OODA LLC is a CTO advisory and Due Diligence firm operating across multiple sectors of the economy. We are known for our ability to help companies mitigate risks and increase compliance while optimizing security spend.
Crucial Point helps clients improve defenses by:
CISO as a Service: Strategic leadership for corporate security programs, including evaluation of an exercising of incident response plans.
CTO as a Service: Technical architecture review and senior advice, including action plans for modernization and cloud transition.
Independent verification and validation of compliance, including GDPR, FFIEC, NIST.
Fing is a nice app that runs on your smartphone or tablet that will show you who else is on your network. It puts an interface on capabilities like Ping, Traceroute and many others and presents information in a way that is fast. You can find links to download the app at Fing.io. Next time you decide to join a public WiFi network at a conference or hotel you can launch Fing and see how they have configured the network and if you can see others on the net. Note: The Fing app works a bit better on Android, for now. Apple has restricted the ability of applications to see some technical info (specifically MAC addresses). But the greatest functionality of the app is its connectivity to the device mentioned below, the FingBox. So don’t let the lack of ability to scan MAC addresses deter you from downloading the app.
Fing now has something that makes it far more powerful than just an app on your mobile device. They offer a device for your home network called the Fingbox. This adds network security and troubleshooting to watch over your network and give you control to block users you don’t want in your net. It detects intruders, manages devices authorized to use your network and also analyzes the quality of your WiFI and Internet connections. Fingbox also gives you parental controls.
Another really neat thing it will do is give you a “WiFi Fence” around your home. This of this like having a magic super power. You can set it to give you alerts when any device comes near your home. Imagine getting an alert when the mailman approaches or when the pizza delivery guy gets near. Imagine getting an alert when a bad guy comes close at night. Or would you like to know when a WiFi enabled drone is within range of your house?
I love the Fingbox and mostly highly recommend it to anyone with WiFi at home. Find it here.
The Cyber Threat was written to help executives, especially those without a deep background in cybersecurity, understand the nature of adversaries in cyberspace. The book includes a new section on the technological environment that can help decision-makers get their heads around the new tech enabled world arising around us. The book also captures key lessons from the most important cyber attacks in history, providing insights any modern executive can benefit from knowing.
Now more than ever, organizations need their executives and workforce to have a better grasp of the threats to business outcomes outlined in this book.
The book is available in paperback and electronically via Kindle.
“The Cyber Threat captures insights into dynamic adversaries that businesses and governments everywhere should be working to defeat. Knowing the threat and one’s own defenses are the first steps in winning this battle.” Mike McConnell, Admiral, USN (Ret), Former Director of National Intelligence and Director, NSA
“There are no excuses anymore. Trying to run a business without awareness of the cyber threat is asking to be fired. The Cyber Threat succinctly articulates insights you need to know right now.” Scott McNealy, Co-founder and Former CEO, Sun Microsystems and Chairman Wayin
“When I’m researching my own books, I always turn to Bob Gourley. I make diasasters up. He’s seen them for real. And most important, he knows how to stop them. Read this. It’ll scare you, but also protect you.” Brad Meltzer, #1 bestselling author of The Inner Circle
“The insights Bob provides in The Cyber Threat are an essential first step in developing your cyber defense solution.” Keith Alexander, General, USA (Ret), Former Director, NSA, and Commander, US Cyber Command
“Vaguely uneasy about your cyber security but stumped about what to do? Easy. READ THIS BOOK! “The Cyber Threat” will open your mind to a new domain and how you can make yourself safer in it.” Michael Hayden, General, USAF (Ret), Former Director, NSA and Director, CIA
“Bob Gourley was one of the first intelligence specialists to understand the complex threats and frightening scope, and importance of the cyber threat. His book can give you the edge in what has emerged as one of the most compelling, mind-bending and fast moving issues of our time.” Bill Studeman, Admiral, USN (Ret), Former Director, NSA and Deputy Director, CIA
A trend we have noticed in engagements across multiple sectors of the economy is an absolute thirst for information on best practices for protecting information at home. Every employee of every company, from the most senior executive to most junior intern, is now leveraging advanced interconnected technologies in amazing new ways at home. In doing so they are introducing new risks to their personal privacy, and, at times, introducing new risks to the firm they work for. This means it is almost always in the best interest of employers to help employees understand how to better protect their personal information.
