If you are in Information Security (InfoSec), there is no such thing as a quiet day at the office. Without exception, InfoSec professionals are bombarded every single day by alerts from their security defenses. Threat protection vendor Damballa stated in its recent State of Infections report that the devices in an average company’s network are generating 10,000 security events per day, with the … [Read more...]
These articles provide information about topics related to cyber attacks and associated risks. Some articles are published by PivotPoint team members, and others refer to articles published by valuable resources within the industry.
So we've heard that carrying insurance concentrates the mind. More firms are carrying cyber insurance, and they're smart to do so. But take that concentration-of-mind to heart—insurers will want you to up your security game. Some companies that have purchased policies are finding out that with risk transfer comes great responsibility, especially in an area where standards of care are still … [Read more...]
You've heard, maybe, about how the Feds indicted some officers of China's Peoples Liberation Army for hacking trade secrets from US manufacturers in Pennsylvania? It was solid work, and kudos to the FBI's Pittsburgh office for stellar investigative work. But have you also heard that the PLA officers were tried and convicted? Or that the US companies who were the victims of the hacking recovered … [Read more...]
In the Wall Street Journal's CIO Journal, Deloitte writes, after a thoughtful consideration of the World Economic Forum's Partnering for Cyber Resilience, "It took the financial services industry 30 years to refine value-at-risk to the point where it’s useful and trustworthy." Deloitte offers some useful interim measures that could contribute to risk mitigation, but their conclusion seems to be … [Read more...]
The World Economic Forum has been thinking about the implications of the Internet for the global economy ("a hyperconnected world") and in particular how cyber risks should be managed. Its studies ratify what's become the conventional wisdom—traditional network perimeter defenses are a dead-end, closed off by the unmanageable connectivity of BYOD practices and the Internet of Things—and counsel … [Read more...]
If cyber attacks are inevitable, how do you predict (and mitigate) your potential loss? By consensus, the conventional wisdom is that effectively surviving and prospering in cyberspace depends on sound risk management. That, of course, in turn depends upon some credible method of estimating, and quantifying risk. As the fallout from celebrated cyber breaches at Anthem, Sony, Home Depot, … [Read more...]