Blog
Prevalent-Blog-Logo

When most of us think of our vendors handling sensitive information, we tend to gravitate toward the obvious: the payroll processing company, our contracts law firm, our accounting firm with our financial data, or the patent law firm with all our intellectual property. Frankly, the company that builds and maintains the company website isn’t typically top of mind.

Ask the Australian Red Cross if they agree.

Read More

Prevalent-Blog-Logo

In a way, the Sony breach was really good for the cyber security community.  A watershed moment in the industry’s history, it began a transformation from infosec as a compliance requirement – a nuisance – to a legitimate enterprise need, right up there with sales and product development (well, not exactly, but you get the idea).  It prompted increased investment in infosec technologies (e.g. SIEM), and accelerated the development of new ones (e.g. UBA).

But, I’m afraid, it was not so good for the third party risk community.

“But Jeff.  That’s silly.  After Sony – and on the heels of Target especially – regulatory organizations and companies alike began to appreciate the importance of their vendors’ information security.”

My point exactly.

Read More

Prevalent-Blog-Logo

It’s a foundational principle of all football offensive coordinators:  if something is working, keep running it until the defense proves they can stop it.  Your top wide receiver is consistently beating the opponent’s rookie cornerback?  Keep throwing to him.  Your offensive line is opening holes that result in 7 yards a carry every play?  Keep running the football.  Unfortunately, cyber criminals have learned the same lesson.

A recent report from the Anti Phishing Working Group (APWG) noted a 61% quarter-over-quarter increase in phishing attacks from the first quarter to the second in 2016.  The number of attacks from January through March was 289,371, while the number grew to 466,065 in the following three months.

Why?

Because if you spot a weakness in your opponent, keep exploiting it until they show they can stop it.  Phishing is all the rage among the bad guys… because it works.

Read More

Prevalent-Blog-Logo

A quick quiz. What’s higher? 1) The percentage of Americans that correctly understand that the Earth revolves around the Sun, or 2) the percentage of organizations that admitted a phishing attack had penetrated their defenses in 2015. The winner? #2, by a comfortable margin.

In 2012, the National Science Foundation surveyed 2,200 Americans and asked them: “Does the Earth go around the Sun, or does the Sun go around the Earth?” 74% got it right.[1] {Insert your own American educational system joke here.}

In the spring of 2016, a Cloudmark-sponsored study surveyed 300 companies, all with more than 1,000 employees, and 84% admitted that a spear phishing attack had penetrated their security defenses in the last year.[2]

Read More

Prevalent-Blog-Logo

The wheel. Fire. Antibiotics. Indoor Plumbing. HBO Go. That’s how I’d rank history’s greatest inventions nowadays given my addiction – shared with my wife – to Game of Thrones. We’re working our way rapidly though the entire series, and the dialogue in a Season 4 episode caught my attention recently. In a conversation with his “adopted” niece, Davos Seaworth was asked if he was a pirate in his younger days. He replied that he’d not been a pirate, but rather a smuggler. When asked by the girl what the difference was, he replied, “Well, if you’re a smuggler, and you’re well-known, you’re not doing it right.”

Read More