The hard part is that every home IT configuration will be different, and it is very hard for a company to provide useful, actionable guidance to every employee. We have found the most important recommendation is to encourage employees to adopt an attitude of personal responsibility and continuous questioning regarding optimal home security configuration.
Home networks, especially the WiFi networks we all know and love, are very hard to keep secure. But there are things you can do to make life much harder on the potential attacker.
Change your router’s default administrator password. Almost all network devices are pre-configured with default passwords to simplify setup and initial operation. Anyone with access to the Internet can find lists of default passwords for devices. This means if you don’t change yours bad guys can easily log in as administrator and change settings and take control of your net. This is a big deal. Change those default passwords!
Ensure you are using the strongest encryption protocol available. Any new wireless router will give you options for using stronger encryption. At this time that is WiFI Protected Access 2 (WPA2), with Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP). Routers vary in how these are configured so you will have to consult your router’s instruction manual. But it is easier to do than it may sound.
Change your default WiFi network name. This is the name people see when they turn on their phone or tablet or computer near your WiFi. The default name may reveal information about the device you don’t want to be known. The WiFi network name is called Service Set Identifier (SSID). Make sure your network name is unique but does not identify your location or identity (suggestion: name it after your favorite planet, star or element).
Cyberspace is a technological domain and choosing the right technology to enhance your defense is absolutely key.
The problem is there is an overwhelming amount of vendors you need to assess. This is due to the incredible amount of innovation and capability creation in the field.
CTOvision provides a resource designed to help you more rapidly assess the overwhelming cybersecurity marketplace. Our guide to the Cybersecurity Technology Marketplace provides insights on firms with proven capability. For each firm we report on we include succinct insights into their capability, a short video demo (when available), lists of the firm’s competitors, and links to allow a deeper examination when warranted.
If you have direct experience with a high quality provider of security technology that has made a difference to you and your organization we would love to hear about it. Let us know via our contact form or reply to any of our newsletters with your input.
We can say with 100% certainty that the trade war will have cyber impact. But projecting what the impact will be gets harder fast and will vary from sector to sector and perhaps even for each particular company in a sector. Our recommendation is to make your own informed assessment, and rely on inputs from your sector information sharing mechanisms (ISAC/ISAO) heavily.
But in general look for more attacks against the manufacturing sector and power grid. It is also reasonable to assume that China will resume its high level of intellectual property theft. Defenses should be raised all around.
And all of us should take this opportunity to evaluate security postures and build in agility where possible.
Readers of the Daily Threat Brief know the day to day back and forth of cyber war, you are on the front lines. But it really helps when a researcher like David Sanger can give us insights from his perspective. This book is great context.
From the book description:
The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes—from crippling infrastructure to sowing discord and doubt—cyber is now the weapon of choice for democracies, dictators, and terrorists. Two presidents—Bush and Obama—drew first blood with Operation Olympic Games, which used malicious code to blow up Iran’s nuclear centrifuges, and yet America proved remarkably unprepared when its own weapons were stolen from its arsenal and, during President Trump’s first year, turned back on the US and its allies. The government was often paralyzed, unable to threaten the use of cyberweapons because America was so vulnerable to crippling attacks on its own networks of banks, utilities, and government agencies.
Moving from the White House Situation Room to the dens of Chinese government hackers to the boardrooms of Silicon Valley, New York Times national security correspondent David Sanger—who broke the story of Olympic Games in his previous book—reveals a world coming face-to-face with the perils of technological revolution. The Perfect Weapon is the dramatic story of how great and small powers alike slipped into a new era of constant sabotage, misinformation, and fear, in which everyone is a target.
Evaluating overall risk to your business requires a holistic view if your objectives, capabilities, strengths and weaknesses. It also requires a solid assessment of the threat. Your adversaries may well be the biggest source of risk to your operation.
We most strongly recommend independent assessments of your organizational security posture. Independent assessments by professional teams always produce insights you can use to enhance your security and reduce the risk to your mission.