Friday, October 20, 2017

Be careful with the postman

In 1844, a tremendous uproar broke out when Giuseppe Mazzini, an Italian exiled in London, convinced himself that the British government read his correspondence. To prove his theory, Mazzini decided to send letters to himself, including in the envelope seeds, tufts of hair and grains of sand. On receiving his letters without trace of the aggregates, confirmed his suspicion. Mazzini launched a complaint that ended in the abolition of the power of the mail to open private correspondence.


To this day many basic rights stagger, this week the privacy received a great blow. The attack arrived earlier this week accompanied by chaos in the WIFI network. For those who haven´t yet realized, which will be few, the exploit that has achieved has been KRACK resulting in situations of decryption, replay packets, hijacking TCP connection, injection of HTTP content among others.


Wednesday, October 18, 2017

Establishing a new routine

"Can I get a coffee, please?" Although this phrase today is harmless, it has not always been so. The spread of the use of coffee gave rise to numerous controversies among different cultures. In 1511, an Islamist leader came to claim that the true believer couldn´t use it because the Koran didn´t speak of that drink, and called it vice. In the end, good sense triumphed, and coffee, for most mortals, has become one of the most established daily routines.


Although the cybersecurity sector has never been banned, it´s not being easy to be include between other routines and priorities of companies. Cybersecurity has gain strength and is installed now in companies as another basic pillar to take into account when planning a global strategy for the company. As this happens, the jobs that are need to cover have increased. A survey conducted by Jane Bond Project reveals data that reflects the unstable situation of cybersecurity in terms of employment.


Monday, October 16, 2017

Like water for flowers

Legend says that there was a boy who had always wanted to live in a house full of plants and flowers. He bought and bought until he had the house full of pots. It was beautiful; it looked like a tropical garden. But in a few days the leaves became dry and whitered, and every week the plants died. Worried, he went down to the flower shop and asked the clerk who asked, "How many times do you water them? And he replied, "Water? No one had told me to water them."

In cybersecurity world all businesses want a lush garden, with fertile trees and abundant flowers. But many forget that there´re basic needs that require broader strategies than had hitherto. In the interview of the week we talked about David Mahon, Executive Director of Strategy at CenturyLink.


Friday, October 13, 2017

In times of crisis

Experts say that in times of crisis new opportunities arise and that not everything is dark clouds. It appears some clear if one stops for a while to think. Many of the companies we know today have been born in times of recession. Divorces go down and reconciliations grow. The repair shops are full. The birth rate rises. The sales last all year round. There is always some way to peer out some gleam of light in the dark days.


But while half the world is trying to see the positive side of a crisis, the other half tries to profit from the misery of others. In situations of chaos there is always someone who knows how to capitalize. The world of cybersecurity is not in crisis but it´s true that it receives many attacks and every day come to light new terrible news about large companies that have not been able to protect themselves enough. During this week, several have been the cases that have benefited from this time of instabilities.


Wednesday, October 11, 2017

Heart trouble

Imagine the scene: you feel chest pain and one day, going to work, you fall collapsed in the middle of the sidewalk. There is no doubt, it´s a heart attack. After the incident, and after listening carefully to the recommendations of your doctor, you decide to incorporate sugary drinks into your diet, start smoking and go to the amusement park on your day off. Because the risk is there but, why are we going to pay attention to the recommendations? It may seem crazy but, to this day, this is what happens with many companies and cybersecurity.


Today is the one-year anniversary of the most famous DNS attacks. Just a year ago the Dynamic DNS server received a massive attack that left large platforms like Netflix, Airbnb, Amazon, CNN, New York Times, Twitter and several more inaccessible. This attack drew attention to what was already a reality: most companies had inadequate defenses in terms of DNS. Once this was done, hope was set for the change, but thanks to the study of the week, it´s disconcerting to see that, despite what the "cybersecurity doctors" recommended, the companies decided to continue taking risks.


