Business Management

We Have All Heard This Story Before It’s no doubt that ransomware is is the biggest threat in the modern cybersecurity landscape. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation. Blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020. Defenders have all been hearing this story for years, and know how to secure against ransomware right? The most common initial access vector is phishing so staff training sessions educating our staff on how to spot a deceptive url is required to keep the bad guys out. Installing endpoint security products and keeping them updated, and of course keep bulletproof backups right? Well, yes and no….

Read more

Let’s talk about a critical intersection in the world of security; the combination of physical security and brand reputation. On January 9th 2022, a woman was killed while pumping gas when a 65 year old man backed up his SUV into the gas pump. The pump exploded into flames. The woman who was standing beside it was burned to death. This is a horrific and tragic situation that should never have happened. The gas station should have installed bollards to protect the physical pumps from being hit by a car. There should be a federal law that all gas pumps are required to have bollards protecting them. However, there is no such law and so instead, when loss of life happens from such a preventable incident we are left to ask whether the franchise owner is partially responsible.  Many will rightfully criticize the owner and the brand for allowing such…

Read more

When Best Practices Are Infeasible

Cloud Security

IT Security Best Practices are processes and configurations outlined by industry leading standards organizations such as SANS, NIST, and OWASP amongst others. Some examples of best-practices include: keeping software and systems updated, uninstalling all but required applications and services, segmenting critical network resources, and configuring host and network firewalls to first block all traffic, then allow only required traffic by IP and protocol. But are best practices always feasible for an organization? To some, this may seem like a ridiculous question. Most CISO’s would likely rather consider the question the other way around: “Is not having best practices feasible?”, since their jobs depend on the performance of security controls. So why then did John Mandia of Mandiant Security LLC to respond with “it depends” when responding to that question before a US congressional special hearing in response to the SolarWinds malware [1]? Senator Wyden’s question specifically referenced NIST firewall best…

Read more

The Recorded Future web-conference today was a great insight into the deep Cyber-Intelligence technology the company has developed and what it offers organizations. On display were both a definitive set of broad trend data combined with deep and granular information on every aspect of the MITRE ATT&CK framework and beyond. Recorded Future’s LinkedIn profile reports the company as having had Series E funding of $25 million dollars, however Crunchbase reports an even higher total investment of over $50 million dollars.  A press report on PRNewswire in October 2021 outlines Recorded Future’s recent investment in CVE intelligence company Cyber Threat Cognitive Intelligence (CTCI)  and describes the Intelligence Fund; Recorded Future’s investment platform. For anyone as passionate about Cyber-Security, predictive forecasting, and Intelligence as I am, there is a ton to be excited about with Recorded Future’s platform and capabilities.  Here’s what I learned from the conference today. Recorded Future aggregates data…

Read more

Various patent indicators, such as number of citations, technology-cycle-time (TCT), number of claims, renewal status have been used to measure the value of patents with respect to economic value through competitive advantage a company patent holding company gains by holding legal rights to sale of the described technology.  Another use of patent indicators attempts to gain insight into the emerging innovation landscape or “technology lifecycle”. Analysis of knowledge stock demonstrated by a group of patents can forecast potential novel technologies which will hold advantages over existing ones. Forward Citations A patent’s forward citations are references to it received by a later filed patent as opposed to a backward citation which are references listed on a patent grant (or application) itself.  The use of forward citations as a positive measure of a patents importance has been reviewed numerous times in academic literature. The more (forward) citations a firm’s patents receive, the…

