Poor Password Hygiene is a Major Security Threat
Cyber Security Teams Stressed to the Hilt
I read a Linkedin post yesterday from Mike Ebbers ( post ) postulating how we might make a comparison between law enforcement and information security personnel. His basic premise is law enforcement does not prevent 100% of crime, but they are not "fired" for not meeting this unattainable goal. So, why are company IT security personnel not held to the same standard?
After all is it realistic to expect our security teams to have a 100% prevent defense? Since, I served time in the law enforcement/intelligence field ( read my story on Linkedin ) this post resonated with me.
Our firm works with security teams in enterprises every day and I can tell you they are dedicated, trained, passionate and STRESSED to the hilt on getting things right. From having the right "tools", meeting business driven metrics, adhering to overwhelming compliance and regulations to keeping up with all the "new shiny security objects" and the associated noise in the market. Plus, add in the continued bad habits of employees that lead to security risks. It's no wonder the average life span of a CISO is 2-3 years.
So, what do businesses do to support their security teams and provide realistic and acceptable metrics that have some relevant measurements? Mike's proposal to define acceptable metrics is a start. How about developing a "risk register" at the business level that drives those metrics and identifies severity of risk and possible solutions that can be applied. We usually ask clients if they have a risk register and often it is "NO".
Maybe do what Steve Cohen wanted to do when he started up his new investment firm (after being the subject of a SEC probe of criminal behavior) look to hire former law enforcement article
What do you think?
Are Cybersecurity Personnel Batman?
Last week I listened to a pod cast by CyberCrime Magazine with Robert Herjavec. ( link to podcast )
I have tremendous respect for Robert and what he has accomplished with his company and the services they provide to keep us safe. So, of course I would listen.
The main topic was about the lack of skilled cybersecurity personnel in the market. Several points were mentioned such as the need for training, the shortage of women in the security sector and the lack of PR for evangelizing the “coolness” of being a cybersecurity person.
Robert does have a point on the “coolness” factor for the younger generation. My personal thought on how to deliver this message in additional to PR channels is through mentoring. Just recently I had the opportunity to mentor a recent high school graduate on changing his college major from business to cybersecurity, specifically the field of digital forensics. He was confused as to how he could succeed because he was told by others that unless he had a background or experience in digital forensics in the law enforcement field he would have a difficult time. BS…I explained to him the need for forensics and how the market is embracing this discipline as it relates to cybersecurity and offered some guidance on how to start. Also, provided him a chance to attend a totally free 7-week course on security to give him a good foundation to start his training. So, perhaps the “coolness” message is getting out. But, if you have a chance to influence or a have a conversation with someone on their career direction DON’T hesitate to jump in and help.
One last point on the podcast. When Robert was asked what he thought made cybersecurity professionals “happy” in their job his answer was “BATMAN”. Being able to help others and catch bad guys. He even thought he was “BATMAN”. A pretty cool analogy.
I thought about Robert’s response and reflected on my career in the intelligence/law enforcement field ( read my story on Linkedin: My Story: From COP to IT Executive. The Best Business Training ). So, who is the real BATMAN? I’ll let the readers decide!
Join iSG and Opentext for a fun night at Top Golf in Orlando, FL on August 14th at 5:00PM while learning about the gold standard digital forensics platform: ENCASE
Hear from our speakers who were engaged in cybersecurity/investigations at the federal and international levels.
Learn from one of the top ENCASE consultants on how to leverage this award winning platform to combat internal and external threats.
In attendance will be:
Bob Henderson, Founder | CEO of iSG
Read Bob’s story of how he went from the youngest cop in the nation ( 18 yrs old) to the founder of a leading cybersecurity/forensics firm : LinkedIn story
Helena Botticelli, VP | CFO of iSG
Former Interpol agent Europe/Greece
Senior Solutions Consultant, OpenText/Guidance Software
iSG ( http://www.iservicesgrp.com ) stated the event is to be held at the Top Golf location, 9295 Universal Blvd, Orlando, FL 32819 and will highlight the disruptive encryption technology called Key Shadowing by Hyperspace Security. ( http://www.keyshadowing.com ) This technology has one of its advisors and primary backers Dallas Cowboys DE Lewis Neal.
