Letter from the CISO, Vol 4 Issue 12 WashU Community: Any tool can be used for good or evil My motto for the past ten years has been “keeping information security simple”. I understand that most people tune out or fall asleep within seconds of starting to hear about information security unless it is highly […]
Letter from the CISO, Vol 4 Issue 11 WashU Community: Confession time I have two confessions to share. First, I have failed phishing tests. Not the ones I’ve seen and approved for use (thank goodness), but ones that caught me at the wrong time in the right way. It can happen to anyone. As I […]
Letter from the CISO, Vol 4 Issue 10 WashU Community: Taking care of ourselves and everyone around us WashU IT’s theme for the month of March is “Employee appreciation: Every day is a day to recognize your time and talent,” and I think one of the most important things for everyone to do is to […]
Letter from the CISO, Vol 4 Issue 9 WashU Community: For every season, there is a scam Our theme for February is “Securing information, promoting innovation, supporting tech – IT is a labor of love.” This sets me up nicely to provide dire warnings about romance scams, tax scams, and deepfakes. “Nearly 59,000 Americans lost […]
Letter from the CISO, Vol 4 Issue 8 WashU Community: A New Year of Opportunities and Approaches Our theme for January is “Celebrating the New Year – from new tech to new approaches, what’s new?” Unfortunately, while we keep deploying better tools to keep everybody safe and secure, cybercriminals are also developing new tricks and […]
Letter from the CISO, Vol 4 Issue 7 WashU Community: Your mission for the holidays… The Mission Impossible TV series and movies often begin with “Your mission, should you choose to accept it…” As we approach the winter break and holidays, I propose you accept the mission of helping your family and friends improve their […]
Letter from the CISO, Vol 4 Issue 6 WashU Community: Over the past year, malicious actors have increasingly sought to compromise your accounts by impersonating you and trying to get customer service people to give them access to your accounts. We have seen this repeatedly at WashU, too. In response, we have improved our processes […]
Letter from the CISO, Vol 4 Issue 5 WashU Community: I recently attended an executive education program on “Cyber Resilience” with Chief Information Security Officers (CISOs) from many large organizations, some even global enterprises, and it was amazing how similar our challenges are. Cyber resilience is ensuring things keep working despite adverse cyber incidents The […]
Letter from the CISO, Vol 4 Issue 4 WashU Community: Whether you are a leading-edge user of online financial payment apps or a traditionalist who loves a signature on a paper check, malicious actors are out to separate you from your money. In the September 12, 2024 issue of Hacking Humans, “Baked goods and bad […]
Letter from the CISO, Vol 4 Issue 3 WashU Community: As we all return to school and the fall semester, I wanted to emphasize the criticality of securing the most important online account you have. No, not your WashU account! (Although that is important, too.) Rather, it is your humble and largely taken-for-granted personal email […]
Letter from the CISO, Vol 4 Issue 2 Washington University Community: Last Friday, all the news was about the millions of Windows computers around the world that had been taken down by a flawed CrowdStrike file update. Starting in the wee hours of Friday morning, systems administrators and computer users everywhere were struggling to boot […]
Letter from the CISO, Vol 4 Issue 1 Washington University Community: An enormous amount of fraud is still being perpetuated via phone calls even though many people don’t use telephones very much. Cybercriminals seek your credit card or bank account numbers, access to your online bank accounts, and to install malware on your computer. But […]
Letter from the CISO, Vol 3 Issue 12 Washington University Community: I sometimes fear that all the scary cybercrime stories I share will lose their motivating impact. And then I hear something even scarier. The scariest attack yet… The scariest attack I’ve heard to date is one in which people appear to receive a call […]
Letter from the CISO, Vol 3 Issue 11 Washington University Community: Failing to be smart is easy… Writing to the Washington University in St. Louis community, I don’t expect disagreement that it is better to be smart than the opposite. However, even the smartest people can have moments of stupidity. In a recent interview with […]
Letter from the CISO, Vol 3 Issue 10 Washington University Community: Criminals keep inventing new con attacks I recently saw a news report about a Mexican drug cartel that has gotten into the business of helping elderly Americans get out of the timeshare vacation contracts. This sounds like a good thing. Unfortunately, it is just […]
Letter from the CISO, Vol 3 Issue 9 Washington University Community: Artificial Intelligence is a tool Artificial Intelligence, or AI, has received a lot of attention and interest over the past year, primarily due to the great advances in productivity and quality it seems to promise. WashU IT is excited to be helping the university […]
Letter from the CISO, Vol 3 Issue 8 Washington University Community: New Year – New Password Discipline “Password Discipline” certainly sounds like the kind of New Year’s resolution that will be abandoned within 24 hours. But it truly needs to be on everyone’s list. Good password management is critical for protecting yourself, your family, and […]
Letter from the CISO, Vol 3 Issue 7 Washington University Community: Holidays and the joys of giving and receiving (safely)! As we are in the middle of the holiday season, it’s easy to get caught up in the joyous atmosphere and excitement of finding the perfect gift or the muted pain of receiving an ugly […]
Letter from the CISO, Vol 3 Issue 6 Washington University Community: Problems in WashU paradise Sometimes, I think working at WashU is a bit like being in paradise. November is a time to reflect on things we are grateful for, and this includes working in a safe and welcoming culture. But even the Garden of […]
Letter from the CISO, Vol 3 Issue 5 Washington University Community: It doesn’t seem fair… Last month I wrote about how the “right phish at the wrong time can catch anyone.” And this month, despite the fact it is Cybersecurity Awareness Month, we’ve had to deal with a wide range of innovative attacks against us […]
