All posts by Vickie Miller

Fraud & Security Phishing and Whaling: The Art of the Cyber Con

Money on a fish hook

You just received an email from your CEO with instructions for an urgent wire transfer from your company’s account. Quick – what’s your next step? Over $1.2 billion has been swindled in the past 12 months from businesses by con artists using this kind of scam.  Business email compromise (BEC) can occur in several ways, but usually ends with a wire transfer of funds. BEC is successful because emails appear to be sent from individuals who are in a position to make requests for wire transfers or have the authority to approve financial transactions like this.  Gathering information about officers of the company or others with that capacity can be gleaned from business filings and social media websites.  This is a form of phishing known as whaling, because the criminals are targeting top executives and gathering as much information as possible to make the swindle look legitimate. Cybercriminals may also... [Read More]

Leave a comment

Fraud & Security OPM Data Breach — We Should Focus on How, Not Who

OPM Logo

In cybersecurity, knowing your adversaries’ techniques and tactics can help you better defend and prevent successful attacks. It’s an important part of your strategy. But when attribution becomes the focus of the story, we risk not examining how an attacker was successful. Looking at a breach from a “whodunit” point of view makes for better headlines and helps sell threat intelligence services. However, it fails to address how the compromise was possible and how to address those gaps. In the case of the Office of Personnel Management breach, it is now reported that a privileged user account was compromised and then used to gain a greater foothold in the network and steal information from 18 million accounts. For me, that raises questions about the management of identity and access controls and failure to identify anomalies in user behavior. This is much more mundane than pondering which nation-state is behind an... [Read More]


Fraud & Security CISOs Need to Stick Together to Fight Cybercrime


I was recently honored by T.E.N. (Tech Executive Network) as its Information Security Executive® of the Year for the ISE® Central Region. I am deeply humbled to win this award, having been chosen from a field of formidable competitors – except they’re not really competitors, they’re my peers. There’s a lot of complexity involved in being a CISO (Chief Information Security Officer) at any company. It dramatically increased a few years ago with the explosion of BYOD (Bring Your Own Device). Today, the security threat continues to morph with the introduction of new endpoints, sophisticated malware attacks like Carbanak, and countless other daily assaults on cybersecurity. CISOs now realize that we’ve got to stick together. The more we communicate with each other about what’s working and what’s not, the better off we all are. In the past, cybersecurity was seen as a competitive advantage, something akin to a trade secret.... [Read More]

Leave a comment

Fraud & Security 2015: The Internet of Threats and Other Things

Binary code

So far, 2015 has been a mixed bag. Two traditional January events – the Consumer Electronics Show (CES) in Las Vegas and the World Economic Forum in Davos, Switzerland – that are usually bubbly, if not downright effervescent, were a bit flatter this year. Why? Having been pummeled by high-profile security breaches in 2014, business and government leaders are all too aware that front-page breaches like Target and JPMorganChase are only a taste of things to come. The Internet of Threats At CES, the Internet of Things (IoT) was again a hot topic, as connected solutions really hit their stride. On the show floor, crowds thronged around everything from an Internet-enabled craft-brewing machine to an entire smart house. An estimated 25 billion connected objects will be online in 2015. But IoT is not all craft beer and domestic utopia. In a speech at CES, US Federal Trade Commission chairwoman Edith Ramirez... [Read More]

1 Comment