Brush Cyber

In a recent discussion, UnitedHealth Group's CEO faced scrutiny from U.S. Senator Ron Wyden over the company's lack of cybersecurity expertise on its board, which was highlighted during the fallout from the Change Healthcare cyber attack. This incident underscores the critical need for corporate boards to include directors with cybersecurity knowledge to govern and mitigate cyber risks effectively.?The consequences of not having such expertise can be severe, as demonstrated by the UnitedHealth Group's experience. A wonderful piece by Bob Zukis in Forbes on this issue pointedly addresses the gap between the CISO and C-suite: https://lnkd.in/eFx3uBpc Wyden emphasized that fundamental cybersecurity practices, such as multi-factor authentication, were not universally implemented, illustrating a significant governance failure at the board level. This scenario is a stark reminder of the importance of cybersecurity leadership and oversight within corporate governance structures. ?? Key Takeaways ?? ? Critical Need for Cyber Expertise: Corporate boards must include directors with cybersecurity expertise to manage and mitigate risks effectively. ? Basic Cybersecurity Practices: Failing to implement fundamental security measures like multi-factor authentication can lead to significant breaches. ? Accountability in Cyber Governance: Effective risk management and governance in cybersecurity start at the board level. ? Financial Implications: Lapses in cybersecurity can result in substantial financial losses, highlighting the cost-effectiveness of investing in cyber expertise on boards. ? Regulatory and Investor Expectations: Both regulators and investors increasingly demand robust cybersecurity oversight and expertise at the board level. At Brush Cyber, we bridge the gap between CISOs and executive leadership to ensure robust cybersecurity governance. Our team of experts provides the necessary guidance and support to help corporate boards integrate cybersecurity expertise into their governance structures. By translating complex cybersecurity concepts into actionable business strategies, we empower organizations to strengthen their cyber defenses and meet regulatory requirements, safeguarding their assets and maintaining stakeholder trust. If you want to enhance your board's cybersecurity expertise, we invite you to contact us to learn more about our services. #CyberSecurity #CorporateGovernance #BoardLeadership #CyberRisk #CISO #DataProtection #BrushCyber #CyberExpertise #SEC

?? The Risks of Encryption Backdoors: A Closer Look ?? Recent policy developments have reignited discussions about “lawful access” to encrypted data. While intended to aid law enforcement, implementing backdoors in encryption presents significant challenges: https://lnkd.in/gYt8D-am Data Security Concerns: Introducing backdoors creates vulnerabilities that malicious actors can exploit, undermining the integrity of secure communications. International Precedents: Nations like China and Russia mandate access to encrypted communications, leading to increased surveillance and diminished privacy protections. Economic Implications: Mandating weakened encryption could erode global trust in technology products, potentially impacting business competitiveness. Balancing security needs with robust encryption is essential to protect data integrity and privacy. I invite you to share your perspectives in the comments: ? ?? How can individuals and businesses enhance their data security practices to mitigate potential vulnerabilities introduced by encryption backdoors? ? ??? What alternative encryption methods or technologies could be employed to maintain privacy without contravening such regulations? ? ?? In what ways might the implementation of encryption backdoors influence your organization’s data protection strategies and policies? #CyberSecurity #DataProtection #Encryption #Privacy #InfoSec

At just 23 years old, I took the leap to start my own business, Blueberry Security. I had no money, no safety net—just a passion I refused to ignore. I was ready to chase my dream, no matter the cost. But here’s the truth: For months, I gave everything to this business, only to be met with no return for over a year. Just mounting bills and an empty bank account. Eventually, I hit rock bottom. I was thousands of dollars in debt. I had no choice but to take on a day job just to stay afloat—but financial security came at a price. Slowly, that job drained me. It dulled my creativity, suffocated my independence, and buried my ambitions under layers of corporate red tape. The dream I had fought for sat untouched, collecting dust. There was a time period where I shut down operations entirely. Every day, I felt further from the life I wanted. Then, things started moving forward. Multiple projects I had been discussing for over a year with potential clients finally started coming together. It felt like all of the sudden things began to change. It’s still early, but I’m excited for what’s next. One of the people who believed in me during this time was Douglas Brush. Doug is an incredible CISO, business owner, and mentor. Together, we’ve helped companies rebuild their cybersecurity programs and guided them through incident response engagements when they needed us most. Doug and I are like storm chasers—when a hurricane comes, we rush into action and chase the storm wherever it takes us. Because there's beauty in the chaos. Because of the people who believed in me, I’m finally back to focusing on my business full-time. Don’t give up on your dreams. If this post resonates with you, please repost this. It helps me find new clients, and partners. If you need a cyber superhero, shoot me a message! #cybersecurity #entrepreneur #incidentresponse #SOC

The Department of Homeland Security's (DHS) recent decision to terminate all advisory committee memberships, including those of the Cyber Safety Review Board (CSRB), has significant implications for U.S. cybersecurity efforts. The CSRB was actively investigating Salt Typhoon, a Chinese state-sponsored hacking group responsible for breaching multiple U.S. telecommunications networks. https://lnkd.in/eC2xjYtc The dissolution of the CSRB disrupts ongoing investigations into critical cyber threats and removes a team of seasoned cybersecurity experts from advisory roles. This move raises concerns about the continuity of cybersecurity oversight and the nation’s preparedness to address sophisticated cyber espionage campaigns. Key Takeaways: 1. Disruption of Ongoing Investigations: The termination halts the CSRB’s active investigation into Salt Typhoon’s activities, potentially leaving security vulnerabilities unaddressed. 2. Loss of Expertise: The board included prominent figures like former CISA head Chris Krebs, whose departure may hinder effective responses to cyber threats. 3. Policy Shift: This action indicates a significant change in the administration’s approach to cybersecurity governance and resource allocation. 4. Resource Reallocation: The stated aim to prevent “misuse of resources” suggests potential restructuring within DHS that could impact future cybersecurity initiatives. 5. Uncertainty in Threat Management: The absence of the CSRB creates uncertainty in managing and investigating ongoing and future cyber threats without its oversight. #Cybersecurity #SaltTyphoon #CSRB #DHS #CyberThreats

?? The Cyber Stakes Are Rising: What Does It Mean for Global Security? ?? https://lnkd.in/eQEpGwAt The escalating rivalry between the ???? United States and ???? China is now playing out in cyberspace, and the stakes couldn’t be higher. From industrial espionage to digital influence campaigns, the game has changed, and the consequences are global. ?? https://lnkd.in/eQEpGwAt ?? Key Takeaways: ?? China is ramping up its cyber capabilities to secure strategic, economic, and military advantages. ?? The U.S. is responding with strengthened infrastructure protection, international alliances, and tighter regulations. ?? Businesses and non-state actors are increasingly vulnerable, raising the need for stronger global cybersecurity norms. ?? What’s Next? This isn’t just a government issue anymore. Every organization and professional needs to understand the growing cyber threats and adapt their strategies accordingly. Cybersecurity is now a shared responsibility. ?? Let’s Discuss: How do you think this new era of cyber competition will shape the global economy and security? Are businesses prepared to handle these rising challenges? ?? Drop your thoughts below ?? #CyberSecurity #Geopolitics #DigitalTransformation #China #UnitedStates #CyberThreats #BusinessStrategy #Innovation #GlobalSecurity

What does the CISO need to practice everyday in terms of basic legal literacy? Let’s answer that question by looking through the lens of data breach and privacy class action litigation. Our guest is Douglas Brush, a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities LLC, and Jake Bernstein, CISSP, CIPP/US, Partner with K&L Gates. #podcast #CybersecurityPodcast #CyberResilience #CyberRiskManagement #InformationGovernance #eDiscovery #KipsCyberTips #CRMpodcast

???????? ???? ?????????????? ?????????? ?????? ???? ?????? ?????? ???? ???????????????????????? ?????????????????????????? ?????????? ???????? ???? ?????? ??????????????????? ?? Spoiler: It’s all about translating metrics into business outcomes. Kovrr reached out to cybersecurity leaders to uncover the metrics they find most valuable during board meetings, the mistakes they’ve learned from, and the questions board members ask most frequently. Their practical guidance is a must-read for any CISO looking to make cyber risk management a critical part of organizational governance and oversight. ?? Learn what they said here: https://lnkd.in/dapxg_sG A big thank you to Royce M. , Benjamin Corll, Jessica N. Wai Kit Cheah, Sue Bergamo, Douglas Brush, Dr. Rebecca Wynn, Soulful CXO and everyone else who helped contribute to this piece. #cyberriskmanagement #cybercommunication #boardroomcommunication #cyberrisk #cybermetrics #cyberriskquantification #CRQ

