Cyber Defense eMagazine November 2019

Detrimental Ransomware Effects
3 Must-Do Tasks to Make Vulnerability
Management Useful in Today’s
Environments
How to Address the Top 5 Human Threats
to Your Data
Here’s How You Can Secure Your App from
Cyber Attacks
How to Stop Cybersecurity Attacks before
They Start
What Does A Cyber Security Consultant
Do?
…and much more…
1

CONTENTS
Detrimental Ransomware Effects ................................................................................................................. 18
Achieving Cybersecurity Readiness with AI-Powered, Gamified Training ....................................................... 21
Talk About a Disaster ................................................................................................................................... 25
3 Must-Do Tasks to Make Vulnerability Management Useful in Today’s Environments .................................. 29
The Intersection of Artificial Intelligence and Cybersecurity .......................................................................... 32
From Guards to Detectives: Evolving the Junior Security Analyst Role ........................................................... 37
Where Property Insurance Ends and Cyber Insurance Begins ......................................................................... 41
How to Build an Effective Insider Threat Program: Part I ............................................................................... 44
How to Build an Effective Insider Threat Program: Part II, Technology ........................................................... 49
Modernize the Mission: Implementing TIC 3.0 and Zero Trust Networking .................................................... 55
Cyber Resilience: Best Practices from Leading Industry Experts ..................................................................... 58
Are Financial Services the Golden Goose for Cybercriminals? ........................................................................ 66
The Social Engineering Methods and Countermeasures ................................................................................ 69
How to Address the Top 5 Human Threats to Your Data ................................................................................ 73
How to Suggest Your Manager to Invest into Cyber Defense? ........................................................................ 77
So, Ya Wanna Be A Pen Tester, Huh? ............................................................................................................ 81
Simple Ways SMBs Can Protect Themselves against Cyber-Threats ............................................................... 86
In A World of External Threats, How Are Business Putting Themselves In Jeopardy? ...................................... 90
Avoiding Misinformation for Content Moderators ........................................................................................ 94
2

How to Keep Your Customer’s Credit Card Information Safe ......................................................................... 98
10 Best Tips for Using Metasploit to Harden Your Network ......................................................................... 102
How Organizations Can Best Avoid GDPR Fines through Continuous Compliance ......................................... 109
Here’s How You Can Secure Your App from Cyber Attacks ........................................................................... 113
Sovereign Cyber Effects Provided Voluntarily by Allies (SCEPVA) ................................................................. 116
How Cybersecurity Became a Major Issue for Your Business’ SEO ................................................................ 120
How to Erase Data from Mobile Devices: Four Common Misconceptions ..................................................... 123
Secure Data Is Gold: U.S. Immigration Options for Cybersecurity Experts .................................................... 126
Cybersecurity Essentials for Small and Medium Businesses ......................................................................... 131
New Cybersecurity Trend: Hackers Impersonating Other Hackers ................................................................ 135
Software Defined Perimeter Deep Dive & Required Implementation Readiness........................................... 138
Sprint Beta Testing 5G Smart City in Georgia ............................................................................................... 142
Stressing Security Teams ............................................................................................................................ 145
The Importance of Cybersecurity When Dealing With Online Customers ..................................................... 149
How to Stop Cybersecurity Attacks before They Start ................................................................................. 152
What Does A Cyber Security Consultant Do? ............................................................................................... 156
A10 Networks Cloud Access Proxy Provides Secure Access and Visibility for SaaS Apps ................................ 159
3 Cybersecurity Trends & Predictions for 2020 (from Illumio) ...................................................................... 162
Applying Security Across Heterogeneous IT Systems ................................................................................... 164
The Security Challenges of Robotic Process Automation—A Primer ............................................................. 168
5 Simple Ways to Protect Your Smartphone from Cyber Attacks .................................................................. 172
3

@MILIEFSKY
From the
Publisher…
New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com
Dear Friends,
Can you believe it’s November 2019, already? We’re almost into 2020 but we still have so much to
accomplish this year – we have a new platform going live by December so stay tuned. Don’t miss us at
the InfoSecurity North America show in New York City November 20-21, 2019
https://www.infosecuritynorthamerica.com/ before we turn the
corner into an early RSA Conference 2020 in late February, in
San Francisco, CA, USA.
Our 8 th annual InfoSec Awards for 2020 are now open and we
hope to find more winners this year who are market leaders,
innovators and those offering some of the best solutions for
cyber security in the global marketplace. For those women who
did not make our Top 25 Women in Cybersecurity for 2019 or
missed out on the deadline, we have added Women in
Cybersecurity as a new category this year. If you’re an infosec
innovator, please consider applying at:
https://www.cyberdefenseawards.com/
We offer our own statistics that you are free to reuse anytime, from this page:
http://www.cyberdefensemagazine.com/quotables/. We have many new interviews going live on
https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com this month, so please check
them out and share links to them with your friends and co-workers. Let’s all keep on innovating and
finding ways to get one step ahead of the next threat!
Warmest regards,
Gary S. Miliefsky
Gary S.Miliefsky, CISSP®, fmDHS
CEO, Cyber Defense Media Group
Publisher, Cyber Defense Magazine
P.S. When you share a story or an article or information about CDM, please use #CDM and @CyberDefenseMag
and @Miliefsky – it helps spread the word about our free resources even more quickly.
4

@CYBERDEFENSEMAG
CYBER DEFENSE eMAGAZINE
Published monthly by the team at Cyber Defense Media Group and
distributed electronically via opt-in Email, HTML, PDF and Online
Flipbook formats.
InfoSec Knowledge is Power. We will
always strive to provide the latest, most
up to date FREE InfoSec information.
From the Editor’s Desk…
Turning a corner as leaves turn colors, changes
are coming. Some of the biggest attack vectors
we’re predicting for 2020 include:
• Nation State Cyberespionage and
Cyberwarfare
• Supply Chain Management Exploitation
• Cloud-based Identity Attacks
• New Deep Fake Spear Phishing Attacks
• Mobile Devices Become the Ultimate
Backdoor
• IoT Devices Become New Critical Targets
• Ransomware will continue to escalate
….and we expect much more…so please keep reading,
keep sharing and watch for the latest exploits as well as
the best defenses to get one step ahead of the next
threat, only here, at Cyber Defense Magazine.
Thank you so much!
To our faithful readers,
Pierluigi Paganini
Editor-in-Chief
PRESIDENT & CO-FOUNDER
Stevin Miliefsky
stevinv@cyberdefensemagazine.com
EDITOR-IN-CHIEF & CO-FOUNDER
Pierluigi Paganini, CEH
Pierluigi.paganini@cyberdefensemagazine.com
EDITOR-AT-LARGE & CYBERSECURITY JOURNALIST
Yan Ross, JD
Yan.Ross@cyberdefensemediagroup.com
ADVERTISING
Marketing Team
marketing@cyberdefensemagazine.com
CONTACT US:
Cyber Defense Magazine
Toll Free: 1-833-844-9468
International: +1-603-280-4451
SKYPE: cyber.defense
http://www.cyberdefensemagazine.com
Copyright © 2019, Cyber Defense Magazine, a division of
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)
276 Fifth Avenue, Suite 704, New York, NY 10001
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
PUBLISHER
Gary S. Miliefsky, CISSP®
Learn more about our founder & publisher at:
http://www.cyberdefensemagazine.com/about-our-founder/
WE’RE TURNING A CORNER INTO
8 YEARS OF EXCELLENCE!
Providing free information, best practices, tips and
techniques on cybersecurity since 2012, Cyber Defense
magazine is your go-to-source for Information Security.
We’re a proud division of Cyber Defense Media Group:
CYBERDEFENSEMEDIAGROUP.COM
MAGAZINE TV RADIO AWARDS
5

6

7

8

9

10

Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep
understanding of your web application vulnerabilities, how to prioritize them, and what to do about
them. With this trial you will get:
An evaluation of the security of one of your organization’s websites
Application security guidance from security engineers in WhiteHat’s Threat Research Center
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well
as share findings with internal developers and security management
A customized review and complimentary final executive and technical report
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/
PLEASE NOTE: Trial participation is subject to qualification.
11

12

13

14

15

16

17

Detrimental Ransomware Effects
Lost coursework and headaches
By Charles Parker, II
Sir John Colfox Academy is a secondary school in Bridport, Dorset in the UK. The school has 828
students, aged between 11 and 18.
Attack
On a fateful work day, much like any other, a staff member received an email. This was one of the
hundreds of emails received on a weekly basis. This however claimed to be a colleague at another Dorset
school. Not thinking a malicious person would have sent this, the staff member opened the email and
clicked on the content on February 28, 2019. While this may have seem innocent enough, the email
actually appears to have been sent from China and forwarded from a server in Germany.
18

The click opened the door for the systems infection. The network had an issue. The malware was reported
as ransomware and, as expected, immediately began to encrypt the files. The attackers, as with the next
step of the ransomware playbook, demanded money to be paid to them for the decrypt key. The school
consulted with a police expert regarding the substantial issue. After a review, it was noted the attack did
not likely exfiltrate any school data, and staff, student and parent data was not on the system that was
breached. The research into this indicated the attack may have been part of a much larger international
operation.
Data
In particular for this case, Year 11 students submitted their coursework. This coursework was save on
the school’s network. Due to the issue, the coursework in subject was lost. While the description is short,
the devastation is significant. The hope is the student’s had this backed-up somewhere.
Mitigation
The school is working with the particular exam board to resolve the issue. They are also working with the
Dorset Police cyber crime unit. Although there was the demand for funds, no payment was made. This
is generally the policy to take due to the secondary potential issues with just making the payment. The
school had to notify the parents and sent a letter explaining the issue.
Discussion
Targets are generally attacked to compromise their systems to gain access to data for exfiltration or to
extort funds from them. In the early days, these may have been more of an exercise, however, the
attackers have operationalized the model. Ransomware has proven itself to be a completely popular,
viable, and successful attack tool. Over the last four years, this has been very profitable for the attackers.
Lessons Learned
Ransomware is used so often, it is becoming redundant. The frequency is mostly due to the simplicity of
the attack, the financial awards, and this tends to shut down operations until the fee is paid (not advised)
or the issue is remediated through installing back-ups, and a thorough review to ensure nothing was left
behind by the attackers they could use later for re-entry.
There needs to be continued training for the staff. This removed a significant portion of opportunity for an
issue. If the staff know what the usual forms of the attack are, these are less likely to be clicked on, and
fewer systems would be infected. There also needs to be back-ups, which are regularly checked to
ensure they are viable.
19

Resources
Hussain, D. (2019, March 14). Secondary school is being held to ransom after a ‘chinese cyber attack’
caused the loss of year 11 student’s GCSE coursework Retrieved from
https://www.dailymail.co.uk/news/article-6808845/Secondary-school-held-ransom-cyber-attack-causedloss-students-GCSE-coursework.html
Sjouwerman, S. (2019, March 14). GSCE coursework lost in ransomware attack on UK bridport school.
Retrieved from https://blog.knowbe4.com/gcse-coursework-lost-in-cyber-attack-on-uk-bridport-school
Speck, D. (2019, March 15). GCSE coursework lost in ransomware attack. Retrieved from
https://www.tes.com/news/gcse-coursework-lost-ransomware-attack
Wakefield, J. (2019, March 13). GCSE coursework lost in cyber attack in bridport school. Retrieved from
https://www.bbc.com/news/uk-england-dorset-47551331
About The Author
Charles Parker, II has been in the computer science/InfoSec industry for over a
decade in working with medical, sales, labor, OEM and Tier 1 manufacturers, and
other industries. Presently, he is a Cybersecurity Lab Engineer at a Tier 1
manufacturer and professor. To further the knowledge base for others in various
roles in other industries, he published in blogs and peer reviewed journals. He
has completed several graduate degrees (MBA, MSA, JD, LLM, and PhD),
completed certificate programs in AI from MIT, other coursework from Harvard,
and researches AI’s application to InfoSec, FinTech, and other areas, and is
highly caffeinated. Charles Parker, II may be reached at
charlesparkerii@protonmail.com.
20

Achieving Cybersecurity Readiness with AI-Powered, Gamified
Training
By Keenan Skelly, Vice President of Global Partnerships and Security Evangelist at Circadence
“THE CYBERSECURITY SKILLS GAP” It is written about so much in the cyber industry that it seems
predetermined, not to mention full of doom and gloom about never-ending, ubiquitous breaches. Yes,
predictors says that there will be 3.5 million unfilled cybersecurity jobs by 2021, which is up from 1 million
openings last year. But that’s not the whole story. It does NOT mean that cyber readiness is unattainable
or that the bad guys have won.
At Circadence, we see that stat as a headlight – providing illumination for rich career opportunity and
stimulation for new approaches to cyber preparedness. There’s unlikely to be a dull moment in a cyber
career as defenders work every day to keep pace with technology advancements and organization digital
transformation, as well as keeping an eagle eye out for how threat actors create new exploitive
circumstances. So, it is continuously critical for cyber warriors to test, train, simulate, emulate and keep
learning. And while we can’t train our way out of the skills gap problem one class or video at a time, we
can use technological advances, in Artificial Intelligence and Machine Learning for example, to automate
and augment the security toolsets, the tasks and processes, and the training platforms. With focus on
the human element that is at the heart of the adversarial relationship, we can redesign the playing field
and hopefully give defenders the home field advantage going forward.
21

Why do we need a new approach to cyber training?
Today’s organizations ARE seeking more cyber staff, but they equally need an inventive and accelerated
training approach that engages cyber professionals to build and retain skills and competencies to keep
positions “filled”. That’s where new advances in artificial intelligence and gamified learning come into play
and create new types of hands-on learning environments. For example, in our Project Ares learning
environment, AI generates adversaries, which require critical thinking and collaborative problem solving
to deter. We put the simulation into a gamified context where badges, scores and friendly competition
motivate progress through learning exercises and cyber challenges.
News headlines remind CISOs and business leaders of the impact of breaches, from financial to
reputational damage and loss of trust. The cybersecurity industry needs a new approach to help adapt
to the speed of cyber threats today through better enablement for incoming and seasoned cyber
professionals. The importance of strengthening organizational security posture often starts with a
company’s digital vanguard defending corporate assets. These team members are juggling a lot of dayto-day
priorities as they proactively protect company assets while trying to stay up-to-date with evolving
risks. The end result of this juggling act is a cyber workforce that is strained, stressed, and often depleted.
In fact, a whopping 93% of respondents to a May 2019 survey agreed they need to keep up with their
skills or their organization will be at risk, yet 66% of respondents in the same study also said it’s hard to
keep up with cybersecurity skills given the demands of their job. The difference between the business
security requirement and the actuality of cyber readiness is indeed a wide gap.
Typically, a professional’s cyber learning journey begins with traditional lecture-style learning, maybe
sitting in a classroom absorbing outdated videos and slideshows, and often at a location that is away
from the office requiring travel budget to attend. However, research shows that when the traditional
classroom approach is paired with a gamified environment that provides hands-on practice in cyber range
environments, student learning retention improves by up to 75%. Add to that research showing that
employees say gamification makes them feel more 89% more productive and 88% happier at work.
Gamified learning can boost motivation and retention, generating upwards of a 60% increase in learner
engagement and 43% enhancement in employee productivity. This applies not only to new cyber
professionals learning basic concepts and skills but also cyber professionals currently in the workforce
looking to mature their cyber skills and learn more advanced cyber tactics. In addition, cyber security
leaders can partner with HR and use gamified platforms to test and assess their current staff to identify
gaps in security knowledge and application, establish improved recruitment goals, and even test new
recruits.
Using AI and gamified training to augment the cyber workforce
Inside a gamified leaning platform, artificial intelligence (AI) is being employed more often to improve the
delivery of education exercises. AI is used to emulate human cognition (e.g. learning based on
experiences and patterns rather than inference) and deep machine learning advancements enable
solutions to ‘teach themselves’ how to build models for pattern recognition. This becomes particularly
22

valuable in cyber skills development where Natural Language Processing (NLP), a sub-category of AI,
can communicate with a human during cyber exercises and aid in their progression through activities. An
example of how NLP works within a gamified learning environment is through cybersecurity learning
platform Project Ares®. The in-game advisor, Athena, uses NLP to communicate with players in a “chatbot”
format providing guidance to players so they can complete cyber asks and meet learning objectives for
certain work roles. Athena generates a response from its learning corpus, using machine learning to
aggregate and correlate all the player conversations it has plus integrating knowledge about how users
progress through exercises. The pattern recognition helps Athena recommend the most efficient path to
solving a problem or scenario. Similar to the “two heads are better than one” motto, but machine learning
needs lots of “heads” (aka: data) to generate the best solution for the problem at hand.
AI is also used to create the adversary in Project Ares missions. These missions are developed from
real-world cyber threats using either a defensive or offensive approach. The player is challenged to solve
problems through critical thinking and actions and as they begin to think like the unauthorized user, their
understanding of defensive behavior also improves. This capability provides greater learning potential
for users who are not only using defensive techniques with AI but also using offensive techniques with
data AI provides. Cyber professionals can engage in a learning platform that offers relevant cyber
exercises to build skill and competency with the support of artificial intelligence, NLP and hands-on
machine learning all within a gamified range environment.
A new era of cyber training
For organizations that are stymied by the skills gap and struggle to hire the right skills in cyber
organizations, take a look at the challenge from a different angle. Through the benefits of AI in gamified
training, cyber professionals can learn advanced ways to offensively and defensively protect their
companies, build new skills, and develop problem solving tactics in real-world scenarios. This advanced
method of training takes cyber learning to new heights by improving retention with hands-on learning that
can take place anywhere versus at off-site cyber training courses. With new training options such as
gamified training now available to companies, seasoned and prospective cyber professionals have all
the critical tools needed to prepare themselves for future cyber threats—and companies have the
resources necessary to persistently harden their cyber readiness posture. For more information on
gamified training, visit www.circadence.com.
About Circadence
Circadence Corporation is a market leader in next-generation cybersecurity readiness. Powered by a
culture of innovation and the demands of an evolving cyber landscape, Circadence offers award-winning
cyber range solutions and cybersecurity learning platforms, running on Microsoft Azure, that leverage
artificial intelligence and custom content to address critical security challenges for enterprise, government
and academic institutions. Circadence's solutions deliver persistent, immersive and true-to-life
experiences that match and adapt to contemporary threat environments. For more information,
visit www.circadence.com.
23

Author the Author
Keenan Skelly, Vice President of Global
Partnerships and Security Evangelist at
Circadence
Keenan Skelly has more than 20 years
of experience providing security and management
solutions across a wide array of platforms to
include personnel, physical, and cybersecurity.
She brings over ten years of government service
with a focus on National Security. Skelly served in
the U.S. Army as an Explosive Ordnance Disposal
Technician and went on to work for the
Department of Homeland Security where she
served as Chief for Comprehensive Reviews in the
Office for Infrastructure Protection.
Cites:
• https://www.talentlms.com/blog/gamification-survey-results/
• https://www.pulselearning.com/blog/gamification-infographic/
• https://www.csoonline.com/article/3200024/cybersecurity-labor-crunch-to-hit-35-million-unfilledjobs-by-2021.html
• https://searchsecurity.techtarget.com/news/252463186/Effects-of-cybersecurity-skills-shortage-
worsening-new-study-says?track=NL-
1820&ad=927520&src=927520&asrc=EM_NLN_112933934&utm_medium=EM&utm_source=N
LN&utm_campaign=20190515_Shortage%20of%20cybersecurity%20skills%20puts%20busines
s%20at%20risk
24

Talk About a Disaster
Fema Exposes Disaster Survivor’s Personal Data
By Charles Parker, II; MBA/MSA/JD/LLM/PhD
FEMA’s mission involves assisting citizens as they face natural disasters (hurricanes, wildfires, etc.).
Over the years, FEMA has had its ups and downs, mostly published in the media outlets. These have
mostly involved missteps with the supplies, mobile homes, and various other issues.
When the citizens have been a victim of one of the natural disasters, they have too much on their mind
with family, pets, home, and other assets. Feelings and emotions tend to run high during these times.
The last thing they need to be concerned with is to work through identity theft or who have purchased
their personal information.
Issue
Unfortunately, FEMA inadvertently allowed the unauthorized access to over 2M person’s private and
confidential data. The issue was reported in the March 14, 2019 audit by the Department of Homeland
Security’s Office of Inspector General report.
25

Data
In the case of a disaster when the person applies for assistance from FEMA, the person is required to
use the Transitional Sheltering Assistance Program. This program has assisted persons from the 2017
California wildfire, Hurricanes Howey, Irma, and Maria, and many other disasters. The exposed data was
for the applicants of these natural disasters, numbering 2.3M to 2.5M. This included the home addresses
and banking information (bank name and account number; with the bank’s name securing the routing
number is easy). Of the affected persons, 1.8M had both types of data available to unauthorized parties,
and 725 had only their address involved.
Normally this type of data may not be simply housed in a government database. This, however, was
required from the applicant as this would be used for the payments for the assistance and to record data.
There was a legitimate reason to have this.
Oops
The exposure presented another notable problem for FEMA. As a course of business, FEMA contracts
with third parties for specific functions. Having all of the services that would be needed across the US
within FEMA would be problematic, as the agency is not constantly assisting others. There is not a
hurricane or massive wildfire every month. As part of this contractual agreement, certain information on
the assistance recipients is necessary. FEMA has unintentionally given more information on the affected
persons than what was required to a contractor. In this case, the contractor was involved with providing
temporary housing.
The data shared with the had an additional 20 fields in the database, which should have not been sent,
as this was not germane to their function and scope of work. In the Inspector General report, the
contractor’s name had been redacted. FEMA effectively has the potential to put the affected persons at
risk for identity theft and/ or fraud based on the error for the over 2.3M persons already stressed by the
circumstances. This is also a violation of the Privacy Act of 1974 and the DHS Management Directive
11042.1.
Remediation
The issue is rather notable. Once detected, this has led to changes in how FEMA manages its client’s
personally identifiable information (PII). FEMA was working with the contractor to remove the
unnecessary data from their system. DHS had two recommendations to FEMA for correcting the issue.
First, FEMA implements controls to ensure only the authorized data is sent to the contractor. Second,
FEMA ensures the data previously issued to the contractor is destroyed. Although this resolves one
aspect of the issue, this does not directly or indirectly address the impact on the persons involved. They
are still at risk and would have to pay for any identity monitoring services themselves.
26

Discussion
When you demand and require from a person, especially with no bargaining power or leverage, data in
exchange for services they require to live, you become a steward of the information. You are responsible
for the safekeeping and acting as a reasonably prudent organization with this. The release of the data or
unauthorized access has detrimental short- and long-term effects for the affected parties.
For an epic error of this magnitude to still be occurring is not acceptable at any level. The persons have
to deal with having their lives uprooted with their respective natural disasters. In addition to this, the 2.3-
2.5M persons now also have to deal with watching for their funds to evaporate into the ether, or possible
identity theft if the purchaser is a crafty social engineer. This could, of course, been much worse for the
affected parties. The issue brings up two points. What would make FEMA staff members think a
contractor focused on providing the temporary housing would need with the affected person’s banking
information? Also, once they received the additional unauthorized data, why didn’t they notify FEMA?
When the file was downloaded, seemingly the contractor’s staff would wonder why that was present.
Resources
Achenbach, J., Wan, W., & Romm, T. (2019, March 22). FEMA ‘major privacy-incident’ reveals data from
2.5 million disaster survivors. Retrieved from https://www.washingtonpost.com/national/healthscience/fema-data-breach-hits-25-million-disaster-survivors/2019/03/22/
and
https://www.chicagotribune.com/news/nationworld/ct-fema-privacy-data-breach-20190322-story.html
Associated Press. (2019, March 22). FEMA wrongfully released personal data of 2.3 million disaster
victims: Watchdog. Retrieved from https://cnbc.com/2019/03/22/fema-exposed-personal-data-of-
2point3-million-disaster-victims-watchdog.html
Brufke, J. (2019, March 22). FEMA exposed personal information of 2.3 million disaster survivors.
Retrieved from https://thehill.com/policy/cybersecurity/435386-fema-exposed-personal-information-of-
23-million-disaster-survivors
Kelly, J.V. (2019, March 15). Management alert-FEMA did not safeguard disaster survivor’s sensitive
personally identifiable information (REDACTED). Retrieved from
https://www.oig.dhs.gov/sites/default/files/assets/2019-03/OIG-19-32-Mar19.pdf
Keck, C. (2019, March). FEMA breach exposes personal data and banking information of 2.3 million
disaster survivors. Retrieved from https://gizmodo.com/fema-breach-exposes-personal-data-andbanking-informati-183350871
Linton, C. (2019, March 22). FEMA exposed personal information of 2.3 million disaster victims. Retrieved
from https://www.cbsnews.com/news/fema-data-breach-exposed-personal-information-of-2-3-milliondisaster-victims/
27

Lyngaas, S. (2019, March 22). FEMA exposed personal data on 2.3 million disaster survivors, violated
privacy law, IG finds. Retrieved from https://www.cyberscooop.com/fema-exposed-personal0data-2-3-
million-disaster-survivors-violated-privacy-law-ig-finds/
Matt, N. (2019, March 23). FEMA privacy disaster reveals information of 2.5 million americans. Retrieved
from
https://www.tomshardware.com/news/fema-reveals-information-2-5-million-disastersurvivors.38903.html
Sukin, G. (2019, March 22). FEMA exposes personal, banking details of 2.5 million disaster survivors.
Retrieved from https://www.axos.com/fema-data-breach-leaks-personal-banking-information-25-milliondisaster-survivors-33912b1c-03b6-458f-a5cd-d791fb2bdb2.html
About the Author
Charles Parker, II has been in the computer science/InfoSec industry for over
a decade in working with medical, sales, labor, OEM and Tier 1
manufacturers, and other industries. Presently, he is a Cybersecurity Lab
Engineer at a Tier 1 manufacturer and professor. To further the knowledge
base for others in various roles in other industries, he published in blogs and
peer reviewed journals. He has completed several graduate degrees (MBA,
MSA, JD, LLM, and PhD), completed certificate programs in AI from MIT,
other coursework from Harvard, and researches AI’s application to InfoSec,
FinTech, and other areas, and is highly caffeinated. Charles Parker, II may
be reached at charlesparkerii@protonmail.com.
28

3 Must-Do Tasks to Make Vulnerability Management Useful in
Today’s Environments
By Jim Souders, Chief Executive Officer, Adaptiva
I recently heard an executive describe how his team essentially threw its vulnerability report in the trash
every time they received one. This seemed a bit extreme, but he informed a group of conference
attendees that it wasn’t because the vulnerability reports didn’t contain important information—it was
because they have become so overwhelming.
Vulnerability management vendors today are routinely scanning for more than 100,000 vulnerabilities.
Imagine the strain that places on an organization if even only a fraction of these vulnerabilities are found
within their network. Then consider the feeling associated with the knowledge that there is no possible
way to address them all in an effective time frame that will ensure that you are not at risk.
The excessive number of vulnerabilities only will continue to increase, opening up space for
cyberattackers to take advantage. Because of this, vulnerability management was listed as one of the
top projects for organizations to get a handle on at Gartner’s 2019 Security and Risk Summit. The
problem is IT teams don’t know where to start. Vendors need to step up to help them.
Here are three things that must be done across the board in the vulnerability management space to assist
teams in getting the basics covered.
29

Give the User Control
With millions of vulnerabilities being presented to IT administrators and security operations, there needs
to be effective and easy ways to quickly read and interpret the data. If vulnerability management software
spits out a bunch of data without providing different ways to sort and highlight it, it becomes incredibly
difficult for IT to work with or act on. Yet, this is how vulnerability management has been conducted for
years—to the point where it is now considered simply voluminous and unactionable.
To elevate vulnerability management and allow it to have a positive impact, reporting mechanisms need
to provide the IT and SecOps users with more control over how they want to consume and evaluate
vulnerability data. Every company has different priorities that define where they want to focus energy and
resources. As such, they require tools that let them customize the analysis and resulting reports to meet
their needs. Evolving the user interface to accommodate the user is the first step to making a vulnerability
report meaningful and actionable to IT operations.
Determine What Matters and Why
Out of all of the thousands of vulnerabilities found, then which ones do teams address? Which ones are
open? There needs to be a simple way to determine very quickly what requires attention and in what
priority. To help IT operations teams get to the starting line, vulnerability management tools must do more
to assess the risk specific vulnerabilities pose.
Most of the vulnerabilities exploited last year were not considered high-severity vulnerabilities. This is
largely because cyberattackers have learned that companies are conditioned to fix the critical or highrank
vulnerabilities first; therefore, they go after medium level threats to gain entry. Because these issues
have traditionally been considered lower priority, chances are good that understaffed and overworked
teams have yet to address many of these vulnerabilities. Bad actors can then infiltrate systems and wreak
havoc because of an issue that likely could have been fixed relatively easily. As this practice becomes
more common, it is evident that a CVSS score alone is not enough. For vulnerability management to be
effective, vendors need to come up with intelligent ways not only to rank severity and impact but also the
likelihood that a particular vulnerability will be exploited.
Execute a Rapid Response
Once software fetches vulnerability data, teams filter it according to their needs and assess and prioritize
which vulnerabilities to attack first—there has to be a mechanism for immediate action. Modern solutions
should provide simple ways for staff to respond quickly to what they see and learn. Organizations that
are left to their own devices to develop and execute fixes through manual processes or custom scripts
are at a distinct disadvantage. IT and SecOps are often unable to work together in a rapid, cohesive, and
collaborative process to deploy a patch enterprise-wide. SecOps teams are frequently overwhelmed with
their own issues. As a result, system updates and patches can take a long time to execute, contributing
to the backlog and extending the window a company is susceptible to attack.
30

