The EU's General Data Protection Regulation (GDPR) has seen data protection driven up on the agenda at banks and insurance providers. Data privacy regulation has moved from a reactive to a proactive emphasis. “Businesses are now scrambling to put in processes and technology so they can care for any personal identifiable information appropriately, and be seen as taking data security seriously or risk punitive punishment. The impacts of GDPR are felt not only by banks and other financial services companies, but also by the broader ecosystem that encompasses third-party vendors and partners who will also feel the impact of the regulation.
As a CISO, my challenge has been to reduce the number of alerts by filtering out the noise generated by a myriad of data sources. I have to balance the latest "good idea" checklists and frameworks with the budget and staff that I have already. As an Information Security expert, I have discovered that it is costly both financially and organizationally in staff morale to constantly having to conduct "Ghostbuster" missions that end like bad comedy through chasing ghosts in a machine that alerts us constantly and points us to a dead end.
If you are one of the New York financial services companies and still busy preparing to be compliant with the first part of New York Cybersecurity Regulations by the deadline - August 28th, 2017. Here is what you should know.
@RISK Technologies, a Strategic IBM OEM World Wide partner, is here to protect America's Mid Market corporations from cyber crime. The Cyber threat that is out there today is real, complex, and evolving. Corporations have been unable to protect themselves and slow to identify when they have been breached. 147 days is the average amount of time before a business realizes it has been breached and normally it finds out through a 3rd party disclosure.
- @RISK’s intent is to stand between the threat and its Customers while enabling an Intelligent Security posture.
- Our technology was designed to pre-empt bad activities while averting costly and lengthy incident response checklists and Digital Forensic Investigations
- Automates costly methods using machine learning, @RISK will save our Customers money.
INTRODUCTION OF @RISK:
@RISK Technologies, Inc., an IBM World Wide Strategic Embedded Solutions Partner, includes team members with decades of experience:
- Composed of former IBM & MIlitary leaders they have supported the Department of Defense (DOD), U.S. Intelligence Agencies, U.S. Special Operations, the United States Army, the United States Marine Corps and the DOD CIO.
- Over 50% of the team maintains Top Secret Security Clearance
- Over 150 years of team experience at IBM
Cyber Insurance working with Cyber Defenders:
Cyber Situational Awareness is achieved by measuring the Cyber Attack Surface.
- It’s better to detect sinister intentions early
- Than to respond to compromised networks and conduct cyber forensics actions late
@RISK technologies employs and emphasizes the network-saving importance of cyber situational awareness. Left of Bang, is a reference to the cyber attack timeline of a cyber incident.
- “Bang” is when malware is deposited, the attack begins, or damage is done.
- On a timeline moving from left to right, “right of bang”” is what happens after the incursion begins. In the worst-case scenario, you’re a casualty when you are to the right of bang.
- Therefore, you need to stay to the Left of Bang! In that area you need to be alert, ready, prepared, and able to respond before the bad stuff happens.
Getting Left of Bang and achieving situational awareness is possible by recognizing certain revealing characteristics that will enable one to detect potential attackers in time to avoid or upset their nefarious intent.
PRIVACY BY DESIGN:
Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process and may have been derived from this.
Given recent events in the Market, embedding a design based approach to privacy is prudent:
Many define an attack surface as the total sum of the vulnerabilities in a given computing device or network that are accessible to a hacker. As a Cadet at the Citadel, I learned that vulnerabilities are the dynamic interplay between Gaps and Capabilities.
INTRODUCTION TO POLYMORPHISM:
Every time you turn on the TV, or view social media, you can’t help but be overwhelmed with discussions around cyber security and hacking. Leaders of agencies, military units, or industries, consistently yield an interesting and recurring theme:
Cyber Security is "polymorphic." Polymorphism, polymorphic or polymorph, from the Greek words poly ("many") and morphe ("form, shape, structure"), may refer to computing and science,
- Cyber Polymorphism represent the ability in computer programming to present the same programming interface for differing underlying forms (data types, classes) and then the substrate of Cyber extends all the way to how it is encoded.
- Polymorphic code, self-modifying program code designed to defeat anti-virus programs or reverse engineering