The Information Security Program at Banks and Credit Unions is getting to be a pretty complex thing. Policies, audits, reviews, board reports, meeting minutes, monitoring, business continuity, and...

[caption id="attachment_683" align="alignnone" width="1344"] I have some colleagues who disagree with this approach, but I’ve seen far too many of my clients attempting to implement some...

An article on CSO Online this week caught my attention and raises an excellent question. That being, "what is a good success rate in your phishing test campaigns?" I had this exact discussion with an...

Banks are facing a dilemma in using SMS messages to help authenticate their customers. On one hand, fraudsters are targeting such systems more. On the other, it is a method customers are accustomed...

Digital key in pixeled keyhole, 3d render A good friend of mine and cybersecurity professional, Cindy vanBree, recently wrote an article on the Korn Ferry case involving unauthorized access by a...

Interesting article by Brian Krebs: One basic tenet of computer security is this: If you can’t vouch for a networked thing’s physical security, you cannot also vouch for its cybersecurity. That’s...

An article that I stumbled upon a few weeks back has me wondering just that... Do boards of directors at financial institutions need a cybersecurity expert? The article on Harvard Business Review is...

I'm honored to be quoted in "Final Analysis" section of Kevin Townsend's article this week at SecurityWeek.com, especially with the level of quality of other CISOs quoted as well. Good read on...

There's been some buzz about various strains of ransomware evolving to selectively target backup data as well as the primary source in an effort to improve the success rate of the attack. Of course,...

Benjamin Franklin is quoted as saying “If you fail to plan, you are planning to fail.” And that old quote couldn’t be more applicable to bank board succession planning, especially nowadays when the...