Entries by Paul Hill

What Happens After the Breach — Especially for SMBs

SMBs are the least likely to survive the costs associated with a breach that involves data that fall under the Payment Card Industry umbrella. There are several types of cost including those associated with reputation damage, the time and efforts required to repair the breach and return to normal operations, the time and expense of […]

Data Leak Prevention Tools: Biggest Mistakes Companies Make

I was recently asked to comment on mistakes companies make in purchasing and implementing data leak prevention tools (DLP). Although we have been talking about DLP for quite some time,  it continues to be a challenging issue for many companies. In my experience, the mistakes companies make fall into the following categories:  inadequate risk analysis prior […]

Anthem Breach Exposes Kids and Families

The Anthem breach continues to generate news. Just yesterday, NBC News reported that “millions of American children had their social security numbers, date of birth and health care ID numbers numbers stolen in the recent data breach at health insurance giant, Anthem Inc.” All this despite Anthem reporting that they doubled their investment in security […]

Common Errors SMBs Make When it Comes to Passwords

Passwords continue to be a key topic of conversation among small-business owners. While we have talked in recent blog posts about ways to make passwords stronger, I’d like to discuss some of the common errors SMBs make when it comes to the passwords they pick to protect their data. Small businesses are less likely to […]

Defending Big Data

SC Magazine’s Stephen Lawton recently interviewed me for the publication’s latest eBook Defending Big Data, looking at the big business of Big Data. During our conversation, I talked about how Big Data can create big problems for CISOs, because it is a major target for cyber criminals seeking to steal proprietary information, intellectual property and […]

Will security problems kill the cloud as we know it?

The cloud is here to stay. The industry continues to strive for understanding of the myriad of security concerns and develop methodologies for evaluating the risks. Existing, mature, security frameworks continue to provide a strong basis for evaluating the risk but there are a small number of additional issues that should be evaluated when performing […]