Blog categorized as Uncategorized

Data from actual cyber-attacks shows that most ransoms are in the 2-5 percent range. This is a good starting point and can be further refined by going through some factors that cybercriminals consider when setting the amount.

First, think through the motivation of the cybercriminal. ...

Suppose a criminal group called CyberL33t developed a zero day vulnerability for a Microsoft SQL server. CyberL33t spent about 200 hours learning about exploit development, and studying SQL server itself. Time to go hack some businesses!

He now has to target the exploit…and the company he wa...

There are a variety of activities that you as a cyber defender could do. This leads to a bewildering number of options across price points and against different types of threats. Large organizations often have strict regulatory requirements and/or know that they have to guard against all threats but...

This is the driving question behind security programs. There are a lot of threats out there and twice as many ways to defend.

One solution is maturity and frameworks like the Cybersecurity Maturity Model Certification (CMMC). This model defines 3 levels with increasing cyber defense requirem...

I was ready to close out the Webex call and instead the break in silence reshaped my security ethos. "Wait, can you explain that again?"

It was March 2017 and pre-pandemic remote meetings were audio only. I was used to speaking into the void so I couldn't read body language or see gaping...