Author Archives for Corey E. Thomas

Hacking Back Will Hold Companies Back

Published by

Undergraduate, graduate, and professional students of cybersecurity from around the world gathered earlier this year to participate in a cybersecurity competition that simulated the international policy challenges associated with a global cyberattack. While the goal was to practice sound policy decisions, the majority of competing teams unintentionally led the U.S. into starting an international war. Given a variety of diplomatic and other means of responding to cyberattacks, participants largely took the aggressive approach of hacking back in response to cyberattacks from China, and to disastrous consequences. While the competition’s participants are all students today, they may well go on to... Read More


The Corporate Director’s Guide to GDPR

Published by

On May 25, 2018, a major new piece of data protection regulation will come into effect across the European Union (EU), and with it comes the potential for hefty fines or penalties for your organization. Even if you do not directly operate in the EU, chances are that the General Data Protection Regulation (GDPR) still pertains to your company. The regulation covers any entity that processes the personal data of EU citizens (referred to as “data subjects”), even if the organization does not provide goods or services to EU citizens and only handles or processes their data. Unless you are... Read More


Breach Preparedness: Don’t Wait Until it’s Too Late

Published by

“It’s not if, but when.” This phrase has become rote within the security community, where the unfortunate reality is that breaches are inevitable, regardless of an organization’s industry or size. In acknowledging that a determined attacker can almost always get in, the focus becomes detection and containment in addition to prevention. A strong security strategy shouldn’t just ensure that your organization is difficult to compromise—it should also include plans for threat detection and incident response that maximize opportunities to detect a compromise and minimize fallout in the event of a breach. Lay the Groundwork. By nature, incident response requires high... Read More