Home

News

News
Will the US government’s response to ransomware be an effective deterrent for bad actors?

Top Answer: The degree of political pressure or danger for ransomware operators is more real today than it was a year ago, but it's definitely not enough to be a deterrent. When I talk about ransomware, I always try to frame it as a business model rather than as a piece of malware, because it got popularized by grandpa getting phished and we've gotten stuck on thinking about it that way. Ransomware is the ability for a financially motivated bad actor to monetize things that would've been worthless in the absence of ransom as a business model. And that suggests that it will continue to evolve and innovate. There was an interesting campaign against MongoDB and Elasticsearch around 2018, where ransomware operators were saying, "I have your data. Pay me and I'll give it back to you." But they weren't doing that. They were just deleting everything. At the time, that would probably get you hurt by your competitors as a ransomware operator, because they pride themselves on being able to support their customer. But now we've moved on from that. Now there’s this idea of a secondary take around disclosure and spreading out information in that sense just seems like what I'd want to do as a bad actor. So what's next? It doesn't seem to be fading away as a means for cyber criminals to make money.

What information security publications do you read to get your industry news?

Top Answer: DarkReading

67 views
2 comments
1 upvotes
Related Tags
NFTs: Hype or revolutionary?

Top Answer:

224 views
0 comments
0 upvotes
Related Tags
Why are people saying the IT department is dead?

Top Answer: The problem is that there are many people leading IT organizations that have no business doing so in today’s world. We have folks who were directors of IT, or VPs of IT, and got a promotion because they were doing a great job supporting the printers and projectors. The next promotion happens to be CIO, but they're not living and breathing the CIO role. That starts to create an organization that is not what most companies need today. And then when you look at the lines of business, they see IT as the people they call when the Internet's down or they need a new laptop or something. IT becomes some transactional requirement. There are also examples of this in cybersecurity: you have an employee whose boss is breathing down their neck and they have to get this document transferred. The VPN isn't working, so they're sending it to their personal Gmail account because they don't have access to their own work email. They are not purposefully trying to circumvent security and data protection within their organization, or be malicious in their actions; they just have to get work done. They're not getting the support they need and they can't wait.

12 views
3 comments
0 upvotes
Related Tags
Would a cyberattack on a NATO country trigger Article 5?

Top Answer: This will probably depend on a number of things, for example the target of the attack (critical infrastructure or secondary targets), severity/consequences, ability to perform high fidelity attribution, etc.

131 views
2 comments
1 upvotes
Related Tags
What are some specific impacts of supply chain issues over the past year?

Top Answer: My background is all supply chain. In terms of supply chain management, almost every company is still trying to figure out what they want to be when they grow up. I'm seeing a lot more companies get their first chief supply officer. More companies are now looking at technology as a way to address labor shortages and examine their internal processes to see what is causing the problem. Many are still looking for ways to be resilient, whether through restructuring their contracts, or diversifying their suppliers. In China, if there's one worker that tests positive for COVID, everything is shut down. People migrated to Vietnam, but then those plants were shut down as well.

26 views
4 comments
0 upvotes
Related Tags
Has COVID’s impact led you to any interesting projects?

Top Answer: I co-founded a new company. Oni Buchanan and I are currently looking at ways that musicians can perform concerts in augmented reality. This was in response to COVID when all the musicians' concerts were canceled. Oni is a world-class musician and owns an agency representing other artists. We've built a platform where performers can record themselves and then project the concert into a virtual world that you watch using your phone’s camera. So it's a bit like Pokemon Go. At some point there will be wearables involved with that—likely glasses—that will make it easier to watch. And we have plans to do other things with biosensors in the future. We're working with orchestras and a conductor. We're looking for more pop groups to launch with, but it's really great for classical music. We can have someone virtually play a Stradivarius in the place where it was created and morph the sound as if it's actually in that room. Based on the research we did, even though live music is going to come back, concert presenters believe that aspects of virtual programming are here to stay. There are some things that worked in their virtual programming and some things that didn't, but there's a real audience for it. We're hoping that our platform is going to be part of that. We've been working with a music licensing expert on our board to build a whole new licensing model and other ways that artists can make money, because a lot of digital music publishing has cut the artist out of it.

28 views
1 comments
0 upvotes
Related Tags