Intelligent automated solutions are being developed to take this burden off of teams so that vulnerabilities
can be identified, assessed, and addressed near instantaneously. Platforms that integrate these solutions
with endpoint management tools, software distribution tools, or patching tools enable their users to
immediately send out system updates, patches, or configuration changes. By doing so, this increases
the value of the fetch and reporting capabilities. It essentially creates a command station for managing
vulnerabilities, which is the ideal that everyone is trying to reach.
If all of these features can be incorporated into a single pane of glass that the IT and SecOps user goes
to everyday, it would be an incredibly powerful tool for reducing threats. This may sound basic, but it has
been very difficult to do. As the industry moves closer, however, and a new emphasis is placed on
vulnerability management, teams will soon get the relief they are searching for while fortifying their
defenses against cyberattacks.
As first published in BetaNews.
About the Author
Jim Souders is CEO of Adaptiva, a leading, global provider of endpoint
management and security solutions for enterprise customers. A global
business executive with more than 20 years’ experience, Jim excels at
leading teams in creating differentiated software solutions, penetrating
markets, achieving revenue goals, and P/L management. Prior to
Adaptiva, Jim led high-growth organizations from start up to public offering
and acquisition in a variety of advanced technologies, including IT
infrastructure management, cross-platform mobile application
development, WAN/LAN optimization, and wireless supply chain
automation systems. For more information, please visit
https://adaptiva.com/, and follow the company on LinkedIn, Facebook, and Twitter.
31

The Intersection of Artificial Intelligence and Cybersecurity
By John Harrison, Director, Cybersecurity Center of Excellence, Criterion Systems
It is easy to be skeptical about Artificial Intelligence (AI). It has been promised (threatened?) for years,
and while it is already showing up in our everyday lives – essentially through companies like Amazon
and Facebook that use it to customize user experience and make doing things on their platforms more
convenient – it has also been hijacked as a marketing buzz word, and frequently misused. However, as
a cybersecurity professional, I believe it will help solve some of our greatest challenges, today and into
the future.
Given the confusion surrounding AI, I think it would be prudent to quickly define what it is. AI is a general
practice and concept, including capabilities such as natural language processing, image recognition of
objects, and pattern recognition through neural network models attempting to mimic cognitive functions
of the brain. The term Machine Learning (ML) is frequently used interchangeably with AI, although there
are distinct differences. ML algorithms use machines to learn about given data. A subset of ML includes
deep learning, which has shown a lot of promise in the cybersecurity realm. Major differences of ML
compared to AI include:
• ML aims to increase accuracy described by confidence intervals whereas AI aims to achieve a
successful goal and is less focused on accuracy.
• ML learns from data obtained based on tasks and actions whereas AI uses computer programs
to make decisions or apply logic, possibly using ML outputs as inputs to an AI program.
32

• ML focuses on acquiring knowledge or skills by learning from many observations over time and
optimizing its own model to improve accuracy whereas AI’s goal is to mimic a human response
and decision-making process.
Which brings me to the question: What are we cybersecurity professionals and organizations looking to
get out of AI and ML? That question is predicated on what you are attempting to accomplish.
Augmentation/Automation of Cybersecurity Processes
To date, the most successful use of AI and ML in cybersecurity has been to help detect malware. By
supplying machines with samples of good and bad pieces of executable code, they have been able to
help identify what are normal and abnormal operations. This is how many of the next generation antivirus
tools work: they are constantly learning and building unique graphs of how applications interact with
systems, how users interact with applications, and how applications and users interact with data and
other users and computers on the network.
What we need now is for a system to learn to enable augmentation and/or automation of a variety
cybersecurity processes to achieve a better outcome, such as saving time and money by using algorithms
and models to perform a great deal of the initial trigate activities that analysts have to do manually today.
Additionally, many low and informational alerts in Security Operations Centers (SOCs) currently go
unattended due to a shortage of time and personnel. Using AI and ML to apply initial triage to see if any
of the alerts are possibly related to one another represent low-hanging fruit and a great step forward.
Consider this: Many attackers today are attempting to evade our defensive systems and if they can exploit
networks and systems by staying under the radar by generating thousands of low-level alerts its less
likely they will get caught and the organization might not even know they were compromised. As with the
example of malware above, the first use that comes to mind for most of us is enhancing our detection
and prevention abilities. But have you considered using AI and ML to augment response actions such as
containment actions, ticket creation, and user engagement to triage and/or validate a suspicious action?
Many of these activities are in the realm of possibilities today for the application of AI and ML, and offer
true benefits, such as improving Service Level Agreements, reducing the time spent on each alert, and
improving the Meant Time To Recovery (MTTR).
Though AI and ML remains in the early stages of adoption and expansion, there are many business
challenges and use cases that the cybersecurity community is eager to deploy in the very near future to
address the challenges Security Operation Centers (SOCs) are facing today, including a massive digital
transformation and the never-ending alerts coming in for triage.
Implications of a Continuous Exponential Growth in Data
According to the International Data Corporation, data will grow by 61% to 175 zettabytes (ZBs) by 2025,
which is equivalent to the data stored on 250 billion DVDs, according to University of California –
Berkeley. The majority of this data will reside in cloud and data center environments. Other interesting
33

insights from the same reports includes the fact that 90ZBs will be created on Internet of Things (IoT)
devices, nearly 30% of all data will be consumed in real-time, and almost half (49%) of data will be stored
in public clouds – all by 2025. Furthermore, the increase in data, especially real-time data, is correlating
to the number of devices that are connected to private and public networks, which does not show
indications of slowing down anytime soon. Next-generation cyber warriors will be dealing with volumes
of data never seen before occurring in real time making it difficult to spot, assess, and act on future cyber
attackers. Attackers will likely attempt to disguise and blend into the noise using AI and ML techniques
to mask their malicious intent. The challenge for cybersecurity professionals and organizations is how to
harness automation and build next-generation SOCs using AI and ML, which will be crucial for keeping
up with the volume and velocity of cyber-related data, created by more users and more machines.
The Alerting Nightmare Many SOCs Face
Millions of daily alerts: This is a normal day as a SOC manager, and it raises several challenges:
• Eliminating false positives to focus effort on prioritizing “real” alerts based on severity and
probability.
• Reviewing all alerts may be impossible.
• Many SOCs will avoid some alerts because they are considered low-level or have fired off too
many false positives. Remember, however, 10-15 low-level alerts that, when combined and based
on the sequence or the nature of those alerts, could equal a high alert translating into a full
compromise.
• It is common for many SOCs to fall into the alert fatigue trap and not consider how adversaries
operate. Just as military operatives, they always attempt to fly below the radar. Therefore, they
focus on exploiting weaknesses to which that they feel SOCs are less likely to be giving careful
attention.
What are some of the solutions to these challenges? Writing correlation/behavioral rules can help, but
this has its own limitations and they can be easy to evade if not written correctly. Writing behavioral rules
is also complex and requires unique skills – which are in great shortage within the cyber community right
now. A better approach is to save profiles for users, workstations, servers, networking devices, etc., and
use ML to generate anomalies and determine behavioral patterns in the form of classifications. This
approach is better because it more easily scales and can solve two major problems: The cybersecurity
talent shortage and attacks that attempt to evade detection systems by hiding in the noise as we
previously explained above.
Using AI and ML together, anomalies can be generated that are then passed through a series of AI
models to determine their probability and severity as well as to determine if any specific example crosses
a threshold which should trigger an event/alarm. For example, an anomaly is triggered off a user
behavioral pattern that has drifted from its normal operation. It is then analyzed by machines to determine
if that anomaly occurred before, at what frequency, and if it can be predicted with a reasonable level of
probability that the event is actually abnormal. If so, it may be passed to an AI-bot that triggers an alert
to the user text or an alternative email address to ask if the action was prompted by them or not. If not,
then an alarm is triggered by the AI intrusion system and the incident response process begins. This is
34

just one of many examples of how AI and ML can help with alert fatigue and scaling limited talented
resources while also having the ability to respond in seconds versus minutes and hours.
How Organizations Should Start Using AI and ML for Cybersecurity
First, organizations should define what they want to teach a system to help augment and/or automate
response actions. In my opinion, I think AI and ML is at a point where it can be of more help in augmenting
than it can in automating. (The day where machines will be able to fully think like humans may come, but
operationally, that is many years away.) Having worked in several SOCs and managed my own Managed
Security Service Provider, I have seen analysts and incident responders performing repeated tasks day
in and day out that could be augmented by AI. The AI-bot example provided above is one way this could
work. In another example, Thomas Caldwell from Webroot provided a great demo of his AI bot using
Amazon’s Alexa device at an RSA Conference session named the “Evolution of AI Bots for Real-time
Adaptive Security.”
Here’s one note of caution: Using AI/ML for response actions is complicated. It requires the right skills
and data to be analyzed in order to create the feature sets that are viable candidates for AI and ML
modeling and are specific for how your organization operates. If a vendor offers you a solution that allows
you to run ML algorithms from your data and calls that AI or behavioral detection, turn and run as fast as
you can! The great news is that today, a good portion of data created by machines and users are using
standardized formatting and language, making it easier for the cyber community to share and build off of
others’ AI and ML feature data sets. Keep in mind, however, that just as defenders are using AI and ML,
adversaries are as well. To get started I recommend following some best practices that include, but are
not limited to:
1. Spend the time to create well-defined outcomes and measurable targets for challenges you
need to solve in security. What tasks/problems do you want a machine to learn and what tolerance
do you have for false positives?
2. Consider if more simplified tools could achieve a more efficient and effective outcome than an
AI and ML model. For example, running models to determine behaviors of where applications are
executed from can help detect abnormal operations. However, it might be easier to standardize
and baseline where all applications are allowed to run from and trigger an alert if one executes
from a different file path outside of the baseline. Application whitelisting is an easier solution to
this problem as well.
3. Brainstorm and pair data scientists with cybersecurity expertise to create features derived from
your existing cybersecurity data to solve a relevant problem/outcome. The data that is being
generated on the network is not necessarily what gets fed into the model. For instance, financial
traders using algorithms to hedge stock portfolios tend to use ratios as an input set of data that is
computed based lower level data sets such as fluctuations of price, volume of trades, etc.
4. Experiment with various combinations of features, algorithms, and classifiers to find the best fit
model for the desired outcome and achieving the measurable target you had established
beforehand. If the model doesn’t predict an event at the same rate or better than a human, what
value does the model provide? Trial and error is the best approach and interestingly, machines
35

can learn from these trial experiments as well to help automate the selection of features, though
that is still a bit early in its maturity.
I’m excited, just as many cybersecurity professionals are, at how far AI and ML has come and where the
capability is heading. It’s a great way to augment operations today, allowing resources to be diverted to
solving greater challenges and helping mature SOCs around the world. AI and ML will not likely solve all
of our problems in the near future, but if it could help solve even one or two major challenges, I think
many SOC managers and leaders would find that immensely valuable in the important mission of
protecting critical assets from all types of malicious cyber actors.
About the Author
John Harrison is the Director of Criterion Systems’ Cybersecurity
Center of Excellence. With more than 15 years of experience in the
security industry, he helps design cybersecurity programs to protect
government customers. He is a combat service-disabled veteran who
served eight years in the US Marine Corps as an intelligence operator
and foreign military combat trainer. Following his military career, he
spent several years in the Intelligence Community. He has a bachelor’s
degree in criminal law, an MBA from Georgetown, and is a certified
ethical hacker and incident handler from EC-Council and SANS GIAC,
respectively.
36

From Guards to Detectives: Evolving the Junior Security
Analyst Role
By Mike Armistead, CEO and Co-Founder, Respond Software
Across all industries, we’re coming to accept and, in some cases, look forward to augmenting human
roles with the support of intelligent automation. There is a growing shift from fear of change, to welcoming
it with open arms.
Garry Kasparov, one of the greatest chess players of all time who expressed skepticism when a computer
beat him, is a perfect example of how perceptions of Artificially Intelligence (A.I.) are changing. In a recent
interview, he admitted he changed his view after witnessing some of the world’s greatest game players
lose to machines, including when Google’s AlphaGo defeated the world’s best player of Go, a complex
ancient strategy game.
37

An interesting takeaway for these so-called “defeated” human champions? By playing the computer, they
all learned new methods and strategies that were unexplored before. Today, Kasparov says, “A.I. will
help us to release human creativity. Humans won’t be redundant or replaced, they’ll be promoted.”
That is exactly what the cyber security industry needs to achieve for Junior Security Analysts by arming
them with intelligent automation. In doing so, we can help to accelerate the career progression of a
security analyst starting from their first day through to the day they retire.
Attracting AND Retaining New Security Talent
The security industry is laser-focused on closing the skills gap; however, we continue to allow emerging
professionals to experience disillusionment in the earliest (arguably, most critical) stages of their careers.
Not only is the industry struggling to attract new talent, many promising junior employees are leaving the
field of cybersecurity entirely. They’re doing so out of frustration, stress, or boredom with the monotony
of the tasks assigned to them.
In a recent study by the Cyentia Institute, 45 percent of surveyed security analysts said the reality in the
Security Operations Center (SOC) does not meet expectations. One in four expressed dissatisfaction
with their current job.
This is especially true of entry-level analysts, whose analysis duties typically consist primarily of
monitoring raw alerts, looking for ways to enrich them with additional contextual information and—if they
are lucky to be given additional responsibility—deciding which events to escalate. Despite knowing the
vast majority of alerts are false positives, they worry they will miss that “needle in the haystack” event
linked to a real attack and it will cost them their career.
Reducing attrition and recruiting the best and the brightest into the cybersecurity field will require
collaboration across organizations and the industry as a whole.
Security Automation = Analyst Elevation
Humans alone simply don’t have the capacity to keep pace with today’s volume of data and threats.
Trying to keep pace can both discourage and exhaust budding security analysts early on in their
cybersecurity careers.
For any security analyst, detecting intrusions is rewarding and makes them feel like they’re making a real
difference. With the continued emergence of security automation, Junior Security Analysts experience
more success on a day-to-day basis. Intelligent automation has the potential to shift the way Junior
Security Analysts work significantly by:
• Refocusing from the mundane to the imaginative: Security analysts would rather act like
detectives than mall cops, spending their time hunting threats and gathering intelligence than
following routines or performing rote functions. Automated security workflow solutions, such as
SOAR and SIEM) can take on many mundane aspects of the job, enabling human security
38

analysts to focus on its more interesting, complex, and “advanced” aspects—spending more time
on higher value tasks that are more varied and exciting.
• Sifting through fewer false positives: Intelligent security automation tools such as the emerging
Robotic Decision Automation (RDA) solutions can better categorize and decrease false positives.
Not only does this reduce the level of frustration amongst security analysts but it provides them
with more contextual information to determine what’s really going on in the environment.
• Capturing the full security story: Security analysis software can give frontline analysts a fuller
view of what’s going on across the whole IT environment. It enables them to see each alert—not
as a discrete event—or a piece of data streaming across a console—but instead as part of the
story that’s taking place. Armed with greater context, analysts can make better decisions, faster
that put them on the right path to resolving threats before they spread.
With the support of intelligent solutions, we can elevate frontline security analysts into more advanced
roles—enabling them to focus on threat hunting and endeavors that need their invaluable and
unparalleled human ingenuity.
A Promise to Budding Security Pros
We’ve attracted young professionals into the cybersecurity field by promising them the job of a seasoned
detective, and yet, many of them end up serving as the equivalent of a security guard—relegated to
watching hundreds of alerts scroll by to ensure they don’t miss something.
With Ponemon Institute estimating the average organization deals with over 200,000 security events
each day, we’re putting early career analysts in front of nation-states and criminal syndicates and setting
them up to fail.
Security analysts at all levels need more support to succeed and enjoy their work as this widespread job
dissatisfaction has the potential to deepen the skills gap. Intelligent, automated security software can
empower Junior Security Analysts to be more successful and enable the industry to deliver on the
promise of a stimulating and rewarding career in cybersecurity.
39

About the Author
Mike Armistead is the co-founder and CEO at Respond
Software. He is an industry veteran with three decades of
leadership experience in the security, application development
and consumer internet arenas. Mike co-founded Fortify
Software in 2003 and acted as VP & general manager for both
Fortify and ArcSight business groups after the companies were
acquired by HP in 2011. Prior to Fortify, he held executive and
key product positions at companies that include Pure Atria (IBM
Rational) and Lycos. Over his career, Mike has led groups in all
aspects of the organization, including marketing, development,
operations and sales. His experience has spanned from
managing large enterprises (+$350M revenues) to multiple
start-ups in numerous industries.Mike Armistead can be
reached online at mike@respond-software.com and at our
company website http://www.respond-software.com
40

Where Property Insurance Ends and Cyber Insurance Begins—
the Industry’s Biggest Issue More People Should Be Talking
About
By Matt Prevost, Senior Vice President, Cyber Product Manager at Chubb
Cyber-attacks are expected to cost companies more than $2 trillion in 2019, according to Juniper
Research. Consequently, many companies—especially the larger ones—have already realized that
cyber threats top the list of corporate risks and have incorporated cyber provisions into their existing
insurance policies.
However, as recent media coverage—and high-profile lawsuits—have proven, the increasingly complex
and ever-evolving nature of cyber threats has led to misunderstandings in the marketplace, which are
particularly prevalent when it comes to the lines of distinction between the provisions of traditional
property insurance policies versus those of cyber insurance policies. While this distinction may sound
simple, it’s not, and the nuance could impact billions of dollars in losses in the event of a large cyberattack.
Physical vs Digital Cyber Threats
To better contextualize these situations, it is first important to understand that as cyber attacks have
grown, evolved, and changed, and today’s cyber threats are blurring the lines between the strictly ‘digital’
attacks and the ‘physical’ impacts of an event.
41

As an illustration, consider the following scenario: the elevator control panel in a high-rise commercial
building is hacked, causing the elevator to malfunction and fall 30 stories. While this is a cyber-attack that
results in damage to physical property, several different insurance policies could respond to the
consequences of the attack.
For example, typical general liability policies would respond to claims for bodily injury made by individuals
who were hurt as the result of the elevator collision, against potentially responsible parties. Similarly,
typical property policies would respond to the direct physical damage and resulting business interruption
loss because the cyber-attack caused the elevator to collide with other property, and elevator collision is
normally a covered caused of loss. Conversely, if outcomes from the hack did not result in direct physical
loss or damage or bodily injury, but rather rendered the elevator unusable, then the result would be limited
to a business interruption (BI) loss. In this scenario, most property policies would not respond to the BI
loss because there was no direct physical loss or damage. However, a cyber policy would generally
respond to this type of digital disruption loss.
Put simply, a variety of different insurance policies could respond to the consequences of a cyber event
depending on the circumstances. As a result, now more than ever, it is important to work with an
insurance carrier, along with an agent or broker, to find enterprise-wide insurance solutions that fit your
business’ specific needs and entire risk profile.
What to Look for In the Cyber Insurance Process
As cyber events have changed over time, so too have the associated risks. While cyber-specific policies
are key to protecting against cyber risks, a comprehensive analysis of the entire scope of a company’s
risks is critical to preparing for all potential exposures.
When exploring your options, executives should focus on two key characteristics—the first being a
diligent underwriting process and an agent or broker willing to engage fully in the entirety of the insurance
portfolio. This process should contemplate complex situations and focus on obtaining a portfolio of
insurance solutions comprised of multiple insurance policies that seamlessly address your company’s
exposures enterprise-wide. Secondly, this portfolio of solutions should include access to inclusive risk
mitigation tools, such as integrated loss control services, continuous threat analysis, comprehensive
claims management, and post-breach services.
While most traditional cyber insurance policies offer robust standalone insurance protection, some
insurers have created additional umbrella policies—that use the above characteristics to go beyond
standard risk transfer by incorporating a holistic risk management solution into a single policy purchase,
and thereby closing unanticipated gaps in the scope of your insurance protection. Although it is important
for companies to find a robust standalone cyber policy, it is equally critical for executives to work with
producers and insurers to find additional umbrella provisions that provide critical additional limits for large
unforeseen events and contemplate the broad array of cyber exposures affecting companies.
The Importance of Education & Communication
Now more than ever, it is important to find an insurance policy that offers your business protection against
the dynamic and ever evolving risks of cyber-attacks and resulting loss. In order to do so, it is important
42

to have in-depth conversations with your insurance agent, broker, and/or risk manager about the
protections and policies that will work best for your business.
Every business and insurance policy is different, but by working with an experienced carrier to evaluate
your company’s complete risk profile, you can better ensure your business will be prepared and protected
in the event of a loss. As the number of cyber incidents continues to rise—The ChubbCyber Index SM of
proprietary claims data shows that cyber claims have increased 67% since 2016—this threat is more
imminent than ever.
About the Author
Matt Prevost is Cyber Product Manager at Chubb. He can be reached at:
matt.prevost@chubb.com. Our company website is www.chubb.com
43

How to Build an Effective Insider Threat Program: Part I
By Shareth Ben, Insider Threat SME at Securonix
On the heels of insider threat awareness month, it’s clear that although we are more aware of the attacks
and threats from within an organization, we still have a long way to go. This first article in a two-part series
provides practical tips on what and who to consider when building a program to combat insider threats.
It has been six years since the Snowden incident took place, sending a wakeup call to large enterprises
that they needed to start looking internally for risks posed by employees and contractors. Two years later
Galen Marsh, who was a financial advisor at a prominent Wall Street bank, damaged the bank’s
reputation by stealing sensitive client data from corporate systems and uploading it to a personal server
hosted at his home. While these high-profile cases caught the attention of security professionals, there
are many insider-caused incidents happening every day that put organizations at financial and
reputational risk.
Guarding the perimeter of an organization’s network alone is not enough. The adoption of the cloud for
infrastructure, middleware, and applications is growing at a phenomenal pace. The benefits of moving to
the cloud are obvious, but along with that comes an increased need for security. The enterprise perimeter
is becoming more porous as the applications that drive business rest outside the secure perimeter of the
enterprise, requiring that the enterprise network be open to external networks while still being secure.
44

There is no doubt that insider threat risks continue to matter, and organizations need to take detective
and preventive measures before it’s too late.
Multiple surveys indicate that insider threats are a key source of concern for enterprises. According to
Cybersecurity Insiders’ 2018 Insider Threat Report, 90 percent of organizations feel vulnerable to insider
threats – with 53 percent confirming insider attacks against their organization.
According to the Verizon 2019 Data Breach Investigations Report, 34 percent of breaches involved
internal actors, and 29 percent involved the use of stolen credentials.
What do these numbers mean?
The bottom line is that these numbers can have an impact on your business which can be benign or
severe depending on the outcomes caused by the insider’s actions. The Verizon report cited above also
notes that 25 percent of breaches were motivated by the gain of strategic advantage (espionage). For
example, if a research scientist at a pharmaceutical company sells the formula for a new drug to the
competition, that pharmaceutical company can incur millions in revenue loss due to low-cost competition.
This type of corporate espionage has happened in the past. In less severe cases employees or
contractors have attempted to take proprietary data, which resulted in termination of employment or a
harsh warning.
The key takeaway is for organizations to decide how much effort they are willing to invest in terms of
cost, resources and time depending on their industry vertical, nature of the business and risk exposure.
How to build an effective insider threat program.
Most medium and large organizations have limited insider monitoring in place using data loss prevention
(DLP) or privileged access management (PAM) system solutions. However, they still struggle to
effectively mitigate insider threat risks. This is because, as much as it may sound cliché, security cannot
be solved using technology alone. It is a combination of people, process, and the nature of your business.
We say the nature of your business here because what you do as a company determines what matters
to you the most, and therefore what you want to protect.
The key is to find synergies between people, process, and technology which are suitable for your
organization, based on various factors such as organization size, culture, and most importantly risk
appetite.
Risk appetite can be defined as how much risk exposure an organization is willing to tolerate when it
comes to insider threats. Most insider threat programs fail because the organization’s risk appetite is not
clearly defined at the beginning. This lack of clarity creates a lack of focus during operations, preventing
the program from seeing success in the investments made across people, process, and technology.
45

Where to begin?
The first step is to assess your organization’s appetite for risk and what the organization values the most.
For example, some organizations value their brand reputation the most while others worry more about
theft of intellectual property.
The next step is to build a strong understanding and consensus across the key business units such as
HR, legal, compliance, and key business units. This is essential for an effective program outcome. In
order to accomplish this consensus, organizations should form an Insider Threat Working Group (ITWG).
The ITWG’s mission is to educate the business units on the importance of protecting the organization
from such threats.
Lastly, the ITWG forms a partnership with key stakeholders to define policies and procedures. Laying
down this foundation will pave the way for the future of the program.
What type of risks to mitigate?
According to the Carnegie Mellon CERT model the three types of insider risks that are caused due to
insider threats are: confidential data leakage, IT sabotage, and fraud.
Most organizations who have embarked on the insider threat monitoring journey focus on data leakage
prevention and IT sabotage related monitoring as they can cause the most harm. The former is more
common than the latter, but both can create havoc for organizations if not managed properly.
The three primary types of insider risks can be mitigated as follows:
46

IT sabotage
• Monitor high privilege access to critical databases, servers, and applications that affect the
integrity of the systems.
• Server monitoring should include Windows security events, Windows authentication events, Unix
auditd logs, Cyberark logs, and others.
• Database monitoring should include Guardium logs or similar for database activity monitoring.
• Application monitoring should include business applications and third-party applications.
Confidential data leakage
• Monitor for the exfiltration of data by employees and contractors that leads to confidentiality issues
and intellectual property theft.
• Monitor egress vectors such as email, removable media, print, web uploads, CD, and DVD.
• Leverage technologies such as DLP tools to monitor email gateway logs, print logs, SharePoint
logs, and others.
Fraud
• Monitor for fraudulent activities that result in financial loss to an organization.
• Categories of fraud include online banking fraud, expenses fraud, AP fraud, AML fraud, trade
surveillance, and more.
• Monitor log sources such as OLTP transactions, ATM transactions, wire transactions, and others.
What type of insiders should you monitor for?
Insiders can be categorized into three main types:
• Negligent Insider: An employee or contractor unknowingly or accidently compromises data due
to bad security hygiene.
• Complacent Insider: An employee or contractor intentionally ignores policies and procedures or
bypasses them because they think it’s not needed.
• Malicious Insider: An employee who intentionally compromises data and misuses privileges in
order to cause damage to the organization.
In all three cases the employee or contractor is putting the organization at risk, but the malicious insider
can result in the largest risk because of their intentionally malicious actions. This type of insider is also
harder to detect because they are highly motivated and will typically actively work to circumvent existing
controls and take other precautions to remain undetected.
Securonix’s observation in the field is that organizations deal with complacent and negligent insiders 90
percent of the time. The disciplinary actions taken against these insiders vary from warnings to
47

termination of employment. The outcomes for a malicious insider can involve more serious
consequences. The FBI has been involved in extreme cases including nation state attacks to steal
valuable data such as intellectual property that is core to a business’s competency in the market.
Summary
Insider threats can have a significant negative effect on businesses today, but their impact can be
mitigated by a well-thought out insider threat program that includes people, processes, and technology.
Part two of this series on insider threat will address the technologies required to combat insider threat,
how to evaluate them, and where to begin.
About the Author
Shareth Ben, Insider Threat SME at Securonix.Shareth is an information security
professional with over a decade of program management experience, serving
the security needs of Fortune 500 clients. Currently he is focused on
providing insider threat and cyber threat solutions by bringing synergies
between people, process, and technology to mitigate risks to enterprises. He is
passionate about improving the security posture of organizations by providing
thought leadership and best practices based on lessons learned in the
field. Shareth has a Master’s degree in Information Systems and a Bachelor's
degree in Computer science.
48

How to Build an Effective Insider Threat Program: Part II,
Technology
By Shareth Ben, Insider Threat SME at Securonix
In the first part of this series we discussed how insider threats can be mitigated by a well-thought out
insider threat program that includes people, processes, and technology. This article dives deeper into the
technology part of that equation. We’ll discuss what to look for in technology tools to best combat insider
threats, where to start once you have those tools, and how to put the people and processes together with
technology in order to achieve the best outcome.
What type of technology is required?
The ideal technology platform for insider threat combines technical and non-technical indicators of insider
risk in order to compute a risk score that can be used to prioritize alerts for escalation and triage.
The following functionalities are critical factors to look for in an insider threat detection and management
technology.
49

Centralized Logs
The tool should have the ability to ingest a variety of technical and non-technical indicators of use activity.
This is typically done using connector and collectors of various types depending on the target system.
Normalize, Aggregate, and Correlate
The tool should have the ability to normalize, aggregate, and summarize the user activity in preparation
for data analysis and machine learning.
Insider Threat Specific Content
The tool should come with the necessary out-of-the-box content to meet your basic insider threat
monitoring needs. It should also provide the ability to create custom content for industry-specific use case
requirements. The detection mechanism should consist of standard rule-based violation triggers and user
behavior-based anomaly detection. It is this combination that proves to be most effective against insider
threats.
Threat Chains
Once the nefarious behavior is detected, the tool should facilitate stitching or chaining individual events
into one holistic threat. For example: a user who has been identified as a flight risk is identified as
accessing and downloading an abnormal amount or type of data, followed by an attempt to exfiltrate that
data.
Risk Scoring
Once the insider threat behavior has been detected using threat chains, these alerts need to be risk
scored in order to prioritize the threats from the noise.
Investigation Tools
When it comes to insider threats, the situation is seldom black and white. The security analyst requires a
tool that can provide the necessary context in order to be able to complete their investigation of the
prioritized threats.
50

Incident Response Workflows
When a prioritized threat is deeded escalation worthy, the tool should facilitate the necessary escalation
and triage workflow amongst the concerned parties.
Where to Start
While organizations can decide their own pace for onboarding data based on their insider threat
monitoring goals, an iterative approach is highly recommended. We have seen several successful insider
threat projects begin with a foundational layer and build incrementally over time to reach a better maturity
state.
The following table proposes the types of data that organizations should consider ingesting based on
their maturity.
Maturity Data Exfiltration Detection IT Sabotage
Level 1
(Foundational)
Email activity
USB activity
Proxy activity
Windows authentication logs and
security events
Unix authentication logs (if
applicable)
Single sign-on (SSO) logs
Critical database activity logs
Level 2
(Intermediate)
DLP monitoring
Endpoint monitoring
Content sharing logs (Box, Dropbox,
etc.)
SharePoint logs or similar
Unix audit logs if applicable
PAM logs
Endpoint detection and response
(EDR) logs
AWS CloudTrail logs
SSO logs
51

