Are we Secure?

By guest writer Gregory Pickett.  Greg is a sought after Defcon speaker and leads RJSL’s (www.RJSLgroup.com) internet / technology infrastructure security practice.  He can be reached at gpickett@RJSLgroup.com

DC GROUPS logo

This is the question that many of us should be asking about our business and it’s systems but unfortunately most of us don’t really know.  Sure, there are many among us who are told they are secure but how do they know.  In most cases, it is because someone told them that they were secure.  If they asked the web server guy, what would he say?  He would probably say, “Of course, we are secure.”  Same goes for the email server guy, and the guy who handles the network.  If not, you might be asking what having we been paying you for all these years.  But are you really secure just because they say you are secure?  I am sure that every business that was hacked also thought that they were secure the day before it happened just because someone said they were.  So the question remains the same.

If we are stuck in the position of only having been told that we are secure but we don’t really know, how do you move to that point?  This is where testing comes into play.  OK, but what kind of testing.  There are several types of testing such as security audits, and vulnerability scans but the real action happens with penetration testing.  This is when someone, under controlled circumstances, actually tries to defeat your defenses.  With penetration testing, you move from someone telling you are secure to knowing you are secure because someone has tried to hack your systems, just like the bad guys would.  Using the same tools, techniques, and methods as hackers, they evaluate your systems and tell you the avenues of attack.  With permission, they escalate and attempt to breach your protections and take control of your systems and your data.  Afterwards, they prepare a report, tell you how they got in or if they didn’t how they tried, how they did what we did, and how to remediate it so that it doesn’t happen again.

With penetration testing, you not only learn if someone could get in but also how they would do it and if your supporting infrastructure and teams could detect and handle it.  Is your monitoring sufficient?  Would it let you know something was going on?  Would your team know what do?  Could they remediate it properly and recover the systems involved in a timely manner?  All these sorts of questions and more can be addressed during a penetration test.

Keep in mind, security audits and vulnerability scans are still important and provide different types of benefits but there is no better way to know whether you really are secure or not than penetration testing.  It is not a guarantee that you won’t ever get hacked but it is the closest you can come one to knowing for sure where you really stand.   Ultimately though, the important question is answered.   Are we secure?  Yes, because someone actually tried.

Corporate Inversion…

AbbVie

AbbVie’s $55BN  bid for UK drug maker Shire was approved, providing yet another footnote in the history of corporate inversion by the US companies largely motivated by an opportunity to avoid US corporate taxes.  The combined firm will move to UK, saving upwards of $8BN in US corporate taxes by some estimates.  While such a move certainly rubs policy makers the wrong way, in reality isn’t this a perfect case study in the free market economy?  People / companies have moved across state-lines for better opportunities so why not across country-borders in today’s global economy?  Some compare this to individuals denouncing US citizenship to save on personal taxes – I think that’s a bad comparable.  The latter is unthinkable, outrageous (I am an ex-military after all).  Cry of jingoism will not solve the problem – only permanent solution is to change the US corporate tax laws so that we can be competitive, on the level playing field with the likes of Ireland, etc.  It’s been a couple of years since Chicago lost Aon to UK (well-respected board members resigned in protest).  We were bracing for the same after Walgreens / Boots (UK) merger.  Fortunately, Walgreens announced that they are here to stay.  Every accretion / dilution model has a black-box, designed to justify “positive synergy” that may or may not come to fruition.  I am just trying to imagine how to build one for inversion tax savings…

EBONY Wealth Challenge Wrap-up, Part 3

Continued…

  • Stock up – this is a tip that I am not really sure if I agree with but here it goes.  A few well-selected stocks can give your portfolio a nice boost.  Just make sure you do your research.  A legendary mutual fund manager Peter Lynch once said, “before buying a stock, do as much research as you would normally do before buying a refrigerator.”  I personally like to leave this task to professionals, e.g. buy funds vs. individual equities but researching before pulling the trigger still stands true.
  • Raise wealth builder – use technology (websites, apps) to encourage financial literacy with your kids.  Create family budgets, set savings goals and teach children how to earn money and save.  Good habits in fiduciary responsibility early on will go a long way.

These are 9 tips from the latest issue of the magazine.  Which ones are you going to follow?

EBONY Wealth Challenge Wrap-up, Part 2

Continued…

  • Develop a side hustle – explore a field related to what you already do for a living to develop supplemental cash flow, e.g. teacher giving private tutoring sessions.  Obvious downside – what you gain in discretionary income, you will lose in available free time.
  • Find extra money at home – in addition to selling unwanted furniture, clothes, etc. at one of many popular sites, take a hard look at various services you have including cable and cell phone.  Everything’s negotiable – give customer service a call and ask if there’s anything they can do to keep you as a customer.
  • Develop passive income – somewhat related to the first bullet above, this entails creating multiple revenue streams that’s truly passive, e.g. does not necessarily depend on your time such as owning a rental property.
  • Save for retirement – company pensions are gone with the dinosaurs and you should not rely on social security for retirement anymore.  Take advantage of 401K matching if available where you work.  While many personal finance experts advocate 20% savings of household income, I’d say save something every month regardless of how small.  We all have to start somewhere.

Another reason why Google is taking over the world…

Google

An equities analyst on CNBC a while back labeled Google as a “one trick pony.”  True… but that is one helluva trick (I’m talking about its search engine technology of course) that has fueled growth / innovation since its inception.  The latest – Google selected Alcon, division of Novartis, to be its partner in developing what’s dubbed Google Lens.  These smart contact lens are designed to monitor wearer’s glucose levels in tears to proactively manage diabetic conditions.  Data are transmitted through a radio antenna embedded in the lens, fraction of human hair thickness then presumably alerts the wearer to take certain precautions through various mobile devices.  Norvartis tried to invent such lens on its own but was not successful.  This is the stuff that you’d read in Ray Bradbury’s novels in the 80’s.  Truly amazing…

What is Bitcoin? (part II)

Continued…

  • What can I buy with bitcoins?  Almost anything…   While some mainstream retailers do not support the currency, many online retailers have embraced the concept.
  • Is it safe?  This is a million dollar question.  While its inherent volatility makes its future uncertain, many technologists much smarter than me are working on making it safer.  Meanwhile bad publicity around currency exchanges either getting hacked or shutting down is preventing the general public from jumping in head first.
  • Can Bitcoin boost my business?  Yet another million dollar question.  Let’s put it this way – if you accept it, you will get publicity.  Is that worth taking the risk?  Many would argue yes.

Draw your own conclusion.  Only time will tell if Bitcoin is a passing fad or here to stay.

What is Bitcoin? (part I)

Every semester, I take my students from Columbia College to Chicago Federal Bank’s Money Museum.  It’s a great experience for the students, and I also learn something new with every visit.  On our last visit, I pulled one of the PhDs aside (they all possess a doctorate degree in Economics) and asked, “what do you think about bitcoin?”  The presenter gave me a one sentence answer – it’s a safe haven for illicit traders.  Probably a little too harsh answer, so I did my own research.

  • What is bitcoin?  It’s a virtual currency created by an unknown Japanese programmer (only his pseudonym is known).  It’s not associated with any country or government, making it truly universal.
  • How does it work?  Every user has a “wallet” with a unique identifier.  While all transactions are recorded, user ID is kept anonymous (OK, so that supports illicit trade comment).
  • How  do I get bitcoins?  Various exchange sites / services let you buy and sell for cash.  You can also mine them (honestly I don’t get this concept).

To be continued…

Follow

Get every new post delivered to your Inbox.

Join 53 other followers

%d bloggers like this: