RedSeal CEO Ray Rothrock was interviewed in a Cybersecurity Special Feature for Fortnightly Magazine, and discusses his security recommendations for the leaders of utilities and regulators, segmentation, NERC CIP compliance and more.
For a shopper who was impacted, she should ensure she doesn’t use the same password for her Bed Bath & Beyond account elsewhere. In fact, not reusing passwords is one way consumers can protect themselves from fraud, says Mike Lloyd, chief technology officer from cyber security firm RedSeal Inc.
“It’s important to realize that if you use the same password at your bank as you use for less important services like social media or video streaming, then a bad guy only has to break into whichever company has the weakest security, then steal your passwords and use them everywhere else you go,” Lloyd says.
Question: What do you do when you can’t patch your IoT endpoints?
Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren’t as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren’t flexible. The security toolchain and ecosystem we’ve built up assumes we can put stuff on network endpoints, but IoT “things” are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-29 16:43:352019-10-29 16:43:35What Do You Do When You Can't Patch Your IoT Endpoints?
Malware, ransomeware, phishing attacks, viruses…are just some of the cyberthreats facing society. And they are getting more destructive.
What to do? Well, Ray Rothrock–who is a venture capitalist and is on the board of Check Point Software–has some solid answers. In his book, he goes over key areas like assessing networks, identifying threats and how to spruce up defenses. He also stresses that security can never be 100% but there are still actions to take that will greatly increase the odds of avoiding a hack.
During a recent call, RedSeal’s Chief Product Officer, Kurt Van Etten, referenced an enterprise challenge that is too familiar. He shared with Ed Amoroso and me that maintaining and understanding one’s network asset inventory, both hardware and software, is the key to maintaining a strong cyber security program. It’s not sexy, and not what gets the most attention in media or at conferences, but companies must know what they have, where it is, and who has access.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-04 17:07:512019-11-01 16:07:08Back to Basics: Why Asset Inventories are Key to Cyber Security
All the panelists commented on workforce issues. There was general agreement that AI is developed most effectively in multi-discipline environments.
“The cyber industry is about a $126 billion [market]. There are 3,000 products out there. A typical large corporation probably like Exelon has 50 or 60 cyber products and only five or 10 people to operate it. Well, that number, it’s a crushing situation. And while you need engineers, for sure, you also need technicians. They don’t need all need a four-year degree, they need a piece of it,” said Rothrock.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-03 11:03:332019-10-09 11:04:25DOE Sets Sights on Accelerating AI (and other) Technology Transfer
Ben Cohen, the co-founder of Ben & Jerry’s Ice Cream, calls spending huge amounts on the effort “a tragic waste.” Another urges creation of a cabinet-level agency to deal with threats.
To the Editor:
Glenn S. Gerstell’s article identifies the magnitude of the digital juggernaut and brilliantly lays out the difficulty of the challenge. It is this very complexity that underscores the need for a cabinet-level agency dedicated to cybersecurity to ensure coordination and resilience in the face of threats.
The Department of Homeland Security was created after the 9/11 tragedy, coordinating 180,000 employees working in the country’s intelligence, defense and law enforcement agencies. Similarly, in the 1970s, as Americans dealt with an energy crisis, President Jimmy Carter created the Energy Department to consolidate American energy policy and ensure a consistent supply of energy and protect the country from threats to our economy and readiness.
If desperate times call for desperate measures, then surely risky and rapidly changing times call for measures that are resolute. The United States must prioritize cybersecurity, just as we do homeland security and energy. Let’s not wait until the revolution is lost.
Ray Rothrock
San Jose, Calif. The writer is chief executive of RedSeal, a cybersecurity company, and the author of “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Erica Venerhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngErica Vener2019-09-29 08:00:142019-10-03 17:33:55On Cybersecurity: Two Scoops of Perspective
Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown in importance in recent years. What are a company’s vulnerabilities? What cybersecurity issues or incidents have they had in the past, and how have they dealt with them? What defenses do they have in place to protect themselves? Are all important questions to ask in an M&A deal. But even if you’re not involved with a merger or acquisition, the same analysis can yield important and surprising results.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Erica Venerhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngErica Vener2019-09-26 08:00:022019-10-03 17:31:57Industry Experts Provide Tips For Successful Cyber Diligence in M&A
Last week, Oracle co-founder and CTO Larry Ellison claimed that Oracle’s new autonomous systems will eliminate all data breaches. Not everyone’s buying it….
Mike Lloyd, CTO of cybersecurity vendor RedSeal, called Oracle’s latest promises an example of “hyperbolic marketing.”
“People find clouds inherently confusing, not least when trying to understand who is responsible for what,” he said. “Of course, if you think your cloud vendor is responsible for some aspect of security, but they think you’re responsible for it, then you’re on a road to a bad place.”
Why Nominated: Having spent decades leading and advising both technology and information security companies, Rothrock knows that cybersecurity for any organization goes well beyond just deploying and managing strong technologies. It’s also about strategically thinking about security needs holistically top down. And, for him, this means that since every entity is a “cyber organization,” the related risks they face are a CEO and board-level responsibility. With this foundation in mind, Rothrock works well beyond the confines of his office, reaching out practitioners, C-level executives, government leaders and even average citizens through a bevy of activities and ventures.
Cybersecurity: Ray Rothrock – Prepare, Protect, Respond
/in In the News /by Keith DoPublic Utilities Fortnightly | November 1, 2019
RedSeal CEO Ray Rothrock was interviewed in a Cybersecurity Special Feature for Fortnightly Magazine, and discusses his security recommendations for the leaders of utilities and regulators, segmentation, NERC CIP compliance and more.
