Red Lambda Blog

Posted In:
Red Lambda Network Security cyberinsurance data in motion cyberthreat detection threat detection technology Cybersecurity insurance APTs

The Best Cybersecurity Insurance is Better Technology

Posted on March 21, 2016 by Bahram Yusefzadeh, Chairman

Today, there are many insurance options available for protecting organizations and their top executives against litigation. These include director and officer (D&O) insurance, errors and omissions (E&O) insurance which is sometimes called professional liability or malpractice insurance, and employment practices liability insurance (EPLI).  Newer on the scene is cybersecurity insurance.  When you add this to the mix, the confusion mounts.  With all its complexities and the evolving risk, cyber insurance makes it even harder to understand what is covered and who is protected in the event of a breach.

 

One thing we do know is that the risk to your company’s directors and officers is very real. If you hold such a position, the threat of cybersecurity has no doubt made your position more vulnerable to personal exposure than ever before.  Today, top executives can be held personally liable based on what they did or didn’t do to prevent or respond to the cyberattack, and suits can be filed by employees, shareholders, customers and even third parties.

Read More

Posted In:
Red Lambda RSA Conference 2016 Morgan Stanley RSA dinner data in motion cyberthreat detection RSA cyber threat detection APTs Amit Yoran keynote RSA cybersecurity technology

My Takeaway from RSA 2016—It’s Still About the Technology

Posted on March 14, 2016 by Iain Kerr, CEO

I’m back from the massive RSA Conference which is lauded as the largest annual gathering of security industry professionals.  And I believe it.  Attendance was said to be nearly 35,000.  Throughout the event, a great deal of discussion was centered around the situation involving Apple, the FBI and encryption, including a keynote address from U.S. Attorney General Loretta Lynch.  The agenda featured presentations from both the private sector and government organizations in the US and abroad, with topics ranging from identity governance, to insider threats, to investment activity in cybersecurity companies, analytics and more. It’s always an exciting, informative event, and one that is very productive for us at Red Lambda, as it provides an ideal forum to speak with other industry professionals, investors, government officials and others with a vested interest in solving today’s cybersecurity challenges.

That said, I left feeling as though I had experienced a sense of déjà vu, since many of the same issues at the forefront in 2015 were front and center this year as well.  

Read More

Posted In:
IT Security Red Lambda Network Security unknown unknowns ransomware APTs

“Pay Up or Shut Down” Is Not Your Only Option Against Ransomware Attacks

Posted on March 07, 2016 by Iain Kerr, CEO

Hollywood Presbyterian Medical Center in LA recently paid $17,000 to cyber-criminals who launched a targeted ransomware attack crippling the data infrastructure of the hospital.  The thieves restored the system after the hospital felt it had no choice but to pony up the bounty demanded by the blackmailers—even though it claimed that the disruption hadn’t compromised patient care “in any way.”  In a sense, the hospital got off easy: the attackers had originally demanded $3.7 million to facilitate decryption of the locked data.

Read More

Posted In:
IT Security encryption, Apple, FBI

The Apple-FBI Battle Over Encryption

Posted on February 22, 2016 by Iain Kerr, CEO

We all recognize that we are not living in a “normal” world anymore.  It’s therefore quite understandable that for many, the immediate gut reaction to the current Apple-FBI standoff is to be outraged that Apple is challenging the court order demanding that they hack into the phone used by one of the terrorists in the San Bernardino attack so officials to look for additional intelligence.  It seems logical in a post 9/11 world that we would want to do everything in our power to protect US citizens and our homeland from terrorist attacks.  Why wouldn’t we want to give the government the ability to see what is contained in that cell phone? Why wouldn’t we want to potentially uncover intelligence that could prevent another attack and save dozens, even hundreds or thousands of lives?

 

 The answer is, because it sets an extraordinarily dangerous precedent.

 

Read More

Posted In:
IT Security Advanced Persistent Threats

Do We Know Which 2016 Presidential Candidate Has the Right Cybersecurity Plan?

Posted on January 26, 2016 by Bahram Yusefzadeh, Chairman

While it may not be widely known (probably because most people don’t take it seriously), the founder of the iconic anti-virus brand, John McAfee announced his candidacy for president late last year, deciding first to run as an independent before deciding to become a  Libertarian candidate running on a cybersecurity platform.  According to McAfee, he did it to "disrupt the political status quo" and warn of the "dangerously ignored issue of cybersecurity."

 

Read More