Read more

Commercially Viable Nuclear Fusion Is Closer Than Ever

Engineering 3D model of a TOKAMAK thermal nuclear fusion engine

The Goal of Reducing Climate Change The OECD advisory on climate change (Green Grown Studies) states that a multi-pronged approach is required to reduce, stop, or reverse climate change. The critical stages in the energy lifecycle that need to be addressed include: Energy generation Transportation Conversion Storage Consumption Smart-grid technology Smart-homes Smart Manufacturing Smart circuits and computer chips Of all the green / renewable sources of power, nuclear fusion has the biggest potential impact. Nuclear fusion is the holy grail of renewable green energy sources and has the potential to drastically reduce CO2 output by replacing other fossil fuels such as coal-fired electricity plants. Other potential sources of renewable power such as solar, wind, geothermal, and hydro offer benefits over non-renewable power such as coal, and oil and gas, but none have the potential to output as much clean energy as realizing commercial of nuclear fusion.  However, a future global…

Read more

Climate Change Patents

Climate Change

Global Patent Activity for Climate Change Related Patents The Cooperative Patent Class (CPC) Scheme includes a class specifically dedicated to climate change inventions.  This CPC patent class is Y/02. The earliest patents granted with the CPC class Y/02 are in 2013. The two charts below show there is little difference between overall patenting activity and patenting in the CPC class Y/02 with an almost identical group of countries and rate of activity in the top 12 for each set of data. See WIPO ST.3 to translate two-letter country codes. See WIPO ST.3 to translate two-letter country codes. Climate Change Patents by Country Country 2013 2014 2015 2016 2017 2018 2019 2020 2021 Total US 18 568 1.817 2.269 2.521 2.459 2.778 2.557 1.841 16.828 JP 6 265 925 1.185 1.410 1.201 1.289 1.068 736 8.085 KR 1 126 305 458 576 508 508 427 331 3.240 DE 2 99 362…

Read more

RSC Managed Small Business Website

3 Major Reasons Why Your Small Business Needs a Website More credibility and professionalism – Websites provide a sense of credibility and further establishes your brand as a professional service. Without a website most people will not acknowledge your products or services simply because it cannot be found online. Having a website gives you the opportunity to build a long-lasting online relationship with your clients. Giving them the reassurance they need to trust your brand. Increase in customer reach – Online shopping has blown up over the years- everything from computers and cars to food and services can all be found online nowadays. This means, the number in online shoppers have increased and since the internet doesn’t have a closing time, sales are growing even after hours! Because you are able to access a website almost anywhere at anytime, the reach has become much wider, allowing your business to globally…

Read more

Review Of SolarWinds Impact And Brief Technical Summary

An image of the sun exploiding.

General Details SolarWinds is a publicly traded company worth $5.4B dollars that developing IT infrastructure management software products for small and medium-sized enterprises. Two separate pieces of malware known as SUPERNOVA and SUNBURST worked against vulnerabilities in SolarWind’s product Orion. The malware known as SUNBURST potentially allows an attacker to compromise the server on which the Orion products run. The manner in which SUNBURST malware was used against its victims resulted in it being labelled a “supply chain attack,” a technique in which an adversary uses malware to disrupt a companies ability to produce or deliver it’s products to customers. Although the term “supply chain attack” a broad term without a universally agreed upon definition, theoretically, the intended target of a supply chain attack is not necessarily the company whose network was breached and disrupted. For example, if an attacker wanted to disrupt operations of a large retail target such…

Read more

Cyber-Security ETFs and Individual Stocks

Image of stocks rising

In a previous article the impact of cyber-breach on stock prices and the value of cyber-insurance to corporations was reviewed. Ransomware and IT breaches are increasing, and the expectation is that more companies will turn to cyber-insurance, and also increase their IT security controls. Here is a list of cyber-security listed ETFs and a list of all the companies included in those ETFs with duplicates removed, along with a company description. CIBR – First Trust Nasdaq Cybersecurity ETF Includes 40 individual stocks comprising $3.58 billion in assets Includes other industries, such as aerospace and defense (FactSet) Concentrated with 10 largest making up 47% of market cap Two stars rating by Morningstar HACK – ETFMG Prime Cyber Security ETF Includes 59 individual stocks comprising $2.04 billion in assets Modified equal-weight scheme (not concentrated) with 10 largest making up 28.5% of the market cap HACK has “a unique, cybersecurity-focused take on the…

Read more