Wednesday, August 6, 2014

When Will U.S. Cyber Alarms Match Its Cyber Threats?

by James McFarlin

Former Secretary of State Madeline Albright recently stated “the world is a mess.” And indeed it is. From Russia’s stoking of a war of insurrection in the Ukraine to the Israel-Hamas war to conflicts in Syria, Iraq and throughout much of the Middle East and North Africa, large swaths of the world are at war.

But it is instructive to place such events in perspective. In spite of the significant dangers they pose, these conflicts offer but a prelude to even the greater threat to America’s national security which emanate from the increasing worldwide proliferation of cyber weapons.

Why? Because these conflicts, no matter how loud, are still like distant thunder; in the world of cyberattacks ground zero is America’s critical infrastructures and ultimately, our way of life.

Wednesday, July 9, 2014

Why Cybersecurity Initiatives Fail

By James McFarlin

My July 1 post addressed the misdirection that ensues when an organization’s senior management awareness of cyber threats turns to anxiety, and that anxiety into fevered action.

Nothing will get a board of directors to the anxiety stage as quickly as seeing a high profile business face cyberattack-induced loss of competitive advantage, reputational damage, and financial consequences in the billions of dollars.

Therefore, preventing such anxiety-fed misdirection must take center stage as an organization forms its cybersecurity strategy.

What follows are three solid suggestions on how cybersecurity initiatives can be successfully formulated, as stated and practiced by the experts.

But I will warn you: There is a caveat, and it’s a big one, as you’ll see.

Wednesday, July 2, 2014

Are Corporate Boards Rushing into a Cybersecurity Void?

By James McFarlin


Don’t say they weren’t warned. The forecast in my September 7, 2013 article “Will 2013 Be the Year Cybersecurity Crashes the Party in the Boardroom?" predicted stormy cybersecurity seas ahead for corporate America.

A plague of inadequate cybersecurity strategies is now raining on board members across the land, thanks to the massive Target Stores 40-million credit card heist; the resulting blizzard of lawsuits and subsequent ousting of its CEO; and numerous similar cyber breaches on retailers. The circumstances are highlighted in the Wall Street Journal June 30th article, “Corporate Boards Race to Shore Up Cybersecurity.”

The forthcoming corporation reactions will inevitably risk plunging them into a vast cyberspace void, populated only by scarce technical resources, a mind-numbing array of software cyberattack “solutions,” and seemingly insurmountable executive vs. technical cultural and language barriers.

Here is what to watch for:

Friday, June 13, 2014

Cyberwarfare: A Predictable but Dangerous Future

By James D. McFarlin

Over the remainder of this decade, geopolitical and ideological forces will both govern the deployment of offensive cyber weapons and be shaped by the evolution and uses of such weapons.

There is no going back.

Wednesday, May 28, 2014

Why Isn’t Cyber Security Secure?

by James McFarlin

Target. Neiman Marcus. eBay. The New York Times. The U.S. Navy. The Federal Reserve. The list of organizations falling victim to cyber attacks recently continues to grow, with the number of reported security incidents rising from 2,989 in 2012 to 3,741 in 2013.

The severity is increasing, too, with the loss of customer information in some attacks reaching astronomical levels: 110 million accounts from Target, while eBay compromised up to 145 million customer records.

According to Forbes, the average losses per incident are also climbing at a rate of 23% year-over-year, with incident losses exceeding $10 million per occurrence. This is up 75% from just two years ago.

Due to a combination of factors, including timing, carefully selected targets, and increasing sophistication, attacks are becoming more successful, not less. These increases exist in spite of major increases in cyber security spending.

Wednesday, May 14, 2014

America on the Brink

By James McFarlin

America’s economic and national security in this digital age are centered much less around our ability to deploy advanced cyber weaponry - which it does well - than on how the United States positions itself and conducts its affairs geopolitically.

Why? Read on.

Wednesday, April 30, 2014

Giving Up the Beachhead: U.S. Cyber Defenses in Retreat

by Jim McFarlin


Data released from US-CERT shows that reported cyberattacks have increased tenfold since 2006. Combined with the rapid-fire advancements in attack methods, it’s clear that preventing breaches is becoming increasingly more difficult rather than easier.

Many organizations are thus shifting their attention and resources to mitigation - limiting and stopping attacks in progress - and to business continuity and recovery.

A recently released study by accounting firm EY entitled “Global Information Security Survey 2013” documented this change of cybersecurity focus. The report found that 51% of corporate executives surveyed had set their 2014 information security priorities in business continuity and disaster recovery, eclipsing their focus of 13% on information security risk management.

In other words, if the beach cannot be held, retreat to the next line of defense.