A quick outlook into 2022
Top 2022 priorities for most organizations include digitization projects, enhancing hybrid work productivity, public cloud adoption, and increasing cyber-resilience. Ransomware, attacks targeting work-from-home setups, supply chain attacks, and as-a-service cyber-crime will likely dominate the threat landscape in 2022. The transition from cybersecurity to cyber-resilience is accelerating but there are steps to be made for closing …
My takeaways from last week – Nov 22, 2021
My last week’s readings were a bit peculiar. Most covered personal privacy and life stories connected to cybersecurity. So I decided to focus this post on three privacy-related takeaways from last week. The first is connected to a story from the previous week: the attack on FBI’s email servers and the false warnings sent to …
My takeaways from last week – Nov 15, 2021
What if you get an email (genuinely) from FBI telling you about an ongoing cyber attack? Would you believe it? I think I would! …but shouldn’t. Read on to see why and also to get some quick takeaways from last week. On Friday, an incident involving the FBI email servers surfaced to the public audience. …
Five reasons to love being a Product Marketer in Cybersecurity
On quite a few occasions I’ve been asked what it is like to be a Product Marketing Manager in Cybersecurity, particularly at Bitdefender. As with Product Management, Product Marketing has variations from industry to industry and even from company to company. To bring everyone on the same page, I want to mention that in Bitdefender …
Continue reading Five reasons to love being a Product Marketer in Cybersecurity
My takeaways from last week – Nov 1, 2021
There is not boring week! By far, the most interesting news of the week for me is the Facebook renaming into Meta. But some other interesting topics caught my eyes in the past week. SEO (or SEO Poisonings in this case) becomes a tactic leveraged to deliver malware. The good old VPN is still good, …
My takeaways from last week – Oct 18, 2021
This week it was a lot about ransomware and for good reasons, I think. It is a priority now to defend against equally for governments, businesses, and individuals. Besides ransomware, I selected a few interesting articles among which one is about user rights and one about cyber… ignorance. Read on to get my takeaways from …
My takeaways from last week – Oct 11, 2021
This was a particularly interesting week with a couple of events worth being reviewed (and learned from): the launch of the more security-oriented Windows 11, the Facebook outage and, a new ransomware threat for VMware ESXI. I also included a short read on planning for Incidents Response. Here is my take from last week: I’m …
My takeaways from last week – Oct 4, 2021
Last week was a pretty busy one and had less time than usual to stay on top of industry developments. Though, I managed to sneak a few interesting reads on attacking two-factor authentication, a nasty vulnerability of Apple AirTag, and a major data breach missed for no less than 17 months. Here is my take …
My takeaways from last week – Sept 27, 2021
Each Monday I’m publishing a list of quick thoughts and top readings on cybersecurity from the previous week. Here is my take from the week of September 20th: An excellent article on advanced phishing: Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It? “Hackers are upping their game, using an approach I …
Continue reading My takeaways from last week – Sept 27, 2021
How ransomware changed the face of cybersecurity
In a popularity contest for cyberattacks, Ransomware would definitely win and its (bad) reputation among the general public is well deserved. Ransomware is probably the type of attack that had the most significant influence on the cybersecurity industry in the last 10 years. Here is why. The Prevalence Compared to other classes of attacks – …
Continue reading How ransomware changed the face of cybersecurity
Security Architecture considerations for Cyber Resilience – why threat prevention is important
In an earlier blog this year, I compared the concepts of cybersecurity and cyber-resiliency, arguing that the main difference between the two is one of perspective. Cybersecurity is centered on the idea that attacks can (and should) be prevented while cyber-resilience acknowledges that some attacks will go through, and that organizations must prepare to deal …
A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)
In the third and last part of the blog series on Practical Cyber Resilience, I will cover the Approaches, Tactics and Techniques that an organization should use when developing options for improving cyber resilience. In the previous blog, I detailed the practical five-step Cyber Resilience Analysis Process recommended both by NIST and MITRE for enhancing …
Continue reading A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)
A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)
This is the second of a 3-blog series on Practical Cyber Resilience. In the first part, I covered the four key characteristics (or guiding principles) of cyber resilience. In this blog we will review the main objectives and 5-step Cyber Resilience Analysis methodology, as defined by the NIST Special Publication 800-160, Developing Cyber Resilient Systems. Within …
Continue reading A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)
Three takeaways for a Small Business from the Microsoft Exchange hack
I heard this so many times: “My company is too small to be the target of an advanced attack”. Unfortunately, this is not true and the recent cyber-attacks on Microsoft Exchange servers clearly show it. Compared to the recent SolarWinds Orion security breach that directly affected mostly large organizations, the Exchange vulnerabilities were used to …
Continue reading Three takeaways for a Small Business from the Microsoft Exchange hack
A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series
In a previous blog, I looked at the key differences between cybersecurity and cyber-resilience, and why cyber-resilience is a better approach for organizations to follow in 2021 because it is holistic. The IT cyber-resilience is a complex objective requiring a solid understanding and a structured approach. NIST Special Publication 800-160, Developing Cyber Resilient Systems, is one …
Continue reading A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series
Cybersecurity or Cyber-resilience: Which one should be the prime objective for 2021?
