Insights

A glance at any media outlet shows that cyber attacks are more advanced and prevalent than seen in the past. Additionally, it is clear that virtually no company is immune to a cyber incident. Almost all companies and associations collect and store sensitive data, whether it is customer or employee data, intellectual property, or other confidential information. Of the numerous topics covered during recent interviews was the rising costs associated with a cyber incident, which are often quite severe. For example, the costs associated with a data breach may include forensic and investigative activities, business continuity, downtime of business-critical applications, and lawsuits. Did we mention that with the introduction of GDPR, a breach can be absolutely devastating? Yet, none of these will nearly be as impactful as the impact on the organization's reputation. There is no legal action that will absolve a business in the "Court of Public Opinion". If…

Over the years, members of Critical Path Security have engaged wholeheartedly in the practice of responsible disclosure of vulnerabilities. This was highlighted in findings related to Apple, Cisco, and Websense in which our researchers provided vendors with ample time and path of communication to validate findings, develop remediation plans, prior to notifying the public of the flaws. However, despite the objections of the cybersecurity community, the Georgia legislature has passed a bill that would open independent researchers, such as Critical Path Security staff who identify vulnerabilities in computer systems, to prosecution and up to a year in jail. Patrick Kelley, CTO of Critical Path Security, shared the following. “Over the last two decades, I’ve found numerous vulnerabilities in various platforms, many of them used by government agencies and healthcare. In the beginning, when my initial finding of WiredRed was released, I found it necessary to release the finding under a…

CPS is proud to announce our sponsorship of BSidesATL 2018! The great folks at the Kennesaw State University Department of Information Systems, Yvette Johnson and Andy Green, has taken upon themselves to revive BSides, and we cannot thank them enough! This great tradition of the information security community was sorely missed last year by those of us that wish to push the conversations beyond the traditional. BSides is where people can present ideas and ask questions in an environment that encourages questioning the status quo. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. This year’s theme is “Standing on the Shoulders of Giants”, and it’s a going to spawn a ton of great talks. In today’s world of new hardware and software being released into the wild at a rapid pace from an ever increasing pool of…

Kaitlyn Ross, Reporter for 11 Alive, caught up with Patrick Kelley, Chief Technology Officer of Critical Path Security, on Tuesday to discuss the most recent ransomware attack on the City of Atlanta. "Just because a ransom wasn't paid, doesn't mean that the means of doing it has gone away. We will continue to see this evolution of attacks and then how to battle those attacks," Patrick Kelley, Chief Technology Officer with Critical Path Security said. "Once ransomware lands on a machine, if you don't have the key to decrypt those files, they're effectively gone," Kelley said. "The math and the effort required computationally to break that crypto is just not available. So they would wipe those environments entirely and go from there." Patrick Kelley expands on conversation above with the following statement. The primary message is you have to respect the problem you are trying to solve. It isn't as…