In case you’ve been asleep at the wheel, everybody thinks they need drones these days: Amazon, your local police department, the pizza delivery guy, the neighbor kid, his dad, everybody.  All of these drones will be equipped with surveillance technology such as cameras, microphones, GPS and RFID.

If you think red light and speed cameras are bad, you’re in for a treat.  At least with the speed cameras, you can avoid that section of town if you really want to.  Once these drones are in the air, privacy as we know it will die.  The FAA needs to step up and address this quickly which unfortunately is not likely to happen.  In the meantime, local jurisdictions will attempt to implement their own enforcement rules. That might even be worse than the feds.

Read more: Drones...The End of Privacy as We Know It

Brian Krebs reported earlier this week about a suspected breach of credit and debit cards at Goodwill Industries stores in at least 21 states.  So when the 2013 Verizon DBIR reported a steep decline in breaches in the retail sector, I guess that was an incentive for the hackers.  Goodwill is just the latest major retail chain to be hacked.

If you’re about to graduate high school or are early in your college years and looking for a career field with long term grow and job security, maybe you should consider any one of the fields within information security.  I think there are a lot companies that will be looking for help in the near future.

A recent study by Osterman Research for Centrify concluded that 15% of respondents said their responsibility to protect employer data on their mobile device was “minimal to none”. 

If this is shocking to you it shouldn’t be.  The report also says users only think about security a few times per year.  I’ve said in the past that many organizations have rushed into BYOD programs.  Mobile devices are taking over our computing environment.  Mobile security is increasingly important.  So is securing the data instead of the device.

BYOD programs have a significant impact on how an organization complies with HIPAA, PCI, FISMA and other regulatory environments.  Has your organization implemented a mobile BYOD program?  Do you have a strong mobile security program in place?  What would you do if 15% of your employees said they didn’t care about the security of your cash?  Would that worry you?

According to the 2014 Verizon Data Breach Investigation Report, 35% of all breaches reported last year involved hacked web applications.  That’s up 14% from the past three year period.  Web applications are the biggest target for a security breach.  They are constantly being updated.  A security breach is more likely to occur in a web application because of the complexity of the system and the short development cycles we’re using today.  Penetration testing is crucial for ensuring your web application is not hacked.  Any major release and any release that modifies session handling, encryption, authentication or similar functions should have penetration testing completed before moving to production.  The stats don’t lie.  Web applications are being hacked resulting in security breaches costing organizations millions every year.

The 2014 Verizon Data Breach Investigation Report shows that espionage is the fastest growing motive for cybercrime.  Financial motives have declined over the same period at about the same rate.  I’d argue that espionage is ultimately linked to financial motives.  Either corporate or government espionage is about having political, military or trade power.  Money is inextricably linked to all three.  Hacker groups are being formed by governments and organized cybercrime syndicates across the globe.  They are well funded and have clear targets.  Information security is going to become the next “theater” in which we fight wars.  Are you ready?

Brian Krebs at KrebsOnSecurity is reporting that the P.F. Chang’s breach began in 2013 and went on for nearly nine months.  I’ve talked about this issue in the past.  Information security breaches are only going to continue to explode.  They are getting more complex and are being targeted at organizations for specific reasons.  Systems are going to be hacked every day.  It’s not going to slow down or get any easier to defend against.

The problem is that these hacks weren’t being discovered when they were unsophisticated and noisy.  Why?  Organizations simply aren’t looking.  Many of these attacks could be discovered if security event logs were being monitored routinely.  The reality is they are not.  Systems are hacked.  The events and logs are there.  Nobody is watching.  Hackers 1 – Victims 0.  Are you keeping score for your organization?

If you manage an information system you have to plan for “the event”.  The event will come when you least expect it.  It will come from a place you didn’t even know existed.  It will happen when no one and everyone is looking.  What is this event?  It’s the day you get hacked.  Actually the system will probably be hacked multiple times over its lifespan. 

Some information security events will be worse than others.  Some will happen on the inside while others from the outside.  The question really is not if you’ll be hacked, but will you even know it?  We’ve been involved with many information security breach investigations where the systems have been compromised for months.  The warning signs were there.  Sometimes they were flashing neon signs with air horns.  If you’re not looking and listening you’ll miss those signs and alarms.

Read more: Why Security Information and Event Management (SIEM) is an Essential Security Tool

Contact Information

Birmingham Office

205.568.5506


Des Moines Office

515.965.3756


Kansas City Office

913.991.8724