As we close out National Cyber Security Awareness month, I wanted to remind parents to check in on your children’s online activity.  Yes, even those teenagers still need some wisdom and guidance even if they balk.

Ask your kids these three simple questions today.

1.       Tell me what you saw on the internet today.

2.       Did you read any text, IM or emails that made fun of someone for the way they looked, where they’re from or other reasons?

3.       Do you know what privacy means and how our online actions can jeopardize our privacy?

Our kids are smarter than we give them credit for.  I’m willing to bet that if you asked these questions, your kids may have others of their own.  If you need help talking with your kids about online safety, check out the website http://www.netsmartz.org/Parents for videos and other aids for kids of all ages.

As I attended the ISSA International Conference in Nashville last week I was a little surprised at the number of security professionals that were using location based services.  Typically this is a fairly paranoid crowd.  All of the smartphone apps, the tweeting and other forms of location based services in use were astonishing. 

Now, if you check my Twitter feed, you’ll see a few posts from me as well.  It’s expected that a Fellow with the organization should help promote our major conference event of the year.  What you won’t see are pictures tagged with GPS coordinates, “check in” posts at a restaurant, my travel itinerary on TripIt or other excessive information about my coming and going while in Nashville.  I actually went down a day early and spoke to a group in Birmingham, AL.  You won’t find that information posted to any social media sites though.

I sat in on one session at the conference that touched on location based services in our vehicles.  I decided right then and there that our next webinar at Integrity would be on the privacy issues with the use of location based services.  (You can register here) I think the webinar is well timed because guess what, as soon as I returned to work I had a meeting with a new client that is using automated license plate readers to look up vehicle owner information with the Department of Transportation and match it to a consumer profile.  They will then sell the aggregated analytical data to whoever will buy it.  Wow…I couldn’t have timed that any better.

Location based services are really cool and allow us to do and see things we never have before.  However we’ve been down this path before.  Something comes along and everyone thinks it’s great.  Only 10, 20, 50 years later we realize we should have done more research into the long term impacts before we as consumers ate everything that was put in front of us.

So take inventory of all the location based services you use and come listen to our webinar on 10/30/2013.  Remember that there may also be location based services used to track you that you’re not even aware of.  If someone had access to all of those sources of information, what could they do with it?

The age old battle of insider threat vs. external threat rages on between information security professionals.  The recent publicity around information security in the Pvt. Manning and Richard Snowden cases has brought the topic up in various forums over the past month or so.  Where do you stand?  Are you more worried about information security threats from internal or external sources?

First look at the facts.  The Verizon Data Breach Investigation Report indicates that organizations are much more likely to experience a breach from an external source.  Some of you will say "Hah...case closed, told you so."  You may not be wrong in saying that.  But the same report also shows that the cost of an internal breach is more than the average external breach.  This is where the other side says "Take that...I knew we were right."  So who is really correct in their argument?

Read more: Internal vs. External Threats - Which One Worries You More?

Is your IBM iSeries (AS/400) included in your enterprise security information and event management (SIEM) strategy?  Many times the iSeries is an island unto itself and left out of various enterprise plans for lack of understanding.  Join Townsend Security and Integrity on Wednesday 8/28 at 11am CST for a webinar on how to get iSeries security logs off the island and into the enterprise SIEM.

Register Now

DDoS attacks were used in a bank heist targeting the wire transfer switches at several banks.  There are two primary things to take away from this.  You can read about the attacks here.

  1. Diversions to siphon resources away from the actual attack are not new.  They've been common place in both the physical and cyber worlds for a long time.  We need to remember that our efforts during incident response can't be so full and swift that our our ability to detect and respond to new attacks is weakened.
  2. Monitoring only a few "critical" systems isn't enough.  We need to monitor multiple points along any path that data traverses to ensure we have a holistic view of our data security.

The bad guys are getting smarter, more organized and more patient.  Our defense tactics need to evolve with these changes.  Are you adapting or still relying on what worked last month?

If you have been watching the details of hacking attacks over the past couple of years, you should have noticed a disturbing trend.  Attacks are shifting from mass destruction to maximum impact as their goal.  Gone are the days where the majority of attacks would be focused on having global impacts but were relatively minor in severity. We're moving into an age where the primary goal is to cause catastrophic damage to a very small group or individual.

Motives are changing.  The attacker profile is changing.  More and more targets of hacking are not just getting caught up in the massive sweep of global attacks.  They are becoming targeted victims.  This means our risk assessment must change.  No longer can we try to "fly under the radar" or assume our company isn't "big enough" to be a target.  It also means we as individuals need to begin thinking about becoming a target as well. Every company, big and small, has competition or those who want to see it fail.  Every individual has the potential to upset another and become the target of violence. 

Are we ready for some of this animosity to be carried out via cybercrime? Are you uncomfortable right now?  Are you worried about cybercrime in ways you might not have been 10 minutes ago?  The key is not to be affraid, but to be informed and aware.  Just as we're not paralyzed by the threat of physical crime, we can't be paralyzed by the threat of cybercrime.  We do however need to be "street smart" and know the risks that cybercrime poses to our professional and personal lives.  We need to understand the profile of hackers and their motives.  When we understand the risks, we can better identify the appropriate precautions we need to take to protect ourselves and our companies.

DEFCON and Black Hat are two prominent hacking conferences that come around each year.  And each year we hear the news outlets gush over the next “ground breaking” hacking attempts that will shatter our lives forever.  We hear how hackers are going to crush the confidentiality, integrity and availability of our data and destroy modern society.  Really?  We’ve had the BlackHat conference for a few years now, 17 actually.  I’m pretty sure society has been moving along ok each year since then. 

Let’s put this into perspective.  Information security is all about risk.  We each take risks every day.  We drive or ride a motorized vehicle to work, we eat foods we didn’t grow or prepare, we use sharp blades to shave hair off our face…you get the picture.  Risk is everywhere.  We take precautions to lower our risk like drive the speed limit, wear safety gear at work, buy insurance and many other activities.  Information security is no different.  We face the risk and then take certain precautions to lower the risk that a hack will occur or at least lower the impact if it does occur.

Read more: BlackHat Hacks Signal World Will End. Just Kidding!

Contact Information

Birmingham Office

205.568.5506


Des Moines Office

515.965.3756


Kansas City Office

913.991.8724