Check Point Software and Mimecast settled SEC charges over alleged misleading statements on the 2020 SolarWinds hack impact, each paying nearly $1 million. The SEC found both companies failed to fully disclose the hack's risks and impacts on their operations and investors. Their enhanced security measures and cooperation helped mitigate penalties but did not absolve them from regulatory consequences. This case emphasizes the growing importance of transparency and timely, accurate disclosure in cyber incidents, setting a precedent for public companies facing cybersecurity challenges. ?? Key Takeaways ?? Transparency is critical – Investors rely on clear, accurate disclosures. ?? Thorough investigations matter – Effective responses demand depth. ?? Proactive security is essential – Early action can mitigate future risks. ?? Regulatory oversight is increasing – Cybersecurity is under a regulatory lens. ?? Internal coordination – Collaboration with regulators shows accountability. #Cybersecurity #RiskManagement #Transparency #SEC #SolarWinds #DataBreach #Mimecast #Checkpoint https://lnkd.in/gzjQ9Ttp

It is an honor for Brush Cyber and our founder, Douglas Brush to be part of the Academy of Court-Appointed Neutrals. Douglas notes, "We give judges time back in the evenings and weekends so they can spend time with their families." If you are interested in learning more about Court Appointed Neutrals (fka "Special Masters"), please contact us so we can assist you! We work closely with plaintiffs, defendants, and the judiciary in the legal system. Our specialty is in eDiscovery, cybersecurity, and data privacy. Our expertise guides you through the complex landscape of data challenges. We provide valuable insights and solutions to address high-stakes litigation goals efficiently and cost-effectively, all while ensuring the confidentiality and protection of sensitive data. Our expert analysis is particularly useful during the discovery phase, trial, and claims settlement. #BrushCyber #Cybersecurity #Legal #Classaction #Litgation #Neutrals #SpecialMasters #eDiscovery #ExpertWitness #DFIR

It's not your size - It's your data that attracts threat actors. As a small to medium-sized business (SMB) and enterprise, you face a rapidly evolving cyber threat landscape. Cyber insurance is a crucial safety net that can protect your business from devastating financial losses due to cyber incidents. Here’s why investing in cyber insurance is a smart move for your SMB: The cyber insurance market is volatile due to ever-changing threats and fluctuating premiums. Expert advice is essential to navigate this complex landscape. Recent trends show a rise in ransomware, business email compromise (BEC), and supply chain attacks, leading to more stringent underwriting processes and higher premiums. Understanding policy exclusions, proactive services, and litigation coverage is vital to avoid coverage gaps and ensure comprehensive protection. ?? Things to Consider When Evaluating Cyber Insurance Carriers: 1?? Coverage Scope: Ensure the policy covers various cyber incidents, including ransomware, BEC, and supply chain attacks. 2?? Proactive Services: Look for carriers offering pre-breach services like vulnerability assessments and employee training. 3?? Incident Response: Choose carriers that provide access to forensic and legal experts during an incident. 4?? Exclusions: Understand what is excluded from the policy to avoid surprises during a claim. 5?? Litigation Coverage: Ensure coverage for legal costs associated with data breaches, including class action lawsuits and regulatory issues. 6?? Policy Limits: Check the maximum payout limits and consider if they are adequate for your business needs. 7?? Underwriting Process: Evaluate how thorough the carrier’s underwriting process is and what security controls they require. 8?? Reputation and Stability: Research the carrier’s reputation and financial stability in the market. 9?? Claims Handling: Look into the carrier’s claims process and track record in efficiently handling claims. ?? Cost vs. Value: Balance the policy cost with the value of coverage and services provided. ?? Current Trends: Ransomware and BEC: These attacks are increasing, making comprehensive coverage more crucial. AI in Cybersecurity: Both attackers and defenders use AI, impacting the threat landscape and defense strategies. Litigation Risks: Data breaches have increased class action lawsuits and regulatory scrutiny, emphasizing the need for comprehensive litigation coverage. Do not wait! Secure your SMB with the right cyber insurance policy and stay ahead of cyber threats. Connect with Brush Cyber, which understands the dynamic cyber risk landscape and can tailor a policy to fit your specific needs. #CyberInsurance #SMB #CyberSecurity #Ransomware #BEC #SupplyChain #BusinessProtection #RiskManagement #Insurance #CyberThreats #AI #NationState