Security In Five Podcast Weekly Roundup – 12/8/17

This week was a busy one on all fronts. I was heads down on an enterprise risk assessment for a client, top to bottom review to help them properly identify, score and help justify their priorities for 2018. With that and holiday preparation, birthday parties, keeping the podcast running and everything else it’s hectic. Good scheduling and time management can get anything done and I did.

This week I did an episode on the latest breach study report from IBM and Ponemon. I received good feedback from the cyber insurance industry not agreeing with the report and my episode. The feedback was that the cost per record cost of $140-$200 in a breach is not realized. Never gets that high and is not accurate. They gave me a reports from SANS that had very good points in it about cost per record numbers and calling out various reports including the Ponemon ones. The conclusion was that in the ‘mega breaches’ where tens of millions of records lost the cost per record drops to dollars to pennies per record. It also compared the breach costs to the mega breach company’s revenues.

All these industry reports are taken with a grain of salt. They are using selections of data sets to meet a conclusion. They are not accurate or inaccurate when they are talking about damage. By comparing the reports against one another actually will dilute the security purpose behind it. If you say the Ponemon report is inaccurate and instead of $200 it’s only going to be $5 a record if you get breached you raise the danger of a decision to lower the priority. “We can afford $5 per record cost if we get breached, it’s less than the cost and time to invest in advancing security.” You might get thinking going like that and that’s more dangerous.

My point is either way, whether it’s $5 or $150 per record all the reports leave out one major aspect. The damage to the individual who’s data was lost by the company. The responsibility to maintain protection for the people that are behind the data. There is no cost for that when they are put at risk for a company’s security failures.

One positive from this is there’s a conversation about it and that is always productive for both sides.

Here are the episodes from the week ending 12/8/17 –






Here are the episodes for next week –

Episode 129
LinkedIn InMail Phishing Shows Importance Of Two Factor Authentication
Dec. 11, 2017
Episode 130
OWASP Top 10 – A9 – Using Components With Known Vulnerabilities
Dec. 12, 2017
Episode 131
Major Breach Exposes Keyboard App Maker From Taking More Data Than You Think
Dec. 13, 2017
Episode 132
Top 10 Security Tips For Your Network – 7 – Protect External Network Access
Dec. 14, 2017
Episode 133
Tools, Tips and Tricks – Circle
Dec. 15, 2017

Be aware, be safe.

End of line.


Become a Patron!

Sign-Up: Free Security Training