Tag Archive for: Digital Resilience

Resilient regulation can help end the tech-consumer stalemate

The Hill | October 21, 2018

By Ray Rothrock, RedSeal CEO

The reason for the absence of meaningful dialogue and meaningful movement is that the two sides persist in choosing the wrong adjectives. They argue over preemptive federal legislation versus state legislation. They fight over tough legislation versus soft legislation.

What they should do is discard all of these modifiers and instead embrace, together, just one type of legislation: resilientWe need privacy regulation that promotes the resilience of data privacy and security. And we need it whether we run Google and Facebook or use Google and Facebook.

FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sector

Dark Reading | October 16, 2018

Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.

A score “taken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street,” says Mike Lloyd, CTO of RedSeal. “You can, of course, establish some important things about the quality of a building from a photograph, but it’s no substitute for really being able to inspect it from the inside.”

DriveScale TechNow Podcast with Ray Rothrock

DriveScale TechNow Podcast | October 3, 2018

With Ray Rothrock, RedSeal CEO

In this edition of TechNow with Tom Lyon, Tom talks to Ray Rothrock, venture capitalist, nuclear engineer, cyber security expert, and current CEO of RedSeal, a firm that helps organizations quantify their digital resilience.

Cybersecurity: Duck and Cover or Stand Up and Do Business?

CEOWORLD | October 1, 2018

By Ray Rothrock, RedSeal CEO

Cybersecurity isn’t working today.  In 2016, the Ponemon Institute reported that each of the 383 companies it surveyed had a “26 percent probability of a material data breach involving ten thousand lost or stolen records” within the “next twenty-four months.” Take this beyond two years—say to the projected life of your business—and you must accept the certainty of data breach. If cybersecurity were working, that certainty would not exist.

What has gone wrong with cybersecurity?

The exponential development of digital technology has left it in the cyber dust.

How do we build digitally resilient organizations?

CSO Online | September 4, 2018

So, what does a digitally resistant organization look like? In a recent column, Ray Rothrock, a CEO who has written a book on Digital Resilience, says: “Instead of cowering behind a wall and hoping for the best, those who lead digitally resilient businesses ensure that they know the strengths, weaknesses, gaps and vulnerabilities of their networks.”

Five Tips For Building Digital Resilience Into Your Business Plan

Chief Executive | September 3, 2018

By Ray Rothrock, RedSeal CEO

The security advisory firm Herjavec Group reports that cybercrime damages are set to cost businesses $6 trillion annually by 2021, with cybersecurity spending topping $1 trillion from 2017 to 2021. A trillion here, a trillion there … pretty soon you’re talking real money — more than enough to acknowledge that managing an organization’s cyber risk has truly become a CEO and Board-level responsibility.

It is essential today that enterprises build digital resilience into their business plans—and do so deep and wide.

Tip #1: Understand the difference between digital security and digital resilience.

Sarder TV with Ray Rothrock

Sarder TV | August 24, 2018

With Ray Rothrock, RedSeal CEO

Ray Rothrock is a venture capitalist and former partner at Venrock, he has invested primarily in the industries of infosecurity and energy. Rothrock is currently the CEO of RedSeal Inc. and serves on the board of directors of several other companies, as well as the board for the Northern California chapter of NACD.

We sit down for a full video interview to discuss cyber attacks, their impact on business and his journey to success.

Which is more valuable – your security or a cup of coffee?

The drumbeat of media coverage of new breaches continues, but it’s useful sometimes to look back at where we’ve been.  Each scary report of so many millions of records lost can be overwhelming.  It certainly shows that our network defenses are weak, and that attackers are very effective.  This is why digital resilience is key – perfect protection is not possible.  But each breach takes a long time to triage, to investigate, and ultimately to clean up; a lot of this work happens outside the media spotlight, but adds a lot to our sense of what breaches really cost.

Today’s news includes a settlement figure from the Anthem breach from back in 2015 – a final figure of $115 million.  But is that a lot or a little?  If you had to pay it yourself, it’s a lot, but if you’re the CFO of Anthem, now how does that look?  It’s hard to take in figures like these.  So one useful way to look at it is how much that represents per person affected.

Anthem lost 79 million records, and the settlement total is $115 million.  This means the legally required payout comes out just a little over a dollar per person – $1.46 to be exact.

That may not sound like a lot.  If someone stole your data, would you estimate your loss to be a bit less than a plain black coffee at Starbucks?

Of course, this figure is only addressing one part of the costs that Anthem faced – it doesn’t include their investigation costs, reputation damage, or anything along those lines.  It only represents the considered opinion of the court on a reasonable settlement of something over 100 separate lawsuits.

We can also look at this over time, or over major news-worthy breaches.  Interestingly, it turns out that the value of your data is going up, and may soon exceed the price of a cup of joe.  Home Depot lost 52 million records, and paid over $27 million, at a rate of 52 cents per person.  Before that, Target suffered a major breach, and paid out $41 million (over multiple judgements) to around 110 million people, or about 37 cents each.  In a graph, that looks like this:

Which is more valuable – your security or a cup of coffee?

 

Note the escalating price per affected customer. This is pretty startling, as a message to the CFO.  Take your number of customers, multiply by $1.50, and see how that looks.  Reasonably, we can expect the $1.50 to go up.  Imagine having to buy a Grande Latte for every one of your customers, or patients that you keep records on, or marketing contacts that you track.  The price tag goes up fast!

Millions of businesses vulnerable to fax-based cyber attack

ComputerWeekly | August 13, 2018

Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks in millions of organisations around the world, researchers warn, underlining the need for cyber resilience.

Ray Rothrock, chairman and CEO of security analytics firm RedSeal, said the Check Point research underlines the need for organisations to focus on resilience.

“We recommend that companies validate their segmentation policies and make sure there’s very limited access to their most valuable assets,” he said. “This isn’t a one-and-done exercise. Companies must remain vigilant, constantly monitoring all possible pathways within and between their network environments so they can quickly isolate a compromised device.

Security Lessons From Crazy-Busy Airports

Forbes | July 9, 2018

By Dr. Mike Lloyd, RedSeal CTO

I found myself in London Heathrow recently with a few hours to kill. I’d heard about a big political brouhaha rumbling along about adding a third runway, but there are lots of competing pressures — from the economic to the environmental and everything in between. So I decided to spend my down time looking into that. Just how badly does Heathrow need another runway?

After reading a good piece in Wired, this amateur pilot found the statistics intense: Heathrow functions at almost 99% capacity, essentially packing in as many people as the airport can take, with a landing or takeoff taking place every 45 seconds. Forty-five seconds might sound like there’s still some room for error, but from my point of view, it’s far from it. I’m not allowed to land the small planes I fly for three minutes after a big jet takes off or lands due to the dangerous turbulence they leave in their wake. If I wanted to land at Heathrow, it would have to make a huge gap, canceling landing clearances for at least three big jets. That would inconvenience many hundreds of people. What’s worse, at these use levels, the ripple effects could last all day.

As a security professional, I found a behind-the-scenes aspect of the story most interesting — specifically, the approach taken to ensure resilience.