Author Archives: Linda Musthaler

Communications Teams Get a Failing Grade Over Heartbleed

First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again. … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

What’s Needed Now: Supply Chain Integrity Testing

Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply chain integrity testing. In the wake of all the digital spying revelations let loose by the Edward Snowden … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

Who Are Breach Disclosure Laws Meant to Protect? One Merchant Held up Notifications for More Than a Year at the Request of Federal Authorities

I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you might imagine, people … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , , | Leave a comment

Who Is Reading Your Email, and for What Purpose?

Thanks to the NSA, so much attention has been on the fact that the federal government is collecting metadata about our phone calls that we have taken our eyes off what’s happening on the email front. There have been a few stark reminders in the news recently that email isn’t private and we shouldn’t use it to transmit sensitive information. … Read more

Posted in Data Protection, Security Threats, Uncategorized | Tagged , , , | Leave a comment

Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels

In a previous blog post I talked about the upcoming National Cybersecurity Career Fair (NCCF) this June 18 and 19, 2014. NCCF is an innovative virtual meeting place for the top cybersecurity employers and entry to mid level cybersecurity jobseekers in the United States. It turns out that this job fair is desperately needed by employers in practically every industry, … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

National Cybersecurity Career Fair in June Will Connect Employers to Entry Level Cybersecurity Workers

Do you know anyone who is an aspiring cyber security professional? Here is some important information to pass along to help them get their career started. This is also big news if your organization is looking to recruit entry-level people for IT security positions. Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National Cybersecurity … Read more

Posted in Application Security, Cloud Security, Data Protection, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

NTP Amplification DDoS Attacks Are Skyrocketing. Do You Have Your Defense System in Place?

In his recent “Attack of the Month Video Blog Series,” Stephen Gates talks about NTP reflective traffic as the latest technique being used to launch DDoS attacks against hapless victims. This is certainly something to pay attention to. Since the beginning of 2014, the number of attacks using this method has skyrocketed, largely because there is a new NTP reflection/amplification … Read more

Posted in Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , | Leave a comment

Business Lessons from the DDoS Attacks on Social Networking Site Meetup

In early March, the social networking site Meetup was hit by a series of DDoS attacks. The attacks did some damage, not the least of which was knocking the site offline for hours at a time over a period of several days. However, I have to say that it appears that the Meetup management and technical team did a few … Read more

Posted in DDoS, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , | Leave a comment

Internet Hosting Providers that Fail to Prepare for DDoS Attacks are Derelict in Their Duties to Care for Their Clients

On February 18, 2014, the online gaming website Wurm was the victim of a DDoS attack. The company posted the following note on its website at the time of its attack: “Shortly after today’s update we were the target of a DDoS attack and our hosting provider had to pull us off the grid for now. We will be back … Read more

Posted in Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , | Leave a comment

Cybersecurity in the U.S. Healthcare System is in Critical Condition and Needs Intensive Care

Last fall my husband was visiting a relative in the hospital when he noticed an Ethernet port on the side of the bed. He asked the nurse what the hospital uses the port for. She explained that they occasionally connect patient-monitoring devices to the port on the bed to facilitate transmission of alerts to the nurses’ station. For example, if … Read more

Posted in Application Security, Data Protection, Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , , | Leave a comment