensed spectrum in a highly connected world, according to the bill.” Id, emphasis added.

The findings and recommendations of both the FCC and the working group would be required to be submitted to the appropriate committees of Congress within one year of the bill’s enactment.  (Source: National Law Review, “Internet of Things Bill Introduced,” March 9, 2016).

On the cybersecurity side of things, this past week saw the first data security enforcement action from the Consumer Financial Protection Bureau (CFPB), a governmental agency created by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.

CFPB Dwolla enforcement action
“Under the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB is authorized to take action against institutions engaged in unfair, deceptive or abusive acts or practices, or that otherwise violate federal consumer financial laws.”

According to the CFPB press release accompanying its consent order, “The Consumer Financial Protection Bureau [ ] took action against online payment platform Dwolla for deceiving consumers about its data security practices and the safety of its online payment system. The CFPB ordered Dwolla to pay a $100,000 penalty and fix its security practices.” (Source:, “CFPB Takes Action Against Dwolla for Misrepresenting Data Security Practices,” March 2, 2016).

Although there was apparently no breach of Dwolla’s data security or systems, the CFPB nonetheless found that Dwolla had, “misrepresented its data-security practices by:

  •  falsely claiming its data security practices “exceed[ed]” or “surpass[ed]” industry security standards; and
  • falsely claiming its “information [was] securely encrypted and stored.” Id.

Both the bipartisan DIGIT Act and the CFPB’s no-breach enforcement action against Dwolla presage additional federal engagement on the Internet of Things and in corporate cybersecurity, more broadly. As a result, organizations of all shapes and sizes, for profit and not, are encouraged to actively monitor such developments and, more importantly, to continue to invest in robust cybersecurity efforts, including but not limited to employee training and vendor screening and management.

Ransomware: Same Old Crime, New High Tech Methods

Ransom, as a crime, hasn’t really changed much over the years. The first American ransom note was used in a kidnapping in 1874 in Philly. In broken English, it read in part, “You wil have to pay us [ ] and pay us a big cent to…[I]f you put the cops hunting [ ] you is only defeeting yu own end.” (Source:, The Story Behind the First Ransom Note in American History, By Carrie Hagen, December 9, 2013)

hospital ransomware
Hollywood Presbyterian Medical Center paid a ransom of $17,000 to regain access to the hospital’s electronic medical records system and other computer systems after suffering a ransomware attack.

Fast forward 140 years, and we still face this very same crime with very much the same messages. What’s changed, of course, is the delivery method: criminals of all types (former employees, activists, terrorists, etc) can now deliver ransom-laden software, known as “ransomware,” to users’ computers by way of e-mail and websites, all towards taking something hostage (information, systems, networks) with the promise of releasing it only after getting paid.

Ransomware is defined as “a type of malware that prevents or limits users from accessing their system. [It] forces its victims to pay [a] ransom through certain online payment methods in order to grant access to their systems, or to get their data back. ” (Source: TrendMicro). Ransomware has been around a while (the first cases were reported in 2005 – 2006 in Russia); however, the last few years, and 2015 in particular, have witnessed a significant increase in these types of attacks. The first quarter of 2015, by way of example, “…saw a 165 percent increase in new ransomware…” (Source: betanews, “Ransomware sees 165 percent increase in 2015,” by Ian Barker, May 2015).

That growth of ransomware has continued into 2016:

ransomware CIO mag
A new kind of Android malware called Xbot steals online banking credentials and can hold a device’s files hostage in exchange for a ransom.

It’s now clear that ransomware is a serious and growing threat that can cost people and companies dearly (according to a Nov. 2015 report, Crypto Wall 3 ransomware was responsible for approximately $325 mil in damages since its discovery in Jan. 2015). (Source: LavaSoft, Cryptowall Ransomware Costs Users $325 million in 2015,” November 2, 2015). As such, for-profit organizations and non-profits alike will do well to be careful, vigilant and on the lookout for ransomware attacks, and make their employees aware of the same with training and awareness designed to stop these attacks before they begin.

Some Good News (and a little bad news) about Our Government’s Cybersecurity

Alright, we’ll do bad news first. Not because I’m a cynic (I’m not), but because I want to get it out of the way and talk about some positive things that are happening with the federal government as they relate to safeguarding American citizens’ personal and private information.

The bad news is we are continuing to see data breaches of federal government agencies. The list of departments suffering hacks resulting in the compromise of the personal information of hundreds of thousands of Americans continues, with two additional breaches publicized this week:

IRS PINs stolen
“The Internal Revenue Service was the target of an attack that used stolen Social Security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.”

These latest breaches come on the heels of numerous other federal agency breaches, most notably the breach of the Office of Personnel Management (“OPM”) announced in June of last year, which involved the records of more than 18 million people (some accounts put the number closer to 21.5 million) and which has been described by federal officials as, “…among the largest breaches of government data in the history of the United States.” (Source: Wikipedia, Office of Personnel Management Data Breach).

obama signs orders on cybersecurity
Seriously outdated technology, such as the Social Security Administration’s system that still runs on a platform written in the 1960s in the COBOL programming language, is adding to cybersecurity challenges.

