Cybersecurity approach – a game theory?

A while back I have come across a short but very interesting book ‘Finite and Infinite Games‘ by  James Carse. I’ve really enjoyed the read and thesis around looking at pretty much everything in life as a game, be it, for example, business outcomes, personal targets or career. In a nutshell, a finite game can be defined as: – players are known prior to the game commencement – fixed rules – agreed-upon objectives – chess, football, basketball – we declare the winner and the game is over And then, there is an infinite game: – players can be known and unknown – the rules and players are changeable – and the objective is to keep the game in play to perpetuate the game I personally really like this approach as it can be applied to many aspects of life and can be an interesting way of looking about everything we do – what our goals are and how we are approaching them. I think this resonates particularly well in regards to a cybersecurity strategy. Let’s take a very quick look at what’s been happening in the security industry over the recent years and what the trends have been like:...

Continue reading

Brief highlights of the Verizon 2018 Data Breach Report

The latest Verizon 2018 Data Breach Report (11th edition) has been published and it’s certainly a great read. This year the data comes from over 53,000 incidents and 2,216 confirmed data breaches. Based on the report, most of the data breaches are caused by outsiders (73%) with organised criminal groups accounting for 50% of the breaches. It should not come as a surprise that as much as 58% of victims are SMB’s. They are very often most resource constrained in their security efforts and this trend continues to carry on. The healthcare industry is also a popular target to hackers, especially in United States of America where the data coming from healtcare breaches is very valuable. Stolen credentials and phishing continue to be within top 5 action varieties in breaches. Unlike pretexting, which is financially motivated over 95% of the time, motives for phishing are split between financial (59%) and espionage (41%). This is a very brief post and I highly encourage everyone interested to read the full report, available as a free download here....