Level 3
(Advanced)
File integrity monitoring
Business specific applications
Business specific application
authentication and activity logs
Data sources that are identified as
business critical
What does an ideal program look like in terms of people, process, and technology?
Going back to the initial formula, let’s put the pieces together for an effective and practical insider threat
program.
People
An insider threat working group (ITWG): Defines the risk appetite specific to the organization and drives
consensus across key business units including HR, legal, compliance, IT security and lines of business.
An insider threat program (ITP): A core team who are ideally a mix of technical and non-technical staff
members. These staff members are well versed with the data they are dealing with, understand the
organization’s culture, and know how to observe and differentiate between the different types of risks.
Having someone with prior investigation experience is ideal but not a requirement.
Training and enablement: The ITP team should obtain adequate training and enablement to use the
technology for insider threat detection.
Process
Based on the risk appetite of the organization, and after identifying what they need to protect, the ITWG
should create the policies and procedures required to manage the identified risks.
Clearly articulate and establish the escalation and triage processes. There are different levels of
escalation from level 1 to level n depending on the size of the organization and staff capabilities. The key
is to have a standard and repeatable process which allows for scalability.
Standard operating procedures are essential to make sure there is consistency in dealing with insider
threats.
52

Technology
The technology should support both user behavior threat detection and rule-based threat detection.
It should be able to stitch together multiple alerts using threat chains, and rank alerts according to risk.
It should support automated playbooks and response in order to reduce manual work which would be
otherwise required. This can only be attained when a program reaches a state of maturity. Organizations
should not attempt to do this until the foundational components are in place.
Beyond the ITP: Putting the right tools in place
Having a strong ITP is an essential step towards combating insider threats; but a strong team requires a
strong tool to use for insider threat detection. The section above outlines the capabilities that an effective
insider threat prevention technology should possess, but finding a tool with all of these capabilities may
not be as straightforward.
Threat chains can be enabled both manually and in an automated manner. However, manual threat
chaining is a tedious, cumbersome process and requires the manual correlation of massive amounts of
data, which would require a significant effort and a large team. Automated threat chaining, coupled with
an accurate risk scoring capability, is an essential requirement in order to more easily minimize insider
threats.
If the technology can also respond to identified threats in an automated fashion, the value to the ITP is
significantly increased, as an analyst can only handle a limited number of events. According to research,
the typical security analyst suffers burnout within 1-3 years!
A capable SIEM tool, with automated threat identification, threat chaining, and remediation capabilities is
essential for a successful ITP.
Conclusion
Insider threats are increasingly relevant for organizations today as attacks grow more sophisticated.
Establishing an insider threat program (ITP) is an important step towards building an insider threatresistant
organization.
The key is to start small and grow the program footprint over time. Organizations should start with an
assessment of what exactly they want to protect and identify the types of risks they want to mitigate
before embarking on the implementation of the program itself. Then select the technology that flows best
around the risk-tolerance and data priorities for your organization, with the ideal technology minimizing
the manual work for analysts, so they can focus on dealing with identified incidents.
53

About the Author
Shareth Ben, Insider Threat SME at Securonix. Shareth is an information
security professional with over a decade of program management experience,
serving the security needs of Fortune 500 clients. Currently he is focused on
providing insider threat and cyber threat solutions by bringing synergies
between people, process and technology to mitigate risks to enterprises. He is
passionate about improving the security posture of organizations by providing
thought leadership and best practices based on lessons learned in the
field. Shareth has a Master’s degree in Information Systems and a Bachelor's
degree in Computer science.
54

Modernize the Mission: Implementing TIC 3.0 and Zero Trust
Networking
By Stephen Kovac, Vice President, Global Government
Head of Corporate Compliance, Zscaler, Inc.
Today’s workplace functions on the expectation of mobility – work from any device at any location. While
legacy data center infrastructures and strict security requirements made it difficult for Federal agencies
to meet these expectations in the past, the Office of Management and Budget’s newly released Trusted
Internet Connections (TIC) 3.0 policy paves a path to the modern workplace.
The TIC policy’s original goal was to standardize network security across agencies by requiring all federal
internet traffic to run through a TIC. It was not designed for the bandwidth-intensive requirements of a
Cloud First, Mobile First government.
TIC 3.0 guidance provides the necessary flexibility to secure modern cloud environments and mitigate
evolving cyber threats. TIC 3.0 moves beyond a “one-TIC-fits-all” approach to allow agencies to create
alternative TIC solutions that meet the spirit and intent of the original TIC guidelines. Agencies can
develop new network security approaches outside of the traditional perimeter-based TICAP and MTIPS.
55

In addition, the new guidance provides a catalogue of use cases for agencies to reference as they
develop TIC solutions with more comprehensive security for their hybrid environment.
This is a tremendous opportunity to modernize cybersecurity and improve user experiences. What
should agencies consider as they develop new TIC solutions?
Adopt a “TIC-in-the-Cloud”
With the new policy’s outlined cloud solutions – including as-a-service models, we can expect to see
agencies accelerate cloud deployments.
Following the guidance of the Federal Cloud Computing Strategy, agencies will need to consider TIC
cloud solutions that enhance security postures, meet mission needs, and consider intended outcomes
and capabilities.
Industry will come forward with many different solutions, but agencies should be wary of lift-and-shift
approaches or fancy marketing solution names. An agency that simply moves a physical TIC to cloud
will only move challenges in current data center environments to the cloud.
Solutions should move TIC functions away from the perimeter, to a globally-balanced multi-tenant cloud
security software-as-a-service model that can scale up and down on demand – a “TIC-in-the-Cloud”. By
moving the TIC security stack from data centers to cloud, agencies can route federal employee traffic
directly to internally and externally managed applications and internet destinations, while maintaining
security and access controls.
Agencies need to take advantage of the important benefits cloud service providers can offer through this
‘cloud effect’. Don’t miss the opportunity to deploy a cloud solution that will improve security and user
experience. With the right TIC cloud solution specified to each agency’s needs, and collaboration with
these providers, agencies will be able to globally implement hundreds of patches a day with security
updates and protections.
Modernize Access/Security Controls with Zero Trust Networking
Agencies also have the opportunity to modernize security and access controls as they develop new TIC
solutions.
While TIC helps to ensure the security of external connections to government networks, zero trust
networking can provide more security, improved usability, and reduced costs.
This connectivity approach provides granular, context-based access to applications, regardless of
whether they are in agencies’ data centers or in a destination cloud, creating better user experience,
while maintaining full security and visibility into the environment.
56

With the massive influx of data from emerging technologies and the sensitive nature of government data,
a FedRAMP-authorized zero trust solution can provide the right level of access and security controls to
protect mission-critical data, while meeting TIC requirements.
Customize a Solution to Drive Mission Goals
TIC 3.0 identifies three new use cases beyond the traditional TIC – cloud, agency branch offices, and
remote user solutions. Agencies should review and test these proven options for environments with
security requirements similar to their own.
Think of the TIC use case solution development as a similar process to FedRAMP’s “certify once and
use many” approach. Agencies should learn from and build off each other’s pilots (successful and
otherwise).
While there will be many different options for TIC 3.0 solutions, the next step for each agency will be to
have a clear understanding of short and long-term goals.
By working with the Department of Homeland Security and General Services Administration to approve
new TIC use cases, and collaborating with industry service providers, agencies can develop new TIC
solutions that strengthen cybersecurity, improve user experience and productivity, and ultimately,
accelerate their mission.
About the Author
Stephen R. Kovac, Vice President of Global Government and Head of Corporate
Compliance, Zscaler. Stephen has responsibility for overall strategy,
productizing, and certification of the Zscaler platform across all global
governments. He also runs the global compliance efforts for all of Zscaler. His
primary focus over the last years is FedRAMP, TIC/MTIP Policies, and ZTN for
Federal. Under Stephen’s leadership, Zscaler became the first FedRAMP
certified ZTN Platform and Secure Web Gateway. He is a 27-year veteran of the
information technology and security industry with extensive experience in public
sector and compliance. Prior to Zscaler, Stephen served as EVP of Strategy
and Public Sector for VAZATA, a FedRAMP certified cloud provider. He also served as VP/CSO for BT
Security, Vice President at Terremark Federal, a Verizon Company, and as Vice President of Verizon
Public Sector. Mr. Kovac is a frequent speaker on the federal circuit, blogger, and highly quoted author
on federal security and certifications. Stephen can be reached online at skovac@zscaler.com and at our
company website www.zscaler.com
57

Cyber Resilience: Best Practices from Leading Industry Experts
this National Cyber Security Awareness Month
In recent memory, the US has seen a staggering number of critical cyberattacks, and the trend does not
show signs of stopping. This year alone we have seen local governments in Baltimore, Albany, Laredo,
Lake City, Wilmer and the 21 other Texas towns held hostage by sophisticated ransomware attackers. A
few of these attacks even proved successful, with local leaders succumbing to the pressures of ransom
demands.
Moreover, 60 percent of business leaders believe that the sophistication and frequency of cyber attacks
will increase faster than organizations can work to prevent them. History seems to support this concern.
Since 2003, the tech industry and US government have collaborated to raise awareness and offer
solutions via National Cybersecurity Awareness each October. This October, leading industry experts
have come together to provide insights on industry best practices to help organizations--and the nation-
-withstand the cyberattacks
58

“Cyber threats such as ransomware can be a huge threat to businesses, and even just a single employee
clicking a malicious link in their emails will mean a ransom must be paid for all business data encrypted.
Cyber-criminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyberdefences
in place to avoid a disaster where customer data, and a lot of money, could be at risk.
“Having an extensive tiered security model and instilling a strong cyber-security-aware culture across all
employees will help minimise risk. But, the attack itself is only half of the problem because, without
sufficient recovery tools, the resulting outage will cause loss of data and money, as well as reputational
harm.
“In the event of any disaster, businesses should utilise tools that allow them to roll back and recover all
of their systems to a point in time just before an attack. This level of disaster recovery is paramount, as
employee emails continue to exist at the core of most businesses, they remain a standing target for eversophisticated
cybercriminals," said Avi Raichel, CIO, Zerto.
“This National Cyber Security Awareness Month, it’s important for individuals to Own IT. Secure IT.
Protect IT. in both their personal lives and at work.
Only purchase online from well-known stores. Stores like Amazon, eBay, Walmart and Nordstrom spend
a lot of money and resources to make sure your data is safe. Just because a store uses encryption does
not mean that once they have your data that it is kept secure. Avoid smaller unknown sites that may or
may not have the proper level of security for your data. Larger established companies also usually have
a well-defined process for disputing purchases that may be fraud. Keep an eye on your credit card
statements for unauthorized charges, even at stores you normally shop at.
Use multi-factor authentication when possible. If a website or app allows for multi-factor authentication,
the hassle is worth the extra level of security. This is usually in the form of a code that comes to your
registered phone or email address.
Keep social media content private. Unless you are a movie star, or these days a YouTube star, you
should be careful about what personal data you post on social media. This is a common way that
celebrities get hacked as passwords are often derived from pet’s names, favorite foods, or other personal
information. Public personal data also increases your risk for identity theft.
59

These are key considerations we all need to make this month--and every day--to keep our data, and in
turn, our employers’ data, safe,” said Harold Sasaki, Senior Director, IT and TechOps, WhiteHat Security.
“Securing Internet of Things (IoT) devices and data for business use cases is one of the hottest topics
during Cyber Security Awareness Month this year. At its core, IoT represents a huge expansion of the
network edge, with each deployment potentially covering wired broadband, public and private LTE, WiFi,
and LoRA WAN connectivity. In the not too distant future, we’ll see IoT deployments take advantage of
5G connectivity as well. The good thing is the industry and governments have started efforts to better
define the inherent security controls and best practices that will help, over time, improve the overall
security of IoT deployments. But that will take some time to gain mass adoption in the market.
IoT devices and routers are a major source of attacks for cybercriminals and nation state
attackers. According to Symantec, in 2018, 75% of botnets were router focused. IoT security can be
daunting for many businesses, and there are a number of important areas that everyone who has
deployed or is considering deploying IoT applications should consider. Devices typically do not have
layered security features or secure software development and patching models integrated with their
solutions. On top of that, many IoT devices cannot be accessed, managed, or monitored like
conventional IT devices. Depending on the use case and vendor, there can be numerous OS,
management and API-level interfaces and capabilities to manage.
With the expanding diversity of business IoT use cases along with their associated IoT devices,
architectures, vendors, management platforms and disparate security capabilities, customers should look
to invest in enterprise IoT platforms to simplify the number of tools, devices and architectures needed to
meet the business benefits for IoT use cases in the enterprise while reducing cyber risk.
Using existing network-based security solutions may not be sufficient. Instead, organizations should look
at using expert cloud-based management platforms and software-defined perimeter technologies, which
effectively address the security risks inherent in IoT deployments and provide network-wide policies and
visibility. IoT security will remain one of the most important enterprise security issues for many years to
come. But while businesses should always be mindful of potential threats, by addressing these early and
with the right technology, they can be confident in their IoT deployments now and into the future,” said
Todd Kelly, CSO,Cradlepoint.
“Recent cyberattacks on major companies like Sprint, Capital One and Experian continue to show how
the threat landscape is complex and sophisticated. In fact, the US Signal 2019 State of Web and DDoS
Attacks survey revealed that 83 percent of organizations have experienced a cyberattack within the last
two years and 30 percent said that it caused around 20 hours of downtime.
60

On the 16th anniversary of National Cyber Security Awareness Month, it’s important to think about how
your organization can work to prevent and mitigate cyberattacks. Many organizations are turning to
managed service providers to help implement, monitor and maintain a mixture of cybersecurity
technologies, including cloud-based firewalls, DDoS protection and email security. In addition, 97 percent
of participating organizations scan and test for vulnerabilities within their web applications.
The recent number of organizations that are experiencing cyberattacks is jarring. The survey brings to
light that there is always room for improvement in keeping up with modern cyberthreats. National Cyber
Security Awareness Month is a great opportunity to remind companies of the need for more robust
security tools and managed services to help resource-strapped technical teams year round,” said Trevor
Bidle, vice president of Information Security and Compliance Officer at US Signal.
“Ransomware has become an increasingly concerning issue for individuals and businesses alike,
especially in the last few years. And, as the volume of data increases, so will the frequency and intensity
of attacks. In fact, ransomware attacks increased by 118 percent across all industries in the first quarter
of 2019, according to a recent McAfee report. These kinds of brazen, disruptive attacks on IT
infrastructure shows why events, such as the upcoming National Cybersecurity Awareness Month, are
vital to promote better protecting mission-critical data against ransomware.
There are simple steps and actions you can take to protect your business, personal information and
assets from attacks. For example, implement a data protection, disaster recovery and business continuity
strategy, utilizing a fully integrated anti-ransomware defense powered by machine learning models,
proactively detecting and preventing ransomware attacks before they occur. It is also important to invest
in IT infrastructure that delivers enhanced data protection, with archiving and threat mitigation to provide
a robust disaster recovery plan. While National Cybersecurity Awareness Month is only a month-long,
cybersecurity vigilance and strategies such as these should be implemented all year-round,” said Alan
Conboy, Office of the CTO, Scale Computing.
“Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user
credentials to gain access to sensitive corporate data. This presents a significant problem for security
teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in
the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert
overload, security teams are often overwhelmed and can struggle to make sense of the data in front of
them.
Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most
organisations can help security teams connect the dots and provide a useful profile of network user
61

activity. By connecting the dots and creating a map of a user’s activities, even when the identity
components are not explicitly linked, security teams can create baselines of normal behaviour for every
user on the network. This makes it easier to identify when a user’s activity requires further
investigation. It may not stop you being breached, but it will tell you about it before the damage is done.”
said Steve Gailey, Head of Solutions Architecture,Exabeam.
"The simplest thing SMBs can do to protect themselves from cyber-threats is to enable multifactor
authentication. Essentially, that means having more than just a password. Most people use it all the time
and never even think about it. For instance, when logging into your bank account from something other
than your primary computer, and the bank sends a text message to your phone with a code. You enter
the code and you’re in. That’s all multifactor authentication is. In cybersecurity, we call it “something you
have and something you know.
While there are all kinds of complex products and technologies companies use to protect themselves –
many of them excellent – the fact is, most ransomware attacks can be prevented by this easy-to-deploy
process. Yet, multifactor authentication has only recently become widely adopted, despite having been
around close to 20 years." said John Ford, CISO at ConnectWise.
“The perils of the internet continue to increase year after year, with cyberattacks becoming more frequent
and more sophisticated. Large organizations, and even the federal government, have recently felt the
sting of numerous attacks - illustrating the evolving and increasingly complex landscape we are living in.
Cybersecurity Awareness Month is a great opportunity to raise awareness around the importance of
taking cybersecurity measures to protect your business.
From a hosting perspective, it is important to ensure that you identify the correct service or services for
your security needs. It could be a web application firewall, which mitigates complex attacks on an
application level, a managed cybersecurity solution, which offers a team of cyber security experts at your
finger-tips, or a DDoS IP protection, which is a hardware-based service that uses scrubbing centers
worldwide to recognize incoming DDoS attacks and reroute malicious traffic. And, the right partner will
tailor the best solution(s) to combat the threats your organization is most likely to face.
While cybersecurity awareness month is only a month long, it is important to remember that cybersecurity
awareness is an everyday job,” said Lex Boost, CEO, Leaseweb USA.
62

The significance of cyberattacks cannot be overstated, nor can their potential detrimental impacts on the
ability of a business to survive and thrive in this new climate. However, the best practices from leading
experts above can provide guidance to companies who wish to increase their cyber resilience.
About the Author
Trevor Bidle, vice president of Information Security and Compliance
Officer, US Signal.As VP of technical strategy at US Signal in Grand
Rapids, Trevor Bidle directs the strategic and tactical goals for the
company, providing foresight into product offerings. Bidle has 18 years
of telecommunications experience and has held technical and
management positions with SBC Communications, including
responsibility for outside plant engineering, Choice One
Communications and US Xchange, where he was responsible for
escalations and network engineering.
Lex Boost, CEO, Leaseweb USA.Lex Boost, Chief Executive
Officer (CEO) of Leaseweb USA. He is responsible for the
development and execution of Leaseweb’s core vision and
strategy across the United States. With over 20 years’ experience
in the digital industry, he has gained leadership experience from a
broad range of organizations and cultures, including both B2B and
B2C markets, in startups, as well as large corporations.
63

Avi Raichel joined Zerto as CIO in 2017. Avi leads the company’s IT team
tasked with ensuring that internal processes & systems continue to thrive
alongside Zerto’s strong business growth. Before joining Zerto, Raichel spent
17 years at Amdocs where he rose from MIS team leader to vice president of
information systems. He led a group of 350 IT professionals and brings
expertise and a proven track record of initiating, planning and executing large
scale technology led transformations that meet measurable business goals.
Avi holds a B.S in Economics & Accounting from the Tel-Aviv University, and
a CPA certificate from the State of Israel.
Todd Kelly, CSO, Cradlepoint.Todd Kelly is the Chief Security Officer
at Cradlepoint, where he works with customers, executive
management, and cross-functional teams to optimize customer
success. Todd is an experienced go-to market leader whose
experience spans from startups through IPO and Fortune 500
companies.
Alan Conboy, Office of the CTO, Scale Computing.Alan Conboy is part
of the office of the CTO at Scale Computing since 2009. With more than
20 years of experience, Conboy is an industry veteran and technology
evangelist specializing in designing, prototyping, selling and
implementing disruptive storage and virtualization technologies. Prior to
Scale Computing, Conboy held positions at Lefthand Networks, ADIC,
CreekPath Systems and Spectra Logic. Conboy is notably one of the
first movers in the X86/X64 hyperconvergence space, and one of the
first 30 people ever certified by SNIA.
64

John Ford, Chief Information Security Officer, ConnectWise.John Ford
is chief information security officer for ConnectWise. His responsibilities
include ensuring security education, products and services enable
ConnectWise partners to own and deliver secure solutions to their
customers. John, who has more than 22 years of security and
technology experience, joined the ConnectWise team in 2018. Prior to
that, he served for six years as founder and CEO of Sienna Group, a
leading data-centric managed security services provider that was
acquired by ConnectWise. John also has held CISO and CCO roles at
several large healthcare, technology and government organizations,
including MCS and WellCare Health Plans. He is a board member of
the Tampa Bay Cloud Security Alliance Chapter. John, who earned a bachelor’s degree in information
systems from the University of South Florida, lives in Tampa Bay and plays golf whenever he has time
to get on the links.
Stephen Gailey, Exabeam.Stephen Gailey currently serves as the
head of solutions architecture at Exabeam. Stephen Gailey is an
experienced Information Security Manager used to working in highly
regulated environments, dealing with compliance and legislative
challenges from multiple jurisdictions. Much of Stephen’s career has
been spent in financial services; primarily investment banking but also
in retail banking, telecoms, utilities and insurance business
environments. Stephen joined Exabeam from Splunk, where he ran
the Financial Services practice and the EMEA Security Practice.
Harold Sasaki, WhiteHat Security.Harold Sasaki is currently senior
director of IT and TechOps at WhiteHat Security. Harold has several years
of experience with start-ups, public companies and mergers and
acquisitions.
65

Are Financial Services the Golden Goose for Cybercriminals?
By Yair Green, CTO, GlobalDots
The financial services industry has been a long time favourite target for cybercriminals. They are always
looking to steal information related to payment cards, online accounts and ATM machines. The
cybersecurity landscape is constantly shifting and changing and the threatscape is no different - threats
such as ransomware or cryptomining are continuously evolving and other, new forms of malware are
constantly presenting themselves. As the financial services sector joins other industries in a journey of
digital transformation, they face the challenges of blending new technologies with legacy systems, whilst
also having to meet ever-changing compliance standards.
This digital transformation is seeing the financial services industry increasingly turning to online portals,
social media and mobile apps in order to satisfy an ever more demanding customer base - people now
expect everything to be done here and now with a minimum of fuss. Paradoxically, these new digital
platforms, along with a more competitive landscape where we are seeing lower costs and a lower barrier
to entry, are making it even easier for cybercriminals to exploit customers. Indeed, with more and more
people turning to online banking and using 3rd party apps, cybercriminals are now able to target an even
larger pool of victims.
66

Open Banking is a great illustration of all of this. Essentially Open Banking is a series of reforms that deal
with how banks deal with consumer financial information. What it will effectively do is break the monopoly
that banks once had over their customer’s account information. By doing so it will allow a new ‘generation’
of 3rd party businesses to compete with financial services organisations to be able to access customer
data. All well and good you might think but there are new security challenges to face with these new
organisations suddenly being able to access all of this consumer financial data. Where you now have
sensitive data passing via an open interface, it becomes extremely vulnerable to cyberattack. We have
already seen here in the UK, customers banking with the likes of Barclays, HSBC and Lloyds Bank to
name but a few, being targeted by criminals via the malicious use of banking trojans. Such activity targets
customers by spamming them with emails containing a type of virus essentially - clicking on a link within
the email effectively allows the hackers in and then they are free to do what they want.
So what do the statistics on financial services cybercrime tell us? Well for example, a very recent report
by ZeroFOX suggested a 56% year-over-year increase in digital threats targeting the financial space. As
part of the report, researchers scanned 2.9 billion pieces of content and found more than 8.9 million
security events in a 12-month period. Interestingly, the report showed that Financial services firms are
more prone to corporate social media account takeover. Unsurprisingly, fraud made up 40% of all
cyberattack activity against financial services including money-flipping schemes, customer giveaway
scams and scams related to cryptocurrency; fake mobile apps also made an appearance.
Another report by Fortinet, illustrates the impact that cyber threats have had on several industries,
including financial services. It highlighted the massive growth in one particular threat, Coinhive which
focuses on Monero cryptocurrency - cyber criminals were able to install JavaScript files onto
compromised websites and make illicit gains. And even though the cybercriminals were eventually
thwarted by the dismantling of Coinhive, those behind the attacks will be developing new ways of
launching successful attacks.
And let us not forget that financial services firms are also under the regulatory microscope; here in the
UK, the FCA is able to levy fines on those organisations that are found to be wanting if their customers
suffer due to a cyber attack. There are practices that organisations can put into action, especially those
that promote governance and put cyber risk on the board agenda. How many big fines need to be paid
before the C-suite understand the importance of proper investment in solutions and training that can help
to defend from attack? Organisations need to be identifying and protecting information assets, they need
to be alert for emerging threats and they need to be ready to respond. Also, keep testing and refining
defences - cybercrime techniques advance at a rapid pace.
Ultimately, there is no silver bullet to defend against all of these growing and ever-more sophisticated
attacks. The potential rewards for cybercriminals targeting financial institutions can be potentially
staggering and so those organisations in this industry must rely on threat intelligence in order to identify
67

threats and understand the impact that a cyberattack could have on network security and customer
confidence. Such threat intelligence highlights those threats that are perhaps no longer active but where
there is still a cycle of risk development; just like a medusa, when one threat is vanquished another
quickly fills the void.
About the Author
Yair Green is the CTO of GlobalDots, and a Cloud, Security and Web
Performance Evangelist.
www.globaldots.com
68

The Social Engineering Methods and Countermeasures
By Milica D. Djekic
During the time, the people would always try to get what some individuals being the part of some group
would assume as so confidential to them. Such a group of the persons could be some organization,
enterprise or any business coping with so vitally important data. From today’s perspective, we would not
talk about the social engineering as a common activity to obtain some valuable information from the
public and private sector, but rather mention how it works if you want to make a touch and take advantage
over the details belonging to some threat’s asset. Nowadays the people would get fed up from so
annoying phone calls, correspondences and in person approaches that would give you the chance to
skillfully gather some intelligence and assure the access to some institution mainly in a cyber fashion.
Let’s try to change our perspective and imagine that we are not the victims of the carefully planned social
engineering attacks, but rather someone who would go for hunting for so significant information.
Maybe these sorts of tactics would get so well-known in the state-sponsored attacks, but let’s try to
imagine how it would function if we would apply the similar approach to so threatening transnational crime
and terrorist groups. The good question here would how those bad guys would react on so innocent
phone calls or so naive e-mail communications. Knowing the psychology of the criminals – we could
guess that those folks could get somehow embarrassed with such an approach, but let’s say if we talk
about the cybercrime gangs – they would probably take such a challenge. In addition, it’s quite interesting
to suggest that the huge advantage of the modern security sector is a technology that would give us an
69

opportunity to smoothly investigate what it is happening somewhere. In other words, let’s make our story
a bit reverse and let’s attempt to take the hunter’s role and chase our threat in so proactive way.
What is the social engineering?
The first word we would get in mind when we say the social engineering is the skill to obtain some
sensitive information relying on communications, empathy and interpersonal abilities. The good trick with
such a skill is that the victim would not get at that moment that he was under the attack and so many
social engineers would use the vulnerabilities of the ordinary people who would always try to deal in so
nice, supportive and friendly manner in order to help someone getting satisfied with their service and
positive attitude. In so many cases, the people being that helpful could feel the personal joy for assisting
to someone to get his problem being resolved. So, if you resolve someone’s concern you would
undoubtedly demonstrate your skill and effectiveness and you would possibly get pleased how greatly
you are professional and deeply inside you would believe that the other people would see you as the
quite bright person. From our point of view, such ego bait could be the ultimate engine to many people
to get so helpful and supportive for a reason they would leave the good impression to their surroundings.
So, your personal weaknesses would make you talk in front of predatory dangerous attackers and the
good point here is if we could notice those vulnerabilities with the bad guys who would also be so sensitive
to their egocentric needs. Indeed, the social engineering could be the quite useful deception technique
and tactic, so if we confirm that the malicious actors could also get targeted with such a strategy – we
could talk about the quite new game between the cat and the mouse. Well, the good hackers are
commonly the brilliant social engineers and once they make someone shares something getting so
confidential – they would try to gain the access to his IT system or the entire organization. The experience
would indicate that so many bad guys’ groups would deal as an enterprise and so frequently they would
get registered as some firm or company that would cope with the websites, social media channels and
the other ways of the communications. On the other hand, it would appear that the era of the smart guys
sitting in some dark room and literally spending all their time in front of the screen got behind us and the
cyber criminals of today could get active anywhere and anytime. Apparently, the cybercrime syndicates
could believe they could get less visible to the authorities if they register as some business that would
not surprisingly pay the tax to the state.
The techniques and approaches of attack
In the practice, there could be the wide spectrum of attacks to the public and private infrastructure as well
as the opponent countries that should get seriously affected by those operations. As it’s pretty wellknown,
the majority of e-mail addresses could get tracked online and once we confirm some e-mail
location exists – we could try to prepare so skillful campaign in order to take advantage over our target.
So obvious weakness in anyone’s e-mail correspondence got his signature that could include the both
landline and cell phone numbers making such a detail getting traced using the emerging technological
solutions. The people of today would get the habit to live in so free and open environment that would
encourage them to share all they have with the rest of the community.
The adequate question here could be whom we could trust. The point is if you send your e-mail to
someone you do not know well enough – you should get aware that the details as your postal address,
phone numbers, position in the hierarchy and social media accounts could get so annoying to you sooner
or later. In other words, all these information could get used to cause the disadvantage and even the
harm to you or anyone being so close to you. Everything could start as the lovely phone call that would
70

equest kindly from you to give your e-mail address in order to receive some so nice promotional material
and once you take such a hook – you would certainly get in trouble. Even worse – the real nightmare
would appear once you begin responding to such correspondence and leaving so many details about
yourself and your organization, so far.
How to protect yourself from those offenses?
Once you receive the phone call from someone you are not confident in – you should think twice before
you make a decision to show the brilliance of your mind. The call center operator could get so nice,
friendly and approachable even if he conducts some security quizzing before he makes the decision to
provide the certain information on. For instance, you can always say that you must follow some security
procedure and so kindly ask the caller for his contact details which could serve for sending some kind of
response on his account. It can take several minutes to confirm all the claims you got from your friendly
caller and once you get confident that person is not a threat to anyone – you could reply to his request.
Otherwise, just ignore such a call and try to prepare the skillful report to someone being the authority in
such a case.
Your opponents are getting more and more innovative
The fact is the social engineering is the area that would cope with a lot of innovations and even you are
confident you know everything about such a field – think twice. In case you need to collect some
information on the criminal group being under the investigation using such a skill – you should know that
the only stuff you need in that sense is the skill by itself. If there is the certain need for the social engineers
in the investigative process – you should count on the staffs who are well-trained and who got some real
experience through the intelligent exercises. Does not matter how many attempts you would make – you
should always know that your technique could get always improved. A series of the improvements would
support you in getting more innovative and only with such a weapon in your hands – you would get
capable to go a step ahead of your opponent. Do not believe that your enemies would just sit and wait
for things to happen. Far from that, they would create the options to themselves and so intelligently follow
the tendencies in the field.
Some future perspectives
The point is the social engineering is the area that should get deeply researched and once we better
understand the psychological mechanisms of the people being vulnerable to those kinds of attacks – we
could further proceed with our investigation. Maybe some of the ongoing suggestions in such a field could
seem as so brilliant, but tomorrow they would appear as the matter of the past. The fact is you should
always keep moving on if you want to stay on the surface and even if you are recognized as someone
knowing a lot in such a branch – you should say to yourself that there are the heaps of people in this
world who would also get so helpful ideas, so stay open to listen to so, maybe learn a bit and finally apply
everything being so useful to your practical tasks.
71

