Posts

An Interview with Ray Rothrock at the 2019 CERIAS Symposium

Cyber.Now Podcast | April 15, 2019

Host Nick Sturgeon interviews Ray Rothrock, the CEO of RedSeal and the opening Keynote for the 2019 CERIAS Security Symposium. The Cyber.Now Podcast is a weekly 30 minute liberty-based program, focusing on the latest in technology, politics, cybersecurity and government.

Digital Resilience – What You Can Do Now

Soundview Magazine | March 27, 2019

In our increasingly digital world, we are all targets of hackers and fraudsters. To survive, we must use some best practices to ensure our resilience. I use the word resilience rather than security deliberately. Security is about trying to stop the bad guys. Resilience is what you do when one of them—inevitably—gets in. It’s about identifying the problem and neutralizing it, even as you continue to do business. It’s also about recovery, quickly and productively, stronger than ever.

To regain control both in feeling and fact requires that we become resilient in our digital lives. Here’s how.

How to better manage your brain and your business

Acuity Magazine | March 26, 2019

Today’s digital networks are no longer an adjunct to business, they have become the substance of it. If you are not ensuring your company is prepared for a cyber threat you could be in for some nasty surprises.

Ray Rothrock is one of America’s leading cybersecurity experts and warns that if your business is connected to the internet, it’s at risk. Cybersecurity must be seen as an integral part of an organisation – not a reluctant expense instigated by the IT department.

Top 10 Must-Read Books on Information Security in 2019

Sensors Tech Forum | March 27, 2019

8. Digital Resilience: Is Your Company Ready for the Next Cyber Threat?

This is one of the most current works on cyber threats, written in 2018, and only recently published. The author is currently the CEO of RedSeal, a cybersecurity consulting company.

The great thing about this book is that it is quite non-technical. It is really written for non-techie management and leadership who may not understand all of the jargon and processes.

Venture Capitalist Ray Rothrock on WNPV’s AM Edition

WNPV’s AM Edition | March 1, 2019

RedSeal CEO Ray Rothrock joined Darryl Berger of Philadelphia’s WNPV for their morning drivetime program “AM Edition.” Ray discusses the evolving threats in cybersecurity, resilience in the physical and cyber world, and his book “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

We’re All Going to Get Hacked

Harvard Business School  | February 13, 2019

In November 2014, Sony Pictures suffered a massive, high-profile data breach, with hackers breaking in and stealing everything from confidential employee data to unreleased films. And not long after, on a Saturday morning, Ray Rothrock’s cell phone rings. Rothrock (MBA 1988) is the CEO of the cybersecurity firm Red Seal, and a higher-up at Sony was looking for his help. After the breach, he told Rothrock, the company essentially hit factory reset on their entire network. The phones were down. They were doing payroll by handwritten checks. They had burned it all down. And now they needed someone to help them rebuild it.

Digital Resilience: Book Review by Mark Gorenberg

Book Review  | January 14, 2019

Mark Gorenberg, Founder, Zetta Venture Partners 

Wow. What an amazing read. I was mesmerized by the details and easily way you explained the Target breach all the way through the list of recommendations.  Really great work.

Digital Resilience: Book Review by Diana Chapman Walsh

Book Review  | January 8, 2019

By Diana Chapman Walsh, 12th President of Wellesley College

Fascinating, compelling, a beautifully-written page turner that draws the reader in immediately. I learned a whole new vocabulary—new words to convey new concepts in paragraph after paragraph—introduced elegantly and seamlessly so as not to disrupt the flow of the intriguing story you were unfolding. Concepts like “preemptive mitigation of damage” to augment existing security measures aimed at preventing breaches, which are inevitable. And that because of the “frictionless vulnerability” that accompanies the much-desired ability to communicate without friction. The difference (in time and consequence) between infiltration of the network and “exfiltration” of the data. On and on like this.

A whole fascinating world that reads more like a John Grisham novel than a technical treatise. That’s my comment on the pleasure of reading it; masterfully crafted prose and structure. Beyond that, you make an iron-clad case that (1) cybersecurity is among the most important issues of our time and (2) the digital resilience you describe is indispensable and also possible if senior leadership will educate themselves, institute the changes you advocate, and pay attention. I loved your dark energy-dark matter analogy at the opening of Chapter 7.

Digital Resilience: Book Review by Azure Yu

By Azure Yu, Titans Briefs, The University of Texas at Austin McCombs School of Business

Summary:

Cyberattacks are inevitable and costly in today’s intensively connected world. Undergoing cyberattacks will be the norm rather than the exception for all kinds of organizations, and these attacks will usually have devastating consequences. To survive in this hostile environment, companies have implemented necessary security measures such as firewalls and anti-malware, but these measures are insufficient against the inherent risks of digital networks. Greater connectivity comes with more vulnerability. Rothrock points out that C-suites must use “digital resilience” as a whole-business strategy. Digital resilience allows companies to survive attacks, contain breaches, recover, and continue to operate while under attack. Lack of digital resilience can lead to severe consequences – the 2013 Target breach was an example.

The book describes digital resilience in detail. It covers the history of networks, the technical fundamentals, and the distributed nature of the current state. It paints a vivid picture of the inevitability of a successful attack, given that over a trillion Internet of Things (IoT) devices are connected to the network and each node creates vulnerability. It provides actions business leaders can take toward achieving digital resilience. Here are the eight steps listed in the book to build deep knowledge of your data and networks:

  1. Verifying that the device configurations comply with relevant regulation and industry best practices.
  2. Modeling the network by collecting configuration and operation data of the network devices as often as necessary and without burdening the network.
  3. Visualizing end-to-end access and path details to see intended and unintended access among all parts of the network.
  4. Measuring network resilience and managing it. Rothrock explains the resilience scoring in his RedSeal system in Chapter 6.
  5. Identifying hidden areas of the network to manage risks in those areas – the “scary parts” and unknown part of the network can be significant security risks.
  6. Prioritizing vulnerability patching to allocate resources to patch the most urgent network situation.
  7. Verifying network security policy. It is essential to know if security policies are implemented properly in order to measure the real resilience of a network.
  8. Prioritizing network change control. Businesses need the capability to assess the security impact of potential or proposed changes to the network.

Cyber Security Hub: How Digitally Resilient Is Your Company?

Cyber Security Hub | November 7, 2018

Unlike the game Whack-a-Mole, where the object is to clobber a mole as it pops its head out of a hole, cyber threats are becoming more targeted and harder to whack, said Ray Rothrock, CEO of RedSeal, and author of the book, Digital Resilience: Is Your Company Ready for the Next Cyber Threat? on Monday’s episode 55 of Task Force 7 Radio. Rothrock was the guest of host George Rettas, the president and CEO of Task Force 7 Radio and Task Force 7 Technologies.