Posts

Security in a Time of IoT

Industrial IoT News | May 15, 2019

By RedSeal CTO Dr. Mike Lloyd

The Internet of Things (IoT), made up of special-purpose devices designed to do a particular job well, presents a significant problem for security professionals. Several of their traditional approaches to security won’t work. Fortunately, it’s not all doom and gloom. We can use a three-step strategy for dealing with security and IoT.

First, we need to understand the nature of the IoT problem. Second, we need to invest effort in finding IoT endpoints and enumerating their weaknesses. And third, having found them, we need to look at them in the context of our own organization, our network, and our risk tolerance, so that we can clearly identify appropriate controls.

How Can Firms Avoid A Claims Showdown With Their Cyber Insurer?

Finance Derivative | May 8, 2019

By RedSeal CTO Dr. Mike Lloyd

How can you tell that cyber insurance is a hot topic today? When lawyers find the amounts of money involved worth fighting over. Major cases are emerging of serious disputes between multi-nationals and the companies they’ve taken out policies with to help mitigate their risk exposure. On the one hand, this is partly to be expected of such a nascent sector. Yet it may also be a sign of a deeper problem: a lack of visibility into which security controls and policies actually reduce risk and therefore need to be mandated as part of a policy.

I See A Milestone, Not Just Another Funding Round

I’m delighted with the deal RedSeal just announced with STG.  I’ve worked in several start-ups — from the earliest stage, when the whole company could share a single elevator, all the way through acquisition by huge global corporations. My favorite times are when we’re all actively engaged with customers and the company has a sense of purpose and momentum. This is one of those times.

My feeling that this is a rite of passage – like leaving college – is because we’re moving from the category “VC-backed startup” into “privately-held serious company.”  Startups are like children – energetic, exciting, and allowed to get away with things. We expect more of grownups, that they can move forward, create and meet goals. It’s challenging, but it’s also fundamentally empowering, and I’m proud to move on to this next stage.

We’ve also chosen a true partner in STG, and they have chosen us. I may be stretching an analogy, but I’m pleased to say that we’ve dated long enough to learn that we see eye to eye. We agree about the potential for growth and are excited about working together towards a common vision. RedSeal, now with STG’s support, will be able to grow, innovate and deliver digital resilience to more and more customers, while we all continue to enjoy what we do. Each day is better than the last.

Reality check: why brittle AI security is no match for a wily attacker…yet

SC Magazine UK | March 22, 2019

It’s 2019 and the world and his dog is shouting about the wonders of artificial intelligence (AI) in cyber security. Nearly three-quarters of organizations have implemented projects with at least some element of AI in them, according to one new piece of research. And over half of security professionals responding to another poll said such tools are “essential” to helping them detect attacks before they’ve had a chance to impact the organization.

On Norman Castles and the Internet

Dark Reading | March 15, 2019

By RedSeal CTO Dr. Mike Lloyd

When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?

I recently had the pleasure of attending the ninth annual Workshop on Internet Economics (WIE) at the University of California, San Diego. It might not seem a likely place to discuss English castles after the Norman Conquest, but that turned out to be a strong analogy for the security challenges of our modern Internet.

How AI cybersecurity thwarts attacks — and how hackers fight back

TechTarget  | February 19, 2019

As our digital lives get more automated, integrated and connected, the security risks increase as well; 2018 was full of hacks and privacy scandals, ranging from healthcare breaches to blunders by Facebook and Google.

Cybersecurity is more important than ever, and many experts are using AI to take that security to the next level. For CIOs, the critical questions are: How much security can AI provide, and what should the realistic expectations of AI cybersecurity be?

 

The next shift in cyber insurance that brokers need to track in 2019

Insurance Business America  | January 16, 2019

Ground-shaking earthquakes might topple buildings and displace communities, but they also bear some resemblance to the scale of cyber incidents witnessed in the past year that crippled networks and exposed consumer data, according to one cyber expert.

Zuckerberg: How He Can Get Facebook Back On Track

Forbes | December 15, 2018

“Facebook rose to success at a time when most people made clear how little they cared about privacy – we would post anything, and we enjoyed the freedom and the sense of connection,” said Dr. Mike Lloyd, who is the CTO of RedSeal. “Unfortunately, like a vine growing up a building, Facebook has spent years attaching itself to the way people used to behave.  Its business model depends on people remaining incautious, and insensitive to privacy issues. But people are changing as we encounter more of the downsides of social networks.  We are getting more suspicious and less trusting.”

Scanning for Flaws, Scoring for Security

Krebs on Security | December 2018

“You can, of course, establish some important things about the quality of a building from a photograph, but it’s no substitute for really being able to inspect it from the inside,” Dr. Mike Lloyd told Dark Reading regarding the Chamber/FICO announcement in October.

7 Common Breach Disclosure Mistakes

Dark Reading | December 7, 2018

When a breach happens, speed and clarity are vital, adds Mike Lloyd, CTO at RedSeal. Organizations that have fared badly after a breach have always been the entities that mishandled the disclosure, took too long to disclose, miscommunicated the details, or tried to cover up the issues, he says.

“There is always a surprise factor when you realize someone has broken in, but the better you know your own organization, the faster you can respond,” Lloyd says.