About The Author
Milica D. Djekic is an Independent Researcher from Subotica,
Republic of Serbia. She received her engineering background
from the Faculty of Mechanical Engineering, University of
Belgrade. She writes for some domestic and overseas presses
and she is also the author of the book “The Internet of Things:
Concept, Applications and Security” being published in 2017
with the Lambert Academic Publishing. Milica is also a speaker
with the BrightTALK expert’s channel and Cyber Security
Summit Europe being held in 2016 as well as CyberCentral
Summit 2019 being one of the most exclusive cyber defense
events in Europe. She is the member of an ASIS International
since 2017 and contributor to the Australian Cyber Security
Magazine since 2018. Milica's research efforts are recognized
with Computer Emergency Response Team for the European
Union (CERT-EU). Her fields of interests are cyber defense,
technology and business. Milica is a person with disability.
72

How to Address the Top 5 Human Threats to Your Data
By Dave Sikora
The first step in developing a resilient cybersecurity posture is identifying what it is you are trying to
protect. For most businesses today, that most valuable asset is data. Customer data, partner data,
internal data – it’s the information you rely on to operate and grow.
Whether through intentional malicious acts or simple negligence, the “insiders” with access to data are
the biggest threat to security and privacy. More than 90 percent of organizations, according to a report
by CA, believe they are vulnerable and nearly two-thirds also report a shift in focus toward insider-threat
detection.
Addressing the top 5 threats to your data is crucial in building a layered, data-centric approach to security
and privacy in a world where data is currency in the bank and it seems everyone has a key to the vault.
73

Guessed and stolen credentials
Obtaining user passwords is one of the most common ways cyber criminals breach security defenses.
Using brute force or dictionary attacks, hackers essentially “guess” user passwords based poor security
hygiene and open-source intelligence.
They also hoard information exposed in breaches and engage in credential stuffing, testing the
combinations on unrelated sites. Many individuals use the same password on multiple platforms, and
cybercriminals are also adept at manipulating credentialed users into giving away passwords through
phishing and spear-phishing campaigns. Even security “strength” indicators are also weak tools for
measuring password strength.
For these reasons, firms turn to technology that recognizes unusual behavior around data consumption.
This is a key aspect of the data governance approach, for instance, deployed by ALTR lets developers
embed data security directly into applications when they are built. The idea is to prevent breaches in realtime
by slowing down or blocking the flow of data when consumption exceeds set thresholds.
Private data exposure
Businesses today rely on their relationships with contractors, vendors, and partners to ensure every facet
of their organization is optimized, yet even trustworthy partners can pose a risk. One example is thirdparty
application developers. In an effort to use realistic datasets to build and maintain applications, they
often end up inadvertently accessing private data.
Unfortunately, the most common method for protecting private data is to control application access.
However, this creates gaps in data governance since the protective tools are primarily about people and
not the data itself. Newer methods use data classification groupings, such as data that is regulated by
GDPR or HIPAA, to enable data-centric controls associated with these groupings.
Responding to the increasingly, the programmable data security model employed by ALTR embeds data
governance directly into applications into the critical path of every data query. This enables real-time
policy checks that determines whether data should be dynamically masked, slowed down, or blocked
entirely for certain user groups.
Theft using privileged access
Database administrators (DBAs) or IT leadership typically have access to database servers, encryption
keys, and tokenization maps. These users are able to easily bypass governance. Unlike excessive
privileges given to regular employees or vendors, privileged access compromise refers to the abuse of
administrative rights. In this case, users with administrative credentials may access confidential
information, privileged account details, sensitive personal information, or intellectual property. It is
important to note that privileged credentials are also subject to theft.
74

How do most organizations attempt to ensure the security of this data? They encrypt it, however, enacts
a heavy performance toll on transactional data and is vulnerable because of keys. Keys often have to be
stored conveniently, and once someone has the key, they are able to decrypt data. The strongest
encryption methods still use a key to decrypt stored data, and even where stronger internal user controls
are in place the theft of privileged credentials, or the elevation of low-access privileges, is an unmitigated
threat.
To address privileged access, ALTR leverages smart tokenization and fragmentation via private
blockchain to obfuscate data-at-rest. Instead of encrypting and storing the data in a “secure” database
with keys nearby, sensitive data is replaced at the column level with a reference hash, and then
disassembled and stored in self-describing fragments. When needed, it can be reassembled at
application speed with very low latency.
Software or hardware misconfiguration
As organizations install new hardware or transfer to a new software application, simple missteps can
wreak havoc on security architecture. Insecure default configurations, incomplete configurations,
unsecured cloud storage, misconfigured HTTP headers, and missed patches and upgrades are all
examples of misconfigurations. In these cases, a single unchecked box might lead to devastating security
holes.
Most organizations today do not have structures or tools in place to solve for these security gaps.
Thresholding data, which establishes limits on data consumption at the application level, is a way to
approach a potential insider threat to “smash and grab” data. Insiders often need access to sensitive data
to do their jobs, but the amount of access, and what they do with that access, can vary tremendously.
Thresholding data enables the business to slow down and stop data exfiltration as it is happening,
allowing operations to continue while validating use.
In addition, a key defense in this scenario is to protect the data when it is at rest. Even if an attacker
enters the network, they cannot access the data. Improving on less secure encryption keys, businesses
today are also moving towards a keyless data obfuscation model such as the fragmentation technique
previously mentioned.
Modified database access logs
Typically, a database is continuously monitored, and access logs are kept regardless of an incident.
These logs identify who accessed the database, when, from what device, and include other pertinent
details that are valuable in a security investigation.
Cybercriminals have proven adept at modifying database access logs. Depending on their intent, they
may alter them to show another user accessing the database or simply delete any evidence they were
ever there.
75

To identify these changes, organization must continually review the log files, a process that is prone to
human error where subtle changes take place. And while the tools used to analyze them may reveal
something suspicious or even an obvious breach, they are far from reliable.
A technical view to removing the ability of users to modify records is gaining recognition as an alternative.
This prevents users from modifying records by saving every data access event to an immutable
blockchain, for example, where it cannot be altered and there is no need for complex predictive analytics
and behavior monitoring.
Data is everything to the enterprise
Data is the raw material that fuels business, driving growth and building the future. That is why it is
essential to take steps that ensure the data on which they rely is secure. Unfortunately, most
organizations are reactive, operating without visibility into data flow.
While humans remain the largest threat to data security, many are working tirelessly to develop new
technologies to better manage our faults. Understanding the top threats to data is indispensable for
identifying the right solutions.
About the Author
Dave Sikora is the CEO of ALTR. Dave Sikora is a technology industry veteran
with more than 20 years of experience that spans enterprise software, data
intelligence, private equity, mobile applications and supply chain solutions. As
CEO at ALTR, he is focused on expanding the ways enterprise companies can
reduce threats to data security and privacy. Sikora holds an MBA from Harvard
Business School. ALTR is the first provider of programmable data security,
which embeds data monitoring, governance, and at-rest protection natively into
application code to provide a dramatically more effective, more portable,
simpler data-security model. Using a smart database driver or API that serves
as a single integration point, ALTR makes it possible for development teams to
place security into the critical path of data and hand off management of
governance and protection policy to security and compliance teams. Further
supported by private blockchain to provide integrity to data access auditing and protected data itself, it is
a completely portable approach that neutralizes data access risks from even the most privileged users
while accelerating innovation and reducing the cost and complexity of data security. ALTR, which holds
21 issued and allowed patents and has more than 30 patents pending, is based in Austin. Dave Sikora
can be reached online at (@altrsoftware, 1-888-757-2587) and at our company website
http://www.altr.com/
76

How to Suggest Your Manager to Invest into Cyber Defense?
By Milica D. Djekic
The first personal computers would appear in the early 80s of the 20 th century. Since then the entire
technological posture has changed and evolved so rapidly, so today we cannot imagine the home or
business without the computing unites and the internet connection, so far. The early beginnings of the
web era would go several decades to the past and with the first computer’s networks we would get the
first legal regulations and frameworks regarding the cybercrime as well as cyber security. So, the cyber
defense is not that young branch of the human activity and with the very first digital networks – we would
get aware of the need for some cyber security procedures, tactics and strategies. Right now, the cyber
defense is witnessing its boom and it’s quite obvious such an area would get publicly engaging more than
even before. The reason for that could be that the machines with the internet connectivity would become
the part of our everyday routine and even the most rural landscapes in so developing economies would
get that privilege to rely on the web and so commonly to the entire mobile technologies service.
In other words, the cyber infrastructure across the globe got so well-developed and accessible nearly
anywhere worldwide, so it’s not that strange that the people would see the cyber security as so engaging
area of their lives and works. Anyone who would want to know anything about the cyber defense could
get such a piece of the information simply surfing on the internet or searching his social media accounts.
In our experience, even the folks from the low safety and security level societies could demonstrate the
77

impressive familiarity with the cyber security for a reason they would spend the hours and hours in front
of their screens working so hard on their self-education in the field of the high-tech security. Indeed, those
guys would so promptly develop the skill in such an arena and probably if they remain the long enough
in such a business they could deal with the great expertise that could contribute to poor and unsafe
countries to change for better and gain the better quality of life and work to everyone living there.
Cyber defense is about a risk management
So, the cyber defense would get the huge public attention through the past years and so many people
over the world would wonder what such a field could offer to us. This question could offer so deep
discussion as well as explanation instead of the only brief answer on. Why? The digital networks of today
would serve to so many purposes and sooner or later the end users and consumers could suffer some
kind of disadvantage dealing with their assets. Those drawbacks could cost them more or less in the
financial connotation and everyone being rational would try to avoid paying more if he can pay less or
nothing for something. Also, there are some security concerns getting correlated with the poor cyber
defense, so that’s why we must pay the strong attention to those requirements. The fact is the entire IT
industry would offer the information goods and services that could be the sources for the long-term
exploitation needs.
Apparently, the cyberspace could be so risky environment and if we do not know how to handle that risk
– we would defiantly pay much, much more. Well, the role of the cyber defense is to manage the risk in
the cyber domain and if we put such a threat at the reasonable scale – we would consequently pay less.
It’s so complicated to mitigate the risk completely, but if you cope with the enough skill your private or
business networks would be somehow secure. From this perspective, it could seem that the entire global
marketplace is suffering the certain lack of the IT security professionals, but – in our opinion – such a
shortage could get overcome through so intelligently created training and courses that could teach the
people with the quite basic IT skills to get the cyber defense workforce. Also, never underestimate the
power of the positive and constructive self-education, because the guys from the developing countries
would not get the funds to pay for the expensive training and they would rather choose to sit at home and
exercise on their computers on their own developing the skills that would make them getting so capable
defense shield to their communities and maybe internationally if they really select to put such a big effort
on, so far.
Your manager is a decision maker to your effort
On the other hand, if we talk about the objective needs of some organization to the cyber defense
products and services, so many employees working for such an enterprise would direct you to their
bosses to discuss with them anything you want to offer to such a business. Even if there is some IT
security department within some firm or company – the cyber security manager would talk to his decision
maker before he takes any concrete actions on. So many IT security professionals would use the welldeveloped
assessment forms in order to estimate what they really need for their everyday activities and
they would also need the great reporting, communications and negotiation skills in order to stress on with
their managers if the entire enterprise could choose the certain way in terms of their cyber security
progress, so far.
78

The purpose, the impacts and the budgeting
The convenient skills are needed in the business world even if you want to convince your decision makers
to approve the funds and the other resources in order make the cyber security concerns getting so
understandable to the rest of the team and more importantly – the workforce must know the purpose and
impacts of those decisions as well as the reasons why such a budget is so necessary to that. The practice
would suggest that the people would look for a remedy once they get unwell and only the very few of
them would choose to prevent the conditions that got fully treatable once it got diagnosed. No one would
die from the cold, but the old person which would not get treated from that condition could develop the
pneumonia and certainly suffer so fatal consequences. In other words, your computer would not show
any serious symptoms if it catches some virus in the cyberspace, but if you do not treat that incident in
sense of cleaning your IT network from the malware using some anti-malware solution – you would
sooner or later get the collapse of the entire operating system because such a malicious software would
not get recognized and removed at the appropriate time.
The difference between business risk and cyber risk
Above all, let’s talk about the differences between the business and cyber risks and why those two terms
differ from each other as well as why they could get so similar to each other. The business risk is more
about investing your resources either being human or financial by their characteristics into some activity
or useful work that could support you in obtaining some kind of the advantage on the marketplace. If you
choose to make several risky, but profitable steps in your business – you can expect that you would
expand your marketplace to much more consumers and clients. On the other hand, the cyber risk is more
about how you can protect what you already have as well as prevent your organization and staffs from
so serious financial and security concerns. Maybe investing into cyber defense would not impact your
business advantages and new horizons on the marketplace, but you would definitely deal with the more
profit at the end of the year because you would need to pay less for the occurrences being the
consequence of the cyber insecurity, so far.
The further thoughts
The cybercrime would cost the global economy the trillions of dollars per an annum and that’s quite
appealing fact. If we put such a finding into our calculation, we can notice that the real business can lose
the few percents of their annual profit once they get the target of the hackers and cyber criminals. That’s
the quite big waste and no one would want to throw such money through the window and give it for
nothing. So, if you are the rational decision maker and if your IT security staffs deal with the adequate
skills – you should defiantly get open to their suggestions as well as consult your financial risk team in
order to collect the numerous helpful information and advices at the same glance before you make any
move on.
79

About The Author
Milica D. Djekic is an Independent Researcher from Subotica,
Republic of Serbia. She received her engineering background
from the Faculty of Mechanical Engineering, University of
Belgrade. She writes for some domestic and overseas presses
and she is also the author of the book “The Internet of Things:
Concept, Applications and Security” being published in 2017
with the Lambert Academic Publishing. Milica is also a speaker
with the BrightTALK expert’s channel and Cyber Security
Summit Europe being held in 2016 as well as CyberCentral
Summit 2019 being one of the most exclusive cyber defense
events in Europe. She is the member of an ASIS International
since 2017 and contributor to the Australian Cyber Security
Magazine since 2018. Milica's research efforts are recognized
with Computer Emergency Response Team for the European
Union (CERT-EU). Her fields of interests are cyber defense,
technology and business. Milica is a person with disability.
80

So, Ya Wanna Be A Pen Tester, Huh?
Here are some things to consider
By D. Greg Scott, Author of Bullseye Breach and Virus Bomb
Do you like tearing software apart and putting it back together again, stronger and better?
When you watch a dramatic live TV news story from a war zone, does the news report get your attention,
or do you wonder about all the ways to hack the video transmission?
If you’re a Star Trek fan, when they beam aliens onto the Starship Enterprise, do weak access controls
on the ship make you crazy?
Do you laugh at the Hollywood hacker scenes in books and movies and want to grab the producers’ shirt
collars and show them how the technology really works?
If you answer yes to questions like that, you might be a natural penetration tester.
Penetration testing (pen testing) means probing for weaknesses in IT networks and finding ways to exploit
them before real attackers do it. Like all testing, the exercise is part science and part art-form.
81

Most organizations declare a successful test when the system being tested demonstrates its capability.
Testers know this is backwards. To a tester, a successful test means the test found a problem. Which
means a successful pen test means the test uncovered a vulnerability. This is cause to celebrate.
The best pen testers drive developers, system admins, and corporate managers nuts because they’re so
good at finding problems. Which also makes them worth more than their weight in computer chip precious
metals.
Your Challenge
But pen testers need to overcome a challenge.
I surveyed a sample of pen tester job postings recently. They all want people who know a bunch of
systems and languages. Some want people who know how to use the organization’s favorite tools and
perform system admin functions. Excellent diagnosis and analytical skills is a common requirement.
Certifications are often in the mix. And they all want somebody with strong communication skills who can
work in a team.
Those skills are all important, but the job postings all miss that intangible quality, that ability to sniff out
weaknesses and break things. It’s a shame today’s automated resume scanners don’t have a way to
capture it. It’s hard to package in a resume.
So, how does a pen tester job candidate get past the automation? Fair or not, today’s resume scanners
look for keywords. So, make the scanners happy and put the appropriate keywords on your resume. This
should not be a problem for any experienced tester. Pass the automation gate and score an interview.
The interview is where you shine. Instead of regurgitating all your experience from your resume, apply it.
Ask every interviewer a zillion questions about how their departments function. For the HR rep, ask about
how the HR process works. Who has permission to look at your resume? What happens if somebody
unauthorized looks at it? Who protects it from tampering? For a technical hiring manager, ask about
network topology, audit rules, how they store information, who has access to what, and anything else
that might seem relevant. How do the right people know the network traffic coming out of here is all
legitimate? How do they maintain the encryption keys for sensitive databases? What if somebody gets
inside a public-facing web server and starts querying the customer database? How would they find out?
Use your creativity.
Their goal is to find out about you. Your goal is to learn about how stuff works around here, or how it
works with a typical customer if you’re interviewing with a company that does external pen testing. The
more you find out about how things work, the more you can demonstrate your knack for finding
vulnerabilities.
During the whole interview process, you’re running your own verbal penetration test. Smart interviewers
should recognize and appreciate it. Especially if you uncover a vulnerability. And the not-so-smart
interviewers—if your questions turn them off, better to find out now they’re not serious about finding
problems, rather than later.
82

Does the world need you?
The short answer is, yes.
Here are a few statistics from fall 2019.
• The IT Governance blog reported more than ten billion records lost to cyberattacks in the first nine
months of 2019. Source: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyberattacks-in-september-2019-531-million-records-leaked
• A 2017 Clark School study at the University of Maryland found that somebody attacked computers
they exposed to the internet every 39 seconds on average. Source:
https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds
• My own anecdotal experience over more than fifteen years of setting up custom firewalls suggests
automated probes come in from around the world at least every five seconds.
• The SafeAtLast blog says ransomware attacks generated at least $1 billion in revenue for
attackers and cost victim organizations more than $8 billion in 2018. Source:
https://safeatlast.co/blog/ransomware-statistics/
The statistics are easy to find. They tell an ugly story.
But forget statistics. Just listen to Warren Buffet, when he said, “I don't know that much about cyber, but
I do think that's the number one problem with mankind.” (Source:
https://www.businessinsider.com/warren-buffett-cybersecurity-berkshire-hathaway-meeting-2017-5)
More recently, he said, “Well, I think cyber poses real risks to humanity.” (Source:
https://finance.yahoo.com/news/warren-buffett-cyber-attacks-131445079.html).
Typical Pen test Engagement
Great, you landed the job and now you’re leading a pen test engagement. This is when it gets real. Before
going any farther, make sure everyone agrees on the scope of the project.
Scoping is critical. Let’s say you’ve been asked to probe, say, the HR system, and you find something
that leads to, say, Manufacturing, and you follow the lead. And then something bad happens in
Manufacturing. The acronym, RGE, for “resume generating event,” comes to mind. Without proper
scoping, this could be one of those events. Or worse. You’re in a position of trust, and your stated mission
is to find out how to make systems break. So, make sure everyone agrees on the scope of the project,
and then stay in scope. If something leads beyond the scope, protect yourself by obtaining permission
before following it.
The best engagements, and the ones you’ll remember forever, are the ones where you find a vulnerability
so big, they have to stop the whole company to fix it. Everyone will be mad at you at first, but if you do
your job right, you’ll end up a hero.
83

Probe wide first, and then probe deep. Deliver your report and do it all over again.
A few useful tactics
No pen test would be complete without a simulated social engineering attack. Start an email campaign
offering free coupons and screensavers. Email people in Accounting about bogus invoices. Email people
in shipping about messed up deliveries, with a click-here-for-more link. Tell people their password is
compromised and click here to update it. Spear phish a few people. Use your imagination—and then run
a seminar about phishing after you catch a few.
Most managers’ eyes glaze over when I talk about port scans. But it’s critical that people understand
what they are, and so I try to explain it using physical metaphors. I also use the Gibson Research “Shields
Up” test at https://www.grc.com/x/ne.dll?bh0bkyd2.
This is how I describe it.
“Don’t let the word, port, freak you out. Port might be one of the most overused words in the English
language. In this context, think of a port as kind of like a topic of conversation. Maybe Alice approaches
Bob and says, ‘Hey Bob, let’s talk about websites.’ Except with computers, we give topics of conversation
a number. If we want to talk about websites, that’s topic number 80. Secure websites are topic number
443. But we don’t use the word, topic, we call it a port, and we have room for 65,535 of them. The first
1024 are well known, and no, I don’t have them all memorized. I only know a few.
“Anyway, now let’s put Bob in his house and Alice knocks on the front door. That’s’ kind of what happens
in computer conversations. So Alice knocks on Bob’s door and says, ‘Hey Bob, let’s talk about websites.’
“If you’re Bob, you have 3 choices on what to do with that request.
You can acknowledge it. ‘Sure, Alice, let’s talk about websites.’
You can say no; or actively deny it. ‘No Alice, not interested.’
Or you can ignore it.
“What do you think is the worst of those choices? It’s actively denying it, because Bob just told Alice he’s
home and doesn’t want to talk. Gibson presents those with purple ‘Closed’ buttons. You don’t want that.
If you don’t have whatever Alice wants to talk about, you want to ignore it. Don’t give your adversary any
feedback because they’ll use it against you.”
When you’re onsite selling your service and you run this test and find those “closed” boxes, use those as
a teaching tool. The customer probably has a misconfigured firewall somewhere, which means the odds
are reasonable your proposed pen test will also find other problems.
To run a proper port scan, every pen tester should become familiar with nmap. It’s one of the most
versatile weapons in the arsenal. Here’s a tactical tip. Some firewalls “hide” after a few probes and don’t
respond to anything when they detect an intrusion attempt. Work around this by using the “-T0” switch,
84

which nmap calls paranoid slow. Port scans will take a long time, but will be most accurate. See the nmap
documentation pages for more.
After probing wide with a port scan, probe deep into anything interesting the port scan finds. There are
scanning tools for pretty much every application, complete with databases of the latest vulnerabilities.
When probing into systems hosted at a cloud service—and this will get more and more common—also
dig into the cloud service itself. You care about the thing you’re probing, but you also care about the
environment in which it lives. Maybe the cloud service around the app you’re probing will have some juicy
vulnerabilities. If somebody had done that with AWS and Capital One, that would have stopped a major
data breach incident before it started. But make sure you stay in scope.
Whatever it is you’re probing, whether it’s in a cloud or on-premise, first find out how it works, recon it,
and then poke at it to make it break. Find problems, so organizations can fix them before the rest of the
world finds them. That’s what pen testers do. The world needs more of you.
About the Author
Greg Scott is a veteran of the tumultuous IT industry. After surviving round
after round of layoffs at Digital Equipment Corporation, a large computer
company in its day, he branched out on his own in 1994 and started Scott
Consulting. A larger firm bought Scott Consulting in 1999, just as the dot
com bust devastated the IT Service industry. A glutton for punishment, he
went out on his own again in late 1999 and started Infrasupport Corporation,
this time with a laser focus on infrastructure and security. In late summer,
2015, he accepted a job offer with an enterprise open source software
company. He is author of two novels. Bullseye Breach: Anatomy of an
Electronic Break-in shows how independent IT contractor, Jerry Barkley,
fought back after Russian mobsters penetrated fictional retailer, Bullseye
Stores, over a busy Christmas shopping season and stole forty million
customer credit card numbers. In Virus Bomb, Jerry Barkley discovers a
hostile country attacking the United States over the internet as a prelude to
a biological attack, and finds himself again in a position to act. Real superheroes are ordinary people who
step up. Even when they don’t to. Find more information at https://www.dgregscott.com/books/. Both
novels are available everywhere books are sold. He lives in the Minneapolis/St. Paul metro area with his
wife, daughter, and two grandchildren. He holds several IT industry certifications, including CISSP
number 358671. Greg can be reached via email at gregscott@infrasupport.com, or dregscott on Twitter.
Also check out his Youtube channel, “Greg Scott Public Videos.” His author website is
https://www.dgregscott.com.
85

Simple Ways SMBs Can Protect Themselves against Cyber-
Threats
By John Ford, Chief Information Security Officer, ConnectWise
It seems as if every couple of weeks or so, a major news story flashes across our screens detailing a
massive data breach where thousands, sometimes millions, of users’ personal information has been
stolen or exposed. What each of these have in common is that they all involve large companies. Apple,
Target, Marriott, British Airways – these are just a few of the more high-profile cases over the past couple
of years. Just last month, Capital One was hacked and had 100 million records stolen by a former
employee.
But what about the ones that don’t make the news? I’m talking about small- and medium-sized
businesses (SMBs), which have increasingly come under attack in recent years. While they may not
dominate the headlines, 43% of cyber-attacks target small businesses, according to the Verizon 2019
Data Breach Investigations Report.
When you think about it, this shouldn’t be all that surprising. Fortune 500 companies spend tens or even
hundreds of millions of dollars every year on cybersecurity. And yet, they still have security incidents to
86

eport. What chance then do SMBs, many of which do the bare minimum in terms of protection, have?
Small wonder they find themselves targets.
However, there are some relatively simple steps SMBs can take to protect themselves without breaking
the bank.
The Importance of Risk Assessments
Perhaps because of the intense media attention given to massive data breaches, many SMBs operate
under the impression that cyber-attacks only happen to large corporations. Believing they are in no real
danger, most SMBs are completely unprepared to deal with cyber-threats. Results of more than a
thousand risk assessments performed by ConnectWise’s managed service provider (MSP) partners
show that 69% of SMBs – and in some cases, the MSPs themselves – have not identified and
documented cybersecurity threats. Two-thirds (66%) have not identified and documented cybersecurity
vulnerabilities.
Similarly, SMBs are ill-prepared to deal with a cyber-attack if impacted by one. Among those thousandplus
assessments cited above, almost half (48%) did not have a response plan for a cybersecurity
incident, while 43% lacked a recovery plan. But SMBs need to consider the risks associated if an attack
were to take place. The damage to their business can be financially and reputationally devastating, and
in the worst cases could even shut them down completely.
Performing a cybersecurity risk assessment – or working with an MSP to perform one – is an absolutely
crucial first step any SMB should take when it comes to threat protection. The old adage, “you don’t know
what you don’t know” is apt here. How can you protect yourself if you don’t know what your risks are,
where your vulnerabilities lie, and how to mitigate them?
If working with an MSP on a risk assessment, SMBs should make sure the MSP is aligning the
assessment with a well-known framework, such as the Cybersecurity Framework written by the National
Institute of Standards and Technology (NIST). The Cybersecurity Framework provides a way for
organizations, including SMBs, to assess security risks and provide guidelines for identifying, protecting,
detecting, responding to and recovering from cyber-threats.
There’s No Substitute for Good Training
Something I continue to be surprised by (and not in a good way) is the lack of adequate cybersecurity
training among so many organizations. The results of our MSP partners’ risk assessments show that an
alarming 57% of SMBs have not informed and trained all of their users on cybersecurity. That means
either they are not doing the training themselves, or their MSPs are not performing the training for them.
In some cases, the MSPs themselves may not be adequately trained.
Needless to say, this is not a good trend. When companies train their employees, or their customers, on
cybersecurity, they are doing them a service, and hopefully that knowledge will be passed on. In that
way, effective cybersecurity training can almost be considered a social good.
87