“In February of this year we were approached by Hyperspace Security to be their first and primary partner to bring this disruptive data encryption technology to market. Since that time we have been inundated with presenting Key Shadowing to clients and prospects. Holding this event in Orlando and having Lewis Neal attend is a unique opportunity for the market to hear firsthand why Lewis has backed this technology” said Bob Henderson, Founder | CEO of Intelligence Services Group, LLC.
Space is limited and will be restricted to those individuals in the corporate security space. In order to attend the event and meet Lewis Neal you must register at:
The event is scheduled from 2:00PM to 5:00PM and has limited availability. In addition to Key Shadowing the areas of mobile encryption and digital forensics will be explored. Technology from OpenText (ENCASE) and SaltDNA will be reviewed.
To learn more and download the Key Shadowing white paper visit iSG at
( http://www.iservicesgrp.com/hyperspace-security-inc )
Intelligence Services Group, LLC (http://www.iservicesgrp.com) is based in Morganville, NJ and Lake Mary, FL and can be reached at 833-623-3092, firstname.lastname@example.org
Core beliefs and a purpose driven profit model
It's been 3 years since we launched Intelligence Services Group and wow what a journey it has been. Over these years we are consistently asked WHY did you start this business when there are so many vendors/competitors. At the time I never considered competition, nor did I care. I had a belief there was a coming tidal wave shift in the market for companies not just needing IT solutions, but how will they battle criminals attacking them everyday inside and out.
So, when starting iSG I had to ask myself a fundamental question: Why do I want to do this? After all, the market is saturated with vendors who propose to provide security services and products. Why would anyone listen to us, why would they care to do business with us?
Over the years I have been on both sides of the IT equation. I employed consultants and purchased IT products while building out data centers/enterprise networks/systems. I was also on the vendor side delivering IT solutions. So, I had a good grasp of the "supply chain" of technology and understanding of seeing through the FUD that permeates the tech market. But, that was just one side. My other side was from the intelligence/law enforcement community. Chasing bad guys, gathering intelligence to battle threats and experiencing the worst humanity had to offer left some lasting impressions. One of those impressions was the need to be a contributor to community and not just a taker for self.
So, when the business concept was developed of fusing our intelligence DNA with specific technology solutions to help companies manage risk I was insistent we had as our core beliefs:
- A laser focus on customer success without the FUD most vendors provide;
- A "profit with purpose" business model that is a contributor to community and not just a taker
Every day we focus on how to help people/companies be successful. We are driven by being part of how they attack their problems. Giving them alternatives and fusing those alternatives to their business model is what inspires us. We love sharing our DNA, how we take ownership of the client’s needs and that we have NO sales team focused on delivering FUD.
As we become successful we must share that success with the communities where we operate. Whether it's participating in supporting non-profit causes, like the NASCAR Foundation, the National Police Defense Foundation or being a business mentor at UCF ( by the way the real college national football champions this past year ) our purpose will always be dominate in our thinking. That will never change!!
Two months ago, our firm announced a partnership with HyperSpace Security to bring their encryption technology, Key Shadowing, to market. You can read the press release here, press release.
The headline claims Key Shadowing to be a “disruptive’ technology to the cryptographic key market. A rather bold statement. A statement we have been sharing every day for the past number of weeks with our clients and prospects. Every call, every demo and every conversation we’ve had with our eco-system and the media has focused on the Key Shadowing “disruptive” factor.
When we did our due diligence on Key Shadowing and decided to take on the partnership the term “disruptive” stuck with us. Were we skeptical? Maybe a little. Consider the business definition of disruptive: relating to or noting a new product, service, or idea that radically changes an industry or business strategy, especially by creating a new market and disrupting an existing one.
We have all heard this before, especially in the IT security space. However, after speaking to Dane Butzer the inventor of Key Shadowing, and grasping the hyper math behind the patent, it’s ability to “eliminate” master keys and the immunity property to quantum computing we came to understand the “disruptive” moniker. You can read the white paper for yourself: white paper
The ELIMINATION OF THE MASTER KEY. No more lost or stolen keys. No need for a Key Management System. Now, consider the impact to the deployment of asymmetric keys, symmetric keys, message authentic codes (MACS), key encryption keys and distributed ledger technology (DLT)…. can you say blockchain?
