Source: KPNX

Millions affected in federal cyber security breach

As a cyber-security expert and CEO of Lazarus Alliance, Michael Peters’ job is to find gaps in his client’s security and close them off.

It looks as though Uncle Sam could have used his help. “This is extremely valuable reconnaissance information,” said Peters.

Chinese hackers are suspected in the massive data cyber security breach affecting four million former and current federal employees.

In Arizona alone, there are 88,000 workers.

Names, birth dates and social security numbers are all part of the compromised personal information. “Identity theft, that will be part of the package. That will get sold off in darknets,” Peters said.

The real goal many people believe is to use confidential information and clearances to get inside the government.

Senator Ron Wyden, an Intelligence Committee member had this to say, “I continue to feel it is very important that we ramp up our efforts to go after foreign hackers and foreign threats.”

Still, what stuck out to several politicians and cyber experts, including Peters, was the federal government’s lack of cyber protection.

“No encryption, no multi-factor authentication,” said Peters. When asked if he was shocked by the lack of security tools he said, “At this state absolutely.”

Peters says both are common tools used to add extra layers of authentication and security.

He believes had they been in place, the breach could have been protected altogether.

“These are fundamental, you cannot go without, so why we’re talking about this still in the federal space, that’s a real problem.”

Several federal employees told 12 News, while they’re concerned about their information, they’re waiting to hear more from the government.

They all plan to keep an eye on their accounts and credit reports.

Video: https://youtu.be/8eRv4zc9l4M

TakeDownCon 2015 Keynote Address

The New Social Security: When Social Media Meets Social Engineering.

The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been augmented by the ever accelerating technological reality. While our brave new media world is evolving and pushing forward, there is a common denominator that is struggling to keep up. The singular chink in our armor; the weak link in our proverbial chain is much to our collective chagrin is the Human Element.

This reality is not slowing down. On the contrary, it’s moving exponentially faster. Our challenge as business leaders and individuals; as humans in general, is to intelligently manage this paradigm shift as our technological singularity enters its event horizon.

Here at TakedownCon, together we will explore a particular facet of our technological present, specifically our social sphere, and how as technology leaders we can work toward intelligent management. Our business success and our personal preservation depend on it.

We are honored that our CEO Michael Peters was invited to EC Counsel’s TakeDownCon as keynote speaker for the 2015 event. This year’s theme is “Building the Cyber Briefcase: From Binary to the Boardroom”. Discussions will cover the various tools, skills, and experience a CISO needs to build and run a successful information security program.

TakeDownCon brings together information security researchers and technical experts from corporate to underground industries, to a unique “Ethical Hacking” conference. In two days, they will present and debate the latest security threats, disclose current vulnerabilities, and share information crucial to the technical profession.

Say hello to Michael Peters, William Ochs and Jessica Parra-Johnson from Lazarus Alliance if you are attending!

Recently Michael Peters, CEO of Lazarus Alliance, spent time with David Cogan of Money Radio and eLiances discussing the differences between proactive cyber security and reactive cyber security. You can replay the broadcast as heard on money radio.

An overview of the discussion was when you think cyber security, what comes to your mind first?

I’ve posed that question to many an audience over the years and most frequently the response is what folks see on the nightly news or through some new source. Recently people will respond with examples such as Home Depot, Target, Sony, JP Morgan and the European Central Bank which of course are just a few of the most notable instances of breaches we seen in the news over the last twelve months.

I point out to these same groups that in reality, there are only two forms of cyber security and its Proactive Cyber Security and Reactive Cyber Security. I’ll explain what that means and let’s see if you agree.

Reactive Cyber Security situations are going to be in the news because something bad has happened. Reactive security companies help you clean up the mess. When you become aware of a cyber security breach at some company, it’s probably because you are watching the business catastrophe unfolding through some syndication source. You eventually get a notification by the company, your bank or credit card provider informing you that your private and personal information has been stolen which leaves you to worry and watch hoping that nothing bad happens to you.

From a business standpoint, it has become painfully obvious at all levels including shareholders that cyber breaches have a really negative impact on business value not to mention careers of everyone involved especially at the highest levels of the company. We have all seen for the first time in 2014 CEOs, CIOs and CISOs losing their jobs as a direct result of culpability or negligence on their part.

No doubt about it, cyber security breaches have a hugely negative impact on the financial health and reputation of the victim company.

So this brings me to the second form of cyber security which is proactive cyber security. Proactive Cyber Security is all about keeping you out of the news by implementing the right controls and countermeasures. We know it’s not enough for the government or the private sector to have rules and regulations. PCI DSS certification did not save Target, Home Depot or other retailers. The FFIEC or the NIST Framework for Improving Critical Infrastructure Cybersecurity did not save JP Morgan or other financial institutions from their breaches.

You need qualified assistance to make it effective. It’s tough when there are not enough talented cyber security professionals to go around. Businesses are short-staffed. Academia is not training and educating enough to keep up with the demand.

The best possible course of action to avoid being the latest corporate cyber security breach is to take a proactive approach. I’m the CEO and Lazarus Alliance is Proactive Cyber Security™.

Be sure to check out the dynamic group of hybrid entrepreneurs who spend time together at eLiances where entrepreneurs align hosted by David Cogan.

Thank you to Money Radio for inviting me to discuss the differences between Proactive and Reactive Cyber Security.