Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

The Rising Threat of Offensive AI

Can we trust what we see, hear and are told?

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Cybersecurity As You Return to School


 With the COVID-19 pandemic forcing most undergraduate and postgraduate classes online, students face multiple challenges, not least of which is securing their work and study environment from increasing levels of cyber attack.

As we are all distracted by our isolation at home, many of us forced out of our comfort zone, and with few opportunities to share concerns with others, cyber criminals know they have weak and easy targets.

The following is a video recording of a panel discussion between various University College professors of cybersecurity at Denver University.


Ai Will Radically Change Healthcare Security


Artificial intelligence is becoming increasingly important in the defense of healthcare providers and patients, while the number and size of cyber attacks against the industry continues to rise to unprecedented levels. All this at a time when many of us are distracted by the current pandemic and in dire need of health services - perhaps now more than ever in our past, other than perhaps in times of kinetic military conflict.

Our outdated security tools and other controls simply cannot cope with sophisticated APTs - (advanced persistent threats) from pariah nation state military espionage units. Nor can it cope with a newly emboldened Eastern Mafia, where organized crime syndicates operate with impunity from behind the former Iron Curtain, seemingly immune from local law enforcement, prosecution, or deportation to the civilized world, where law and order still largely prevail.

Many of these attacks in fact, whether conducted by military officers or proxies, are nothing more than a form of cyber warfare in order to further the political and economic objectives of their host regimes. Destabilizing the more successful west has been an ambition of the USSR since the advent of the Cold War. Today cyber attacks and information warfare add a new dimension to achieve this lasting objective in the competition for global power. Indeed this cyber conflict has been carefully engineered to take advantage of the trickle technique, where on an ongoing trickle of seemingly innocuous minor attacks has been engineered to weaken the internals of other countries over time, careful not to cross a line in the sand that might cause a massive kinetic or other response from the nation being attacked. 

Mainland China's objectives appear to be similar to that of the Russian Federation in its goals of world domination, only less focused on fermenting internal division and more on obtuse power conflict and long term theft of any advantages other nations, including the Russian Federation may possess.

The fact it that as cyber defenders we need better tools to defend and protect against attackers and higher levels of automation since we are out-gunned and out-manned at least 5 to 1 attackers to defenders.

In my presentation below I talk about the rising tide of sophisticated well funded cyber adversaries, the advent of deepfakes, CEO Fraud or Business Email Compromise (BEC) as its also known, and how AI is making these scams even more convincing and difficult to detect. I talk about the need for us to develop and implement AI-based cyber defensive tools to inoculate our networks against attacks. I discuss the need to protect healthcare providers, staff and patients from attack that could result in patient harm or even death. Increased automation and machine intelligence will permit us to respond quickly and thoroughly, and to thwart attacks before patient safety and HIT system availability are impacted.

In healthcare, we need to up our game on the security front. We need to understand what we have connected to our healthcare networks and what risks they pose. We need better threat intelligence and we need better defensive tools to protect against attack. We also need to remove the need and delay for humans to intervene against attacks in process.

As healthcare continues to digitize for improved interoperability and efficiency, cybersecurity needs to be front and center in design considerations and budget allocation if more deaths are to be avoided. Watch my 30 minute presentation below for more on this subject.