When I speak to organizations about cybersecurity, I often ask, “Were you breached yesterday?”
Inevitably, I get the response, “no.” But that’s not the right answer. Unless you actually were breached,
the smartest answer is “To the best of my knowledge, no.”
This is more of a societal problem than anything. We have become too trusting of technology to protect
us, or we let our own perceived technical knowledge get in the way of common sense. It’s why phishing
attacks remain a common problem. The only way to get past it is to continually educate ourselves, our
employees, our customers, on the latest cybersecurity threats. And it’s not like learning algebra in high
school, resting assured that knowledge will always remain the same. Being proficient in cybersecurity
means regular, remedial training to keep up with the latest threats, because they are ever evolving.
Using Multifactor Authentication for Good ‘Security Hygiene’
There’s an analogy I like to use when talking to customers about cybersecurity. In the eighteenth century,
doctors began to discover something we all take for granted these days. They learned that washing their
hands before performing surgeries and other medical procedures prevented infection and saved lives. It
seems so simple, right? You don’t have to be a physician to understand that washing your hands is an
easy way to prevent infection and disease. And yet, not everyone does a very good job of it.
So it goes with cybersecurity. We don’t always practice good “security hygiene.”
The simplest thing SMBs can do to protect themselves from cyber-threats is to enable multifactor
authentication. Essentially, that means having more than just a password. Most people use it all the time
and never even think about it. For instance, when logging into your bank account from something other
than your primary computer, and the bank sends a text message to your phone with a code. You enter
the code and you’re in. That’s all multifactor authentication is. In cybersecurity, we call it “something you
have and something you know.”
While there are all kinds of complex products and technologies companies use to protect themselves –
many of them excellent – the fact is, most ransomware attacks can be prevented by this easy-to-deploy
process. Yet, multifactor authentication has only recently become widely adopted, despite having been
around close to 20 years.
Closing Open Ports like Remote Desktop Protocol
Many SMBs are supported by MSPs via remote desktop protocol (RDP), which is a TCP connection
allowing remote execution on a machine accepting credentials from the remote user. This is a good thing
from a support perspective and allows MSPs to fully manage their SMB clients proactively and
rapidly. But like many good things there are some risks. Unfortunately, the bad actors in the world have
tools that scan for open TCP ports, and when using an unencrypted channel, they can see when an MSP
is connecting to a client via RDP.
It does not take much from there for bad actors to obtain the credentials that the MSP is using to access
the client. At that point, they can completely take over the client machine and disable any endpoint
88

protection that was in place. They can then install ransomware or other malicious code to execute their
bad intentions. What can be done to prevent this? For certain, MSPs should have multi-factor
authentication enabled. But they should also be using a secure connection to the client environment to
ensure that all communication between the MSP and client is encrypted.
In fact, if an SMB were to do only two things to improve their security posture, multifactor authentication
and closing open ports like RDP are what I would recommend. These steps are easy yet effective – just
like washing your hands and locking your doors.
About the Author
John Ford is chief information security officer for ConnectWise. His
responsibilities include ensuring security education, products and services
enable ConnectWise partners to own and deliver secure solutions to their
customers. John, who has more than 22 years of security and technology
experience, joined the ConnectWise team in 2018. Prior to that, he served
for six years as founder and CEO of Sienna Group, a leading data-centric
managed security services provider that was acquired by ConnectWise.
John also has held CISO and CCO roles at several large healthcare,
technology and government organizations, including MCS and WellCare
Health Plans. He is a board member of the Tampa Bay Cloud Security
Alliance Chapter. John earned a bachelor’s degree in information systems
from the University of South Florida.
John can be reached online at LinkedIn and at our company website http://www.connectwise.com/
89

In A World of External Threats, How Are Business Putting
Themselves In Jeopardy?
By Stephanie Douglas, Senior Managing Director, Guidepost Solutions
Just about every possible facet of your personal information can be subject to compromise: credit card
or social security numbers, social media profiles, even your actual computer or mobile device. And while
those breaches can seemingly turn your life upside-down, they only affect you and the people close to
you. Cyberattacks focused on large organizations, on the other hand, can affect hundreds or thousands
of people’s personal information and have long-lasting effects on the company’s shareholders,
customers, and reputation.
Recent conversations in the media and political spheres have concentrated on threats posed by foreign
countries hacking and interfering in elections. The bulk of this focus has been on the Russian government
but both foreign and domestic attackers can pose a serious danger to businesses. Think back to the
reputational harm that Sony Pictures suffered after a hack by North Korea in October 2014 or the 2017
90

WannaCry hacking that shut down hundreds of businesses and is estimated to have cost the British
1, 2, 3
healthcare service more than $100 million and businesses around the globe as much as $4 billion.
A cyberattack doesn’t need to make headlines in order to be devastating. The theft, resale and
manipulation of both private and public information can potentially have lasting impacts to every part of
our business and personal lives and the number of attacks – and the corresponding impact – continues
to rise. Every day, it seems, we read about another significant breach of personal data, often from
companies that we implicitly trust.
Perhaps most troubling is that the methods of attack keep evolving, thwarting business leaders’ attempts
to keep them at bay. It seems like there are never-ending ways for hackers to expose critical information,
even when organizations have undertaken significant investments in protecting that information. As the
risks evolve and become more widely known, regulators, shareholders and the general public are
increasingly holding executives accountable. Aside from the obvious political concerns for the U.S.,
organizations should be taking these risks seriously and be thinking through efforts to protect data and
their reputations from bad actors, both foreign and domestic. While many organizations are ahead of the
curve when it comes to bolstering their cyber defenses, here’s how many needlessly also put themselves
at risk.
Providing equal-opportunity access to sensitive information. While many developed organizations
practice sound data security practices by instituting role-based access for specific parts of the
organization’s network and information, some early-stage and quick-growing companies do not. For
these organizations, data security protocols can be slow to take hold. An expectation that everyone other
than Human Resources and Finance should have access to every part of a product code or development
provides wide access to sensitive company intellectual property. Having so many or even a few
individuals with access to everything is an understated risk that many companies are willing to take for
the sake of collaboration or product development agility. Some of the hesitancy to make the switch to
role-based access can be attributed to organizational culture, but it is often an unsustainable culture in
the face of a system compromise.
Self-exposing too much information. As more and more executives and companies turn to social
media and professional networking sites such as LinkedIn, individuals and organizations alike can
potentially further their risk exposure simply by providing access to too much employee and personal
information. On company websites and social profiles, organizations often highlight personal biographies
and CVs of staff, investors and board members, complete with photos and cell phone numbers. While
these can be a great way to celebrate employees and emphasize expertise, this information is also
commonly used in the successful social engineering and targeting of individuals.
1
Kang, Cecila. “Sony Pictures hack cost the movie studio at least $15 million.” Washington Post. 4 February 2015.
https://www.washingtonpost.com/news/business/wp/2015/02/04/sony-pictures-hack-cost-the-movie-studio-at-least-15-
million/?utm_term=.d6b8ca62782a
2
Field, Matthew. “WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled.” The Telegraph. 11
October 2018. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-
appointments-cancelled/
3
Berr, Jonathan. “’WannaCry’ ransomware attack losses could reach $4 billion.” CBS News. 16 May 2017.
https://www.cbsnews.com/news/wannacry-ransomware-attacks-wannacry-virus-losses/
91

Cell phones are also becoming a more common target for hackers. Text messages with links containing
malware can be easily sent to compromise personal or business devices. While many companies find
that making this information publicly available is a necessity, it’s vital that employees are aware of the
risks and are trained to spot potential hacking efforts.
Undisciplined social media presence and response. In today’s digital world, companies are driven to
use social media to engage with customers and the general public. Social media can be vital in
communicating updates and highlighting the good work done by many. But organizations often forget
that competitors can also collect intelligence on them through their own social media. Businesses often
take advantage of competitor information wherever they can, from insights into valuable intellectual
property to information about key customers or even internal personnel or corporate financial information.
New information, such the announcement of a product launch, can seem exciting to a company and to
its investors; but to a competitor, it may be helpful in planning its own announcements and competing
product launch.
While organizations generally use social media to push out positive information, it has to be prepared to
respond to negative information as well. Picture a scenario where a CEO is speaking to key stakeholders,
while a disgruntled shareholder simultaneously is tweeting a long list of complaints about the CEO. An
organization has to be disciplined and cautious about when and if it should respond to negative
comments, even though such events can occur in a matter of minutes. Having a solid communications
plan and a bit of thick skin is important to ensure the organization does not overreact and make matters
worse.
Employee personal social media use. Security leaders see careless or unaware employees as the
number one threat to digital security, according to a 2017 survey of key security executives from 1,200
companies by consultancy EY. 4 There is a fine line between free speech and irresponsible
representations. Publicly available social media profiles are helpful to hackers looking to build a social
engineering profile for the purpose of compromising key employees. Individual use of social media in an
irresponsible manner can also subject the organization to public scrutiny and reputational impact. Having
a responsible social media policy and training around its data protection and appropriate communications
is helpful in navigating this sometimes-complicated issue.
Today’s organizations bear a heavy burden to protect sensitive information and are spending billions in
cybersecurity tools and mitigations. Specific regulatory requirements including GDPR and CCPA attempt
to mandate specific efforts to protect sensitive personal information. Even if an organization is compliant
with the most stringent regulations, it can still put itself at risk by its own business decisions, and that is
something that should keep management up at night.
4
20 th Global Information Security Survey 2017-18. EY. 21 November 2017. https://consulting.ey.com/cybersecurityregained/
92

About the Author
Stephanie Douglas is Senior Managing Director at Guidepost
Solutions. She focuses on sensitive internal investigations,
white collar crime investigations, building corporate
compliance programs, holistic corporate security programs,
and proactively educating executives about crisis
management and insider threats. She is sought after for her
invaluable insight and judgment and is sensitive to the needs
of business, working with corporations to identify risks, think
through sensible and cost-efficient mitigations, and engage
leadership with making long-term and productive corporate
changes. Stephanie can be reached online at
sdouglas@guidepostsolutions.com and at
https://www.guidepostsolutions.com/
93

Avoiding Misinformation for Content Moderators
By Sarah Katz, Cyber Security Specialist
Provided the controversy surrounding foreign fake news that allegedly influenced the 2016 presidential
elections in countries such as France and the United States, concern over the ubiquity of this
misinformation has skyrocketed in the past two years. In particular, many social media platforms, such
as Facebook and Twitter, have received major backlash for failing to effectively protect their users by not
monitoring fake news more closely.
94

Global Information Sharing
CBS News
Over the past two years, social media giants have placed particular emphasis on protecting users from
fake news as well as graphic violence and pornography.
However, the well-known social media platforms, such as Facebook, Instagram and Twitter, sport billions
of users worldwide. Therefore, the practices employed toward fake news mitigation must account for the
emergence of said news in a multitude of different languages. The trouble is, there are hardly enough
content moderators to spot all of this unsavory material.
Unfortunately for the 2016 election era and potentially its upcoming 2020 counterpart, social media
content moderation’s prioritization of extreme violence and sex leaves ample opportunity for
misinformation to slip through the cracks – especially when said information appears within seemingly
legitimate news stories and oftentimes in languages that the majority of moderators do not read.
For Content Reviewers
After verifying sources for any known blacklisted websites, a content moderator should take the next step
of ensuring they can read the language in which the material appears. Even in regard to reviewing content
in a language unknown to moderators, content moderation policy should implement the practice of
checking for buzzwords in article titles using Google Translate.
Due to the clickbait nature of the following buzzwords, content moderators should search the text in
95

question for such terms in a variety of languages – namely, Chinese and Russian - so that a foreignlanguage
article will not pose such a moderation barrier. 5 For languages written in different character
systems, it is recommended that reviewers take note of how they appear and use their notes as a
reference point when perusing news story headlines in shared articles.
How to spot Misinformation
As with determining the legitimacy of any webpage, moderators are encouraged to check the news
source websites with the following precautionary checklist in mind:
1) Pop-ups: Do multiple pop-ups and ad banners appear when trying to navigate the webpage?
2) HTTP vs. HTTPS: In the address bar at the top of the webpage, does the far left read http or https?
Tip: While not set in stone, https websites tend to be more secure, as their data is encrypted.
3) URL Redirect: Does the article link seem to redirect to multiple different URLs before the actual
destination page loads? Two optimal free tools for verifying the safety of URLs are VirusTotal and
Urlquery.
4) Hyperlink Match: Does the link in the address bar match the name of the website you are trying to
reach?
5) Typosquat: Examine the link for a typosquatted domain or URL. For example, consider facbook.com,
rather than the proper facebook.com.
When links become quite dangerous is when they lead to a login portal that prompts you to enter your
email or social media login credentials, after which point the hacker will have access to your actual email
or social media account. Once again, VirusTotal and Urlquery are invaluable free resources to safely test
suspect domains and URLs before opening them on one’s machine.
5
Christopher, Nilesh. “Facebook's Fake News Clean-up Hits Language Barrier.” The Economic
Times, 13 Apr.
2018, economictimes.indiatimes.com/tech/internet/facebooks-fake-news-clean-up-hits-language
barrier/articleshow/63741507.cms.
96

Finally, when presented with a foreign-language news article while browsing either social media or the
Internet in general, Google Translate must be used with a grain of salt.
Once more, content reviewers should always cross-reference any search terms with articles from reliable
news sources in their native language to ensure as best as possible that nothing is taken out of context.
As certain idioms and slang can be easily lost in translation, one should never rely on Internet translation
for more than one search term at a time.
Conclusion: Head above Water in Cyberspace
The good news is, thwarting these risks does not always require a technical pedigree – simply close
attention to detail and, most importantly, understanding what one is looking at and for.
Cyberspace is a tricky terrain. New breeds of hackers and threats are constantly evolving and many flock
to social media platforms to spread fake news and malicious links. The aforementioned tips remain just
a few pointers in a vast array of ever-changing techniques needed to ensure that both users and content
moderators alike stay safe and properly informed.
About the Author
Sarah Katz is a UC Berkeley alumna, cyber security specialist and awardwinning
fiction author. She earned a nomination for the 2018 Women in IT
Security Champion of the Year Award for being one of a select few former
Facebook content moderators willing to speak on the issue of user privacy on
social media. Updates on Katz’s work in security and writing can be found at
www.facebook.com/authorsarahkatz on Facebook and @authorsarahkatz on
Twitter.
97

How to Keep Your Customer’s Credit Card Information Safe
Strong cybersecurity goes without question
By John Shin, Managing Direction, RSI Security
Protecting customer data is closely related to delivering a satisfying customer experience.
An enjoyable meal in a beautiful restaurant actually isn’t very enjoyable at all if you catch the waiter writing
down your credit card number. Customers spending money on a product usually don’t think about what
might or might not happen to the data they emit about themselves online. From our physical
demographics to our geographic location, whether broadcast implicitly or explicitly, social media and
other app functionality gathers and stores useful data points about our lives.
Small details gathered in the present can coalesce down the road to form a much fuller picture of who
we are. That’s why the most effective businesses take cybersecurity seriously, especially when it comes
to keeping customer data under proper lock and key. Data breaches of an e-commerce store’s credit and
debit transaction information can not only be expensive for the exposed victims, but the breached
business often finds itself on the line to pay for potential damages. These incidents aren’t only hard on
the pocket book, but hard on a company’s public perception at the same time.
While every internet-using adult in 2019 should have some solid cybersecurity fundamentals (not using
the same password everywhere, for example), it’s rather easy for business organizations that consist of
many smart people to miss the boat on cybersecurity. They might make the mistake of not considering
98

cybersecurity threats seriously enough (“We don’t need to worry about that!”), or the organization may
be of sufficient size that everyone thinks cybersecurity is someone else’s job.
This ignorance or shortsightedness means that companies regardless of size or expertise alike have had
to deal with the expensive, embarrassing ramifications, from the smallest startups to the largest global
corporations, companies at every stage in the game have had to deal with the expensive, embarrassing
ramifications of losing customer data like credit card numbers. But pairing education with action can right
the ship.
Companies implementing compliant hardware and practices will enjoy significantly increased confidence
and certainty operating on an internet with bad guys on it. Discerning customers asking these companies
about their data processing standards will learn that they’ve taken care and consideration to handle
customer data mindfully.
Use a private network or cloud-based system.
This is where the rubber meets the road on taking certain base-level steps that many cybersecurity
newbies simply don’t know to implement. How is data handled on your network? What kind of network is
it exactly? Does everyone connect to share workspace using a virtual private network? Do you depend
on a cloud-based system’s off-the-shelf solution?
Encrypt the data so it’s unreadable to cybercriminals.
Just like you might install a strong lock on the front door in a tough neighborhood, you should take steps
to obscure the state of your network data as it pertains to your business. Encryption makes it easy for
you to read and access your own data, but prohibitively difficult for other people to do the same.
Breaking encryption is a much more complex matter than simply gaining illegal access to a private
computer system. You can probably use a feature in a product you already depend on to enable a high
degree of encryption that renders stolen information unreadable.
Ensure Payment Card Industry (PCI) security compliance across your network and card payment
devices.
With major credit card companies processing thousands of transactions per second, you don’t actually
want to be a credit card cybersecurity trailblazer. There are reliable, well-documented guidelines already
99

out there on how to establish certain cybersecurity thresholds. If your business handles credit card
transactions, for example, then you need to chase PCI compliance.
It is probably easier to achieve PCI compliance than you think. A PCI audit, whether a casual selfassessment
or formal, paid audit conducted by a third-party assessor, will provide you the actionable
feedback you need to become compliant.
In many instances, you may lean on the PCI compliance already afforded by certain products on the
market. It’s just a matter of combining approved hardware and approved software to work together.
Educate the staff on cybersecurity and compliance.
Companies become what they focus on. Make niche topics about data management and security
practices part of the everyday work conversation if you want it to be part of your employees’ thought
process. As newer workers learn what colleagues focus on several rungs up the ladder, this eventually
becomes their focus as well.
Make it a point of culture that your company talks openly about cybersecurity issues, especially as they
pertain to the company’s successful continued operation. This kind of rubbing people’s minds in it in the
long term will build an awareness and working knowledge of the subject matter that will surely serve them
whether or not their jobs are connected to handling data.
There’s no better pushback against fraud than an educated staff. Make sure your people know their stuff.
If you process cards in person, go for EMV readers instead of Magstripe.
EMV payments are those that process a computer chip stored to one end of a credit card in order to
execute, and they are a far more secure and valid way to pay than by conventional swipe of a magnetic
strip. (Such casual swiping is exactly what scammers depend on in order to get a successful “skim.”)
EMV payment technology makes it much harder for bad guys to steal cardholder information. These “chip
cards” contain an embedded microchip and are automatically authenticated with a personal identification
number entered during a transaction. This category of card payment may add time to the total transaction
process, but they operate on a paradigm significantly secure than magstripe.
100

There are other tactics available for companies specifically seeking to improve their credit card
cybersecurity. They might truncate card data in their records to the point that transactions could be
sufficiently identifiable for customer service purposes without retaining enough information to be a liability
(like complete credit card numbers instead of portions).
While the road to bulletproof cybersecurity is long and can be especially complex, depending on the
industry an organization operates within, but it’s always a good idea to be invested in and up-to-date on
the state of your cybersecurity. Moving information around online already enables wonderful things for
today’s consumers, but the underlying cybersecurity involved in doing so should be a point of pride, not
something for a cost-cutting company to overlook.
If the ideal customer experience is the question here, then strong cybersecurity goes without question.
How can a company hope to serve a customer if it can’t even keep its payment processing operations
PCI compliant?
About the Author
My Name is John Shin and I am the managing director at RSI Security. He
has 18 years of leadership, management and Information Technology
experience. He is a Certified Information Systems Security Professional, CISM,
and Project Management Professional (PMP). He is the principal author on
multiple Internet privacy and security technology papers such as the Dominant
Cyber Offensive Engagement and Supporting Technology and
Reconnaissance & Data Exfiltration for U.S. Air Force Research Laboratory.
Mr. Shin has 18 years of leadership, management and Information Technology
experience. His area of expertise is IT security and technology management. He was responsible for
external customer information systems as well as the global infrastructure operations at Abraxas
Corporation, a risk mitigation technology company solely focused on the National Security Community.
Mr. Shin also worked in several management positions for Genoptix Inc. (Nasdaq: GXDX) in
IT/Bioinformatic division. During his tenure at SunGard, Mr. Shin operated as an operations engineer
responsible for mission-critical Infrastructure and ISO-compliance system processes.
John can be reached online at https://www.linkedin.com/in/john-s-504a02140/ and at our company
website https://rsisecurity.com/.
101

10 Best Tips for Using Metasploit to Harden Your Network
By Tim Keary, Copywriter, Comparitech
How do you know if your network is safe? Cybercrime is an everyday threat to companies. There is one
hacking attack every 39 seconds. Some have turned to antivirus solutions or vulnerability scanners to
stay protected, but these tools aren't enough. Now, you need penetration testing, as well.
Penetration testing enables you to step into the shoes of an attacker and test your network for
vulnerabilities. By getting there first, you can fix the issue before an attacker exploits it. Metasploit is one
of the top penetration testing tools for simulating attacks. Here are 10 top tips for using Metasploit to
harden your network:
1. Run a discovery scan
Many hackers will go on a reconnaissance effort to gather information on the target before launching an
attack. They collect on the devices you're using, including the type of operating system. The information
gathered is then used later on to find vulnerabilities to break into the network.
Metasploit can be used to run a discovery scan, a combination of a ping scan, port scan, OS/version
detection, and a data import. After completing a scan, you will have a list of IPs with information on the
services running on the machine.
102

You can run a Discovery Scan in Metasploit through the command prompt (which uses NMAP
commands!). In this example, we're going to scan a metasploitable machine. A metasploitable device is
a virtual machine with lots of vulnerabilities.
To run a Discovery Scan, follow the instructions below:
To begin, start the metasploitable machine you want to attack and a Windows Server 2003 machine in
metasploitable. Enter the following command (with the machine IP): net addr: IP 192.168.1.101
Next, start Metasploit. Enter the following command to scan in the specific IP range (in this example we’re
using Kali Linux): msf > nmap -sn 192.168.1.0/24
To find the OS of one of the systems listed enter the following command with the IP address you want to
attack: Nmap -sV-O -T4 192.168.1.101
At the bottom of the output, you will be able to see the OS the machine is running.
2. Use the Help command to find a list of commands
Knowing what commands you have at your disposal is advantageous when using Metasploit. While you
can look online for tutorials to learn new commands, you can also use the Help command to view a list
in the Terminal. To view a list of commands, enter the following command:
msf > help
The screen will then show a list of commands with a description. Basic commands like search, use, back
help, info, and exit will help you to make your way around. Once you become more familiar with
Metasploit, you can start experimenting with more advanced commands and running payloads!
3. Run a vulnerability scan
When trying to break into a network, an attacker is looking for a specific vulnerability to exploit. A
vulnerability is an entire point that enables an attacker to gain access to a network without authorization.
Running a vulnerability scan will highlight these vulnerabilities before an attacker finds them so you can
remedy the issue.
You can run vulnerability scans with Metasploit. The commercial version of Metasploit uses Nexpose to
run a scan.
First, you need to add then Nexpose console to the Metasploit user interface. You can do this by going
to Administration > Global Settings > Expose Consoles > Configure a Nexpose Console
103

Next, enter the IP of the server, port number, user name, and password. Press Enable.
Click Nexpose and add the IP address of the network or host you want to scan.
Select a Scan template to start the scan
Go to Analysis > Host to view the scan results.
4. Import data from a vulnerability scanner
If you’re using Metasploit, then the chances are you will be using other cybersecurity tools like
vulnerability scanners. Metasploit allows you to import scan data from other vulnerability scanning tools
for you to examine entry points.
You can import scan data from third-party vulnerability scanners like Nessus, Core, and Impact. These
tools show you the weaknesses in your defenses that attackers will try to exploit.
To import data:
Complete a scan in NMAP
Save the scan results in XML format on your desktop
Open Metasploit and enter the following command: msf > db_import “path of xml file”
After completing the import, the prompt will generate a Successfully imported message
5. Use task chains to schedule scans!
In Metasploit Pro (the paid version of Metasploit), there is a feature called Task Chains that allows you
to schedule tasks and complete them automatically. You can use this feature to automatically run scans
so that you don’t have to do it manually.
Available tasks include; SCAN, IMPORT, MEXPOSE, BRUTEFORCE, EXPLOIT, MODULE RUN,
COLLECT EVIDENCE, CLEANUP, REPORT, and WEB SCAN. To schedule a scan, do the following:
Go to Tasks > Chains > New Task Chain.
Enter a Task Chain Name for the task
Click the + icon under Task Chain Name
Select SCAN from the list of task types
104

When the task configuration bullet points come up, click on the Schedule Now button
When the schedule table comes up select how often you want to run the task (Once, Hourly, Daily,
Weekly, Monthly)
Click the Save button to save the task
6. Validate vulnerabilities
Whenever you complete a vulnerability scan, you will have discovered the entry points an attacker could
exploit. If there are a lot of vulnerabilities, it can be difficult and time-consuming to go through the list and
solve each problem one-by-one. To help make things easier, Metasploit provides a feature called
Vulnerability Validation Wizard.
The Vulnerability Validation Wizard ranks vulnerabilities in a list based on their risk to your network. Here
you can prioritize your response and deal with the greatest risks first.
To use the Vulnerability Validation Wizard follow the instructions:
Open Metasploit Pro Web Console > Project > Vulnerability Validation
When the vulnerability validation page comes up, enter a Project Name and a Description of the project.
Press Start
Click on Pull from Nexpose and check the Import existing Nexpose vulnerability data option
Click the Tag tab and check the Automatically Tag by OS option
Click the Exploit tab, check the Clean up sessions when done option under Sessions
Click on the Generate Report tab, select the format you want to use for your report, and the sections
you want to use.
Press Start
Once the Validation Wizard comes up, press the Push Validations button at the top right of the page
You can view the results of the tested vulnerabilities by going clicking on Home > Project Name >
Vulnerabilities. Exploited vulnerabilities will be marked Exploited.
105

7. Use exploits to break into a device
After scoping out vulnerabilities and validating them, you are ready to break into a device. To gain access
to a device, you can use an exploit, a script designed for compromising a machine. In this example, we're
going to try and exploit FTP:
To begin, enter the following command: msf > use “exploit path”
Enter the show options command to display the parameters you need to configure to run the exploit: msf
> show options. RHOST and RPORT will be listed as required. RHOST is the target IP, and RPORT is
the target port.
To run the exploit, you will have to set a target IP address and port. Enter the following command:
msf > set RHOST 192.168.1.101
msf > set RPORT 21
Use the run command: msf > run
If a new session starts, then you will have gained access to the system.
8. Use payloads to interact with the compromised system
Payload is another word for a script that an attacker uses to interact with a compromised system.
Attackers will use a payload to upload and execute malicious files onto the victim's system. There are
many different kinds of payloads, and the kind you use depends on the type of vulnerability you intend to
exploit.
Attackers will use a payload that matches an exploit they found during an earlier vulnerability can. For
example, if an attacker detects that you’re running a Windows Server 2003 machine, then they could use
the DCOM MS03-026 vulnerability to attack you.
To use a payload, follow the instructions below:
Run a search command to look for an exploit or module that is effective at exploiting this vulnerability (in
this example, we search for the DCOM vulnerability). Use the exploit with the best rank: msf > search
dcom
Now search for a list of available payloads with the following command: msf exploit (ms03_026_dcom)
> show payloads
106

You will see a list of Compatible Payloads ranked. You want to choose on that allows you to Upload /
Execute files or one marked VNC Server (the latter lets you inject a VNC server remotely). Set the
payload you want to use: set PAYLOAD payloads /path
Now Set the LHOST (attacker IP), LPORT (attackers port), RPORT (victim IP), and RHOST (victim port).
It should look something like this:
msf exploit (ms03_026_dcom) > set LHOST 192.168.1.101
msf exploit (ms03_026_dcom) > set LPORT 23524
msf exploit (ms03_026_dcom)>set RPORT 135
msf exploit (ms03_026_dcom)>set RHOAST 192.168.1.102
Enter the following command to start a new session: msf exploit (ms03_026_dcom) > exploit You
can now interact with the machine through the payload’s settings.
9. Launch a brute force attack
If an attacker has time to hack into your network, then they might try a brute force attack. In a brute force
attack, a hacker tries all possible combinations of characters to gain access to a system and its login
credentials. You can use Metasploit to simulate a brute force attack.
With Metasploit, you can launch brute force attacks against the metasploitable device in a range of ways,
including through FTP, Telnet, and SSH. The medium you use depends on the type of service the system
is running. In this section, we're going to use FTP to attack the metasploitable device.
Create an auxiliary (small script) dictionary list at the root of your Kali machine to break into the
metasploitable device.
In this example we will use the auxiliary/scanner/ftp/ftp_login auxiliary to launch the attack: msf > use
auxiliary/scanner/ftp/ftp_login
Now set the path of the file that includes the dictionary by entering the following command: msf
auxiliary(ftp_login) > set PASS_FILE /root/pass.txt
Then select the target IP : msf auxiliary(ftp_login) > set RHOST 192.168.1.101
Now enter the run command: msf auxiliary(ftp_login) > run. If the attack has been successful, a session
will launch. If it isn't, you will have failed to access the login credentials.
107

10. How to Obtain Email Account Information
Another risk factor that companies have to mitigate is the theft of account data. Cybercriminals are always
on the lookout for email accounts to target and gain access to a network before launching an attack. You
can use Metasploit to obtain email account information just like an attacker would.
We can collect emails with the search_email collector module:
Load the module by entering the following command: msf > use auxiliary/gather/search_email_collector
Now use the show options command to view the module options: msf > show options
Set a domain to collect data on: msd > set DOMAIN (Note that Google, Bing, and Yahoo
email accounts will be searched for by default). You will then see a list of email addresses that have been
“located.”
Test Your Defenses Before Cyber Criminals Do!
Putting your network under pressure with a penetration testing tool like Metasploit enables you to discover
new ways to improve your defenses. Periodically addressing vulnerabilities will help to minimize your
exposure and keep your network available.
Don’t be afraid to hack into the Metasploitable machine to develop your skills. Just remember that once
you’re ready to try live devices, you need to obtain written permission from the owner first!
About the Author
Tim Keary. Since 2017 Tim has been a full-time tech copywriter. Tim writes
extensively on net admin topics helping businesses and entrepreneurs to keep
their data protected.
Our company website https://www.comparitech.com/
108

