Gerd Meissner

Gerd Meissner writes, produces, edits, and manages content at Authentic8. He started his career as a journalist who covered information technology, data security, and the tech business for leading broadcast, print and online media, both in the US and in Europe. As a staff editor with German news magazine Der Spiegel, Gerd co-founded Spiegel Online. His byline appeared in numerous national and international publications, including The New York Times. Gerd authored and co-authored several books, including “SAP - Inside the Secret Software Power”, an in-depth biography of the enterprise software giant that was published to critical acclaim.
Find me on:

Recent Posts

How to Build Better Cybersecurity Habits in a Large Enterprise in Just Four Weeks

Posted by Gerd Meissner

Mar 2, 2017

How to Build Better Cybersecurity Habits in a Large Enterprise in Just Four Weeks - InfoSec Luminary Lineup IllustrationSECURITY

“You have four weeks to create strong cybersecurity habits in a business with 500+ employees. What would you do, and why?”

Granted - such a request “may indicate a big problem in [the board’s] understanding of security,” as Fred Scholl (Monarch Information Networks) points out below, because in this scenario,  “[t]he CISO has failed to proactively educate leadership.”

We posed the question to our circle of InfoSec Luminary Lineup contributors anyway. Nothing focuses the mind like a deadline.

Jordan McQuown, CIO at LogicForce Consulting, writes in response: “[U]ser awareness, reinforcement and training are key to improving security habits.” So how do we get there, fast? Jordan reminds us that “[t]ypical attackers are looking for easy targets” - and provides ample advice how to frustrate their plans.

Richard Caplan (LeClairRyan) points out the importance “to clarify the rules and responsibilities” in such a concerted effort. And like Jordan McQuown , Joseph Raczynski (Thomson Reuters Legal) urges CISOs to create teachable moments:  “Companies need to phish their own employees.”

Steve Durbin, Managing Director of the UK-based Information Security Forum (ISF), includes a warning in his contribution. Given the time restraints in this scenario, he writes, “[l]ooking for a silver bullet will be a waste of time.”

A8 InfoSec Luminary Lineup Theme Image:Four weeks to build strong cybersecurity habits in a large enterprise

Steve advises to step back and understand the bigger picture first, then “let risk drive the solution” His “Ten tips on how to make cybersecurity a habit on a deadline” round out this InfoSec Luminary Lineup.

Tip #4 on his instructive list below is our favorite. Why?

Topics: Security

8 Must-have Features of a Secure Browser (2)

Posted by Gerd Meissner

Feb 7, 2017

Illustration: Empty Canvas - 8 Must-have Features of a Secure Browser (2)SECURITY

Regular browsers, such as the one that came with your PC or mobile device, are leaking data on the internet like a sieve. The inherent vulnerabilities of the local browser model allow criminal hackers to infiltrate computers and steal or manipulate data.

Firewalls or antivirus software provide little or no protection against modern attackers and their tools. Browser add-ons, plugins and extensions promising “extra” security and privacy cannot be trusted. Their makers were even caught selling out private user data.

Because the “traditional” browser architecture is inherently unsafe and promoting data leakage,  a new generation of secure browsers has been developed for security-conscious companies and consumers.

Not all supposedly “secure” browsers are equal, and some are not secure at all. How can you tell the difference?

In this second part of “8 Must-Have Features of a Secure Browser” (read Part 1 here), we examine another four features and capabilities your browser must have to deserve the label “secure” for business or personal use.

Topics: Security

Ransomware: Majority of U.S. Businesses Unprepared for Attacks

Posted by Gerd Meissner

Jan 24, 2017

Thumbnail: Ransomware: Majority of U.S. Companies Unprepared for Ransomware Attack - Illustration for Authentic8 blog postSECURITY

A new survey shows that 66 percent of IT professionals identify ransomware as a serious threat. Yet only 13 percent say their company is prepared to handle it.

Topics: Security

2016 Revisited: Data Breach Trends and Numbers

Posted by Gerd Meissner

Jan 9, 2017

Thumbnail: IT Security Sinkhole - Illustration for Authentic8 blog postSECURITY

What were the biggest data breaches in 2016? How did federal agencies’ cybersecurity hold up last year, compared to 2015, with its disastrous OPM hack? Did ransomware live up to, or even beat, the dire predictions? Which industries got hacked most, and why?

We’ve pulled together summary posts and publications worth returning to, as a quick reference to consult when needed in the year ahead.

Topics: Security

What is the Most Underestimated IT Security Threat, and Why?

Posted by Gerd Meissner

Dec 19, 2016

What is the most underestimated IT security threat, and why? - InfoSec Luminary Lineup IllustrationSECURITY

One of the most chilling developments in IT security this past year were the cyber attacks reported on energy utilities and manufacturing plants, which exploited critical infrastructure vulnerabilities introduced by the convergence of IT and Operational Technology (OT). Yet they were barely noticed by the broader public, not nearly as much as Hillary Clinton pulling rank on her IT staff to use a private email server.

