From the Office of the CTO: Rethinking the SSN in light of Equifax

It has been almost two weeks since Equifax announced that a cyber-attack potentially affected 143 million Americans in an unprecedented and massive data breach. According to the US Census Bureau, there were 125.9 million adult men and women in the United States as of 2014. With a population growth rate of approximately 2.9 million per year, it is a safe bet that if you have received credit for anything in…

Top 10 Data Loss Prevention Pitfalls

In this post, we will discuss the top ten reasons many Data Loss Prevention (DLP) Programs fail and how organizations can address those issues to ensure Data Loss Prevention Systems can be leveraged to build a solid foundation for an Information Security program. Doing so will position an organization to build more advanced information protection capabilities like Data Protection in the cloud, and rights management and encryption strategies to protect…

How Secure is Your Drone – An InteliSecure Skunk Works Post

The following blog post comes from InteliSecure’s research team. Skunk Works blog posts are more technical in nature, investigating security issues from an engineering standpoint. They range anywhere from providing information on faulty coding and fixes to testing consumer products. Drones have become ubiquitous over the past few years. Many organizations are now using them to help with things such as search and rescue, geographic mapping, storm tracking and more.…

Insourcing vs. Outsourcing Security Resources

Introduction I was recently having coffee with a person that could best be described as a mentor, consultant and investor in me. During breakfast, he asked me a simple question that has been burning in my brain ever since. He said “You spend a lot of time educating people on how to build effective programs, but have you ever considered explaining to them why they may want you to run…

Lessons Learned from the WannaCry Ransomware Outbreak

Introduction On Friday May 12, 2017 news broke of a widespread ransomware outbreak known as “WannaCry” or several similar variations of similar names. Much has been written about the outbreak itself related to the apparent origins being rooted in the confluence of vulnerabilities stockpiled by the United States’ National Security Administration (NSA), which were stolen and linked by the “Shadow Brokers” organization, and hacking tools developed by the Central Intelligence…

Chinese Data Privacy Regulations

Disclaimer: Neither InteliSecure nor the author of this post is purporting to offer legal advice in this blog. The author is not an attorney nor is InteliSecure a law firm, nor is either party making a representation on behalf of a law firm. Nothing in this blog should be construed as legal advice and should not be relied on as such. Introduction to Chinese Data Privacy The European Union’s General…

Understanding GDPR

Disclaimer: Neither InteliSecure nor the author of this post is purporting to offer legal advice in this blog. The author is not an attorney nor is InteliSecure a law firm, nor is either party making a representation on behalf of a law firm. Nothing in this blog should be construed as legal advice and should not be relied on as such. There are still many questions organizations around the world…

The Differences Between Audits, Security Assessments and Penetration Tests

We live and work in a world where malicious activity and cyber crime run rampant.  While online fraud and data theft have existed since the origin of the internet, never before has it seemed to be as pervasive as it is today.  Every day there seems to be a new headline about ‘XYZ Company’ coming under attack or having a massive data breach occur.  On top of that, in the…

From the Office of the CTO: Building Effective Insider Threat Programs

Three Short Stories To begin this latest post and in order to properly frame the Insider Threat conversation, rather than use obscure statistics in an effort to convince you that you should be suspicious of all your employees and coworkers, I think it is much more effective to tell you a few stories. None of these stories come from my clients and none of this information is privileged. You can…

The Importance of Data Security and Insider Threat Programs in Mergers and Acquisitions

Mergers and acquisitions have become an important part of many organizations’ growth strategy. In most large transactions, countless hours are spent on due diligence, whether that due diligence is related to the financial health of the company, compliance with applicable regulations, or a variety of risk factors. Refreshingly, cybersecurity has emerged as a risk factor that is getting significant attention as part of the due diligence process. However, there is…