GoSecure Blog

Tom Bain


Recent Posts

Critical Infrastructure of Malware Security

In last week’s blog, we discussed why critical malware security infrastructure is a prime target. To recap, targeted malware attack to critical infrastructure will continue to occur solely based on the political and economic ramifications that ensue following the incident. Political, economic and financial drivers are all motivating factors behind attacks of this nature. 

Truth #3: No Organization – critical infrastructure providers included – can keep up with the onslaught of new malware attack and APTS. 

Read More

Topics: malware analysis, Critical Infrastructure, malware attack, malware security

Five Hard Truths About Critical Infrastructure Protection: Truth 2

Earlier this month, we introduced you to the beginning of a blog series based on impending security threats to our nation’s critical infrastructure establishments. This content has been developed into a list of “Truths” that will help critical infrastructure owners and stakeholders better protect themselves from escalating cyber threats. On January 15th we discussed the first truth, ““Air Gaps” Do Not Provide Infallible Protection Against Cyber Threats and APTS.” 

Truth #2: Critical Infrastructure is a prime target 

Read More

Topics: Critical Infrastructure

Five Hard Truths About Critical Infrastructure Cyber Security: Truth 1

According to research published on March 12, 2013 by James R. Clapper, the Director of National Intelligence, “We are in a major transformation because our critical infrastructures, economy, personal lives and even basic understanding of – and interaction with – the world are becoming more intertwined with digital technologies and the Internet. In some cases, the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” 

Once considered the unthinkable is now a reality; real-life cyber attacks on critical infrastructure have taken center stage in the past few years. Rapidly changing technologies, evolving cyber threats and advanced, targeted malware have catapulted cyber security of real-world infrastructure from an academic backwater to a top government and industry priority. From power plants to water treatment sites, from traffic control systems to financial systems – all critical infrastructure – that once thought invulnerable to targeted cyber attacks now lies squarely in the crosshairs of nation states as well as individual hackers. 

Read More

Topics: Critical Infrastructure

Don't Look Back in Anger: Make Security a Priority in 2015

It’s typical at this time of year to look back at the previous years’ data breaches and high-profile exploits, and say things got worse. However in 2014, things really did get worse from the standpoint of damage to some of the biggest organizations globally.

From the direct impact on enterprises to the direct impact on consumers in the wake of retail industry breaches. From the indirect impact on businesses like wasted time cycles, downtime and mis-allocated resources, to indirect overall impact felt by consumers - like NOT making purchases at specific retail stores or websites, or perhaps NOT investing money or doing business with financial organizations based on a security breach - we all felt the pain.

We've seen enormous swings financially, and in confidence of organizations, attributed to this year's attacks. But it’s not really just about the attacks. They are going to happen. I'd argue that its more about the nexus of forces around the way organizations and employees are computing, and the devices that are used (endpoints) for multiple purposes within the corporate network.

Read More

Topics: Cyber Security, data breach

“The Internet of Things” – Security Vulnerabilities Can Cause Bodily Harm?

We may have hit a ‘data breach fatigue’ saturation point across the market as of late, but there were a few other security vulnerability stories swirling this past week that seemed to deviate from the standard reports.

DHS is actually probing a number of medical device manufacturers to see if there are legitimate cybersecurity vulnerabilities in a number of pumps and implantable heart devices.

One thing that comes to mind with respect medical devices with internet connectivity, is that devices, like any other technology, have evolved. Medical devices are now programmable, configurable and are more advanced to accommodate so many patient conditions, complete with automation, data collection and storage requirements.

Read More

Topics: Cyber Security, endpoint security

When Zombies Attack - Hacker Halted and CISO Forum Wrap-up

It’s only so often that you can attend a conference with the dominant theme being the Zombie Apocalypse.

And no more fitting location than Atlanta, where it all started for the ‘Walking Dead.’ Yes, the walkers took Atlanta first and swarmed in an outward fashion from there to swarm the rest of the world for complete domination.

Read More

Topics: APT, cybersecurity, Tom Bain, Sentinel, endpoint security, CounterTack, cybersecurity research, Hacker Halted, CISO Forum 2014, Michael A. Davis, Zombies, EC Council, Hacker Halted 2014, CISO Forum

The First Federally-Funded Cybersecurity Center of Excellence

This news flew under the radar for the most part, and I neglected to pick this up in a timely fashion through my feeds. But MITRE announced that it was awareded $29M to start the first federall-funded cybersecurity of excellence of its kind. Reports also state that this initiative could receive over $5B over the next 25 years. 

Read More

Topics: Cyber Defense, Network Security, APT, cybersecurity, Tom Bain, endpoint security, CounterTack, Security Intelligence, cybersecurity research, cybersecurity R&D

Cyber Resiliency is a Message That Resonates

I've been attending the Inbound Conference, hosted by HubSpot this week, to brush up on a few things in my discipline (Marketing). Speakers present new Marketing strategies, and mainly inspiration for Marketers to find truly different ways to communicate to audiences. Every session focuses on specific tactics, like blogging or email or telling better stories.

Read More

Topics: Cyber Crime, Cyber Defense, Cyber Security, Cyber Attack, APT, cybersecurity, Tom Bain, Sentinel, endpoint security, CounterTack, threat detection, Zero-day Attack, Security Intelligence, Breach, Gartner Cool Vendor

Understand Malware Security Data Breach and prevent malware attack

Another day, another data breach. I'd like to offer two opinions with respect to breaches we read about regularly.

1) Its really not about the data with some data breaches - its about the money.

2) Why is it that so many organizations don't take a proactive, continuous stance in protecting their assets? You don't have to wait for a post-breach malware analysis forensics investigation to understand what went wrong. 

It was reported late yesterday that Community Health Systems experienced a data breach that impacted 4.5M customers across potentially 28 states. This malware attack is in fact interesting, given that the same malware attackers have been attributed to pilfering trade secrets within the healthcare industry in successfully executed hacks previously. It looks like by all accounts, the attackers used some targeted malware attacks to break into Community Health Systems to steal patient data and not exactly IP that ultimately may get sold to China.

Read More

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all