Hackers access Bed Bath & Beyond customer data
/in In the News /by Keith DoDigital Commerce 360 | October 31, 2019
For a shopper who was impacted, she should ensure she doesn’t use the same password for her Bed Bath & Beyond account elsewhere. In fact, not reusing passwords is one way consumers can protect themselves from fraud, says Mike Lloyd, chief technology officer from cyber security firm RedSeal Inc.
“It’s important to realize that if you use the same password at your bank as you use for less important services like social media or video streaming, then a bad guy only has to break into whichever company has the weakest security, then steal your passwords and use them everywhere else you go,” Lloyd says.
What Do You Do When You Can’t Patch Your IoT Endpoints?
/in In the News /by Keith DoDark Reading | October 29, 2019
Question: What do you do when you can’t patch your IoT endpoints?
Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren’t as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren’t flexible. The security toolchain and ecosystem we’ve built up assumes we can put stuff on network endpoints, but IoT “things” are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.
7 Technology Books Every Entrepreneur Should Read
/in In the News /by Keith DoForbes | October 8, 2019
Malware, ransomeware, phishing attacks, viruses…are just some of the cyberthreats facing society. And they are getting more destructive.
What to do? Well, Ray Rothrock–who is a venture capitalist and is on the board of Check Point Software–has some solid answers. In his book, he goes over key areas like assessing networks, identifying threats and how to spruce up defenses. He also stresses that security can never be 100% but there are still actions to take that will greatly increase the odds of avoiding a hack.
Back to Basics: Why Asset Inventories are Key to Cyber Security
/in In the News /by Keith DoTAG Cyber | October 4, 2019
During a recent call, RedSeal’s Chief Product Officer, Kurt Van Etten, referenced an enterprise challenge that is too familiar. He shared with Ed Amoroso and me that maintaining and understanding one’s network asset inventory, both hardware and software, is the key to maintaining a strong cyber security program. It’s not sexy, and not what gets the most attention in media or at conferences, but companies must know what they have, where it is, and who has access.
DOE Sets Sights on Accelerating AI (and other) Technology Transfer
/in In the News /by Keith DoHPC Wire | October 3, 2019
All the panelists commented on workforce issues. There was general agreement that AI is developed most effectively in multi-discipline environments.
“The cyber industry is about a $126 billion [market]. There are 3,000 products out there. A typical large corporation probably like Exelon has 50 or 60 cyber products and only five or 10 people to operate it. Well, that number, it’s a crushing situation. And while you need engineers, for sure, you also need technicians. They don’t need all need a four-year degree, they need a piece of it,” said Rothrock.
On Cybersecurity: Two Scoops of Perspective
/in In the News /by Erica VenerNew York Times | September 29, 2019
Ben Cohen, the co-founder of Ben & Jerry’s Ice Cream, calls spending huge amounts on the effort “a tragic waste.” Another urges creation of a cabinet-level agency to deal with threats.
To the Editor:
Glenn S. Gerstell’s article identifies the magnitude of the digital juggernaut and brilliantly lays out the difficulty of the challenge. It is this very complexity that underscores the need for a cabinet-level agency dedicated to cybersecurity to ensure coordination and resilience in the face of threats.
The Department of Homeland Security was created after the 9/11 tragedy, coordinating 180,000 employees working in the country’s intelligence, defense and law enforcement agencies. Similarly, in the 1970s, as Americans dealt with an energy crisis, President Jimmy Carter created the Energy Department to consolidate American energy policy and ensure a consistent supply of energy and protect the country from threats to our economy and readiness.
If desperate times call for desperate measures, then surely risky and rapidly changing times call for measures that are resolute. The United States must prioritize cybersecurity, just as we do homeland security and energy. Let’s not wait until the revolution is lost.
Ray Rothrock
San Jose, Calif.
The writer is chief executive of RedSeal, a cybersecurity company, and the author of “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”
Industry Experts Provide Tips For Successful Cyber Diligence in M&A
/in In the News /by Erica VenerSecurity Boulevard | September 26, 2019
Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown in importance in recent years. What are a company’s vulnerabilities? What cybersecurity issues or incidents have they had in the past, and how have they dealt with them? What defenses do they have in place to protect themselves? Are all important questions to ask in an M&A deal. But even if you’re not involved with a merger or acquisition, the same analysis can yield important and surprising results.
Oracle’s Autonomous Cloud Security Claims Met with Skepticism
/in In the News /by Erica VenerDataCenter Knowledge | September 25, 2019
Last week, Oracle co-founder and CTO Larry Ellison claimed that Oracle’s new autonomous systems will eliminate all data breaches. Not everyone’s buying it….
Mike Lloyd, CTO of cybersecurity vendor RedSeal, called Oracle’s latest promises an example of “hyperbolic marketing.”
“People find clouds inherently confusing, not least when trying to understand who is responsible for what,” he said. “Of course, if you think your cloud vendor is responsible for some aspect of security, but they think you’re responsible for it, then you’re on a road to a bad place.”
SC Media Reboot Leadership Awards: Ray Rothrock – RedSeal
/in In the News /by Erica VenerSC Magazine | September 23, 2019
Why Nominated: Having spent decades leading and advising both technology and information security companies, Rothrock knows that cybersecurity for any organization goes well beyond just deploying and managing strong technologies. It’s also about strategically thinking about security needs holistically top down. And, for him, this means that since every entity is a “cyber organization,” the related risks they face are a CEO and board-level responsibility. With this foundation in mind, Rothrock works well beyond the confines of his office, reaching out practitioners, C-level executives, government leaders and even average citizens through a bevy of activities and ventures.