Toasters work so well that you forget they need maintenance. If we could get to taht level with cybersecurity controls we’d be lucky…until we weren’t
Are NFTs, Web3, and Blockchains useful? Or just hype?
The risks of smart contract bugs are quickly becoming apparently. They can cost millions.
The NFT/Web3 world certain is the wild west…and some projects are way, way more wild.
If you can’t read the code in a Web3 contract, do you really know what it’s going to do?
“Um” is not a great call to action, but sometimes it’s all you’ve got.
Can you—as a user—understand an app or service’s security posture? If so, how?
What steps should we take to evaluate the privacy impact of a mobile app?
5G mid-band is rolling out in the USA with a last minute please from airline industries for more safey precautions. Why the last minute appeal?
Data Privacy Day is January 28th, can we raise awareness about the issues around data privacy effectively? Will you take action?
Should be able to encrypt your communications? The debate is on…again
A lot of risk decisions are made in the dark…why?
Facebook, Instagram, and WhatsApp are deeply integrating into many aspects of daily life for many communities and business. One networking misconfiguration reminded 3.5 billion users of just that.
A purely digital RSAC 2021 kicks off looking back at a challenging year and to the challenges ahead for the security community.
Passwords are the worst. Trying to pick a “secure” one makes the whole thing worse. Every site and service has it’s own variation on the “rules” for making a strong password and it’s hard to remember what you’ve set your password to.
Are those rules really making our passwords stronger? Do we need so many …
The Canada Revenue Agency suffered a large breach exposing over 5,000 citizens to COVID-19 benefit fraud. This issue exposes some of the challenges of providing authentication services to millions of citizens. Why did this happen? And what can we do to protect ourselves?
Is a social network focused on dancing, lip syncing, and fun a threat to national security just because of who owns it? Is TikTok a threat to national security? Do you need to worry about it you or your family using it?
Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance.
What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those …
Decisions are hard enough that you don’t want to have to revisit them constantly. But that’s exactly what is required in the realm of cybersecurity. Do you have a system in place to review decisions? Are you recording the right information to update those decisions when the time comes?
Most teams do not and it’s taking it’s …
Many questions come along with the federal legalization of cannabis in Canada. It’s a massive example of trickle down risk as various controls around usage and methods of delivery are pushed into areas they weren’t designed for. Are you doing the same thing with your IT deployments? Are you evaluating your risk graph?
In your personal life you’re assessing risk constantly whether you know it or not. In the digital world the same thing happens BUT you probably don’t have the required context to make an informed decision.
Risk assessments are useful when kept in context and continually updated. A penetration test (or pen test) is when your system undergoes a “friendly” attack with the idea of find issues before cybercriminals do. Together they are a strong set of practices to help you defences.
Some perceptions override the logic behind risk decisions. How do you fight through to make a sound decision?
Terms of Service agreements hide all manner of tricks and cede all of the power to the issuing corporation. Should they?
Sometimes the digital world has an impact on the real world…and it’s not always a positive one.
Good data drives good decisions. This is a major problem in cybersecurity where the data simply isn’t available or accurate.
Why do all incident response communications from customers feel the same? Why do they all miss the mark? How hard is it to do better?
Shellshock is a surprising bug. Hidden for decades, what do you need to know to help your organization respond?
Code Spaces is the worst case scenario. A simple misconfiguration in the cloud cost them their business.