Entries by Jonathan Gossels

The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources

Our electric grid is comprised of generation facilities, high voltage transmission networks, substations, renewable point generation sources, and low voltage distribution networks. Protecting the electric grid from cyber-attacks is complicated by its enormous scale – upwards of 7,000 power plants, more than 150,000 miles of high voltage transmission lines, and more than 50,000 substations. Some […]

Some Basic but Effective Advice for Secure Online Transactions

Just about everybody shops online these days. Even so, many people worry about security issues and fraud.  I was recently asked if I could share some high-level tips and best practices for online transactions. Here is what I recommend: Try to consolidate all online purchases onto a single credit or debit card.  That way, you […]

Importance of Following IT Security Policies

Just as in the 1980s when manufacturing companies recognized that quality was an attribute that had to baked into every facet of an organization (from design, production, delivery, and through product lifecycle), not inspected in at the end of the process, effective cyber security depends on every employee playing a part in keeping the enterprise […]

Why it is Important for Companies to Invest in Cybersecurity Awareness Training

Technology is only as effective as the people that operate it. Cybersecurity awareness training is the most cost effective investment any organization can make in preventing data breaches, system compromise, reputational damage, and loss of intellectual property. No one is born knowing how to use computers and networks securely. There are basic dos and don’ts […]

How are Hackers Tricking Social Media Users?

One of the most popular exploitation methods used by hackers when targeting social media users is social engineering. Using confidence tricks, a hacker can manipulate his target into performing actions or disclosing confidential information. If pulled off successfully, a social engineering attack could result in a hacker gaining complete access to its target’s social media […]

Important Tip for Companies Looking to Protect Unstructured Data

Most companies are very good at protecting data that they know about and consider sensitive – they restrict access to the HR systems where compensation data is available.  They put access controls and monitoring procedures on systems that store critical intellectual property like formulas or key financial analytics. Typically, they have formal policies and associated […]

Reducing the Risks of Shadow IT

I was recently asked to comment on what businesses can do to reduce the security risks of Shadow IT. To read the full article click here and if you just want to read my comments – see below. Plain talk shadow IT exists when corporate IT is failing in a fundamental way. Weve seen currency […]

Kudos to Alex!

It is not in our nature to brag – and doing security work means that we can’t talk about our best achievements.  However, when one of our own accomplishes the impossible, I have to let people know. In 2014, Alex Chaveriat won the prestigious DEF CON Black Badge by coming in first place in the […]