Ok, so that’s the bad news. What’s the good news, then? Well the good news is that apparently (fingers -and toes – crossed), the feds have gotten the message and are now taking concrete steps to make changes towards securing the data of not only Americans who work for the government, but folks working in the private sector, as well.

According to news reports earlier this week, the Obama administration is taking a number of steps to “step up,” as it were, the cyber defenses of our Nation’s government, and to help guide private enterprise in the same mission. Here is a ‘short list” of what’s happening and what’s being requested:

  • the President sent to Congress a proposed 2017 budget that includes a request for $19 billion for IT upgrades and cyber initiatives (a 35% increase over 2016)
  • the President signed two (2) Executive Orders, that created two (2) new entities: (a) a Commission on Enhancing National Cybersecurity (CENC), and (b) a Federal Privacy Council (FPC)
  • the CENC “will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1″
  • the FPC “will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.”
  • “The White House said it also plans to create the new position of Chief Information Security Officer to coordinate modernization efforts across the government, including a a $3.1 billion Information Technology Modernization Fund.”
  • the Administration’s plans include “training and shared resources among government agencies” and “48 dedicated teams to respond to attacks”
  • recruiting top IT talent will also be prioritized and bolstered through student loan forgiveness programs and incentives
  • there are also plans to encourage multi factor authentication and reduce the use of SSNs as unique identifiers for Americans

(Source: USA Today, Obama signs two executive orders on cybersecurity, by Gregory Korte, February 9, 2016)

There is a lot to like in these efforts, which if implemented should go a long way towards securing the private and personal information of millions of Americans. Of course, how long it will take and how effective these “good news” actions will be if and when they’re taken remain unanswered questions, the answers to which will say much about just how serious American elected officials are about cybersecurity and the privacy and security of their constituents.



IoT go Boom! Is 2016 the year IoT “explodes?”

If “talk” is any indicator, 2016 may be the year the Internet of Things (“IoT”) breaks out. Check out this sample of recent headlines concerning the IoT:

  • “IoT industry will explode in 2016, Gartner says”
  • “IoT Devices Are Exploding On the Market”
  • “Can You Handle the IoT Explosion?”
  • “2016 could be the year for the Internet of Things”
  • “The Explosion of the Internet of Things”
Iot 2016 breaks out
“Wearables (are) looking to break out in 2016,” according to analyst Daniel Ives with FBR.

IoT is certainly no stranger to hype and media coverage (IoT has been the “most-hyped” technology of the past two years, according to the Gartner hype curve), especially right after a CES. However, there are a number of developments  – tech and economic in nature – that could now be coming together to produce the tipping point in IoT that so many have seen coming.

Here then is a short, non-exhaustive list of what may be driving the IoT “explosion” coming in 2016:

“Eventually, connected devices need to transition from Pinocchio to real boy. HaLow should help that process.”
  • More connectivity: IoT will only work and exist if and when connectivity is universally available. Enter HaLow, a next generation WiFi that, “promises to double the range of standard 2.4GHz Wi-Fi connections, while also doing a better job of penetrating walls, floors, and other obstacles that can make your Wi-Fi sputter and skulk.” (Source: Wired Magazine, “Next-Gen Wi-Fi Will Actually Connect the Internet of Things,” Jan 4, 2016 by Brian Barrett). With HaLow connectivity, smart, connected IoT devices running underground and in industrial settings should be able to communicate with one another and with the devices that run and monitor them.
  • More power: In addition to connectivity, one other item is required to have an IoT ecosystem: power. While many are looking to advancements in battery technology to support the billions of IoT devices arriving annually, some are looking in a different direction altogether: wireless power. “[A] bevy of companies are working diligently to bring technologies to market that can transmit power at distance – upwards of 15 feet… [ ] three companies stand a reasonable chance of bringing an IoT solution to market anytime soon [ ]. Of the three, Energous is the closest. Not only has it already attracted a Tier 1 partner, rumored to be Samsung or possibly Apple, it’s only a few months away from having a commercially ready chipset to be incorporated into wearables, IoT, and mobile devices.” (Source:, “The Best Play on the Internet of Things Trend,” Dec 21, 2015 by Louis Basenese).

In short, this year we’re likely going to see the proliferation of IoT devices with more connectivity and more power options to drive them. As that momentum accelerates, IoT will grow exponentially and, as a result, 2016 could well turn out to be the year that IoT did in fact “explode,” as more and more consumers embrace it and more and more businesses find ways in which to harness the big data that those systems produce.

Top Cybersecurity & IoT Predictions for Business in 2016

Well it’s the end of the year and, as usual, everyone is out with their predictions about what the coming year will hold for technology. To follow then is a compilation of some of the more interesting and important cybersecurity and IoT predictions related to business from folks who are “in the know.”