How Organizations Can Best Avoid GDPR Fines through
Continuous Compliance
By Fouad Khalil, VP of Compliance at SecurityScorecard
Since it came into force in May 2018, the EU’s GDPR has made many businesses nervous. This is hardly
surprising given the recent high-profile cases that has seen the likes of British Airways and Marriott
International being fined millions of pounds for non-compliance with the regulation.
There is also the perception that implementing the necessary changes to comply with the GDPR will be
expensive and disruptive to the running of the business. But this does not have to be the case. In fact,
complying with the GDPR can improve business processes and customer engagement, as well as
making the organisation’s IT network more secure. But to achieve this, organisations cannot simply install
the required infrastructure and then forget about it, they need continuous compliance to ensure that they
are always meeting the requirements of the GDPR.
What is the GDPR?
The General Data Protection Regulation protects the personal data and privacy of all citizens and
residents of EU member states. This applies to any country that handles the data of users from the EU.
Under the GDPR, personally identifiable information (PII) is defined as any data relating to any living
person that can be used to directly or indirectly identify them. This could be name, location data, online
identifiers, bank account numbers, tax numbers and so on. If an organisation is in doubt about whether
the data it holds is personal or not, the failsafe position is to protect it.
109

Despite the view of some that the GDPR presents a minefield of regulatory requirements that could at
any minute blow up in their face, it has actually greatly improved organisations’ chances of complying
with data protection laws across Europe. Before the GDPR, there were different data protection rules for
each member state of the EU, meaning that businesses working across borders often had a complicated
task ensuring they complied with local laws. The GDPR has helped clear this up, so that not only do EU
citizens know their rights, but it is also easier for businesses to collect and use data from other EU states.
A key principle of the GDPR is data security, confidentiality and integrity, part of which is that
organisations must only keep the minimum amount of data necessary to their business needs.
Dangers of not complying
Organisations that do not comply with the GDPR risk a large fine of either four percent of their global
annual turnover or 20 million euros, whichever is the greater. Regardless of these fines, just to have your
name associated with a breach is bad for business and the losses are likely to be much worse.
Other impacts could involve the costs of defending lawsuits, updating infrastructure and security
measures, along with having to potentially pay contractors or staff overtime to get these issues resolved.
Undoubtedly, the most difficult task facing any company in breach of the GDPR would be to repair its
reputation as they have to try to persuade customers, investors and regulators that the situation has
improved and the organisation can be trusted with data.
There is also the reality that much of the compliance with GDPR is rooted in having high quality security
and privacy processes in place. If these are absent, then an organisation has a higher probability of
becoming victim of a cyber attack, with data necessary to the survival of the business at risk of being
compromised.
Therefore, achieving and maintaining compliance with the GDPR is essential for any business wishing to
avoid these risks.
Knowing what to address
When it comes to complying with GDPR, knowledge is king. For instance, to effectively protect the
personal data it holds, an organisation must know what and where this is. Therefore, identifying and
classifying all personal data through enterprise wide-data mapping is essential.
An organisation needs to know what risks there are to the security of its data in order to mitigate them
and show it is proactively addressing any identified concerns. As such, organisations need to use tools
that can scan for vulnerabilities and record remediation efforts. Aside from the obvious benefits of
knowing when and where to update security and having confirmation that it has been done, having this
information will satisfy auditors. If an audit discovers a potential weakness and risk to data being
compromised due to a network security flaw, it will require verification that it is being remediated and
there are adequate controls in place. Tangible evidence such as log files is important here.
110

Alongside this, an organisation must conduct regular Data Protection Impact Assessments (DPIA), ideally
at least once a year. The assessments look at all the data connected to a particular project and makes
sure that all the risks are assessed. If an organisation is meeting its security obligations these risks should
be minimal as there should be the necessary processes and procedures in place to minimise potential
threats. Conducting data mapping before starting a DPIA is highly recommended as it will allow for the
identification of all the data assets in question, including their location and how they are being used.
To make sure that an organisation remains compliant it should consider automating continuous control
monitoring. For example, take the task of the continuous addition of assets to the system, which all need
to be checked and monitored in order to ensure compliance. By automating these typically time and
labour-intensive tasks, it helps to reduce the amount of human error associated with manual processes.
Securing the network
Having a regular patching schedule is one of the most basic cyber security elements an organisation can
implement. Many hackers exploit vulnerabilities that have not already been addressed by released
patches. The patching of operating systems, software and hardware, indicates the ongoing monitoring
and remediation necessary for compliance with the GDPR.
Firms must apply common controls such as web application, endpoint and network security. Network
security controls are critical for preventing the risk of data being stolen. Before these controls are
implemented or drastically changed, the first course of action is to understand the security set up and
scope of the weaknesses.
When an organisation builds applications or implements changes, it must follow a security by design
approach, where risk mitigation is a major consideration from the beginning of the process. Continuous
compliance means ensuring security controls are implemented in the organisation’s day-to-day work.
This minimises the risk of application security flaws that could let a threat actor into a network.
Not only should thought be given to internal security, but also to that of third-party businesses with which
the organisation is connected. An organisation can and will be held responsible for any breach of data it
holds, even if they come via a weakness in the cyber defences of a third party, such as a supplier,
contractor or partner. Knowing what these risks are and making the third party address them, for instance
as part of a contractual agreement, can mitigate the danger of being hacked via “the backdoor”.
Organisational changes
Adhering to the GDPR is more than just about implementing robust security solutions. A well thought out
GDPR program should be considered as an enterprise-wide process improvement initiative, introducing
a new way of doing business and handling data.
A mature compliance programme requires policies and procedures that create formal organisational
controls that are mapped to the GDPR’s articles. Organisations need to establish governance about who
111

is responsible for what processes, data and so on. In the event of a breach there must be a clear reporting
process in place so that the appropriate authority can be notified without delay.
Also, the creation of awareness programmes will inform staff of their responsibilities in regard to data
protection and how to keep the organisation’s network and assets secure.
A good starting point for organisations needing to implement a privacy compliance framework to ensure
their data processing adheres to the GDPR, is to work towards achieving ISO/IEC 27001:2013
accreditation.
Embracing GDPR
Rather than seeing GDPR as a threat, businesses should see it as an opportunity. Continuous
compliance will not only help ensure the organisation stays on the right side of the regulators but could
also have the benefit of improving business processes, reducing costs, and preventing costly cyberattacks.
However, to achieve this, organisations need the right policies and procedures in place, combined with
technology that is able to automate the mitigation, detection and recording of risks.
About the Author
https://securityscorecard.com/
Fouad Khalil is the VP of Compliance at SecurityScorecard.He is
responsible for compliance programs, auditor education and alignment
with best practices. With experience in the technology space, SDLC, IT,
program management and most recently IT Security and Compliance
management, Khalil’s career path has provided him with keen insights
in the areas of network, system and database administration, software
programming and much more.For two decades, Khalil has focused on
data security and compliance—an industry expert in IT, NIST, Internal
Controls, GDPR, SOX, PCI DSS, HIPAA and HITECH. Khalil holds a
BS in EECE from Marquette University and CISA and ITIL. Fouad can
be reached online at @fkhalil65 and at our company website
112

Here’s How You Can Secure Your App from Cyber Attacks
By Twinkle
Do you know how many people own a smartphone?
Well, you'll be shocked to know that as per the research estimate the total number of mobile device users
is likely to cross the mark of 5 billion by the end of 2019. Yes, that's a huge number that can't be ignored
under any circumstances and that includes cybersecurity too!
There are a significant number of app developers and app owners who don't consider security to be a
vital factor while building a mobile application. According to a research report by Gartner, it was revealed
that around 75 percent of the mobile apps are not able to make it through the basic security tests.
Today, we as users are addicted to our smartphones and rely on mobile applications to get our day-today
activities done such as ordering food online, instant shopping, online banking and much more. Due
to this, the risk of falling victim to one of the cyber-attacks is quite high.
113

Effective Ways to Protect Your Mobile Apps
That’s why in this article on mobile app security, we will be sharing some of the most essential
cybersecurity tips on how you can secure your mobile apps from cyber attacks.
1. App Wrapping
The term app wrapping can be defined as a methodology that basically segments a mobile application
from the rest of the mobile device by capturing it in a secure environment.
Here, the app developers will automatically get the option of app wrapping if they are using the MDM
provider. All you need to do is set a couple of parameters and once that is done, your application won't
be requiring any additional coding for the process of segmentation.
2. Enhanced Authorization
Without having strong user authentication, your mobile app won't be able to stay secure for long. App
developers need to strengthen the authorization for users in their applications if they want their app to
not only survive but also thrive in the market.
A basic 'Who are you?' can help app developers in securing their applications against online malware
and viruses. For an advanced level, user authentication must include various aspects such as session
management, the privacy of a user, the online identity and the security features of a device.
For this purpose, there are many technologies available in the market, some of the best being the OAuth
2.0 authorization framework and the OpenID Connect protocol.
3. Securing the APIs
Another way to secure your mobile app is by applying security to the APIs that are being used in their
app development process. As an API is an extremely beneficial tool, it plays an important role in
managing all the data of the app along with the business logic.
For APIs, app developers should include an app-level authentication like SSL with 256-bit encryption,
this will ensure that user validation is done every time a service is used by someone.
4. Implementing the ATS
ATS also known as App Transport Security, can come in handy for securing mobile apps if implemented
correctly by app developers. In other words, app developers can apply ATS to prevent the app from a
114

potential cyber-attack. The purpose of the ATS here is to ensure a secure connection between the app
and the back-end server.
Final Thoughts
Nowadays, mobile app security is one of the most vital aspects of developing an application that app
developers need to consider during every step of the development process.
Mobile apps that are insecure can fall prey to online hackers that can misuse the sensitive information of
a user, such as financial information. The above-mentioned practices that prove to be of great help in
securing your mobile apps and users' crucial data as well.
About the Author
Twinkle is the product head of MobileAppDaily and keeps a close eye on the
latest and trending tech releases. With her wise taste of the tech industry, she
has single-handedly created recognizable brand image.
115

Sovereign Cyber Effects Provided Voluntarily by Allies
(SCEPVA)
The Devil is in the Kilobyte
By Wiesław Goździewicz, Expert, Kościuszko Institute
NATO has gone a long way in development of its
policy on cyber operations. The three most
recent Summits in Wales (2014) Warsaw (2016)
and Brussels represent true milestones in this
regard. In Wales,. Allies confirmed (a year ahead
of the 2015 UN GGE Consensus report) full
applicability of International Law to cyberspace.
This would also include International
Humanitarian Law (IHL) or the Law of Armed
Conflict (LOAC). Inclusion of IHL/LOAC in this
declaration is particularly important, as during
the Wales Summit NATO has also declared that
cyber incident of certain gravity may be
considered as an armed attack and trigger an
Article 5 (collective defence) response by the
Alliance. Thus, NATO confirmed hat cyber
defence is part of NATO's core task of collective
defence.
Another breakthrough happened during Warsaw
Summit two years later. Cyberspace has been
considered as an operational domain, equivalent
to air, land and sea. Member Nations have been
called upon to build their cyber defence
capabilities as efficient as those for the “physical”
domains. This was reflected in the Cyber
Defence Pledge adopted during Warsaw
Summit. The Pledge reaffirmed that obligations
under Article 3 of the Washington treaty (building
defence capabilities both individually and in
116

cooperation with other Allies) also apply to cyber
defence capabilities. The Allies also pledged to
strengthen and enhance the cyber defences of
national networks and infrastructures as a matter
of priority, as well as to improve its resilience and
ability to respond quickly and effectively to cyberattacks.
As a follow-up from the decisions made in
Warsaw, the North Atlantic Council adopted a
10-point “Cyber as a Domain Implementation
Roadmap”, which addresses the requirements to
adopt e.g. doctrine and policy, trainings and
exercises, operations planning and strategic
communications (also as part of cyber
deterrence). It also called for the revision of
NATO Rules of Engagement for these to
address the specificities of cyberspace
operations. Delivery of the Roadmap is very
advanced, with certain requirements already
met. However, from an operational perspective,
the most important aspects of the Roadmap are
the integration of cyber effects and the cyber
doctrine development as they are closely related
to each other.
November 2017 Defence Ministerial brought the
decision to integrate Allies’ national cyber
capabilities into NATO missions and operations.
While nations maintain full ownership of those
capabilities, just as Allies own the tanks, the
ships and aircraft in NATO missions, cyber
capabilities offered by them in support of Allied
Operations and missions are to remain under
strict political oversight and within the remits of
compliance with International Law.
Most recent Brussels Summit brought significant
momentum into the process of NATO’s
adaptation to contemporary security challenges,
including cyber. Adopted and reinforced NATO
Command Structure now includes the
Cyberspace Operations Centre (CyOC). Being
‘eyes and ears’ of the respective commanders in
cyberspace, the CyOC is supposed to enhance
situational awareness in cyberspace and help
integrate cyber into NATO’s planning and
operations at all levels. It will not be a cyber
command centre as there will not be any
supranational command. While the CyOC is to
operate within the existing NATO frameworks, its
main aim is to equip the Supreme Allied
Commander Europe (SACEUR) with all the
necessary tools to operate in cyberspace. As will
be discussed below, CyOC is responsible for
coordinating Sovereign Cyber Effects Provided
Voluntarily by Allies (SCEPVA). Second main
task of the CyOC is to provide situational
awareness and coordination of NATO
operational activity within cyberspace.
The SCEPVA mechanism can be considered as
cutting the Gordian knot of dilemmas related to
the use of offensive cyber capabilities by NATO.
Dilemmas, NATO has struggled with since the
adoption of the first cyber defence policy in 2008:
how to address cyber threats, including those of
military character, without resolve to offensive
cyber means and capabilities, which for many
years have been considered
as a kind of taboo. The Alliance, in its efforts to
keep the moral high grounds, has been
condemning state and non-state actors for the
use of broad range cyber capabilities against
NATO and its member states, from purely
criminal, through terrorist and in support of
hybrid activities, to offensive use of military cyber
capabilities such as the ones Russia exercised
against Georgia in 2008.
At the same time, officially the Alliance has
interpreted its defensive mandate and purpose
in an overly restrictive manner by claiming that in
cyberspace, NATO shall only exercise defensive
operations, thus even preventing active cyber
defence under NATO “umbrella”. This seemed to
be a significant shortfall and disadvantage
compared to both the “physical” domains and
potentially adversarial actors. At the same time,
certain NATO Member States have openly
117

declared that they would develop offensive cyber
capabilities (of note: the U.S. declared
cyberspace as an operational domain already in
2008).
Such an approach to cyber capabilities had no
logical rationale behind it. NATO has never
funded
a common armament programme meant at
development of offensive capabilities. All such
programmes have been of a non-offensive
nature: Intelligence, Surveillance and
Reconnaissance (ISR), strategic airlift, Airborne
Early Warning and Control (AWACs), etc. Yet
again, nobody had doubts that defensive
mandate does not preclude, should not preclude,
the development of offensive capabilities by
individual Member Nations or collectively by
them. Defence capabilities must include
offensive means: howitzers, tanks, attack
aircraft, cruise missiles etc. And NATO on
numerous occasions has reached to its
members for such capabilities to be provided
(the best example is the 1999 operation “Allied
Force”, which was not defensive, but purely a
peace enforcement operation).
Thus, the decisions to prevent active cyber
defence or the possibility to use offensive cyber
capabilities, have been a significant limiting
factor for those, who had been tasked to plan
certain Allied operations and missions.
Moreover, given the fact that after Wales Summit
in 2014 NATO mad it clear that a grave cyber
incident might be considered as an armed attack
and trigger an Article 5 response, theoretically
NATO would only be able to respond
“conventionally”, “kinetically”. While a responsein-kind
is not required under International Law in
case of an armed attack, one has to remember
that national self-defence has to be imminent,
proportionate and necessary.
There is no doubt that cyber means or methods
of warfare, or more broadly – cyber capabilities
– are not by nature illegal. Moreover, they can be
used in a manner that fully complies with the
requirements of International Law. One could
argue, that in terms of LOAC compliance, if used
properly, cyber means can be the most
discriminate, the most humane and the most
proportionate means and methods of warfare.
Response with cyber means to a cyber attack
might also (in certain circumstances) be
considered as those who best fulfil the
requirements of proportionality and necessity of
acts in self-defence.
Since NATO des not develop offensive cyber
capabilities (but neither does it for “conventional”
domains) and for any offensive capabilities the
Alliance has to reach out to its Member States,
given the long-standing practice of “NATO does
not go offensive in cyberspace”, the SCEPVA
mechanism seems to be the only solution to the
theoretically unsolvable problem: how to
efficiently defend the Allies in all domains (incl.
cyberspace) without “going offensive in
cyberspace”. Cyber-capable Nations may be
requested to deliver offensive cyber effects on a
target designated by an operational-level
commander. And it will be the CyOC who is
going to be responsible for matching the
expectations of the commanders with the
willingness and capabilities of the nations
potentially able to deliver such effects.
Officially, NATO will not be “going offensive in
cyberspace”, while being able to apply all
instruments of military power, all spectrum of
effects. Such a solution does not come without a
price, though.
Firstly, the operational-level commanders who
normally “own” the targeting process and decide
which effects to deliver on a given target and
how to deliver the effect, will not be able to task
any nation to provide such effect. As opposed to
“conventional” means and capabilities, cyber
effects will not be handed over to the
118

operational-level commander, as opposed to
other means and capabilities, which upon
appropriate transfer of authority will fall under the
NATO commander’s command and control. And
even if the effect is delivered upon operationallevel
commander’s request, nation delivering it
will do it on a “I will tell you what I can do, but not
how”. That’s the meaning of the word
“Sovereign” in the SCEPVA construct.
Secondly, there might be no nation willing to fulfil
the request, even if there were Allied Nations
able to or capable of fulfilling it. For several
reasons, including the desire to retain certain
capabilities for own use, strategic purposes, etc.
That’s the meaning of the word “voluntarily” in
the SCEPVA construct.
Last, but not least, it still has to be determined,
where responsibility would lie for potential
internationally wrongful use of such cyber
effects. For example, if as a result of the use of
SCEPVA, excessive incidental losses occur,
thus constituting the breach of the LOAC
principle of proportionality, which nation would
bear the responsibility? Nation voluntarily
delivering the cyber effect? Or the Sending
Nation of the operational-level commander
requesting such an effect to be delivered? Or
perhaps the Sending Nation of the Staff Officer
proposing the employment of SCEPVA on this
particular target in the course of the target
nomination/approval process?
Indeed, the devil is in the detail. When it comes
to SCEPVA, the details can be broken down to
kilobytes. How many devils would fit into a
kilobyte?
About the Author
wieslaw.gozdziewicz@gmail.com; https://ik.org.pl
Wiesław Goździewicz is a retired Polish Navy officer, a lawyer
specialised in Public International Law, in particular legal
aspects of military operation. Expert of the Kościuszko
Institute in the field of cybersecurity, dealing mainly with legal
aspects thereof. Former Legal Advisor of the NATO Joint
Force Training Centre in Bydgoszcz, Poland. Speaker among
others at the European Cybersecurity Forum and Warsaw
Security Forum, guest lecturer of the Polish Naval Academy,
War Studies Academy in Warsaw, Nicolaus Copernicus
University in Torun and NATO School Oberammergau.
119

How Cybersecurity Became a Major Issue for Your Business’
SEO
By Chester
Cybersecurity is no longer a niche issue that you can afford to ignore. Every year, half of all businesses
report being hacked, and this can cause huge problems with the smooth running of organisations. But
you might not realise that one of the big issues that cyber breaches effect is search engine optimisation
(SEO).
In the past you might not have thought about the link between cyber security and SEO, but it has now
become a very large problem. In this article we take a look at how your business’ SEO efforts could be
put at risk by cyber breaches, as well as looking at what you can do to mitigate risk.
The problem of downtime
One of the major issues that a cyber breach can cause for your site is downtime. Not only can a cyberattack
take your website offline, you may also need to have further time without your website live in order
to fix the issue. But lengthy periods of downtime can be a nightmare from an SEO perspective.
120

When Google sees that your site is down, it recognises that you are having problems. If this is only for a
short period of time, it is unlikely to have a negative effect. But Google’s sophisticated algorithm
understands that if a site is down for an extended period, there are more serious problems.
Google hacked site warning
When Google notices that a website has been compromised, it will often display warning text in its listings.
This warning text reads: “This site may be hacked”. If you see this text against your site, then Google
believes that you are having a cyber security problem.
Once again, in terms of SEO this is bad news, as user behaviour is taken into account by Google’s
RankBrain algorithm. When users see a hacked site warning, they are less likely to click on your listing.
Site reviews
Did you know that reviews about becoming important as a ranking factor under Google’s algorithm?
Google likes to see sites getting positive reviews, and is concerned when a site gets a lot of negative
ratings. This is where a cyber attack can impact your SEO.
If your site is hacked then users are more likely to give a bad review due to the issue. As these negative
ratings build up, they can see your site fall in the rankings.
Common cyber-attacks that could damage your SEO
There are many ways that cyber criminals might attempt to compromise your site, all of which can have
the kind of impact on SEO that has been mentioned above. Here we will take a look at some of the most
common cyber attacks that can damage SEO – as well as what you can do to defend your business
against them.
• WordPress plugins and extensions – one of the first things to consider when a site has been
hacked is whether this is due to outdated software. As WordPress is so popular, it is a very
common choice for cyber criminals who can take advantage of plugins that have not been updated
to their latest version. Of course, this is one cyber security issue that can dealt with easily – allot
time for plugins and extensions to be updated on a regular basis
• Phishing – unfortunately it is still the case that your members of staff are often the unwitting
reason that your site is hacked. Staff can fall for phishing attacks such as emails that direct them
to spoofed sites – these are then used to steal their details. The key here is the need to provide
your staff with adequate training.
• Bots – another very common form of cyber attack is trough malicious bots that are designed to
bypass your perimeter defences. A bot attack can take your website down entirely, or you might
face performance issues. Malicious bots can be difficult to defend against, and will require
specialist assistance from cyber security professionals.
121

Ultimately, cyber security has now become an issue that highly relevant to your SEO efforts, and this
needs to reflect in the amount of time and budget you put into your security work. This is the only way to
minimise the risk that you could be hacked, and that this hack could burden your optimisation.
About the Author
Chester is an independent cybersecurity specialist. Chester Avey has
over a decade of experience in business growth management. He
enjoys sharing his knowledge with other like-minded professionals
through his writing. Find out what else Chester has been up to on
Twitter:
Chester Avey can be reached online at chesteravey@outlook.com &
@Chester15611376.
122

How to Erase Data from Mobile Devices: Four Common
Misconceptions
By Mark Dobson, ITAD Specialist,NextUse
When you’re about to retire dozens or hundreds of your employees’ mobile devices, you don’t want the
company data stored on them to end up in the hands of your competitors or criminals.
“Companies tend to overlook IT asset disposition as their mobile devices reach end-of-life,” according to
Jeff Londres, founder and CEO of NextUse, a certified ITAD company. “This misstep not only puts them
at risk of a data breach, but it also means their assets lose residual value from resale. Cell phone values
drop the older a model gets, but they may still be worth decent money even going back several versions.”
Here are four commonly misused steps that will NOT wipe the data off those devices:
1. Reset the phone to factory settings
123

• This doesn’t actually erase any data, it simply removes your ability to see and access it,
just like the way reformatting a hard drive on a desktop or laptop computer clears the File
Allocation Table (FAT)
• The data can be retrieved by recovery software
• Data on SD cards and SIM is not affected
• Numerous studies have shown the ineffectualness of this method
2. Pull the Subscriber Identification Module (SIM card)
• The SIM stores subscriber information to enable communication between the phone and
its carrier
• It only contains up to 128 KB of memory to store things like contacts, phone numbers, text
messages, data usage and billing information
3. Pull the Secure Digital micro (SD) card expansion memory
• This only eliminates the data stored on that removable media
• It leaves all the data stored on the device’s internal flash memory storage, which can range
from eight to 256 gigabytes
4. Select the cheapest IT asset disposition vendor for resale or recycling
• Recyclers and resellers may incorrectly assume that one or more of the above methods
is adequate before selling your phone and all its data on the secondary market
• A vendor without the proper data security/destruction certifications and oversight can be
doing anything with your company’s valuable data
One Easy Way to Erase Data from Your Company’s Retired Mobile Devices
To keep your company’s data from falling into the wrong hands, choose a specialized ITAD vendor that
is certified specifically in data security and destruction of all data-bearing IT assets, and has oversight
from a certifying body including random audits both at their facilities and onsite with clients.
To keep your company’s data from falling into the wrong hands, choose a specialized ITAD vendor that
is certified specifically in data security and destruction of all data-bearing IT assets, and has oversight
from a certifying body including random audits both at their facilities and onsite with clients. Look for a
company with multiple digital data destruction certifications from the National Association for Information
Destruction (NAID), the recognized gold standard in the industry. Although there are around a thousand
NAID AAA-certified vendors globally, only a handful have certification for all destruction methods of all
drive types both at a company’s site and at the vendor’s facilities.
Remember, using a slightly cheaper R2 or e-Stewards certified recycler instead of a NAID AAA-certified
data destruction partner can put you at risk of an expensive data breach, the average of which is now
almost $4 million.
124

About the Author
Mark Dobson is an ITAD Specialist at NextUse. Mark is an
accomplished subject matter expert with over two decades of
experience and expertise in the sales and marketing of information
technology hardware, software, and services, copywriting, and
copyediting. As an “IT savant,” he understands the business benefits
and positioning of current, new, and cutting-edge technologies in order
to enable businesses to increase market share and revenue. Mark
specializes in highly sophisticated and new technology concepts such
as the Internet of Things, artificial intelligence, machine learning, natural
language processing, software-defined networking, data centers, and
infrastructure, gamification, etc.
Mark can be reached online at mark.dobson@nextuse.us and at our company website
https://www.nextuse.us
125

Secure Data Is Gold: U.S. Immigration Options for
Cybersecurity Experts
By Lin Rose Walker, Esq. and Scott R. Malyk, Esq.
A decade ago, very few people outside of the Information Technology (IT) industry knew what
cybersecurity was or even considered it something worth worrying about. Many of us naively believed
that with the right passwords, encryption software and firewalls, our data and information would be
secure.
In recent years, however, our world has become far more technologically advanced and, as a
consequence, technologically dependent. Nearly every occupation and industry has developed uses for
data, whether it be used for artificial intelligence, machine learning, CRM or other applications, whether
it is banking, retail, pharmaceutical, medical, oil &gas, agricultural or elsewhere.
Because the collection, processing and use of data has become such a valuable asset for so many
companies and industries, we are experiencing a generational shift in computing, with nearly every
company, small and large, seeking to move networks, servers, data warehouses and virtualization
software functions and components to a cloud-based infrastructure. Indeed, a company’s adoption of
cloud-based technology, with appropriate safeguards, has become first priority for most Chief Information
Officers (CIOs), thus, skyrocketing the use for cloud technology.
126

With this major shift to cloud-based computing, it’s no surprise that cyber vulnerabilities within cloud
technology are also on the rise. So, in addition to migrating to the cloud in order to provide innovative
services that enhance business and drive transformations, CIOs must also be cognizant of the evergrowing
cybersecurity threats to such cloud-based technologies.
While these advances in data and technology have made our lives easier in many respects, they have
also created significant opportunities for individuals and organizations to use the same technology to
commit cybercrimes. Although cybersecurity is neither a new or emerging field, there has been something
of a collective epiphany in the United States regarding the essential and significant role it plays in our
everyday lives, particularly since 2016. Since that time, there have been daily reports of cybersecurity
crimes, ranging from denials of service, to hacks and breaches of personal, financial and confidential
information, to election meddling. Some of the most noteworthy examples of these damaging crimes
include:
• September 2017 – Equifax announced a data breach that exposed the personal information of
147 million people in the United States;
• March 2019 – Capital One Bank experienced a data breach that exposed the personal information
of nearly 106 million of the bank’s customers and credit card applicants;
• April 2019 – Facebook experienced a data breach that exposed 540 million user records on
Amazon’s cloud computing service; and
• June 2019 – American Medical Collection Agency, a third-party billing collections firm which
provides services for LabCorp and Quest Diagnostics experienced a data breach in which the
personal, financial and medical data of 7.7 million LabCorp patients and 12 million Quest
Diagnostics patients were disclosed.
• August 2019 – Twitter CEO Jack Dorsey’s Twitter account was hacked on August 30 by a group
that calls itself the Chuckle Squad. The hackers tweeted racial slurs, antisemitic messages and
at least one Holocaust denial from Dorsey’s account.
In addition to these hacks and breaches, the use of ransomware has dramatically increased as well.
Ransomware is a type of cyberattack that encrypts a computer’s files (and makes unavailable to the
owner/user of such data), in which the owner/user of the data must pay the attacker a “ransom” often in
bitcoin or some other untraceable cryptocurrency to release the files. Since 2013, more than 170 U.S.
county-, city- and state-government systems have been attacked using ransomware, including at least
45 law enforcement offices. (https://www.cnn.com/2019/05/10/politics/ransomware-attacks-uscities/index.html)
Most recently, on August 20 th , the State of Texas reported that twenty-three (23) towns
127

were struck by a coordinated ransomware attack. (https://www.cnbc.com/2019/08/19/alarm-in-texas-as-
23-towns-hit-by-coordinated-ransomware-attack.html)
The prevalence of cybersecurity crimes, and their significant impact, became abundantly clear in the
wake of the 2016 Presidential election, which experienced malicious hackings and massive breaches of
campaign voter data, including hacking of election systems. (https://cdt.org/issue/internetarchitecture/election-cybersecurity/)
As our election and voting systems become more data-driven and
electronic, our nation becomes more susceptible to such cyberattacks, which have and will continue to
impact our voting practices and democratic norms.
(https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/07/15/thecybersecurity-202-here-s-an-overlooked-election-cybersecurity-danger-outdatedsoftware/5d2bc0321ad2e552a21d53d4/)
In an effort to protect our financial, personal, medical, and otherwise confidential or personal data, as
well as our election systems, we need to continue to attract and employ the services of the most qualified
cybersecurity experts from around the world. However, at present, there is a dire shortage of such
qualified experts in the United States. On January 10, 2019, Jon Oltsik, Chief Security Officer of
Enterprise Strategy Group (ESG) and a world renowned cybersecurity expert wrote:
At the end of each year, ESG conducts a wide-ranging global survey of IT professionals, asking
them about challenges, purchasing plans, strategies, etc. As part of this survey, respondents were
asked to identify areas where their organization has a problematic shortage of skills.
In 2018-2019, cybersecurity skills topped the list — 53 percent of survey respondents reported a
problematic shortage of cybersecurity skills at their organization. IT architecture/planning skills
came in second at 38 percent.
The cybersecurity skills shortage is nothing new. Alarmingly, the cybersecurity skills deficit has
held the top position in ESG’s annual survey every year... Furthermore, the percentage of
organizations reporting a problematic shortage of cybersecurity skills continues to increase.
****
Now, people like me have been talking about the cybersecurity skills shortage for years, and there
are a lot of worthwhile industry and academic programs in place to address this issue. Despite
these efforts, however, research from ESG and others indicates that the cybersecurity skills
shortage is getting incrementally worse each year. (Emphasis added.)
128

