Articles by Ed Moyle

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations -- and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to the operational controls they put in place, and potentially numerous other things about their security programs. ...

It's a truism that just like organizations adapt, so too do criminals. For example, anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient...

Those who follow security news may have noticed a disturbing trend. Late last year, we learned that Uber paid attackers US$100,000 to keep under wraps their stealth of the personal information of 50 million Uber riders. More recently, we learned that Hancock Health paid approximately $55,000 in bitcoin to bring hospital systems back online. Whi...

If you've been keeping up with the news, you've probably noticed a few recent reports about companies that may have been a little less than candid about security issues. For example, we recently learned that Uber experienced a breach in 2016. As we've also learned from subsequent press reports, the company may have paid the attacker to remain silent about that breach instead of acknowledging it publicly and openly. ...

In the security world, there is a truism that defense (protecting systems) is harder than offense (breaking into systems) because it's an asymmetric playing field. The bad guys need only find one path into an environment -- one place where everything hasn't been done exactly "just so" and perfectly -- while those charged with securing that environment need to protect against intrusions everywhere they have a technology footprint. ...

There are times when it seems like technology can work almost too well. Now, if working too well sounds to you like an impossibility -- along the lines of being too rich or too good looking -- reflect that there's more to a technology than end-user experience. In addition to the experience of using the technology, there are other considerations t...

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally. For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecu...

By this point, most technology practitioners -- and nearly all security practitioners -- know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing "lessons learned" about it, and otherwise laying out suggestions -- in some cases, contradictory -- about what you might do differently in the future. To the security practitioner, the level of unsolicited advice (frankly) borders on the annoying. ...

If you've ever spent time in a desert, it may seem inconceivable to you that creatures actually can live there. The fact that animals not only survive, but also thrive in those conditions seems counterintuitive. In fact, a number of animals do so -- in many cases, they are aided by an array of specialized adaptations that allow them to leverage the environment to their advantage. ...

It may not be apparent to all observers, but information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex a...

There's a folk-story that all Japanese schoolchildren learn about a man called "Gohei Hamaguchi" (sometimes called just "grandfather") who saves his village. In brief, there's an old man who lives in a village by the sea, and one day, an earthquake hits. He's the only person in the village to realize that a tsunami will soon follow. He hurries t...

There is an ancient Chinese proverb about a farmer who loses his horse. For those who haven't heard it, the story goes like this: There's an old farmer who lives with his son close to the borderlands. One day, his horse runs away. His neighbors come to console him, but he only says, "how do you know it isn't fortunate?" A few months later, his ...

Have you ever heard of the Cullinan diamond? If you haven't, it was the largest diamond ever discovered: a 3106 carat diamond found in 1905 in South Africa. What's interesting about the Cullinan diamond (at least to me) isn't so much the discovery of the stone itself but what happened afterward: specifically, the cutting of the diamond. The Cul...

Have you ever heard the term "The Forbidden Experiment"? If you're not familiar with it, it's a concept originating in the behavioral sciences relating to challenges in understanding human language development. Specifically, the "experiment" in question refers to actually testing empirically what would happen if a child were raised without language -- i.e., if someone deliberately interfered with normal language development as a vehicle to learn how language development works and how a person might be different without it. ...

This story was originally published on Nov. 15, 2013, and is brought to you today as part of our Best of ECT News series. The Internet of Things has been receiving quite a bit of attention. Definitions vary, but at its core the concept is a simple one: Extend computing and data-processing capability to the physical world around us. The earliest m...

By now, if you're an IT professional and you're in an organization that has the Payment Card Industry Data Security Standard in your scope -- that is, you store, process or transmit credit card data -- you probably already know that an update to the standard, Version 3.0, was released late last year. With this update come a few changes to the te...

As most security and compliance pros already know, PCI 3.0 is now officially out The specific changes it includes have already been covered in quite a bit of detail elsewhere in the industry press, so I won't cover them all again here. However, one area that is often less discussed is how to use these changes to your advantage -- specifically, stra...

The Internet of Things has been receiving quite a bit of attention. Definitions vary, but at its core the concept is a simple one: Extend computing and data-processing capability to the physical world around us. The earliest manifestations of this are starting to be seen already in the growth of smart devices: televisions, automobiles, appliances, electric meters, etc.

As the prolific trend of adoption would suggest, the case for cloud is compelling from both a business and technology perspective. There are a number of reasons for this, but one of the more compelling reasons from a technologist's point of view has to do with the ability to abstract lower levels of the application stack. Specifically, depending...

It seems cloud has gone from "emerging" to "entrenched" faster than any technology in recent memory -- and much of cloud adoption is of the Software as a Service variety. For example, 71 percent of the organizations that responded to a 2012 Gartner survey had been using SaaS for less than three years, highlighting just how quickly enterprises were adopting. ...