Derrick Coston, Cyber Security Professional

Are we really keeping up with the latest threats. Bradley Barth’s state it elearly:  The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report ( 2018 Internet Crime Report) . I enjoy how we check the boxes regarding cyber security awareness.   When you read the report its clear that we are not doing a good job helping others understand the cybersecurity security landscape.  Month after month, we see what’s happening, but until it hits home, I guess we now immune to the threats.  I wonder for those who have had a breach what they thought about the threat landscape before they were attacked?  Enjoy the report.  It really says alot.  Combine it with other reports and its obvious that we are all missing the mark.  Whats the solution? source https://derrick-coston.com/20...

Organizations are still not taking the threat of third party vendor compliance serious.  Many organizations brush off third party risk and put up a facade regarding how they are truly assessing third party risk.  I bet if more organizations were honest or participate in the study, the results will be more alarming. ESentire published an article entitled “ How to Guard against Third-Party Risk to the nth Degree “, which shows how  Spiceworks surveyed 600 IT and security decision-makers across a mix of industries and company sizes and identified how serious as well as the challenges facing organizations regarding third party risk.  Add this to the lack of doing proper internal cyber security risk management, and you can see it now if, but when we will see another major cyber security breach. source https://derrick-coston.com/2019/04/16/derrick-coston-cisa-cissp-gisa/

This is one of the first analysis I have seen regarding the 2018 Cyber Security Breaches.  BakerHostetler’s Security Incident Response Report, is a step in the right direction as we look differently at how we improve our cyber security going forward.  I am sure more analysis are coming. However,  Help Net Security identified that a lack of understanding of the need for business and technology resilience among other leaders across an organization was identified as a key factor in pressuring CIOs and CISOs to make compromises in their efforts to maintain resilience against disruption. This article shows the ongoing struggle CIO and CISO, face when determining how to balance business needs against Cyber security requirements. The saga continues. source https://derrick-coston.com/2019/04/09/derrick-coston-cisa-cissp-giac-6/