“Zero Trust” Is the Opposite of Business

Infosecurity Magazine| September 14, 2018

By Dr. Mike Lloyd, RedSeal CTO

The term zero trust has been cropping up a lot recently, with even a small conference on the topic recently. It sounds like an ideal security goal, but some caution is warranted. When you step back and consider the reason security is important – keeping organizations running – it’s not so clear that zero trust is really what we want.

I see the label zero trust as an over-reaction to the challenges we face in security. To the extent that the term means “be less trusting”, I agree. Look at our lack of success in stopping breaches.

How do we build digitally resilient organizations?

CSO Online | September 4, 2018

So, what does a digitally resistant organization look like? In a recent column, Ray Rothrock, a CEO who has written a book on Digital Resilience, says: “Instead of cowering behind a wall and hoping for the best, those who lead digitally resilient businesses ensure that they know the strengths, weaknesses, gaps and vulnerabilities of their networks.”

Five Tips For Building Digital Resilience Into Your Business Plan

Chief Executive | September 3, 2018

The security advisory firm Herjavec Group reports that cybercrime damages are set to cost businesses $6 trillion annually by 2021, with cybersecurity spending topping $1 trillion from 2017 to 2021. A trillion here, a trillion there … pretty soon you’re talking real money — more than enough to acknowledge that managing an organization’s cyber risk has truly become a CEO and Board-level responsibility.

It is essential today that enterprises build digital resilience into their business plans—and do so deep and wide.

Tip #1: Understand the difference between digital security and digital resilience.

Revealed: The cyber Achilles heel for large companies

Corporate Risk and Compliance | August 28, 2018

While a new survey from analytics firm FICO has found that the number of US companies with full-coverage cybersecurity insurance has skyrocketed from last year, 24% still reported that they did not have any cyber insurance. For those that remain uninsured, and the insurance companies with an eye on targeting these firms, a cybersecurity analytics platform has come up with a more effective way to price policies.

“From a cybersecurity perspective, when you’re an insurance company and you’re writing a policy for somebody, how do you charge them for it? We measure the risk and give them the metrics to charge for that policy,” said Steve Timmerman, VP of marketing and business development at RedSeal, which offers enterprise software that builds a model of a company’s network, identifies vulnerabilities, and provides a digital resiliency score that allows insurers to write a cyber premium based on that score.

Sarder TV with Ray Rothrock

Sarder TV | August 24, 2018

Ray Rothrock is a venture capitalist and former partner at Venrock, he has invested primarily in the industries of infosecurity and energy. Rothrock is currently the CEO of RedSeal Inc. and serves on the board of directors of several other companies, as well as the board for the Northern California chapter of NACD.

We sit down for a full video interview to discuss cyber attacks, their impact on business and his journey to success.

Millions of businesses vulnerable to fax-based cyber attack

ComputerWeekly | August 13, 2018

Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks in millions of organisations around the world, researchers warn, underlining the need for cyber resilience.

Ray Rothrock, chairman and CEO of security analytics firm RedSeal, said the Check Point research underlines the need for organisations to focus on resilience.

“We recommend that companies validate their segmentation policies and make sure there’s very limited access to their most valuable assets,” he said. “This isn’t a one-and-done exercise. Companies must remain vigilant, constantly monitoring all possible pathways within and between their network environments so they can quickly isolate a compromised device.

Check Point shows how faxes can be route into a company

iTWire | August 13, 2018

Fax machines, which are part of many all-in-one printers, can be compromised over the telephone line and used to attack Windows PCs on the networks to which they are attached, researchers from from security firm Check Point say.

The exploit was demonstrated on Sunday in a talk titled “what the Fax?” at the DEFCON security summit held in Las Vegas. A detailed technical explanation of the methods used is available here.

Harvard Business School: Alumni and Faculty Books

Harvard Business School | June 2018

Digital Resilience: Is Your Company Ready for the Next Cyber Threat?
by Ray Rothrock (MBA 1988)

Amacom:
Rothrock lays bare tactics used by hackers, vulnerabilities lurking in networks, and strategies not just for surviving attacks but also for thriving even while under assault. This book helps businesses understand the threats they face, assess the resilience of their networks against attacks, identify and address weaknesses, and respond to data theft swiftly and effectively.

The Future of Cyber Security, with Ray Rothrock

Dive With Data Podcast | July 26, 2018

Asha Saxena explores cyber security and the future of Big Data with venture capitalist Ray Rothrock.

In this episode, we’ll talk about how Big Data is impacting cyber security and how businesses can overcome the common challenges associated with Big Data, from keeping sensitive information to finding the right talent to process and analyze the data. Without a doubt, Big Data is here to stay, which is why all businesses should focus on learning how to effectively use it.

PM World Book Review: Digital Resilience

PM World Journal | July 2018

The subtitle grasped my attention, “Is your Company Ready for the Next Cyber Threat?” With the speed of change and the lack of international laws to detect and prosecute the criminals, my mind quickly responded, “I doubt it?”

This title addresses the rise in cybercrimes and every business, large and small are at risk. It helps law abiding business people peek inside the minds and tactics of international criminals to understand the threats, identify the weakness and effectively respond, no matter what it takes.