Letter from the CISO, Vol 3 Issue 4 Washington University Community: How likely are you to click? A few years ago, I advised a company to conduct its first email phishing simulation, otherwise known as a “phish test.” The systems administrator enthusiastically crafted a test message that used a logo from the company’s website, included […]
Letter from the CISO, Vol 3 Issue 3 Washington University Community: Welcome (back) to school! A friend recently shared that her son was assigned a roommate with whom he seems to have nothing in common. They’ve recognized and embraced their differences and are enjoying better, richer experiences because of it. This made me think that […]
Letter from the CISO, Vol 3 Issue 2 Washington University Community: Is our best good enough? In the battle against malicious cyber actors, we are constantly challenged by more clever and sophisticated attacks. For example, for several years after we implemented DUO 2-Factor Authentication (2FA), the number of successful account-compromise attacks dropped to almost zero. […]
Letter from the CISO, Vol 3 Issue 1 Washington University Community: Do you like chocolate more than kale? Of course! In a recent keynote presentation at the Gartner Security and Risk Management Summit, Mary Mesaglio, a Managing Vice President who leads Gartner’s Executive Leadership Dynamics team, discussed the importance of getting people to care about […]
Letter from the CISO, Vol 2 Issue 12 Washington University Community: Are cyber threats like pop quizzes? I was recently asked, “How are cyber threats like pop quizzes?” I’ve realized this is an interesting question, but not in the way I originally thought. Initially, I thought of reasons they were similar. They are unexpected, test […]
Letter from the CISO, Vol 2 Issue 11 Washington University Community: With Great Power Comes Great Responsibility As Uncle Ben in Spiderman said to the young Peter Parker, “with great power comes great responsibility.” Thinking back to the way I learned to program computers in high school by writing FORTRAN code onto paper by hand, […]
Letter from the CISO, Vol 2 Issue 10 Washington University Community: I often encourage everyone to “be vigilant, skeptical, and a little paranoid,” and I usually provide a few pointers on things to watch out for and what to do when (if) you see them. Which Half Are You In? A recent report concluded that […]
Letter from the CISO, Vol 2 Issue 9 Washington University Community: Rule #1: Be Vigilant, Skeptical, and a Little Paranoid Cybercriminals and scammers are constantly changing and adapting, trying new ways to take advantage of us. Therefore, I return to the one thing I challenge you to do – be vigilant, skeptical, and even a […]
Letter from the CISO, Vol 2 Issue 8 Washington University Community: There has been a lot of news lately about the exciting and alarmingly adept Artificial Intelligence (AI) known as ChatGPT, which may be able to pass Alan Turing’s famous test of being indistinguishable from real (human) intelligence. Some say this is the beginning of […]
By Chris Shull, CISO Over the past few weeks, the Artificial Intelligence (AI), called ChatGPT from OpenAI, has captured many headlines, ranging from wonder to panic. Central to the panic is the idea that knowledge workers would be put out of work and students would use ChatGPT to do their homework and take their exams. […]
Letter from the CISO, Vol 2 Issue 7 Washington University Community: Am I Smarter than a Sixth Grader? I like to think so, but the evidence suggests otherwise. At least when it comes to figuring out how to limit the trouble my young nieces can get into on their mobile devices. Yes, their mother, father, […]
Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]
Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]
Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]
Letter from the CISO, Vol 2 Issue 3 Washington University Community: Want to know how to be “enough” of an information security expert? In “Outliers,” Malcolm Gladwell popularized the idea of needing 10,000 hours of practice to become an expert. I studied karate for many years, and one of my sensei’s (instructor’s) expectations was that […]
Letter from the CISO, Vol 2 Issue 2 Washington University Community: Why Do Cars Have Brakes? Why do cars have brakes? The obvious answer is that it helps them slow down and stop. The “real” counter-intuitive reason is that brakes let cars go fast. Imagine the panic and fear of being in a car that […]
Letter from the CISO, Vol 2 Issue 1 Washington University Community: Who’s responsible for Information Security at WashU? It seems like an odd question for me to ask since I’m the Chief Information Security Officer, but I ask it anyway. I know information security is my responsibility. Or, at least, it’s usually the person in […]
Letter from the CISO, Vol 1 Issue 12 Washington University Community: Do you know the differences between phishing, spear-phishing, and whaling? Let’s start with the difference between phishing and spear phishing. In short, phishing messages are those all-too-familiar messages that try to get you to give away information or install malware. They arrive via email, […]
Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]
Letter from the CISO, Vol 1 Issue 10 Washington University Community: This month I’m going to bore you with another really basic idea: that everyone needs to manage their devices. I can almost hear you yawning when I write those words, but it’s essential and not quite as easy as you might think. Step 1: […]
Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]
Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
Washington University Community: Have you ever lost your phone, tablet, or computer? Or maybe just not been able to find it? Of course, you have (probably)! It happens all the time. Just last week, I had my dogs at a dog park, and as I was preparing to leave, about 250 pounds of playing dogs […]
Letter from the CISO, Vol 1 Issue 5 Washington University Community: Many years ago, a respected colleague told me that for her, the ultimate security was knowing that she could get her data back if something bad happened. This was a bit of a shock to me, as I was young and inexperienced enough to […]
Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]
Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]
Washington University Community: I welcome you to this inaugural edition of our new Information Security Bulletin. My primary goal for the bulletin is to empower every member of our community to do their part in protecting us from cybersecurity attacks. A few years ago, the CISO for a health system was asked how many people […]
Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online. Now in its 17th year, Cybersecurity Awareness Month is observed around […]