Time for a reality check? For our InfoSec Luminary Lineup blog discussion series, we asked cybersecurity leaders and experts: “What is the most underestimated IT security threat, and why?”

In their responses, they don’t dabble in technicalities of the vulnerability-de-jour variety. Instead, all of our contributors paint the bigger picture.

It isn’t pretty. The most underestimated IT security threat is…

Topics: Security

8 Must-have Features of a Secure Browser (1)

Posted by Gerd Meissner

Dec 1, 2016

8 Must-have Features of a Secure BrowserSECURITY

Regular browsers have become the most common inroad for hackers to infiltrate your computer and steal or manipulate your data.

Traditional approaches of network or endpoint security, such as advanced firewalls or antivirus software, have not kept pace with the problem.

This is why a new generation of “secure” browsers has emerged. But not all supposedly “secure” browsers are equal, and some are not even secure.

What are the features and capabilities that make a browser secure and safe, for business or personal use?

Topics: Security

Authentic8 adds support for Common Access Card to address growing federal demand

Posted by Gerd Meissner

Nov 17, 2016

Authentic8 adds support for Common Access Card to address growing federal demand (news release)CORPORATE

Secure virtual browser now validates CAC certificates for access to secure web sites

MOUNTAIN VIEW, CA (Nov 17, 2016) - Authentic8, maker of Silo, the secure, virtual browser now supports certificates stored on government-issued Common Access Cards, or CACs. This comes in direct response to growing demand for this functionality from federal agencies.

With this release, Silo will be configured with Department of Defense's (DoD) public certificates. When a user attempts to access a secure site that requires CAC authentication, the cloud-based browser will query the chip on the CAC that stores user-specific digital certificates to validate the user. All communication between the virtual browser and the local device is conducted over Authentic8's proprietary, encrypted protocol.

Topics: Corporate News

Not Trustworthy: How Local Browser Add-Ons Put Your Data at Risk

Posted by Gerd Meissner

Nov 16, 2016

How Local Broser Add-ons Put Your Data at RiskSECURITY

If you’re looking for ways to protect yourself when accessing the web, plugins and add-ons for your local browser are not the way to go.

Many plugins will actually increase the risk of online attacks or privacy violations, as in the case of the popular browser add-on WoT, developed by WoT Services, which was marketed as a tool to safeguard user’s data based on website ratings. WoT stands for “Web of Trust.”  Nice marketing pitch.

Yet users who bought into it just learned that they got anything but, as Germany’s investigative TV magazine Panorama and the BBC reported last week.

Topics: Security

How Can Companies Balance IT Security and Personal Web Access at Work?

Posted by Gerd Meissner

Nov 1, 2016

 InfoSec Luminary Lineup IllustrationSECURITY

Companies struggle to protect their IT infrastructure when employees access the web. Checking personal web mail or running online shopping errands from the office helps workers to maintain work/life balance, but it also puts the business at risk from web-borne threats.

Organizations scramble to put policies in place to protect themselves. But policies that are too restrictive can negatively impact productivity and workplace climate.

For our InfoSec Luminary Lineup blog discussion series, we asked: “How can companies balance IT security with users' need to access personal web resources at work?” In this post, cybersecurity startup leaders, experts and influencers share their thoughts, tips and insights on how companies can solve this dilemma.

5 Vendor Risk Reports Every IT Leader Should Read

Posted by Gerd Meissner

Oct 25, 2016

reviews-5-vendor-risk-resources-every-it-leader-should-read-from-denial-to-data-breach-1.pngSECURITY

How do you break into a bank? In the old days, burglars would dig their way into the vault from a basement next door.

In today’s digital economy, hackers don’t barge through the front door, either. They are looking to circumvent the cybersecurity barriers of financial service providers and other security-conscious companies by targeting potential weak spots on their IT periphery - such as less guarded software vendors or law firms with access to the bank’s network.

How can companies assess and manage third-party risk? Vendor risk management ranks high now on the agenda of enterprise CIOs and CISOs in the financial services industry and its business partner ecosystem. But what about other sectors?

Law firms were the first to feel the pressure, as described elsewhere on this blog. Yet in many organizations, regardless of industry, the IT infrastructure continues to remain under threat through undetected and unmitigated vendor risks.

You may have heard how vendors contributed to recent large-scale data breaches at retailers, healthcare providers and government agencies.

To be clear - third parties didn’t “cause” these data breaches by themselves. The surveys and research results covered in this post illustrate an endemic lack of vendor risk awareness and management.

Topics: Security