Given the increased dependency on digital technologies for daily operations it’s not a surprise that organizations are concerned about cyber threats and the risks these are posing to their operations. But what is the best approach to this problem? Should an organization focus on cybersecurity or on cyber-resilience? Which of the two can be consider …
Five defining moments that shaped cybersecurity in 2020
Among the many disruptions brought by 2020, cyber threats ranked in the top concerns. As we had to rely more on digital for work and social life, cyber-attacks became very real threats for most aspects of our lives: health, work, freedom, national security, and even life itself. Here is a selection of 5 defining moments …
Continue reading Five defining moments that shaped cybersecurity in 2020
Accelerating Safely on the Digital Highway
I wrote this post a couple of months back but it’s highly relevant for 2021 and it’s worth being brought up again. You will also find below a reference to an interesting on-demand webinar hosted by InfoSecurity Magazine.. Despite today’s harsh medical crisis we are living great times of innovation. For the past years, digital …
Top 5+1 lessons of 2020
The year 2020 is over and many of us would like to forget it as quickly as possible. We all hope for a better 2021 but, with all the hardship, 2020 was an extraordinary year and it delivered us some valuable life lessons. Here is what I’ve learned in the last 12 months: Black Swans …
Defeating supply chain attacks together
The recent security incident involving Solarwinds Orion proves that cybersecurity is a team game. We all use software developed by a wide range of providers (and we will continue to do so). Any successful attack on one of these vendors (suppliers) can have negative consequences on all users of their software solutions. Solarwinds was targeted …
Don’t get hacked! How to quantify the potential losses due to a cyber attack
This is the second part of the video on cyber risk exposure! It covers how the quantitative risk analysis allows you to calculate the potential losses associated with cyber risks. This will help you prioritize risk, estimate security budgets, and get the needed resources to mitigate the risks!
Don’t get hacked! Understand your exposure to cyber risks
The odds of being hacked are proportional to your organization’s exposure to cyber risks! Learn how to use the qualitative analysis and the risk matrix to keep your organization safe!
The Key Players of the Cybersecurity World
Learn about the key players in the cybersecurity world and why you need to be aware of them.
How to increase Security Training Effectiveness
Learn about how to increase the effectiveness of your Security Awareness Training program.
My IRONMAN 140.6
“You are an IRONMAN!” These four words go through your ears and directly to your heart! It is hard to explain the feelings you have while running on the red carpet the last 20 meters of a 140.6 miles race and hearing for the first time the famous words: “You are an IRONMAN”. I can’t …
SaaS – a safer choice for SMBs
I had many opportunities to talk to stakeholders in different organizations, big and small, about software as a service and cloud services in general. A typical major concern is security. People usually fear what they don’t understand or what they perceive outsider their control. Questions like “where my data sits?” or “who has access to …
Grown-up games
Playing is an essential activity for human development. By playing children develop skills from the simplest to very complex ones. But the role of playing is not limited to childhood, on the contrary, it transitions to adult life and it continues to be part of human life until the end. I dare to say that …
The Effective Executive, by Peter Drucker – Book Review
About the Author Born in Austria in 1909, Peter Drucker is one of the most influential business writers of the 20th century. He taught management beginning with 1950 until 2005 (when he died) at New York University and Claremont Graduate University. He wrote more than 30 books on business and management, most of them translated …
Continue reading The Effective Executive, by Peter Drucker – Book Review
Videoconferencing for businesses
I worked several years in a position that required me to travel quite frequently. I enjoyed the opportunity to visit many places that I would have never visited on vacation, but I also had to accept disadvantages not always easy to overlooked. Those who travel often for business purposes are aware of these disadvantages: broken …
Pen and paper
I do not know how many of you are familiar with the phrase “Death by PowePoint”. In a few words, it’s the terrible boredom that the audience of a slides based presentation must endure most of the times. As my brother said one day, many presentations have the “Point” but are lacking the “Power”. Not …
Social networks influence on career
We live in a hyper-connected world. Communications technology has changed the face of many industries and one of the areas significantly influenced the jobs market. Most of us enjoy the benefits of online recruitment sites through which we have access to almost all possible and impossible jobs available today in the world. There are also …
The Dark Cloud of Cloud Computing
How Cloud Computing changed the face of brute-force attacks. Cloud Computing is the phrase that we loved last year. I don’t think there is any IT conference where the Cloud Computing topic misses completely the agenda. It’s a new paradigm that attempts to solve many of the existing IT problems. There are many advantages for …
Protecting Online Identity
Information is power. It has always been, but in the digital information age this statement is truer than ever. What is your name, when where you were born, who is your family, where you live, what schools have you done, where you worked, where you spend your holidays, where you shop and what you like …