Does this qualify as “disruptive”? What do you think?
I was fortunate last evening to attend my first mentoring event at the University of Central Florida, College of Business in Orlando.
Not sure what to expect as I went in excited and anxious to learn about the program and have a chance to meet a few students.
Wow, was this a great event! It started with the mentor reception prior to actually meeting students in a "speed dating" type atmosphere. ( Wish I had more time with each student ). The room was packed with enthusiastic people wanting to offer their guidance and experience. I met individuals from all facets of business. From HR to a retired engineer for power generation plants. What a diverse group of experiences and leadership that came together to offer their input.
The highlight for me was meeting the students and hearing what they hoped to obtain from a mentoring opportunity. Each one had their own reasons and they varied from looking for an internship to getting advice on what they should do to succeed in their field. ( Not sure what I could offer to the accounting majors for guidance in their field ).
At the end of the "interview" I asked each student what they felt was the one trait that is ( in my view ) the most important to have to be successful. The answers varied as you could imagine. But, one student hit it correctly COMMUNICATION. I explained that no matter what field or business you go into if you can communicate and articulate your thoughts, ideas, passions and insights to get people to listen you will be successful! Hopefully, that resonated.
I encourage everyone to take the time to get involved. It doesn't have to be a formal program at a college, it could be in your company or in your community. Each of us have something to offer. Share it..
At the end I wonder who is the real mentor me or the students I had the honor of meeting.
What a great learning experience!
I read with interest last week a blog by Robert Herjavec titled: Blockchain Technology Is Here to Stay. There are some predictions about blockchain being a fundamental business enabler and how it will disrupt a number of sectors from finance to real estate and transportation. That I agree. We're already seeing the financial sector pursuing an aggressive strategy for adoption. Just look at the announcement by SWIFT last October on their successful trial of blockchain. Swift Blockchain Success Sets Stage for Sibos
What stood out for me in Robert's blog is the comment: "The best part of this technology is that transactions cannot be altered!"
One only has to do a google search to find several hacks on blockchain and crypto currency to see the financial impact. Want more proof on the risk of blockchain and how it can be hacked? Here is a good article titled: Can The Blockchain Be Hacked? published in Sept. 2017.
Blockchain is an open and cryptographically signed ledger based on hashing and cryptographic private/public key technology. With the evolution of quantum computing comes the possibility of quantum attacks on blockchain and its inherent reliance on cryptographic keys. There is plenty of research and publication on how blockchain, thru quantum computing, is vulnerable. (Do some research on the Grover and Shor algorithms)
The risk of blockchain deployment and lack of standards have not gone unnoticed and has led the US Congress in 2017 to enact "The American Innovation and Competitiveness Act,”. Included in this act is a directive to the National Institute of Standards and Technology (NIST) to develop a post quantum cryptography standard. This is where “Key Shadowing” will have to be considered.
While the market races to adopt blockchain the risks are many. Finding qualified blockchain expertise, addressing the “single point of failure” of key management systems to overcoming the threat of quantum computing on cryptographic keys it will be a bumpy ride for adoption fraught with risks.
The announcement today of our partnership with HyperSpace Security for their patented Key Shadowing technology puts us in a position to deliver a ground breaking and disruptive cryptographic key solution to the market. Now, companies will have the ability to eliminate the single point of failure, the key management system.
Key Shadowing has been in development for over 15 years. Like most great solutions it started with a personal story of it's inventor, Dane Butzer. His bank account was hacked in 1994 and again in 1997. Driven by the question "Why should a single point of failure exist to hack my financial information" and armed with his Masters in Engineering Dane set off on a scientific and mathematical journey for over 15 years to develop a technology which had 4 goals:
The solution must (1) work every time, (2) be resistant to loss or corruption of some information, (3) be immune to more sophisticated attacks such as those using quantum computing and advances in factoring large numbers, and (4) be fast and easily used.