(https://www.csoonline.com/article/3331983/the-cybersecurity-skills-shortage-is-gettingworse.html)
Our technology and data infrastructure need significant work to keep them safe from hacks, breaches
and ransomware attacks, but there are simply not enough qualified professionals in the U.S. to fill this
need. In this regard, our business leaders and corporations must be open to recruiting and retaining
qualified foreign nationals who possess the requisite skills, education and expertise to perform these
duties.
In addition to the standard-issue H-1B and L-1B visa classifications, there are a variety of immigration
options available to U.S. employers who seek to hire foreign nationals with cybersecurity expertise. One
of these options is the O-1A nonimmigrant classification for individuals of extraordinary ability in the
sciences or business. This often overlooked nonimmigrant visa classification is available to a foreign
national who can demonstrate a level of expertise among a small percentage who have risen to the top
of the field. Individuals who have made original, documented contributions to the field, as evidenced by
patents and/or publications, and have served as the judge of the work of others (journal reviewers/editors)
or in essential/critical capacities can readily qualify for the O-1A visa classification.
Another option available, which leads to permanent resident status in the United States, is the National
Interest Waiver (NIW) petition. NIW petitions are typically granted to those who have exceptional ability
and whose employment in the United States would greatly benefit our nation. Cybersecurity has proven
to be an endeavor that is in the national interest of the United States. Thus, individuals seeking a NIW
can establish exceptional ability through documented evidence confirming that they possess at least a
Master’s degree in a specialized field of study related to cybersecurity; possess at least ten (10) years of
full-time employment experience in the field of cybersecurity; are recognized for their achievements in
cybersecurity; and have publications in the field.
It is clear from the daily reports of cybersecurity crimes, that our nation is in dire need of cybersecurity
experts who possess the resources and advanced knowledge, skills and experience required to combat
these crimes. In this regard, as there is currently a shortage of U.S. workers who possess these qualities,
U.S. corporations and governmental agencies should consider thinking “outside the box” as it relates to
these immigration options in order to attract and recruit foreign nationals with this expertise.
While there are many immigration options available for both temporary and permanent employment of
cybersecurity experts, it is best to plan ahead and consult with an attorney in advance to identify which
options best meet the goals of U.S. employer, the foreign national and most importantly, the national
interests of our country.
129

About the Authors
Lin R. Walker and Scott R. Malyk are attorneys with
Meyner and Landis LLP’s Immigration Law Group,
specializing in all aspects of corporate and businessrelated
US immigration law. Walker and Malyk
represent a diverse group of corporate and individual
clients in a variety of industries, with a special emphasis
on researchers, developers, architects, engineers, data
scientists and business people in the high tech industry
nationwide, which includes individuals whose work is in
the national interest of the United States.
130

Cybersecurity Essentials for Small and Medium Businesses
Protect your business from hackers by knowing some of the top cybersecurity essentials you should
adapt within your organization.
By Alex Hunter, Business Development Representative, ImageWare Systems
Both government agencies and big companies like Target have been known to fail when it comes to
maintaining cybersecurity. This makes small-to-medium-sized enterprises (SMEs) even more vulnerable
when it comes to data breaches.
Cybercriminals commonly attack SMEs because of their laxer cybersecurity measures. New business
owners from various industries often have little to no knowledge of cybersecurity solutions and tend to
make it the least of their priorities when starting. This is why many hackers and other types of
cybercriminals target them.
In fact, research from the US Congressional Small Business Committee indicates that 71% of
cyberattacks occurred at companies with less than 100 in the workforce. To add, Verizon’s 2019 Data
Breach Investigations Report found that over 43% of system breaches have affected small businesses.
This is a cause for alarm, after considering the report published by the US National Cyber Security
Alliance suggesting that approximately 60% of all small businesses fold up within six months following a
major cybersecurity attack.
131

Fortify your cybersecurity by looking out for the most common types of attacks
Cybercriminals often tend to go for accessing sensitive business data like your clients’ identifying private
information (names, birthdays, employment details, etc.), credit card data, and other info they can use to
exploit your cyber vulnerability. Know some of the most common potential cyberattacks that can occur in
today’s connected world.
• Malware
Shorthand for "malicious software,” malware refers to any software or program including worms, Trojans,
spyware, and ransomware. When an attacker encounters vulnerable networks, they often enable
unauthorized access to unknowing victims’ devices.
• Phishing
Hackers collect sensitive information such as credit card specifics and login credentials via fraudulent
websites packaged to look authentic. Users are sent emails with links to these fake websites.
• Password attacks
Hackers can infiltrate accounts and networks, then modify settings in three ways. The first one is through
a brute-force attack or guessing passwords to gain access. The second is through is a dictionary attack,
which involves the use of software or program made to try various password combinations of known
dictionary words. Lastly, keyloggers pilfer data by recording a user’s keystrokes on sites and apps.
• Inside attack
Rootkits are commonly used by perpetrators who have administrator-level access to specific devices to
manipulate and collect user activity and sensitive data or change various settings.
• Unsecured networks are vulnerable to Man in the Middle (MitM) cyberattacks
When clients and companies exchange data to transact, hackers who use the MitM method facilitate the
attack by installing malware that intrudes the flow of information to steal sensitive information. Unsecured
public Wi-Fi networks are often vulnerable to this kind of approach, as this is where cybercriminals have
installed malware that can analyze data.
• Malicious mobile apps
As workplaces continue to approve the use of private devices in the office, companies are becoming at
risk of being infected by malicious apps that could easily be downloaded on Apple Store or Google Play.
These apps have the power to monitor user info or spam the victim with digital advertisements.
• Zero-day cyberattack
Zero-day cyberattacks are major, system-wide problems that can go undetected by developers or
cybersecurity teams for long periods of time. Attackers get a hold of your company’s cybersecurity flaws
and use them against you in many ways unless detected and repaired.
132

Cybersecurity essentials to remember
Here are some vital strategies to prevent cyberattacks and data breaches on your small or medium
business.
1. Evaluate your cybersecurity system with available tools
Some planning and assessment tools that can help SMEs evaluate cybersecurity threats in their system
include the Federal Communications Commission’s Cyberplanner.
Two other platforms developed by the Department of Homeland Security (DHS) called Cyber Resilience
Review (a non-technical assessment which can be self-service or done on-site by DHS experts) and
cyber hygiene vulnerability scanning for SMBs can also help spot vulnerabilities within internet-facing
ecosystems.
2. Formalize and continue reviewing your cybersecurity policies and needs
A 2017 Research by Ipsos suggests that an alarming rate of over 39% of SMBs have defined
cybersecurity policies despite its importance. Having formal policies for cybersecurity is highly essential
for businesses of any size. It serves as a document that enumerates rules regarding digital security,
controls, and security policies when it comes to the use of gadgets or mobile devices.
This can also include topics from onboarding new hires, access to sensitive company data, protocols on
revoking access to business information upon employee termination, and many more. Since digital
technologies and rules may change swiftly without warning, you should also regularly visit your policies
to make sure that you are up to speed with the latest or emerging cybersecurity trends.
3. Train employees on relevant cybersecurity policies
All personnel and employees within an organization are required to undergo some level of training when
it comes to cybersecurity guidelines and best practices unique to your organization.
Some simple policies you could implement from the get-go include the encouragement to use strong,
unique passwords for all their work-relevant accounts or files, training them on identifying the signs of a
malware attack or phishing, and making them aware of cyberattack risks that can pose security threats
like public Wi-Fi networks outside the workplace.
4. Utilize authentic and updated antivirus, anti-malware, or antispyware software, and
hardware- or software-based firewall system
Anti-malware software for small businesses is one of your first wall of defenses against viruses and many
types of attacks. Such software can be found online with a simple search. Online software vendors
regularly update these downloadable products with patches and various upgrades to improve numerous
functionalities, so you should always be on the lookout for those.
Aside from upfront or maintenance costs, take factors such as privacy policies, customer support
services, configurability, and overall system impact into account when looking for antivirus software.
133

5. Employ additional data security measures
Protecting your business from cybersecurity threats should be one of your top priorities. Depending on
the extent of protection you need after your assessment, you may continue improving your security
measures with additional access-restricting features.
Some additional security measures you can employ to protect your business and client information further
include the use of multifactor identification for accessing sensitive information, data backup solutions like
online cloud backups and network-attached storage, encryption software, and password security
software.
Conclusion
Digital threats abound for SMEs that do not place importance on data security. You do not necessarily
have to splurge on the latest hardware, software, or dedicated IT service, whether offshore or within the
organization.
Adapting the essential tips covered, such as accurately evaluating your cybersecurity risks and needs,
establishing clear-cut rules and policies, training employees, using proven antivirus or antispyware
software, and adopting additional data security measures for multi-layered protection as needed will work
for increasing your defenses against ill-intentioned hackers.
About the Author
Alex Hunter is a Business Development Representative from ImageWare
Systems. She has spent the past 8 years working to develop market
awareness of, what is now recognized to be, one of the world’s leading
2FA/Multi-Factor Biometric Authentication solutions available today. Alex
can be reached online at https://www.linkedin.com/in/alex-hunter-
724297179 and at our company website https://iwsinc.com.
134

New Cybersecurity Trend: Hackers Impersonating Other
Hackers
By Jonathan Drake, Senior Intelligence Analyst at Optiv Security
Cyber threat intelligence usually categorizes threat actors in fixed classes. While these classes may vary
from organization to organization, typical threat actor groups will include: 1) Nation-State Threat Actors,
focusing on government interests and espionage-based activities; 2) Cyber-Crime, individuals/groups
highlighting ‘criminal intent’ with vast majority being financially motivated; 3) Hacktivism, ideological in
nature and extremely resilient; and 4) Commercial Entities, private legal entities that create marketplaces
for the commercialization of offensive/defensive hacking and surveilance capabilities.
While categorizing threat actors into classes such as these has been helpful for information security
professionals during identification and remediation processes, new research from Optiv Security reports
automated threat categorization to be a double-edged sword. According to Optiv’s 2019 Cyber Threat
Intelligence Estimate (CTIE) report, it’s a mistake to assume that these categories are rigid or to assume
that a threat actor’s classification is distinct and static, because a growing trend in cybersecurity is on the
rise: threat actors impersonating each other to hide true intentions. Called “hybrid threat actors,” this
135

emerging class of cyber-criminals masquerades as a different classification to hide their true agenda.
And, some using more than two, switching between classes as priorities change.
Hybrid threat actors introduce tremendous security risk, because security orchestration and automation
tools are not looking for the curve ball. Let me explain.
Automated security technology is designed to reduce the work load on resource-constrained IT teams.
An example of automated security technology can be found in the detection and response functionality
of a SIEM. Automated alert investigation and response is based on pre-determined rules and/or
behaviors. Variable thresholds allow organizations to customize their detections in response to changing
threats, such as financially motivated attacks. Automation can also be used as an effective tool to set
default responses to alerts.
The problem, though, is that threat actors have figured out how to impersonate other categories of
adversaries to divert attention away from their true target. For example, there may be a state sponsored
threat actor posing as a garden-variety cyber-criminal targeting the customer database. While security
systems are triggering an automated response, attackers shift their tactics to executing on their true
intention – installing malware to siphon off intellectual property (IP). The security team thinks it has
thwarted an attack on the customer database because of a kill chain trigger, but, in reality, it may have
missed the ongoing theft of IP. Think of it this way: Someone breaks into an office and steals a couple of
printers to make the police think it’s a petty theft, but what they’ve actually done is put listening devices
in the CEO’s office and the boardroom so they can manipulate the stock market.
What can be done?
CTIE research shows that activities by hybrid threat actors are on the rise, and they’ve mastered the art
of deceiving security tools to reach their intended target. Information security professionals have been
doing it for years, so why would we assume that these hybrid threats wouldn’t? The question for IT
security teams is: What can be done to stop them? Here are three best practices that will help defend
against this new class of threat actors – and mitigate enterprise risk in the process.
1) Implement a risk-centric approach to security – If there’s one thing that we urge organizations
to do, it’s to tie cybersecurity functions to enterprise risk. This means ensuring business-specific
risk and business objectives dictate the security model, rather than the latest cybersecurity threat
or compliance mandate. With a risk-centric approach to security, IT security teams can accurately
identify what data and assets are most likely to be targeted, who is most likely to target them, and
how it will likely happen – and then they can customize their security strategy accordingly.
Because the focus is on business risk and not one particular class of threat, the attack method
and cyber-criminal motive are no longer the basis for cybersecurity strategy. Rather, prioritizing
and protecting high-risk targets is the basis for strategy. In the example cited earlier, the
organization would already have understood that state sponsored threat actors were a likely
136

adversary due to intellectual property importance, so there would be no possibility of leaving that
kind of hybrid attack “undefined.”
2) Master security “basics” – Optiv’s recent “State of the CISO” research report found that
organizations are not prioritizing security basics like patch management and vulnerability
scanning – even though unpatched vulnerabilities are often cited as the most common source of
data breaches (57% of all breaches, according to a study by the Ponemon Institute). Failing to
execute on security basics leaves holes that cyber-criminals are increasingly adept at exploiting.
Not to mention, if a company isn’t operating well when it comes to cyber-security fundamentals,
then it won’t be able to successfully implement more advanced security processes, technologies
and initiatives.
3) Maintain the human element – Automated security tools can help us cut down on the noise and
make cyber-security more manageable for information security teams, but it’s not the “fix all”
solution. Flipping the automation switch doesn’t surround the organization with an impenetrable
shield. Organizations must continue to include the human element in security processes, so, when
hybrid threat actors do throw a curve ball, information security professionals are there to switch
up the grip and grab the home run. It’s also important for information security teams to periodically
reevaluate defined threat actor groups and associated security policies to ensure they align with
the latest industry developments. Hybrid threat actors require a hybrid solution.
While hybrid threat actors are a component that many organizations haven’t yet encountered, there’s no
reason to panic. By implementing a risk-centric security model and following best practices such as those
above, information security teams can build and maintain a solid security foundation. And with this
strategy in place, organizations can put themselves in a strong position against the cybersecurity battle,
every time.
About the Author
Jonathan Drake is a professional Intelligence analyst accumulating
nine plus years of civilian and military experience. Drake is currently
employed as a Senior Cyber Intelligence Analyst with Optiv and is a
critical member of Optiv’s Global Threat Intelligence Center Team
(gTIC). As a member of the gTIC, he assists staff and clients
with cyber-based intelligence research and products. As a
processional intelligence analyst, Drake seeks to deploy his refined
analytical skills and technical knowledge to assist leaders with
obtaining goals and objectives set by stakeholders. Jonathan can be
reached online at https://www.linkedin.com/in/jonathandrake83/ and at
our company website https://www.optiv.com/
137

Software Defined Perimeter Deep Dive & Required
Implementation Readiness
By Parthasarathi Chakraborty
SDN, SDWAN & SDP are frequently encountered terminologies to the technology professionals these
days. It is necessary to understand each of these terms before making any technology purchase decision.
As a security executive, I was confused when first encountered these concepts. I thought it will be a good
idea to pen down some of the differences and utilities of these technologies for with a focus on SDP and
prework needed by the organizations for a successful adoption.
What is SDN or SDWAN?
SDN or software defined networking is a concept that isolates control plane or brain of the networking
gear from the data plane resulting in faster, better and cheaper ways of corporate internetworking. Branch
to headquarter connectivity used to require expensive T1 circuits, private MPLS cloud with classic
networking. In todays world with the advent of IaaS, PaaS and SaaS services, branches require to have
138

a multi-dimensional connectivity with corporate headquarter and cloud service providers. It requires an
intelligent and faster transport with lower total cost of ownership. SDWAN or software defined wide area
networking came into picture which is a realization of SDN concepts. Regular routers are offloaded from
routing, quality of service or intelligent intent based networking decisions and focus purely on faster
packets processing. SDWAN decouples networking control plane from data plane with a new and
intelligent overlay network. Corporations no longer need expensive MPLS or T1 only circuits, can have a
variety of transport including cable, LTE, 4G/5G connections over internet for connectivity. SDWAN
overlays decide routing, QoS and other intelligence where the underlaying transport focuses on data
delivery. SDWAN is faster, transport agnostic (MPLS/4G/LTE/Cable) and cheaper wide area connectivity
for organizations and SDP is needed to secure SDWAN connectivity.
What is SDP and how does it work?
SDP or software defined perimeter is based on the concepts of SDN but focuses on eliminating the
inherent security weakness of network level connectivity by adhering to the concepts of ZTS or zero trust
security model. Classing network connectivity is based on a trust boundary, usually established by
placing a firewall. Inside the firewall resources are “trusted” and allowed to talk to each other in a more
lenient fashion compared to entities from “outside” the firewall trying to connect to the resources “inside”
the corporate network. This model used to work just fine but has becomes flawed today because the
demarcation between inside and outside network is getting blurred. Cloud, bigdata, mobility is the driver
for extending the organization’s boundary beyond corporate data centers into public space making it just
impossible to have a demarcation. Without a defined boundary, the onus is on cyber folks to protect the
resources regardless of the origin of the connection – be it “inside” or “outside” the corporate network.
Zero trust security (ZTS) got prominence because of the new context where organizations can’t have a
defined boundary. The core concept of ZTS is allowing communication on “need to know” basis with
overly restrictive access permissions. Only allow the application or services needed to run the application
supporting a business process and take away unnecessary permissions. SDP accomplishes zero trust
security with an architecture that requires three components- SDP client, SDP controller and SDP
gateway. SDP controllers act as a brain and the central decision-making authority for allowing SDP clients
on the remote branch or third-party networks to talk to the protected resources behind the SDP gateways
in the corporate data centers. Remote computers running SDP clients can only connect to allowed and
published applications on the corporate data center brokered through the controllers after the user is
authenticated and authorized at the controller level and the device integrity along with other granular
posture details like geolocation is validated. The flow of events will be the following;
• SDP gateway established a connection with the SDP controller through which it exchanges
information about published applications in the corporate data centers and receives information
about “screened” SDP clients before allowing the inbound connection
• SDP clients authenticate, authorize using PKI with the SDP controller, part of the process the
device integrity is also validated with posture scan and footprint hash. Only when the user behind
the SDP client is authenticated, authorized and the device carrying the SDP client is validated to
have the right level of integrity, SDP controller provides SDP gateway IP address to establish a
connectivity.
139

• SDP client opens the tunnel with remote SDP gateway and gets the access to allowed
applications published for the client
Is SDP a buzzword or it comes with great benefits?
Now we understand the SDP architecture, but the question becomes why do we need it in the beginning?
It is a buzzword or a shiny-toy syndrome or it truly brings benefit to the organization? The short answer
is SDP brings security benefits with a huge cost saving and reduces operational complexities by lowering
the number of devices needed to manage for allowing a remote connection to the corporate hosted
application. But what’s wrong with classic remote access VPN or site to site VPN connectivity model?
Basically, the classic connectivity requires a ton of appliances called VPN concentrators on the corporate
headquarter to validate incoming requests from remote users or branches. After authentication and
authorization, the remote user or branch lands on the “inside” network with a free pass to conduct
reconnaissance since it gets an IP address of the inside “trusted” network. Any hacking attempt starts
with discovery of services or reconnaissance, if we can stop the discovery by only allowing access to the
applications as opposed to assigning an IP that is routable inside the VPN concentrator then we can
reduce the security risk to a greater extent. Applying the concepts of zero trust security also allows us to
validate the identity of the user or integrity of the computer of the connectivity request. Aside form security
benefits, SDP is also a cost saver by eliminating the needs of keeping the stacks of VPN concentrators.
The brain behind zero trust connection stays with the SDP controllers which are cloud based services in
most of the cases that can be scaled up or down at a fraction of the cost and the organizations need a
few service provider owned SDP gateways in the corporate data centers resulting in a huge cost saving.
What considerations should be given before starting any SDP implementation?
First and foremost, SDP implementation requires certain level or organizational maturity. On the surface
it sounds like a hassle-free switchover, more secure and cost saver remote connectivity solution but you
may end up opening security holes unless you have a strong segmentation practice implemented in the
corporate network. Implementing and upkeeping a micro segmentation is a fair amount of work
depending on the size of the organization. But why do we need a micro segmentation solution for a
secure adoption of SDP? Isn’t SDP supposed to bring more security to the environment? The answer is
in the SDP architecture. The gateway is a piece of software provided, managed and maintained by the
SDP vendor that is in the corporate datacenter. As explained in the previous section, SDP gateways
initiate and always keep a connection open with the SDP controller. Even though the remote clients can
only access applications allowed for remote consumption, the SDP agent can move horizontally in the
corporate network and conduct reconnaissance or connect to any other server by exploiting loopholes
and privilege escalation techniques. Unarguably it can only happen when the SDP service and the
gateway is compromised. Since the gateway software is managed, operated and upgraded by the service
provider where organizations don’t have any control or ability to implement standard software
development life cycle process with security checks and balances – it is always advisable to not
completely trust the SDP gateway and build a perimeter around it’s mobility. It is required to have a
microsegmentation implementation to ensure the SDP gateway can not move horizontally in case it is
compromised and infect other system with a wider blast radius.
140

To conclude, we can say that SDP certainly makes sense to adopt as a VPN replacement solution to
reduce cost and improve security, but organizations should have a microsegmentation implementation
in place before deploying SDP.
About the Author
Parthasarathi Chakraborty
CISSP, CCSP, CEH, CHFA, MS (Infosec -WGU), MS (Technology
Management -Columbia University)
Director – Infrastructure & Cloud Security Architecture
Currently at Bank of Montreal, previously with Guardian Life, JP Morgan, Bank
of America & Merrill Lynch in Cyber Executive Leadership Roles
Member: Forbes Technology Council, Rutgers University Cyber Security Advisory Board, New Jersey
Institute of Technology CSLA Advisory Board
141

Sprint Beta Testing 5G Smart City in Georgia
By Kayla Matthews, Freelance Writer, Productivity Bytes
Sprint has started beta testing some of its new 5G technology in Peachtree Corners, Georgia. Though
the test doesn't encompass the whole city, it will determine what conditions would be like on a larger
scale than the previous rollout.
Sprint is using the Curiosity Lab, which contains a 1.5-mile track inside a 500-acre technology park. It's
made only for autonomous vehicles, meaning Sprint is starting to look closer at self-driving cars.
At least seven companies participated in the unveiling on the first day, each one bringing along a little
something different.
Kia tested out autonomous vehicles but was the only major car company there. Local Motors brought
autonomous passenger shuttles, though, which made up the difference. Drones were brought in from
Autodyne, and Softbank Robotics arrived with floor cleaners.
Going in a different path was Georgia Power with smart light poles, Reef Kitchen with delivery-only
kitchen solutions and CloudMinds for AI testing in the cloud.
Here's what Sprint has been doing in Peachtree Corners, and what it means for the future of 5G and
autonomous technology.
142

The Launch of Curiosity IoT
The cloud has a lot to do with the Peachtree Corners testing. In November 2018, Sprint launched its
Curiosity IoT (Internet of Things.) The Curiosity IoT is software that directs traffic within the IoT. This
entire directive is to build better smart cities for the future by starting with IoT and making it more efficient.
As technology advances and time goes on, we accumulate massive amounts of data at any given
instance. Part of 5G on the Curiosity IoT is to help build more space for all this information while still being
able to collect more. The Curiosity IoT will allow any device to connect to the IoT no matter what
technology is used, so we'll have more efficiency and better access.
Sprint Leads the Charge
Peachtree Corners isn't the first place to see 5G technology from Sprint. In fact, Sprint launched mobile
5G in Atlanta in May 2019. This network covered 150 square miles and over 560,000 people, allowing
them to be the first members of the public to use 5G whenever they wanted.
The testing is a little different in Peachtree Corners, as residents can use the network but they are not
part of the experiment.
Sprint is certainly not the only carrier to start testing 5G's limits. Verizon is working on its own initiative at
the University of Michigan with its connected city plan called Mcity. It works with a 32-acre site that
includes over 16 acres of traffic infrastructure and a test track, much like Sprint.
The approach is to create better 5G solutions for autonomous vehicles with pedestrian safety in mind.
The 5G Turning Point
Jan Geldmacher, president of Sprint Business, gave a statement when the Peachtree Corners testing
facility was announced.
She explained their 5G plan as follows: "From enabling the most accurate real-world navigation possible
to delivering immediate intelligence from IoT connections, companies can now better test, and ultimately
scale, new solutions for the smart city landscapes of tomorrow."
Though the testing facility at Peachtree Corners has thus far focused on businesses and their innovation
needs, Sprint is still looking at the public's point of view through Atlanta.
At this rate, perhaps 5G will become the new normal before we know it. Until then, there's a lot of testing
to be done, especially when handling, organizing and storing the immense amount of data we've collected
and continue to find.
Sprint is already conducting the testing required to lead this technology well into the future.
143

About the Author
Kayla Matthews, a cybersecurity journalist, has written for sites like
Security Boulevard, the National Cyber Security Alliance, Information
Age and more.
Matthews can be reached via Twitter @KayleEMatthews or on
ProductivityBytes.com.
144

Stressing Security Teams
By Jody Caldwell
Workplaces create stress – it’s an unfortunate fact of life – work is stressful. Stress isn’t even terribly
complicated. People stress out when they believe that demands outstrip their resources or know-how.
There’s a difference between feeling pressure and feeling anxiety. Sometimes being “under pressure” is
positive, because it’s a challenge that ultimately provides an employee a sense of accomplishment.
Sometimes it even yields an iconic collaboration between David Bowie and Freddie Mercury.
While employees may be willing to accept pressure, they shouldn’t be forced to accept anxiety. Too much
or too-difficult work can lead to long-term worry, which rarely leads to higher productivity. Whether feeling
stressed due to lack of personal efficiency, proper training, collegial appreciation or even systemic
dysfunctions, too much pressure can quickly escalate to manifest harmful physical and emotional
reactions.
145

Despite coffee mugs regularly shouting from the shelf that “the grind never stops”, habitual stress puts
the human body in an endless fight-or-flight response mode, elevating blood pressure, increasing the
heart rate and straining the body and mind. Just ask Dr. Bruce Banner. While security analysts won’t gain
super-strength from super-stress, they may turn a shade of green: workers who are under constant
pressure get sick more easily, are more irritable, and have a harder time concentrating.
For security pros, such stress and anxiety has become a daily fixture, leading to an alarmingly high
degree of burnout. Talent attrition is an enormous problem within the industry. Even more worrisome,
ESG has found that 68% of cybersecurity professionals believe that a cybersecurity career can be taxing
on the balance between one’s personal and professional life.
Given the rise of mental health awareness, companies are now alarmed about the consequences of their
security experts taking the pressure of their jobs home with them. Many places of business are searching
for solutions to mitigate the effects of stress like substance abuse and major depression. But companies
need go beyond providing employees with massage chairs, napping rooms and fur-ternity leave, and
equip them with the necessary tools to manage the demands of their roles.
Security analysts are inundated with more data than ever. Ostensibly, this is a good thing as it means
access to a larger collection of threat indicators. At some point, though, more data starts to become too
much data. Teams have to manage feeds and data inflow from multiple intelligence providers and open
source providers. Tickets and events come up tens or hundreds of times a day, raising frequent and false
alarm bells that unnecessarily spike the heartrate of analysts, or worse, inure them to threat. SIEMs have
been helpful in monitoring the network by collecting and correlating the data, but they still require an
analyst to follow up by researching the event, determining the relevant action to be taken, and ultimately
submitting the ticket.
There’s no question this is a real but silent suffering in security. Providing triage to so many alerts is a
tedious and mind-numbing task with little reward and a lot of risk. When the demands are greater than
the supply of attention an analyst can provide, things begin to fall between the cracks. An overload of
expectations in combination with inefficient solutions may prevent employees from being productive. In
some cases, people faced with this strain avoid dealing with a problem entirely, which may worsen the
situation and increase tension for them and others around them. Drawing upon a useful axiom, even
information is best in moderation.
Organizations can help prevent their IT and cybersecurity professionals from becoming either anxious
from or desensitized to alerts, warnings and notifications by shedding manual processes and using
platforms that have been invented from the start with the cyber team in mind. In doing so, they can solve
an immediate business problem and prevent a future one – employee retention issues.
Put Some Things on Auto-Pilot
When a job becomes overly tedious and manual, it frustrates valued talent. Security teams are driven by
highly intelligent individuals who are rarely happy performing monotonous tasks like North Pole elves in
a holiday movie. Companies can save their talent from spending the majority of their days copying and
pasting between spreadsheets and tools through tailored automations that are often called playbooks.
146

