This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

In a technology driven world, those pesky human life forms continue to be problematic.

Changing Human Behavior Key to Thwarting Cybersecurity Attacks


Despite increased spending on technology to stave off cyberattacks, companies are getting compromised more and taking bigger hits.

How long does it take for employees to be security conscious?

CSO Online

An internal USPS phishing simulation campaign found that more than 25 percent of the 3,125 employees who were tested clicked on a phony link. What’s more, 93 percent of the baited employees didn’t report the incident to the USPS Computer Incident Response Team, according to the report.

How to Promote a Strong Cybersecurity Culture Year-Round

IT Business Edge

National Cyber Security Awareness Month kicked off with an attention-grabbing incident that reminds us why security matters. News of the massive data breach at Experian highlights the difficulties that organizations face in protecting systems and sensitive data from increasingly sophisticated intruders.

DoD Needs To Improve Cyber Culture, CIO Says

U.S. Department of Defense

The Defense Department needs to change its cyber culture to protect its networks from the relentless threat from hackers, the department’s chief information officer said today.

Hacktivists. Black Hats? White Hats? Gray Hats? Spotted?

Cyber vigilantes flex growing power

The Hill

Activist hackers — so-called hacktivists — are getting harder to differentiate from more serious threats such as terrorist groups and nation-state cyber warriors, security researchers say.

The Biggest Cybersecurity Risk Is Not Identity Theft

Tech Crunch

Cybersecurity debates tend to focus on theft of personal information and cyberattacks that damage physical systems like electric grids. But there is less discussion about a very real threat posed by hackers who deface websites, apps and other sources to spread false information. Neither our legal system nor our private sector is adequately prepared to deal with such damaging acts.

Know Thy Enemy. Hire a Hacker to Enhance Your Cybersecurity


If your cybersecurity strategy isn’t up to snuff, you could be exposing your business to financial ruin. Telecoms giant TalkTalk is a testament to this. The British firm is experiencing huge fallout after confirming last week in an official statement that it had been the latest victim of a major cybersecurity hack.

ISIS gives tips for avoiding Anonymous hackers

The Hill

The Islamic State in Iraq and Syria (ISIS) is trying to get ahead of the hacking group Anonymous after it declared cyber war on the terrorist group after last Friday’s deadly attacks in Paris.

We all need something to look forward to….

5 Dangerous Cyber Threats To Prepare For In 2016


Hackers used to be the nerd equivalent of charming rogues—math whizzes wielding simple algorithms to wreak havoc primarily for the bragging rights. But today, hacking is big business. Networks of hackers with greedy or geopolitical intentions use the most advanced technology to steal or extort huge sums of money and bring down businesses.

‘McAfee Labs 2016 Threats Predictions’ Report Forecasts Changes

McAfee Labs Blog

In the McAfee Labs 2016 Threats Predictions report, published today, we developed two distinct views of the future.

By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

November 24, 2015