Thus, the idea of a totally new solution based on hyper-dimensional math was conceived. After Dane spent many years deriving, coding, testing, and patenting his invention, a new technology called Key Shadowing was born!
iSG was chosen as the first partner to bring this technology to market. We can't be more humbled and honored.
I was reading an interesting article titled: Is 2018 the year cybercrime becomes mainstream and was wondering how prepared are IT/Security staffs to handle and investigate a cypercrime against their company. What expertise and training do they have to conduct investigations, comply with chain of evidence, adhere to an forensically sound processes/methodology, what forensics technology have they deployed? Are their IT vendors/partners just that, IT. Where do they go to help them conduct investigations?
Certainly, law enforcement plays a role. But, how prepared are companies to compile the facts to even determine if there was a crime before they call law enforcement? Is the threat internal or external. If internal, what risk reduction efforts did the company deploy to prevent an internal crime from being committed?
AI and machine learning will become more prevalent to mitigate this risk. A constant cyper awareness training framework is necessary and will certainly help. But, when there is a hack/breach (and there will be ) how prepared are you to combat this criminal act?
Enterprise Mobile Encryption is Required, But Few Companies Have It
The mobile wave is here. You can not avoid it. Everywhere I go business is being conducted on mobile devices. Last year at LegalTech in NYC everywhere you looked people were texting, talking, emailing, sharing documents and conducting business on their cell phones. What a hacker's paradise!! I stopped a few people (happened to be attorneys) if they were concerned about their communications being secure. They didn't think anyone would care. Really? Were they talking to a client discussing their defense, perhaps reviewing strategy for a company merger, how about proprietary information on market release of a new product, or a privileged communication. Not to mention the document sharing and emails containing IP, etc.
In the past few weeks we have been engaged by our clients ranging from global law firms to global manufacturers wanting to implement an enterprise strength mobile encryption platform. They are ahead of the curve for companies and understand their business is rapidly being done on a mobile platform.
Their use cases vary and range from "out of band" communications for Incident Response to protecting privileged communications to ensuring the executives' conversations and communications are secure as they discuss mergers/acquisitions and company strategy.
What are your thoughts? Are you prepared, do you have a defense in place, do you care?
Would like to hear what you think.
iSG is proud to announce their sponsorship of the Betty Jane Memorial event on February 12 during the Daytona 500 week.
The NASCAR Foundation’s High Speed Hold ‘Em Charity Poker Tournament is a fun-filled night of Poker benefitting The NASCAR Foundation’s Speediatrics Children's Fund which is dedicated to enhancing the delivery of medical care to children in our racing communities.
The NASCAR Foundation founder, Betty Jane France, envisioned a place where kids are not intimidated by the overwhelming experience of being in the hospital. Speediatrics is helping accomplish this vision by providing a safe place for a speedy recovery through a unique combination of caring, commitment and kindness, all with a NASCAR theme. Read more about the mission of the NASCAR Foundation.
"iSG is committed to sharing it's success with those organizations that strive to do good and provide much needed services to the community. As we expand our Florida presence we are proud to be able to give back and adhere to our guiding principle of "profit with purpose"..says Helena Botticelli, VP | CFO.
If you're in the Daytona Beach during race week stop by the event at the Henderson Center at Embry-Riddle Aeronautical University, 600 S. Clyde Morris Boulevard, Daytona Beach, FL 32114 on February 12 at 6:00PM.
Complacency - Biggest Weakness
Read a article this week by Robert Herjavec on Linkedin ( article ) asking about being prepared and the role complacency plays in the preparation. Good article.
Two conversations (out of the list of 5 ) Robert mentioned that CEOs should be having were: establishing a strong cyber hygiene program and the strengthening of your mobile and IOT security postures.
Those especially resonated with our team as we just completed an engagement where cyber hygiene could have helped avoid DDos attacks. Additionally, we're in the midst of securing several clients mobile communications infrastructure through enterprise encryption. The primary use cases centered on protecting privileged communications and enabling an " out of band" communications platform to support IR efforts.
I couldn't agree more with Robert's article.
Intelligence Services Group (iSG) was engaged by major entertainment company for conducting forensics intelligence to address system corruption and possible breach. As a result of a deep and comprehensive forensics interrogation iSG identified several areas of risk/breaches which indicated a takeover of our client's systems for possible mining of cryptocurrency.
