Top 10 Data Loss Prevention Pitfalls

In this post, we will discuss the top ten reasons many Data Loss Prevention (DLP) Programs fail and how organizations can address those issues to ensure Data Loss Prevention Systems can be leveraged to build a solid foundation for an Information Security program. Doing so will position an organization to build more advanced information protection capabilities like Data Protection in the cloud, and rights management and encryption strategies to protect…

How Secure is Your Drone – An InteliSecure Skunk Works Post

The following blog post comes from InteliSecure’s research team. Skunk Works blog posts are more technical in nature, investigating security issues from an engineering standpoint. They range anywhere from providing information on faulty coding and fixes to testing consumer products. Drones have become ubiquitous over the past few years. Many organizations are now using them to help with things such as search and rescue, geographic mapping, storm tracking and more.…

Insourcing vs. Outsourcing Security Resources

Introduction I was recently having coffee with a person that could best be described as a mentor, consultant and investor in me. During breakfast, he asked me a simple question that has been burning in my brain ever since. He said “You spend a lot of time educating people on how to build effective programs, but have you ever considered explaining to them why they may want you to run…

Lessons Learned from the WannaCry Ransomware Outbreak

Introduction On Friday May 12, 2017 news broke of a widespread ransomware outbreak known as “WannaCry” or several similar variations of similar names. Much has been written about the outbreak itself related to the apparent origins being rooted in the confluence of vulnerabilities stockpiled by the United States’ National Security Administration (NSA), which were stolen and linked by the “Shadow Brokers” organization, and hacking tools developed by the Central Intelligence…

Chinese Data Privacy Regulations

Disclaimer: Neither InteliSecure nor the author of this post is purporting to offer legal advice in this blog. The author is not an attorney nor is InteliSecure a law firm, nor is either party making a representation on behalf of a law firm. Nothing in this blog should be construed as legal advice and should not be relied on as such. Introduction to Chinese Data Privacy The European Union’s General…

Understanding GDPR

Disclaimer: Neither InteliSecure nor the author of this post is purporting to offer legal advice in this blog. The author is not an attorney nor is InteliSecure a law firm, nor is either party making a representation on behalf of a law firm. Nothing in this blog should be construed as legal advice and should not be relied on as such. There are still many questions organizations around the world…

From the Office of the CTO: Building Effective Insider Threat Programs

Three Short Stories To begin this latest post and in order to properly frame the Insider Threat conversation, rather than use obscure statistics in an effort to convince you that you should be suspicious of all your employees and coworkers, I think it is much more effective to tell you a few stories. None of these stories come from my clients and none of this information is privileged. You can…

The Importance of Data Security and Insider Threat Programs in Mergers and Acquisitions

Mergers and acquisitions have become an important part of many organizations’ growth strategy. In most large transactions, countless hours are spent on due diligence, whether that due diligence is related to the financial health of the company, compliance with applicable regulations, or a variety of risk factors. Refreshingly, cybersecurity has emerged as a risk factor that is getting significant attention as part of the due diligence process. However, there is…

Research and Development into Commercial and Domestic Alarm Systems

As part of my Radio Frequency research, I wanted to not only look at vehicles but also household name burglar alarm systems.  To that end I decided to look at three main manufacturer types that seemed to take a large portion of the market share. My findings concerned me, especially how some of them were trivial to bypass and disarm.  One of the alarms did come out on top, however,…

From the CTO’s Office: The Fallacy of End-to-End Encryption

RSA 2017 was, as always at InteliSecure, a very busy week that has the distinct possibility of disappearing into a blur of meetings, lunches, dinners and happy hours. During these events, I had the distinct pleasure of speaking with a group of smart, talented and influential people. One such discussion sparked a conversation about the disturbing trend of end-to-end encryption from any client to any destination that makes it increasingly…