Cybersecurity Weekly 3/6/15

Sign up for my newsletter to see interviews with the biggest names in cybersecurity.

Thanks so much for subscribing to my first-ever cybersecurity weekly newsletter! I read a lot about the space and thought that recording and summarizing my readings would be helpful both to my friends/colleagues who are interested in the space but also to me as a way to clarify and distill my thinking.

I really hope that these emails will provide value to you as I’m sure they will to me and I’d really appreciate any feedback that you have. Are these not the type of articles that you’re interested in? Would it be more helpful to cover more articles and include shorter summaries/comments on each one? Feel free to let me know.
Also, if you’d like to stop receiving these emails–just shoot me a note–no hard feelings!
– Box continues to strengthen its position as the secure, enterprise-grade, pure play file sync and share company. Subspace uses containerized browser technology to allow IT to manage user access to company data. Not completely clear whether this was a talent acquisition or if they plan to integrate the tech.​
– I strongly believe in Box’s targeting of specific industry verticals. Industries like healthcare and finance are highly regulated and if Box can tailor their products to the regulations and compliance requirements in those industries (beyond just HIPAA which Box has complied with for years) they have a strong pitch to enterprises in those spaces–especially over Dropbox who “does not currently have compliance with a range of standards, such as HIPAA, FERPA and SAS 70.”
– Have enterprises been forgiving (or forgotten) about Dropbox’s numerous security issues? Are they begrudgingly accepting the issues? Would love to hear from anyone with knowledge on the topic.
– The study found that “most of the industry has yet to build a solidified, concerted approach to cloud adoption and security remains a top barrier.”
– 100% of organizations that haven’t begun using the cloud, cite security as a reason.


– Wysopal agrees with certain federal cybersecurity initiatives recently proposed by Obama (30 day breach disclosure policy, Consumer Privacy Bill of Rights, Restricted sharing of data for children under a certain age), but strongly disagrees with other proposed laws claiming that they blur the lines of legality for security researchers.
– 25% of directors are not confident with their boards’ handling of cyber security.
– Cyber Risk was the 2nd most discussed item at board meetings (after operational risk) in the past 12 months.
– Are firewalls dead? Apparently not. The FireMon survey finds that 90 Percent of Practitioners Still View Firewalls as a “Strategic Security Pillar”
– See image below. The “most challenging” aspect of migrating to next-gen firewalls is that they impact operations. Seems like there’s an unmet need for a NGFW that is neither seen nor heard.
Screenshot 2015-03-05 22.53.52

Tim Ferris Interviews Marc Goodman, “Resident Futurist” at the FBI and author of Future Crimes

Highlights (paraphrased):
– “People see these events in the news–Home Depot was hacked, Target was hacked, etc–and they see all of these as distinct events. They’re not. They’re representative of a systemic problem…never has there been a computer system that cannot be hacked and that is especially troubling now that software has eaten the world.”
– “With the onset of the internet of things, we are going to be adding 50-200bn new computerized devices by 2020. The perimeter accessible by computers is now the size of a golf ball but by 2020 it will be the size of the sun.”
– McAfee estimates cybercrime as a $400bn/year business.”
– “Cybersecurity is an every man for himself type scenario. Law enforcement is a local solution to a global problem. They’re fundamentally mismatched with regards to cybercrime. We should have a national cyber security reserve core.”
– And a fun fact: Dread Pirate Roberts apparently made over $100mm for himself (on around $4bn of transaction volume) in the 30 months that the Silk Road was active.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s