This threat, also known as "cryptojacking", is a secret method utilizing your systems to mine for cryptocurrency such as Bitcoin. One way this threat is propagated is thru adware and visiting a compromised web page.
"Although our client had the most up to date malware and endpoint protection software this threat went undetected and caused severe system corruption. Thru our forensics technology and methodology we were able to identify the threats and present recommendations for remediation. Luckily, no data exfiltration or ransomware threats were identified"....says Bob Henderson, CEO Intelligence Services Group.
This is a great example of how companies think they have the most up to date endpoint protection platform (EPP) and will be protected. However, nothing is 100% and the 1-3% that goes undetected introduces severe risk. Digital forensics should be part of your endpoint security and incident response strategy.
Learn more about our unique services/software: email@example.com
MORGANVILLE, N.J. & ORLANDO, Fla. - Nov. 21, 2017 - PRLog -- Tanium (www.tanium.com), the revolutionary and leading company for endpoint security/systems management and Intelligence Services Group, LLC (iSG)(www.iservicesgrp.com) , a unique firm for delivering intelligence/investigative capability fused with technology have announced a formal partnership today to deliver their combined capabilities to the market.
"Our DNA allows us to deliver a unique and compelling security experience to the market. Unlike other traditional partners which ISV's choose that sell a plethora of products, we only include in our portfolio a few leading technology firms which will enhance our intelligence/investigative background to deliver risk management. Tanium's vision to be a game changer aligns perfectly with our strategy to deliver a unique approach to the market", said Bob Henderson, Founder | CEO of Intelligence Services Group, LLC.
iSG will focus on delivering Tanium to its clients in the USA and have already been in discussions with global financial firms and retailers to deliver on the Tanium capability.
Intelligence Services Group. LLC is a team of intelligence operative/law enforcement executives from the federal, state, local and international (Interpol) communities. We fuse our expertise with the best in class technologies for conducting investigations, providing digital forensics, enabling cybersecurity and implementing mobile encryption capabilities to our clients for managing risk.
Intelligence Services Group, LLC can be reached at 833-623-3092 or email at: firstname.lastname@example.org
Another first from our award winning partner, SaltDNA.
SaltDNA, a Cybersecurity 500 company and the leader in secure mobile communications for the enterprise, is delighted to announce the extension of its product suite to support secure desktop voice calls. SaltDNA's secure desktop voice capability is available immediately for all major platforms.
Allowing for incoming and outgoing secure calls with either a desktop or smartphone, SaltDNA is ideal for legal firms and healthcare providers who are increasingly under pressure to improve the security of client and patient information. This includes clients running MacOS and Windows 10.
"This is another major milestone for SaltDNA and early customer feedback has been excellent. Having the option to make a secure call from either a smartphone or laptop is a major productivity upgrade for our enterprise customers," said Joe Boyle, CEO at SaltDNA. "Coming just two months after the secure file attachments announcement, this Secure Voice over Desktop is the fifth major product release in 2017. We continue to work very closely with our customers and are lining up for another major product release before the end of the year."
Give us a call, 833-623-3092 or email email@example.com to learn more
Try a FREE Trial
Additional Secure File Attachments Now Available on SaltDesktop
Our partner, SaltDNA, has just announced additional secure file attachments for the Saltdesktop application. They continue to advance their leading secure mobile enterprise communications platform. Want to learn more? email us at: firstname.lastname@example.org or sign up for your FREE Trial at:
We are excited to announce an expansion of our firm and have chosen central Florida for opening our second office effective today.
Here is the info:
1540 International Pkwy Suite 2000 Lake Mary, FL 32746
In addition, to better serve our expansion we have added a new 800 number service for the company:
This new location will support our expanded footprint into the SE market.
Join us and SaltDNA on July 25th to learn about mobile security for the enterprise and how the SaltDNA mobile encryption technology enables your mobile security. Email iSG at: email@example.com to receive your personal invitation.
Want a FREE trial of SaltDNA? Go to: www.iservicesgrp.com/saltdnatrial