On Cybersecurity:

Krebs phishers
“Expect phishers and other password thieves to up their game in 2016…”
  • Ransomware attacks will continue to be used against companies at increasingly alarming rates. “Ransomware, whereby hackers take control of the data in their victims’ computers, encrypt the data and threaten to destroy the data unless the victims pay a ransom has evolved into a bigger problem than many people may be aware of because many of the victims of ransomware do not report the attacks out of a concern as to adverse publicity. Companies of all sorts and governmental agencies have become victims of ransomware. The sophistication of the malware used as ransomware makes this a tremendous threat.” (Source: USA Today, “Cybersecurity Predictions for 2016,” by Steve Weisman, Dec. 27, 2015).
  • Companies will get smarter about cybersecurity, including realizing the need for a dedicated, information security resource.  “Enterprises will finally realize the need for a job designation that focuses solely on ensuring the integrity of data within and outside the enterprise…Awareness around data protection will pave the way to a significant shift in the enterprise mindset and strategy against cyber-attacks. We will see more enterprises taking on the role of the ‘hunter’ instead of the ‘hunted’, in that they will begin to make use of threat intelligence and next-generation security solutions with custom defense to detect intrusions earlier.” (Source: Trend Micro, “Security Predictions for 2016 and Beyond,” October 27, 2015). 

On the Internet of Things (IoT):

  • Wireless power will begin to emerge as an important solution to IoT device power issues. “…as Energous Corp. (WATT) CEO, Steve Rizzone, said in a recent conference call,’IoT is becoming more and more of a dominant market consideration and to support IoT you need two functions, you need internet connectivity and you need power.’ So what’s the answer? [ ] I’m convinced it’s wireless power…a bevy of companies are working diligently to bring technologies to market that can transmit power at distance – upwards of 15 feet.” (Source:, “The Best Play on the Internet of Things Trend,” by Louis Basenese, Dec. 21, 2015).
citrix IoT predictions
“In 2016, we will see more and more emphasis on using IoT and the Integration of Everything to solve complex business problems.”
  • More companies will turn to IoT to solve business problems. “In 2016, we will see more and more emphasis on using IoT and the Integration of Everything to solve complex business problems. While this won’t grab as much public attention as deflating a hype bubble [ ] it will really start to build momentum behind the Enterprise business model for IoT. One large Enterprise opportunity is in Healthcare and another example is how IoT is going to power the smart-office in 2016. IoT will help enable this transformation with meeting room automation, workflow orchestration and facilities optimization.” (Source: Citrix, “Predictions for the Internet of Things (IoT) in 2016,” by Chris Witek, citing Chris Fleck, Dec. 18, 2015).

While there are a lot of predictions about the coming year for cybersecurity and the Internet of Things, one thing is for sure: 2016 will be an exciting and important time in these spaces, as successful, innovative companies look to leverage the power of IoT while also maintaining the safety and security of their data and that of their employees and customers. Time will tell who is the most successful in this increasingly precarious balancing act.

Is the Cloud the Answer to Your Cybersecurity Challenges?

For years, the use of the the cloud has been viewed by many as a cybersecurity risk. Having a company’s data, processes and work maintained and performed in some far away location seemed counterintuitive to keeping the same held close to home and “safe” on that same company’s own servers and systems.

Increasingly, however, many organizations are viewing the cloud as a much more secure environment in the face of an ever-increasing cyberthreat landscape.

cos using cloud for cybsercurity
“Years ago when companies began moving sensitive information to the cloud, there was paranoia about storing data off site. But cybersolutions are evolving and increasingly include cloud-based solutions.”

According to a CNBC article last month citing a recent PWC survey entitled “The Global State of Information Security Survey 2016,” “more cybersecurity professionals are turning to cloud storage as an effective and more affordable way to fight cyberterrorism…” (Source: CNBC, “Why more companies are using the cloud to fight cyberthreats,” by Jennifer Schlesinger, Nov. 14, 2015).

From the article:

  • Nearly 70 percent of respondents said their company is using cloud-based cybersecurity services, according to PWC’s Global State of Information Security Survey 2016… (emphasis added)
  • The cloud as a less pricey cybersecurity tool is especially beneficial and welcome for small- to mid- sized companies that can’t afford all the bells and whistles that larger companies employ to keep their networks safe.
  • “The value of moving to the cloud outweighs the risk of paranoia,” said Chris Weber, co-founder of Seattle-based Casaba Security.”

The CNBC article went on to say that, “Beyond smaller firms, larger companies are also moving security to the cloud, with many companies setting up their own cloud-based system, according to PWC’s Burg. He added many of the larger companies already use cloud-based messaging services, so moving to cloud-based cybersecurity is a natural progression.” (emphasis added).

PWC study on infosec
“Many organizations are incorporating strategic initiatives to improve security and reduce risks,” including 69% of respondents who said they were utilizing cloud based security services.

Today’s leaders must conduct their own assessment of the specific, relevant cyberthreats they and their organizations face. Those leaders must use all of the tools at their disposal and develop a strategic approach that allows them to address and mitigate cyberthreats based on the threat vectors that are relevant to them and their respective groups. While many tools are available, what’s clear is that more and more the cloud is becoming an increasingly attractive option in creating these cyberdefenses. The cloud may not be right for every organization, but forward thinking leaders will at the very least consider cloud-based solutions and implement them as needed as part of a strong, comprehensive cybersecurity program.

John Ansbach on IoT, Cybersecurity & the Technology Trends of Tomorrow