Hackers access Bed Bath & Beyond customer data

/by

Digital Commerce 360 | October 31, 2019

For a shopper who was impacted, she should ensure she doesn’t use the same password for her Bed Bath & Beyond account elsewhere. In fact, not reusing passwords is one way consumers can protect themselves from fraud, says Mike Lloyd, chief technology officer from cyber security firm RedSeal Inc.

“It’s important to realize that if you use the same password at your bank as you use for less important services like social media or video streaming, then a bad guy only has to break into whichever company has the weakest security, then steal your passwords and use them everywhere else you go,” Lloyd says.

Read More

What Do You Do When You Can’t Patch Your IoT Endpoints?

/by

Dark Reading | October 29, 2019

Question: What do you do when you can’t patch your IoT endpoints?

Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren’t as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren’t flexible. The security toolchain and ecosystem we’ve built up assumes we can put stuff on network endpoints, but IoT “things” are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.

Read More

7 Technology Books Every Entrepreneur Should Read

/by

Forbes | October 8, 2019

Malware, ransomeware, phishing attacks, viruses…are just some of the cyberthreats facing society. And they are getting more destructive.

What to do? Well, Ray Rothrock–who is a venture capitalist and is on the board of Check Point Software–has some solid answers. In his book, he goes over key areas like assessing networks, identifying threats and how to spruce up defenses. He also stresses that security can never be 100% but there are still actions to take that will greatly increase the odds of avoiding a hack.

Read More

Back to Basics: Why Asset Inventories are Key to Cyber Security

/by

TAG Cyber | October 4, 2019

During a recent call, RedSeal’s Chief Product Officer, Kurt Van Etten, referenced an enterprise challenge that is too familiar. He shared with Ed Amoroso and me that maintaining and understanding one’s network asset inventory, both hardware and software, is the key to maintaining a strong cyber security program. It’s not sexy, and not what gets the most attention in media or at conferences, but companies must know what they have, where it is, and who has access.

Read More

DOE Sets Sights on Accelerating AI (and other) Technology Transfer

/by

HPC Wire | October 3, 2019

All the panelists commented on workforce issues. There was general agreement that AI is developed most effectively in multi-discipline environments.

“The cyber industry is about a $126 billion [market]. There are 3,000 products out there. A typical large corporation probably like Exelon has 50 or 60 cyber products and only five or 10 people to operate it. Well, that number, it’s a crushing situation. And while you need engineers, for sure, you also need technicians. They don’t need all need a four-year degree, they need a piece of it,” said Rothrock.

Read More

On Cybersecurity: Two Scoops of Perspective

/by

New York Times | September 29, 2019

Ben Cohen, the co-founder of Ben & Jerry’s Ice Cream, calls spending huge amounts on the effort “a tragic waste.” Another urges creation of a cabinet-level agency to deal with threats.

To the Editor:

Glenn S. Gerstell’s article identifies the magnitude of the digital juggernaut and brilliantly lays out the difficulty of the challenge. It is this very complexity that underscores the need for a cabinet-level agency dedicated to cybersecurity to ensure coordination and resilience in the face of threats.

The Department of Homeland Security was created after the 9/11 tragedy, coordinating 180,000 employees working in the country’s intelligence, defense and law enforcement agencies. Similarly, in the 1970s, as Americans dealt with an energy crisis, President Jimmy Carter created the Energy Department to consolidate American energy policy and ensure a consistent supply of energy and protect the country from threats to our economy and readiness.

If desperate times call for desperate measures, then surely risky and rapidly changing times call for measures that are resolute. The United States must prioritize cybersecurity, just as we do homeland security and energy. Let’s not wait until the revolution is lost.

Ray Rothrock
San Jose, Calif.
The writer is chief executive of RedSeal, a cybersecurity company, and the author of “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

Read More

Industry Experts Provide Tips For Successful Cyber Diligence in M&A

/by

Security Boulevard | September 26, 2019

Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown in importance in recent years.  What are a company’s vulnerabilities? What cybersecurity issues or incidents have they had in the past, and how have they dealt with them? What defenses do they have in place to protect themselves? Are all important questions to ask in an M&A deal. But even if you’re not involved with a merger or acquisition, the same analysis can yield important and surprising results.

Read More

Oracle’s Autonomous Cloud Security Claims Met with Skepticism

/by

DataCenter Knowledge | September 25, 2019

Last week, Oracle co-founder and CTO Larry Ellison claimed that Oracle’s new autonomous systems will eliminate all data breaches. Not everyone’s buying it….

Mike Lloyd, CTO of cybersecurity vendor RedSeal, called Oracle’s latest promises an example of “hyperbolic marketing.”

“People find clouds inherently confusing, not least when trying to understand who is responsible for what,” he said. “Of course, if you think your cloud vendor is responsible for some aspect of security, but they think you’re responsible for it, then you’re on a road to a bad place.”

Read More

SC Media Reboot Leadership Awards: Ray Rothrock – RedSeal

/by

SC Magazine | September 23, 2019

Why Nominated: Having spent decades leading and advising both technology and information security companies, Rothrock knows that cybersecurity for any organization goes well beyond just deploying and managing strong technologies. It’s also about strategically thinking about security needs holistically top down. And, for him, this means that since every entity is a “cyber organization,” the related risks they face are a CEO and board-level responsibility. With this foundation in mind, Rothrock works well beyond the confines of his office, reaching out practitioners, C-level executives, government leaders and even average citizens through a bevy of activities and ventures.

Read More

Are You Ready for a Digital Doomsday?

/by

Kotecki On Tech | September 16, 2019

“How do you recover from an attack and not go down?”

His answer: apply a resilience mindset from the physical world to deal with digital danger. 

Read More