Christopher Burgess

Want to Join?
Opinions expressed by ICN authors are their own.

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

US DOJ recovers $6 million and indicts two REvil principals

US DOJ recovers $6 million and indicts two REvil principals

The DOJ promises a whole of government approach to fighting ransomware groups no matter which country they operate from.

Facebook outage a prime example of insider threat by machine

Facebook outage a prime example of insider threat by machine

A buggy automated audit tool and human error took Facebook offline for six hours. Key lesson for CISOs: Look for single points of failure and hedge your bets.

How disinformation creates insider threats

How disinformation creates insider threats

Employees who believe disinformation are more susceptible to social engineering and phishing campaigns, and attackers know it.

White House international ransomware initiative outlines hopes and challenges

White House international ransomware initiative outlines hopes and challenges

More than 30 nations discussed tactics for collaborating in the fight against ransomware, but it competes with a Russian-led UN initiative.

Twitch breach highlights dangers of choosing ease of access over security

Twitch breach highlights dangers of choosing ease of access over security

Attackers essentially broke into the Twitch house and cleaned out everything. Following least-privilege access principles and encrypted datasets will help others avoid that scenario.

Device identity: The overlooked insider threat

Device identity: The overlooked insider threat

Device/machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.

Breach reporting required for health apps and devices, FTC says

Breach reporting required for health apps and devices, FTC says

A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.

Yes, the FBI held back REvil ransomware keys

Yes, the FBI held back REvil ransomware keys

The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.

3 cyber mercenaries: An insider threat case study

3 cyber mercenaries: An insider threat case study

Three US nationals, working as cyber mercenaries on behalf of the United Arab Emirates, have accepted a deferred plea agreement for exploiting U.S. entities using U.S.-controlled technologies.

Russia is fully capable of shutting down cybercrime

Russia is fully capable of shutting down cybercrime

With internet blocks and high-profile arrests, Russia shows it can crack down on cybercrime when properly motivated. New analysis suggests the Biden administration’s sanctions may be providing some motivation.

Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Only 100 approved assessors are available to certify that 300,000 US DoD providers are in compliance with the Cybersecurity Maturity Model Certification by the 2023 deadline.

Proofpoint lawsuits underscore risk of employee offboarding

Proofpoint lawsuits underscore risk of employee offboarding

Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.

China theft of US agriculture sector trade secrets prompts government guidance

China theft of US agriculture sector trade secrets prompts government guidance

China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.

CISA’s Joint Cyber Defense Collaborative: Why it just might work

CISA’s Joint Cyber Defense Collaborative: Why it just might work

New CISA director Jen Easterly is tasked with implementing the JCDC, which promises to make US critical infrastructure more resilient to cyberattacks. Her history makes her the right person for the job.

BlackBerry faces bad PR by failing to go public with BadAlloc vulnerability

BlackBerry faces bad PR by failing to go public with BadAlloc vulnerability

Although the company informed its OEM customers of the vulnerability, users of IoT devices running its QNX OS were potentially kept in the dark.

Data sovereignty laws place new burdens on CISOs

Data sovereignty laws place new burdens on CISOs

More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.

Recent shadow IT related incidents present lessons to CISOs

Recent shadow IT related incidents present lessons to CISOs

Employee use of unauthorized applications and services have resulted in high-profile data losses and exposure. CISOs need to understand why shadow IT exists before they can address it.

CISOs: Do you know what's in your company’s products?

CISOs: Do you know what's in your company’s products?

CISOs need to take a more direct role in the operations side of the business to help build security in by design.

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

The US agency highlight four areas where cybersecurity gaps in federal agencies threaten national security. Cites OMB for not helping CIOs get available funds.

CISA: China successfully targeted US oil and natural gas infrastructure

CISA: China successfully targeted US oil and natural gas infrastructure

CISA alert details past network compromises and exposes a lack of preparedness among ICS companies.

Load More