Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Beware of the Bait: How Fake Trading Apps Are Stealing Millions

Beware of the Bait: How Fake Trading Apps Are Stealing Millions

Another Day, Another Scam It’s a sad reality that the world of online finance is rife with fraudsters looking to exploit unsuspecting victims. The latest scam involves fake trading apps distributed through the Apple App Store and Google Play Store. These apps, cleverly disguised as legitimate financial tools, are designed to lure users into a world of fake investments and stolen funds. What’s particularly concerning about this scam is the sophistication of the attackers. They’ve managed to bypass Apple’s App … Continue reading “Beware of the Bait: How Fake Trading Apps Are Stealing Millions”

Author Ian Keller Posted on Categories Book ReviewsTags   Leave a comment on Enterprise Cyber Risk Management as a Value Creator

Enterprise Cyber Risk Management as a Value Creator

Bob Chaput’s book, “Enterprise Cyber Risk Management as a Value Creator,” argues that cybersecurity should be seen as a strategic asset rather than a compliance necessity. It highlights the benefits of a robust cyber risk management program, such as enhancing brand reputation and customer trust, driving revenue growth, and attracting top talent, while offering practical guidance using the NIST framework.

Bob Chaput’s book, “Enterprise Cyber Risk Management as a Value Creator,” argues that cybersecurity should be seen as a strategic asset rather than a compliance necessity. It highlights the benefits of a robust cyber risk management program, such as enhancing brand reputation and customer trust, driving revenue growth, and attracting top talent, while offering practical guidance using the NIST framework.

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Women in Cyber

Women in Cyber

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Navigating the Cybersecurity Landscape: A CISO’s Perspective on the Latest Threat Report for the Finance Industry

Navigating the Cybersecurity Landscape: A CISO’s Perspective on the Latest Threat Report for the Finance Industry

Been in cybersecurity for decades. Seen it all. Financial sector is a prime target. Need threat intelligence, collaboration, and investment in new tech. Stakes are too high to do anything less.

Been in cybersecurity for decades. Seen it all. Financial sector is a prime target. Need threat intelligence, collaboration, and investment in new tech. Stakes are too high to do anything less.

Author Ian Keller Posted on Categories CISO BlogTags , ,   Leave a comment on Impact of the New SEC Cybersecurity Regulations on Business Risk and Information Security Practices

Impact of the New SEC Cybersecurity Regulations on Business Risk and Information Security Practices

New SEC Cybersecurity Regulations: A Must-Read for Public Companies

The SEC has introduced stricter cybersecurity disclosure requirements for public companies. This article breaks down the key impacts, including increased accountability, mandatory reporting, and the need for enhanced cybersecurity practices. Don’t miss out on this essential information. #cybersecurity #SEC #publiccompanies #regulation

New SEC Cybersecurity Regulations: A Must-Read for Public Companies

The SEC has introduced stricter cybersecurity disclosure requirements for public companies. This article breaks down the key impacts, including increased accountability, mandatory reporting, and the need for enhanced cybersecurity practices. Don’t miss out on this essential information. #cybersecurity #SEC #publiccompanies #regulation

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Strengthening Information Security by Taming the Technical Debt Dragon

Strengthening Information Security by Taming the Technical Debt Dragon

First off lets define what technical debt is, specifically when looking at it through the lens of a CISO. Technical debt, in with this context, refers to the consequences of making suboptimal decisions for the sake of short-term benefits or to meet deadlines. It’s like borrowing money: while it can provide immediate relief, it eventually needs to be repaid, often with interest. Technical debt is a pervasive challenge in software development and it carries significant implications for information security. While … Continue reading “Strengthening Information Security by Taming the Technical Debt Dragon”

Author Ian Keller Posted on Categories CISO BlogTags ,   Leave a comment on Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

In a recent security breach that sent shockwaves through the automotive industry, researchers discovered a vulnerability that allowed them to remotely hijack Kia and Hyundai vehicles using only their license plates. This alarming revelation has raised serious concerns about the security of modern cars and the potential for malicious actors to exploit these vulnerabilities. How It Works The attack leverages a flaw in the vehicles’ keyless entry systems. By capturing the radio signal emitted by the car’s key fob, hackers … Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate”

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on A Critical Infrastructure Alert: Automatic tank gauges (ATGs)

A Critical Infrastructure Alert: Automatic tank gauges (ATGs)

Automatic tank gauges (ATGs) are indispensable tools for monitoring and managing critical infrastructure, such as fuel storage, water reservoirs, and chemical tanks. However, these systems are increasingly becoming targets for cyberattacks, exposing vulnerabilities that could have severe consequences. Recent research has highlighted critical vulnerabilities in ATGs, including: These vulnerabilities could lead to: To mitigate these risks, organizations must: By taking these steps, organizations can help safeguard their critical infrastructure and prevent costly disruptions.

Author Ian Keller Posted on Categories CISO BlogTags   Leave a comment on Microsoft Sets January Deadline for Windows Users

Microsoft Sets January Deadline for Windows Users

Are you still using older versions of Windows? Microsoft has announced that they will be discontinuing support for certain Windows operating systems in January 2025. This means that users who haven’t updated to a supported version will no longer receive security updates or technical assistance. What does this mean for you?

Author Ian Keller Posted on Categories CISO BlogTags   Leave a comment on NIST Drops Password Complexity and Mandatory Reset Rules: A New Era for Password Security

NIST Drops Password Complexity and Mandatory Reset Rules: A New Era for Password Security

NIST has dropped its recommendations for complex passwords, mandatory reset rules, and account lockout policies. These changes mark a significant shift in password security and reflect evolving research on human behavior and cybersecurity threats. By adopting a more user-friendly and effective approach, organizations can improve security, reduce costs, and enhance the user experience.

NIST has dropped its recommendations for complex passwords, mandatory reset rules, and account lockout policies. These changes mark a significant shift in password security and reflect evolving research on human behavior and cybersecurity threats. By adopting a more user-friendly and effective approach, organizations can improve security, reduce costs, and enhance the user experience.