Posts

How to better manage your brain and your business

Acuity Magazine | March 26, 2019

Today’s digital networks are no longer an adjunct to business, they have become the substance of it. If you are not ensuring your company is prepared for a cyber threat you could be in for some nasty surprises.

Ray Rothrock is one of America’s leading cybersecurity experts and warns that if your business is connected to the internet, it’s at risk. Cybersecurity must be seen as an integral part of an organisation – not a reluctant expense instigated by the IT department.

Top 10 Must-Read Books on Information Security in 2019

Sensors Tech Forum | March 27, 2019

8. Digital Resilience: Is Your Company Ready for the Next Cyber Threat?

This is one of the most current works on cyber threats, written in 2018, and only recently published. The author is currently the CEO of RedSeal, a cybersecurity consulting company.

The great thing about this book is that it is quite non-technical. It is really written for non-techie management and leadership who may not understand all of the jargon and processes.

Venture Capitalist Ray Rothrock on WNPV’s AM Edition

WNPV’s AM Edition | March 1, 2019

RedSeal CEO Ray Rothrock joined Darryl Berger of Philadelphia’s WNPV for their morning drivetime program “AM Edition.” Ray discusses the evolving threats in cybersecurity, resilience in the physical and cyber world, and his book “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

We’re All Going to Get Hacked

Harvard Business School  | February 13, 2019

In November 2014, Sony Pictures suffered a massive, high-profile data breach, with hackers breaking in and stealing everything from confidential employee data to unreleased films. And not long after, on a Saturday morning, Ray Rothrock’s cell phone rings. Rothrock (MBA 1988) is the CEO of the cybersecurity firm Red Seal, and a higher-up at Sony was looking for his help. After the breach, he told Rothrock, the company essentially hit factory reset on their entire network. The phones were down. They were doing payroll by handwritten checks. They had burned it all down. And now they needed someone to help them rebuild it.

Digital Resilience: Book Review by Mark Gorenberg

Book Review  | January 14, 2019

Mark Gorenberg, Founder, Zetta Venture Partners 

Wow. What an amazing read. I was mesmerized by the details and easily way you explained the Target breach all the way through the list of recommendations.  Really great work.

Digital Resilience: Book Review by Diana Chapman Walsh

Book Review  | January 8, 2019

By Diana Chapman Walsh, 12th President of Wellesley College

Fascinating, compelling, a beautifully-written page turner that draws the reader in immediately. I learned a whole new vocabulary—new words to convey new concepts in paragraph after paragraph—introduced elegantly and seamlessly so as not to disrupt the flow of the intriguing story you were unfolding. Concepts like “preemptive mitigation of damage” to augment existing security measures aimed at preventing breaches, which are inevitable. And that because of the “frictionless vulnerability” that accompanies the much-desired ability to communicate without friction. The difference (in time and consequence) between infiltration of the network and “exfiltration” of the data. On and on like this.

A whole fascinating world that reads more like a John Grisham novel than a technical treatise. That’s my comment on the pleasure of reading it; masterfully crafted prose and structure. Beyond that, you make an iron-clad case that (1) cybersecurity is among the most important issues of our time and (2) the digital resilience you describe is indispensable and also possible if senior leadership will educate themselves, institute the changes you advocate, and pay attention. I loved your dark energy-dark matter analogy at the opening of Chapter 7.

Digital Resilience: Book Review by Azure Yu

By Azure Yu, Titans Briefs, The University of Texas at Austin McCombs School of Business

Summary:

Cyberattacks are inevitable and costly in today’s intensively connected world. Undergoing cyberattacks will be the norm rather than the exception for all kinds of organizations, and these attacks will usually have devastating consequences. To survive in this hostile environment, companies have implemented necessary security measures such as firewalls and anti-malware, but these measures are insufficient against the inherent risks of digital networks. Greater connectivity comes with more vulnerability. Rothrock points out that C-suites must use “digital resilience” as a whole-business strategy. Digital resilience allows companies to survive attacks, contain breaches, recover, and continue to operate while under attack. Lack of digital resilience can lead to severe consequences – the 2013 Target breach was an example.

The book describes digital resilience in detail. It covers the history of networks, the technical fundamentals, and the distributed nature of the current state. It paints a vivid picture of the inevitability of a successful attack, given that over a trillion Internet of Things (IoT) devices are connected to the network and each node creates vulnerability. It provides actions business leaders can take toward achieving digital resilience. Here are the eight steps listed in the book to build deep knowledge of your data and networks:

  1. Verifying that the device configurations comply with relevant regulation and industry best practices.
  2. Modeling the network by collecting configuration and operation data of the network devices as often as necessary and without burdening the network.
  3. Visualizing end-to-end access and path details to see intended and unintended access among all parts of the network.
  4. Measuring network resilience and managing it. Rothrock explains the resilience scoring in his RedSeal system in Chapter 6.
  5. Identifying hidden areas of the network to manage risks in those areas – the “scary parts” and unknown part of the network can be significant security risks.
  6. Prioritizing vulnerability patching to allocate resources to patch the most urgent network situation.
  7. Verifying network security policy. It is essential to know if security policies are implemented properly in order to measure the real resilience of a network.
  8. Prioritizing network change control. Businesses need the capability to assess the security impact of potential or proposed changes to the network.

Cyber Security Hub: How Digitally Resilient Is Your Company?

Cyber Security Hub | November 7, 2018

Unlike the game Whack-a-Mole, where the object is to clobber a mole as it pops its head out of a hole, cyber threats are becoming more targeted and harder to whack, said Ray Rothrock, CEO of RedSeal, and author of the book, Digital Resilience: Is Your Company Ready for the Next Cyber Threat? on Monday’s episode 55 of Task Force 7 Radio. Rothrock was the guest of host George Rettas, the president and CEO of Task Force 7 Radio and Task Force 7 Technologies.

Podcast: Why Digital Resilience Is The Answer

Taskforce 7 Radio | November 5, 2018

With Ray Rothrock, Chief Executive Officer

Ray Rothrock, the CEO of Redseal and Board Member of cyber security incubator Team 8 appears on Episode #55 of Task Force 7 Radio to talk about his new book, “Digital Resilience – Is Your Company Ready for the Next Cyber Threat” and why Digital Resilience is the only way to win the Cyber Security battle we are all engaged in on a daily basis.

Resilient regulation can help end the tech-consumer stalemate

The Hill | October 21, 2018

By Ray Rothrock, RedSeal CEO

The reason for the absence of meaningful dialogue and meaningful movement is that the two sides persist in choosing the wrong adjectives. They argue over preemptive federal legislation versus state legislation. They fight over tough legislation versus soft legislation.

What they should do is discard all of these modifiers and instead embrace, together, just one type of legislation: resilientWe need privacy regulation that promotes the resilience of data privacy and security. And we need it whether we run Google and Facebook or use Google and Facebook.