Monday, October 9, 2017

Beyond criticisms

As Bill Gates said "We all need people to let us have feedback. That's how we can improve”. It's easy to say but criticism, while constructive, is not always as easy to hear as it sounds. However, the best way to grow and improve is to know how to fit the contributions of others. In the interview of the week we talked about David Shearer, CEO in (ISC) 2. For those who don´t know it (ISC) 2 is the world's leading institute dedicated to the education and certification of professionals in Information Security and Cybersecurity. Being a great institution is not surprising that they also face criticism, the difference is that they know how to manage it correctly.


In the networks they are still talking about the Annual Congress held by the (ISC) 2 from 25 to 27 September. The event has been a success but, not everything is great and it has faced numerous criticisms during the last few years. The main reproach lies in the repetition of themes, becoming for some a repetitive and redundant event. But Shearer doesn´t flatter himself and despite being clear about success, his voice doesn´t shake when he says he knows there are things to be improved: "We have to build better bridges between CTO and CIO communities, which are not considered as such in the cybersecurity sector. We have to get ahead of their vision by learning how things are done. We need to start taking part in your conferences". And today, the size of the audience is not as important as its diversity.


Friday, October 6, 2017

Stay afloat

April 10, 1912, Southampton. The harbor was full of people, no one wanted to miss the largest ship in the world. And no one knew the tragic end that was coming to "the unsinkable transatlantic." Yes, we´re talking about the Titanic. Even the most prepared boat can fail if security is not ready and a little prudence makes its appearance.

There are cases in which in spite of having sunk the ship still bubbles from the bottom of the sea. We have had a couple of months with a couple of cases that can´t disappear from our navigation map because there´s always something new that comes out afloat. We talk about Yahoo being on the news this week after its attack occurred in 2013, Equifax signing a multimillion dollar contract despite its leakage or the health sector that finally seems to be taken seriously. But when all these cases begin to be repetitive, it is better to remember that there´s nothing like seeing the next one stumble to not fall into the same stone.


Wednesday, October 4, 2017

The smart investment

Things get hot between US and Russia. We do not want to be the ones who stir up the flames, but there is a fable on the Internet that deserves to be read. "When NASA began launching astronauts, they immediately realized that pens would not work with zero gravity. To solve this problem, NASA hired a company that after a time and a large investment presented them with an innovative ballpoint pen writing with zero gravity. The Russians used a pencil." Let's be clear, this fable is not true, here you will find the real story, but it clearly illustrates the moral to learn: think before investing.


Something similar happens in the cybersecurity sector. Recent news about Equifax, Deloitte and Whole Foods, among others, have made it clear that cyberattacks pose a risk to the privacy of businesses and users, but these are not their only consequences. A new truth hits us in the face: cyberattacks have a global financial impact. During this year the average global cost of the attacks increased to almost 10 million euros per organization, an increase of 23% compared to 2016 and almost 70% over the previous 5 years. The attacks are real and companies are starting to increase their spending on security, but are the investments the correct ones?


Monday, October 2, 2017

Enemies of innovation

"No intelligent idea can gain general acceptance unless some stupidity is mixed in with it.” This phrase came from the mouth of Fernando Pessoa and although the Portuguese writer died in 1935, it could have been said yesterday. It´s in force, and will continue to be in force for much longer, as it points to a problem that emerge in human societies since they began to exist: the opposition to new technologies that can change the world. But, and when this opposition seems justified?


The technology changes at a dizzying pace and the growing acquisition of online devices is unstoppable. These, among other reasons, make it difficult to keep up in terms of security. This week it´s necessary to quote not just one interview, but two, both done by ZDNet. The first was made to Matthew Moynahan, CEO of computer security firm Forcepoint. The second one to Ed McLaughlin, president of operations and technology of Mastercard. Both agree on their current perception of the cybersecurity sector and also point in the same direction when looking for a solution.