Playbooks are most widely known in the world of sports as a collection of strategies and plays that a
team has practiced and could potentially run during a game. There are parallels to this in the world of IT,
tasked that are common across organizations and can be managed through automation that efficiently
processes data, creates intelligence and pushes it out to security teams or defensive tools. In short, when
it comes to security teams, we’re telling you to put them in, coach.
The resulting time savings frees up analysts to focus on more complex work that requires their intellects.
Instead of worrying about submitting tickets to a firewall team or stressing out with each and every alert
that comes up, they can spend more time on higher level threats and solutions – things that can’t be
automated.
Teach Self-Defense
Some security analysts endure the mental strain that comes with working on tasks without adequate
training. 62% of cybersecurity professionals believe that their organization is not providing an adequate
level of training for them to keep up with IT risks. That’s like giving half of Hogwarts a pool noodle to fight
Voldemort.
While companies trust cybersecurity teams with the entirety of their data, analysts’ current roles don’t
allow time for more sophisticated cybersecurity education—setting both parties up for disappointment
when a lack of education slows the response time for the inevitable breach. Businesses keep security
analysts busy with boring and redundant tasks yet expect them to save the day when issues of higher
complexity come knocking.
Frustration can easily occur when being forced to make decisions without being properly informed, just
ask anyone with only a selfie to go off of when deciding whether to go on a date with their Tinder match.
An integrated cybersecurity platform is like getting a friend’s opinion of all of your dating-app matches, it
can reduce guessing and provide context for threat data, resulting in better outcomes. One of the many
benefits of a SOAR (Security Orchestration, Automation and Response) platform is that it automatically
ingests all of the internal data and external threats. It then normalizes the information to be easily
understood by each user role.
The Well-Being Supply Chain
Security analysts are among the most highly educated employees in many companies, endowed with
unique skill sets not found elsewhere within most organizations. Forcing these individuals to spend their
time completing repetitive tasks while trying to prepare for the unknown is difficult enough- Mr. Miyagi’s
method of preparing a child to fight by having them tediously wax his car is a training technique that only
works in The Karate Kid. Outside the cinematic universe, adding the requirement to prove one’s worth
without tools to do so can truly weigh heavily on one’s mental health. It also turns them into less effective
collaborators with their supervisors.
147

SOAR platforms can help to alleviate stress further up the chain of command as well. Being able to show
ROI is crucial for those feeling the constant anxiety of demonstrating their worth. Supervisors in the IT
field have long been plagued by accountability and attribution problems with respect to proving their value
– it’s difficult to attach a dollar value to the downtime that never happened.
By nature, security teams are not revenue-generating, but they’re designed to protect the business
services that do. When a cyber security team is successful in achieving zero downtime, nobody notices,
so for those looking in from the outside, it can be difficult to measure the value a security analyst brings
to a company. When security analysts are able to easily demonstrate return on an investment, they no
longer struggle to procure future resources that could be critical for the continued success of security
operations, and even for the company as a whole.
From the perspective of those tasked with overseeing the structure of a company and the use of its
resources, empowering the cybersecurity team to better orchestrate and automate its routine and highstress
tasks only makes sense. It’s also simply the more ethical approach – with better tools available
thanks to SOAR platforms, there’s simply no reason to continue subjecting our colleagues and team
members to unnecessary stress.
About the Author
Jody Caldwell is the Sr. Director of Customer Success for ThreatConnect.
Previously, he spent time in both the DoD and the Intelligence Community working
with Network Security Operations Centers (NSOC) and Computer Emergency
Response Teams (CERTS) in a variety of positions that include cyber threat
analysis and leading cyber threat hunt teams. Jody's passionate about working with
customers to strengthen security programs and leverage cyber threat intelligence
to enhance their awareness while mitigating risks. Jody lives in Charleston, SC and
enjoys boating and golfing.
148

The Importance of Cybersecurity When Dealing With Online
Customers
By Riya
The internet has become one of the most populated places ever known. With more businesses deciding
to integrate, it is good to note that the level of insecurity when it comes to transactions is still not
impressive. From records, millions of dollars are lost online, thanks to hackers. As an e-commerce
entrepreneur, you should know that keeping your website safe from such threats is the first thing you
need to do. It's also important to understand that other than hackers, there are other more threats that
can severely affect your business. Other reasons why you need to keep your site security on high alert
is because;
You want to protect your customers’ details
One of the things that hackers are always looking for is the personal details of people. That is why anyone
running an e-commerce website that requires the customers to share sensitive information needs to
ensure that the data is safe. What happens is, a hacker needs this information to impersonate the original
owner. This can give them easy access to many online platforms used by the owner, including the bank
account. That is why most e-commerce websites are required to use SSL certificates. That is because
they encrypt data shared between two computers. If you have an e-commerce website that runs multiple
149

subdomains, you can opt for a wildcard SSL certificate. You will although want to take your time to find
the most excellent that is easy to use.
You don’t want bad reviews
With a poor service on your ecommerce website, you are most likely to get bad reviews on your social
media pages and other discussion forums. This should be the worst that to ever happen to your business,
especially if they are more than the positive reviews. When customers who shop from your website keep
ending up with a cybersecurity breach, they will not want the same thing to happen to someone else. Bad
reviews can mean danger to your enterprise, and in worst scenarios, you will have to shut down.
You want to keep viruses and malware out
Other than hackers, some programs can cause damage to your computer. As the admin, know that you
have a lot of data to protect. Some customers use machines that have been invaded by these programs,
and through sharing data, they can quickly transfer them to your servers. To avoid all this risk, you need
to make sure that your guard is always up. Some customers don’t know so much about cybersecurity
and as part of boosting your security, you should enlighten them.
There are several ways through which malware or virus can attach a smart device or computer. Some
include;
• Using a public Wi-Fi that is shared
• Downloading files that you are not sure about
• Clicking on ads and some links
• Using a USB storage that contains affected files
• Accessing unsafe websites
You don’t want to lose money
Some hackers are too smart and realizing that you have not adequately secured your e-commerce
website, they can clone it and divert customers. What happens is, they come up with a website looking
exactly like yours and put it right in front of your site. That means, when someone tries to access your
website, they will find the one belonging to the hackers first. Not only will they share some sensitive
information, but they will also end up making payments to the wrong account without knowing it.
You want to safeguard your reputation
Reputation is vital in any ecommerce company, and that is why names like eBay and Amazon remain
giants in this industry. Some customers can only shop from these two platforms because of the name
they have. One of their main strengths is that they are true meaning that customers have less to complain
about. It is, however, important to mention that sometimes, they too experience problems. A good
reputation ensures the future of your company because an impressed customer is more likely to drag
two or one new customers every once in a while.
150

You don’t want problems with the authorities
Without a secured e-commerce website, you already know that your customers are not safe. If a hacker
manages to access the bank account of your customer and clear the money, you remain accused. This
can land you in court, especially if you are guilty of not adhering to the rules of running an online shop.
The law understands that as the business owner, customer protection is your responsibility because you
are responsible for the payment gateway settings. If anything, a customer willing to buy your products
doesn’t have a problem of physically finding your store if it is within their reach.
You may want to expand
In most cases, online businesses tend to snowball. Some end up getting more orders from other countries
than their local area. Hackers are attracted to online companies that perform well because they promise
a bigger reward if they manage to breach. If you have been keen on cybersecurity options like SSL
certificates, you will find that they are sold in categories depending on the level of security needed. That
is because they understand that the more an online company is expending, the higher the risks. You will,
therefore, need to upgrade your security concerning the size of your market.
Conclusion
Online companies invest lots of money to ensure that they keep their customers and data safe. There
are many ways of doing this but most importantly, know that one technique alone may not be enough to
keep the hackers away. Combine some methods and for better results, get a cybersecurity expert on the
job. One mistake that much new e-commerce entrepreneur do is that they use videos and articles from
the internet to set up security. It is not a bad thing; however, know that for the safety of your company,
you will need more advanced skills. Besides, hackers have already watched the same videos and are
already scheming for alternatives.
About the Author
Riya is working as content marketer at ClickSSL.net. She has inspired writer
writing in several areas of expertise. With spending her years working marketing
communication, Riya is delighted to work with aspiring small business owners.
Apart from her marketing expertise, Riya always enjoys reading pocketbook,
cooking, and traveling.
151

How to Stop Cybersecurity Attacks before They Start
By Dr. Johannes Bauer, principal security advisor, identity management & security, UL
Cybersecurity breaches are part of the nasty
reality of today's IT infrastructure and even
though they are not commonly talked about,
many individuals and businesses are the targets
of attacks. Sometimes the victims are none the
wiser that a breach even occurred or data was
stolen. When looking toward the Internet of
Things (IoT), it becomes even messier. With
over an estimated 30 billion connected devices,
IoT cybersecurity has a greatly increased attack
surface compared to enterprise infrastructure.
This also provides an attack surface that is
decentralized and distributed among millions of
different networks all over the world.
Everything would be so much easier if only, after
discovery of an attack, we could push a button,
go back in time, and do things over. With no
DeLorean with a flux capacitor on the horizon,
that option falls flat.
The first important thing to realize is that security
is not a feature or property of a product. Instead,
it is a process, i.e., constantly evolving and
changing. The rules of the game are changing,
and they're changing fast. The reason for this is
152

fairly simple – software in our connected
products today is complex and consists of many
thousands, sometimes many millions, of lines of
source code. It is guaranteed that somewhere
within this code, there's a vulnerability lurking –
a length field that has not been validated
properly, an SQL statement that does not
properly escape its input, or a webpage that
includes untrusted data. At the time of
manufacture, such issues might be completely
unknown to the vendor of a product and, unless
anyone specifically looks for these problems,
they're not going to pop up. Even worse, we’re
still discovering new types of vulnerabilities,
which once known can affect software previously
considered secure.
Once they're found, these vulnerabilities or
weaknesses can often become public
knowledge, either through responsible
disclosure by a security researcher, through
direct exploitation in the field, or by reverse
engineering patches which show where areas of
code have been updated. Anyone can then
easily pinpoint and target a specific vulnerability
in order to exploit it.
Therefore, in order to remain ahead of the curve,
it is crucial to know what software is contained
within a product. This not only means all
proprietary software components but,
sometimes even more importantly, all third-party
code installed and used by the proprietary code
as well. For each component, it’s vital to know
that this is part of the overall Software Bill of
Materials, but it must also list the exact version
included within the package. Everything on the
list then can be continuously monitored in order
to be notified of any potential vulnerabilities. A
good place to start is looking at MITRE's
Common Vulnerabilities and Exposures (CVEs)
list, where over 130,000 vulnerabilities are
recorded and continuously tracked. Those CVE
identifiers are used to uniquely itemize
vulnerabilities. Databases like the National
Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) refers to
the MITRE list and gives not only a rough
quantification of their severity, but also enriches
them by cross-referencing original sources, fixes
or test code.
But what happens if such a dreaded notification
comes in? First, citing the advice of Douglas
Adams – don't panic! Not all vulnerabilities, even
those that are marked as critical, affect every
product in every configuration. This is why the
triage of security issues is a crucial step in the
evaluation of a weakness – somebody in the
organization needs to determine if the
vulnerability is even effective in the way the
product has been built. Many bugs only affect
certain architectures under which the
dependency has been built or build-time
configuration variables such as linked libraries.
Others only affect protocols that are configured
in a certain fashion – something that might not
even be used in the product itself. Examples of
either would be a library that is only vulnerable if
it includes XML parsing support or a TLS library
that only has an issue when used with a specific
cipher suite.
Unfortunately, this triage process can be quite
complex and detailed, and often requires skilled
resources to assist or perform the process.
These resources responsible for triaging the
vulnerability need to decide if the product is
affected by the vulnerability, and they also have
to estimate the worst-case impact. For this,
many things need to be taken into consideration.
How large is the attack surface? How many
products are in the field? Are there security
controls or countermeasures already in place?
After deliberating on all of these aspects, an
action plan needs to be formed. Usually,
patching the vulnerability is the
clearest path forward, but it's
not the only one. In fact, some
153

circumstances even make it impossible to
update a specific software component, so
alternatives and workarounds are often
necessary.
For example, rather than patching or removing a
vulnerable component, remediating
countermeasures can be implemented. If a
vulnerability is discovered where oversized data
for a particular protocol can trigger an exploit,
then a simple remedy could be to implement a
firewall rule that discards such large packets
before they even get to the vulnerable piece of
software. For example, limiting the size of DNS
packets to prevent a buffer overflow.
Of course, such a change can have adverse
effects on the product itself and needs to be
thoroughly tested before putting in effect.
Lastly, if neither patching nor a workaround is
possible, a last resort can be to accept the
residual risk and mitigate only the impact of a
vulnerability. An example of this would be a
piece of software that has a weakness which
allows attackers to crash it remotely. At a
minimum, the software could be configured to
automatically restart in case such an event
happens, and perhaps to send a notification that
something has happened, so that potential
exploitation of the vulnerability can be monitored.
Needless to say, from a security engineering
standpoint this isn't the most desired outcome,
but the harsh reality is that we often don't get to
cherry pick the prettiest solution. While it might
seem unorthodox, such "software duct tape" can
get the job done long enough to bridge the gap
until the root cause of the issue can be properly
fixed.
All of these actions are process measures that
every manufacturer can undertake as part of
their development efforts. With effective
monitoring of known vulnerabilities, fast
response time, competent triaging, and rollout of
mitigation, many cybersecurity attacks can be
stopped before they ever can develop. If all of
the above advice is followed, however, how can
one measure the performance or effectiveness
of such a process?
Similar to functional testing, security can also be
proactively tested. In particular, when we are
looking at products, penetration tests can often
achieve this goal. Pentesting is when ethical
hackers – people who are paid to find
vulnerabilities in products – try to hack the
product so the unethical hackers don't get to.
These pentesters will report any findings to the
vendor and the issues can be fixed as part of the
regular development cycle, with some
weaknesses patched before they are ever
deployed in the field.
Still, it is a possibility that despite all those best
efforts, a product or company gets hacked in the
wild, with no prior warning or heads-up at all. Of
course, this can be a very difficult and stressful
event to manage, but when this happens it’s
crucial to again remain calm and be deliberate
about the responding steps. It could make a
situation much worse by falling into panic.
Ideally, the person who is designated as
responsible for security already has an incident
response plan worked out. Of course, this plan
cannot know of any attack details – but it
considers the infrastructure and components
within it and can estimate different rough
scenarios. In a well-prepared environment,
many of these scenarios will have been played
through as part of the threat and risk analysis –
the correct vendor responses are already
roughly laid out.
In the aftermath of an incident, finding the root
cause and performing a forensic analysis of the
attack is almost as crucial as mitigating it in the
first place. You would want to find out all the
details, including (but not limited to) when the
attack started, what the attack vector or process
154

used to exploit the system was, what data was
compromised, modified or deleted, and how you
can effectively guarantee going forward that this
vector cannot be used again to compromise your
infrastructure or product.
Rolling out good security is much like playing a
game of chess – you do not get to pick the move
your opponent will make, but you can plan well
ahead and you alone get to choose the
appropriate response. Well-defined
responsibilities, and proper issue and
vulnerability tracking go a long way, and are as
close as they will get, to preventing security
attacks before they even start. However, just like
in chess you can expect to have some setbacks.
Careful planning to help ensure timely response
to events is therefore vital. NIST has a great
summary for this approach in their Cybersecurity
Framework – Identify. Protect. Detect. Respond.
Recover.
In today’s world, security is everyone’s business.
What are you doing to help secure your
systems?
To learn more, visit IMS.UL.com.
About the Author
Dr. Johannes Bauer is the principal security advisor, identity management
& security, for UL in Frankfurt, Germany. Dr. Bauer has a Ph.D. in
Computer Science and has over ten years of experience in the field of IT
security. In particular, he has worked in the fields of electromobility and
smart home systems. Dr. Bauer has expert knowledge of physical threats
to embedded systems, both invasive and non-invasive, and he has
published multiple papers on mitigation strategies to thwart such attacks.
He has frequently led workshops on topics of applied cryptography and
worked as a security consultant, guiding secure software design and
development as well as practical threat and risk assessment.
UL is a global safety science company. To learn more, visit:
https://www.ul.com/
155

What Does A Cyber Security Consultant Do?
By Stuart Cooke, Digital Marketing Manager at Evalian
Are you considering becoming a cyber security consultant? Or perhaps you’ve recently become
aware of the importance of this type of security and youre looking to hire a professional to
support your business? Either way, cyber security roles are on the rise thanks to the
technological world we now live in.
But if youre not completely familiar with cyber security or the roles these individuals play in
keeping us safe from cybercrime, we’re here to help. In this guide we’ll look at the importance of
cyber security and what these individuals actually do. So, whether youre doing research for your
next career move or you’re trying to decide whether it’s worth hiring a cyber security professional,
check out the guide below for more information.
Why is cyber security so important?
It might surprise you to know that data is now the most valuable resource in the world, even
overtaking the oil industry. But with so much of our lives now online our personal data has
become very vulnerable. In fact, this is why the new General Data Protection Regulation (GDPR)
has been put in place to give EU citizens more rights over their own data.
156

As you can imagine, as technology grows the internet becomes more integral to our lives and
as people increasingly find new ways to collect and share our data, there is also a higher risk of
this data becoming misused. As technology has developed, so has the threat of cybercrime.
What was once just a fictional villainous ‘hacker’ in a movie, has now become a very real-life
problem and something we all need to be aware of.
These criminals are always finding new ways to hack information or scam money from innocent
victims. This is why individuals and businesses alike need to have at least a basic understanding
of cyber security. Many businesses will look to trained professionals to help ensure they meet
all GDPR regulations and that they are protecting themselves and their customers from
cybercrime. And that’s where cyber security consultants come in.
What is a cyber security consultant?
In a nutshell, a cyber security consultant is hired by a business or individual to help them prevent
a security threat. They do this by assessing the company’s technologies and systems to see
where their vulnerabilities lie. Essentially, they must play the role of a hacker by thinking ‘what
could I do to access this information’ and then play the role of the victim and think about the
impact this could have on their personal life. This helps them to spot any holes or potential
threats. In fact, some cyber security consultants used to be hackers themselves and understand
how vulnerable some companies can really be to cybercrime.
What does a cyber security consultant do?
Above we’ve briefly touched on what a consultant is and how they work with businesses, but
now let’s get down to the nitty gritty of the role. By trawling through each system, software and
computer acting as both the hacker and victim, the consultant is able to make an exhaustive
review of the companys security (or lack thereof). This is why most businesses e mployer IT
professionals of this nature, even if this is on a contract basis. The government even use these
consultants to help protect they huge amount of data they possess.
Once the consultant has highlighted all the potential threats they then move on to the next phase,
they help the company to design and then implement a security strategy for the business. They
will usually recommend the best software, hardware, firewalls and other security measures to
ensure the daily running of the business goes smoothly and that their data and important
information stays safe - particularly when sharing documents online.
So what do they do on a daily basis?
Hiring a cyber security consultant isnt a one -time gig. Once they’ve got a strong system in place
their daily responsibilities are all about monitoring the systems and updating security measures
where possible. They may also have to get involved if there is a breach of security and help to
teach other members of staff best practices for cyber security. Below are a few of the daily tasks
a cyber security consultant can be expected to perform:
157

• Speak with staff about any security problems or issued they’ve noticed in the past
• Educate other employees about security best practice and how they can spot a potential
threat before it happens
• Determine the best way to protect the company’s computers, software, data and information
from potential cyber attacks
• Keep up to date with the latest technologies and software to ensure the business is using the
most effective systems
• Test security solutions
• Create and deliver reports on these security tests to report back to the senior team
• Deal with any breaches or security related issues immediately and provide a detailed report
of what happened
• Continue to update and upgrade security systems
• Create detailed reports and estimates about the cost of new security systems
• Interview potential new team members if planning to expand the cyber security or IT team
What does it mean to be a cyber security consultant?
As you can see, being a cyber security consultant is a very important job! With new technologies
always emerging, the threat of cybercrime is always on the rise. Businesses (and even
individuals) that want to protect themselves from potentials hackers or scammers need to be
aware of any problems with their current security system, and that is why hiring a cyber security
consultant is so important.
Not only are they able to analyse any potential risks, they are knowledgeable about the latest
software and systems to ensure the business has the best security measures in place. They also
continue to update these systems as new threats and technologies emerge. The digital world is
moving fast, which means cyber criminals are always finding new ways to get into these systems.
That’s why consultants need to be proactive and always developing their knowledge of the
industry and latest technologies.
About the Author
Stuart Cooke, Digital Marketing Manager at Evalian, experts and consultants in all
things cyber security.
158

A10 Networks Cloud Access Proxy Provides Secure Access and
Visibility for SaaS Apps
By Yasir Liaqatullah, vice president of product management at A10 Networks
A10 Networks today announced a new Cloud Access Proxy (CAP) solution that provides secure access
to software as a service (SaaS) applications, such as Microsoft Office 365, optimizing branch offices with
better performance, stronger security and an enhanced user experience. Additionally, the solution
provides full visibility into SaaS applications for improved security. The CAP solution is comprised of three
components: the new A10 Networks Thunder® 840 CAP appliance for the branch office, higherperformance
Thunder® Convergent Firewall (CFW) platforms for the headquarters, and the new
centralized CAP Visibility and Analytics solution, which provides centralized insights into outbound
application traffic and SaaS application usage. Together, the CAP solution ensures that access to SaaS
applications and data is accelerated and secured while maintaining full, centralized visibility across
sanctioned and unsanctioned applications.
SaaS and Multi-cloud Environments Increase Security Challenges
Traditionally, enterprise networks were designed to provide users with access to applications and
services hosted locally within their data centers. To secure user access to the internet and to protect
them from cyber threats, a large central security stack was typically hosted to inspect traffic going in and
159

out of the network. As organizations grew and expanded into multiple branch offices, they were forced
into a hub-and-spoke deployment model where all branch office traffic was routed back to the central
security stack for policy enforcement and inspection.
With the increased adoption of SaaS applications, as well as the rapid move towards multi-cloud
deployments, enterprise networks are changing with the consolidation of WAN edge infrastructure and
migration from MPLS. Maintaining the security and user experience is increasingly challenging in this
environment.
A10 Networks CAP solves these problems by consolidating different features of multiple point products,
like software-defined-WAN, cloud access security brokers and secure web gateways, providing a unified
solution for SaaS optimization, security and visibility. These features include:
• Local breakout – For branch office traffic optimization using intelligent classification and bypassing
of SaaS traffic from other application traffic.
• Next hop load distribution (NHLD) – For dynamic traffic distribution across multiple WAN
connections.
• Tenant access control – For data theft prevention between sanctioned and unsanctioned SaaS
tenant accounts.
• URL filtering – For traffic categorization and protection from web threats.
• Application visibility and control – For dynamic recognition and categorization, as well as filtering
of application traffic.
• IPsec VPN – For securing internet traffic, backhauled from branches to the central security stack.
• AppCentric templates (ACT) – For simplified, one-step deployments at new branch offices.
• CAP visibility and analytics solution – For visibility across sanctioned and unsanctioned
application traffic at the branch office and in the cloud.
Traditional enterprise networks are not optimized for SaaS application traffic and the security provided
by the SaaS vendor is not adequate in addressing today’s cyber threats and increasing use of shadow
IT. A10 Networks’ Cloud Access Proxy is designed specifically to help organizations optimize the
performance and security of their SaaS application traffic.
The rapid increase in SaaS usage makes the Cloud Access Proxy solution perfect for deployment in
small to medium enterprises (SME) and verticals like education, legal, finance and manufacturing.
Availability
The complete Cloud Access Proxy solution, including Thunder 840 Cloud Access Proxy, Thunder CFW,
and the centralized Cloud Access Proxy Visibility and Analytics solution, is available now.
The centralized Cloud Access Proxy Visibility and Analytics solution will also be available as an add-on
app on the A10 Harmony Controller® in early 2020.
160

About the Author
As VP of Product Management, Yasir drives A10’s portfolio of 5G Service
Provider Solutions and Security portfolio. Yasir can be reached online at
(EMAIL: YLiaqatullah@A10networks.com) and at our company website
https://www.a10networks.com/
161

3 Cybersecurity Trends & Predictions for 2020 (from Illumio)
PJ Kirner, CTO & Founder of Illumio
1) “We’ll start to hear more about the convergence of physical infiltration with cyberattacks,
challenging security across the board.”
“Cyberattacks on an enterprise or a government can be carried out remotely but, in 2019, we started
hearing more about the physical element added to the mix. Just look at the woman who had a thumb
drive loaded with malware that got into Mar-a-Lago. Although she wasn’t able to successfully tap into the
network, she still had a convincing enough story to get past physical checkpoints manned by the Secret
Service.
And it doesn’t take sophisticated software or intelligence operations to execute these attacks – a wellplanned,
staged scenario is all it takes. For instance, someone could pose as an electrician to gain
physical access to a hospital being built, walking around unimpeded until they find an unprotected device
to access the network. I believe we’ll see more of these high-profile, hybrid cyber-physical attacks
162

in 2020.”
2) “AI and speech technology will be exploited, making voice a new weapon of choice.”
“If there’s one thing that malicious actors are good at, it’s creativity. We’ll see business email compromise
(BEC) extend further over into voice next year. Even though many organizations have educated
employees on how to spot potential phishing emails, many aren’t ready for voice to do the same
as they’re very believable and there really aren’t many effective, mainstream ways of detecting them.
And while these types of “voishing” attacks aren’t new, we’ll see more malicious actors
leveraging influential voices to execute attacks next year.
And it’s not as hard as it sounds - it’s easier than ever to get an audio clip of an executive, CEO, or world
leader giving a speech and then altering it for nefarious purposes. Imagine receiving an urgent call or
voicemail from your “boss”, asking to share credentials for a secure platform or system. Without any
packaged-up, off-the-shelf solutions to help detect these threats, we’re going to see a lot more voicerelated
attacks in 2020 that will be harder to identify and even harder to protect against.”
3) “Our sons and daughters will quickly become a new threat vector to enterprise security.”
“Almost everyone has a smart, connected device these days and kids are no exception. If they don’t have
their own, they’ll probably just grab their parents’ phone or tablet to play games or watch TV - often
unsupervised. As digital natives, technology is second nature to them but they’re not thinking about
cybersecurity at all, which is why they’ll become prime targets.
Unfortunately, no one is off limits when it comes to cybersecurity threats and our kids will be squarely in
the crosshairs next year. Whether it’s the child of an executive, an executive assistant, or even someone
with administrative privileges, it only takes one wrong click for them to implant malware on their parent’s
phone, opening up the back door for a bad actor to get into the company network. This will become much
more prevalent in 2020.”
About the Author
As Chief Technology Officer and founder, PJ is responsible for Illumio’s
technology vision and platform architecture. PJ has 20 years of
experience in engineering, with a focus on addressing the complexities
of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also held
several roles at Juniper Networks, including distinguished engineer
focused on advancing Juniper’s network security and layer 4-7 services
plane. PJ graduated with honors from Cornell University.
163

Applying Security Across Heterogeneous IT Systems
Proactive Threat Interference ® provides protection not offered
by other cybersecurity approaches
By Steve Ryan, CEO & Co-Founder, Trinity Cyber, Inc.
Do I patch my system in the name of security, or do I leave it unpatched to enable critical operations and
business functions?
Heeding CIO or CISO advice to patch systems and update information technology (IT) as soon as an
update is available is a best practice that will help secure systems against most known threats and
vulnerabilities before they can be exploited. However, there are times when you simply cannot avoid
maintaining legacy IT. How does one choose between security and operations? Incident response will
only get you so far. Adopting an adversary disruption strategy becomes a critical element of any security
posture for heterogeneous IT systems. Getting in the adversary’s way means that you don’t always have
to choose – you can have both.
The legacy dilemma
IT ecosystems change and evolve over time, but their functions usually remain constant. Critical
functionality often centers on connectivity between IT and more expensive assets. Take the example of
a weapons system built to communicate with an early version of Microsoft Windows. While the outdated
164

operating system is vulnerable to exploitation, updating the IT would require an expensive interface
retrofit or even replacement of the entire weapons system at a huge cost.
This legacy dilemma affects large-scale, expensive functionality most acutely. Machines in manufacturing
operations or critical systems for municipalities tied to obsolete software can prove too costly to replace.
Even more common is payroll software running on old operating systems or obsolete and unsupported
software.
Other compatibility challenges
Many endpoint security products only operate on the most recent Windows operating systems and are
not designed to protect systems that use other operating systems. Nor can they defend other IT
infrastructure, like modems or routers. In these circumstances, the network’s firewall assumes even
greater responsibility for blocking attackers before they can reach individually unprotected computers or
devices. Unfortunately, firewall access control lists can wreak havoc on legitimate communications paths
used by legacy systems. In addition, firewalls can be susceptible to control by the adversary, completely
compromising unprotected endpoints.
Often, larger corporations inherit distinct IT infrastructures from each firm incorporated into the whole
through mergers and acquisitions. This creates a patchwork system incompatible with a common
endpoint defense. Those companies embracing Internet of Things (IoT) substantially increase the
number of network endpoints and also introduce riskier technology. Current IoT devices simply lack the
processing power to perform even basic security measures and rely entirely on extra-device measures.
Endpoint security and the use of firewalls are critical and should remain staples in any cybersecurity
protocol. The problem, however, is that these measures treat the cyber threat like an inevitable force of
nature against which victims are powerless. Incident response and recovery is as passive as preparing
for and enduring a storm – yet the cyber threat bears no resemblance to weather. Instead, it is created
by an adversary who has an objective, a set of tools, and a level of knowledge. If a malicious hacker has
you in his sights, you can passively hunker down, or you can proactively get in his way.
Understanding the adversary’s playbook
Adversaries routinely capitalize on unevenly defended networks and known vulnerabilities of common
applications and operating systems. A month after Microsoft released an unprecedented patch for
Windows XP, The Shadow Brokers published a set of tools that exploited the weaknesses in how
Windows XP uses the Server Message Block protocol. Shortly after, the WannaCry ransomware attack
and devastating NotPetya attack affected hundreds of thousands of Windows XP systems that had not
upgraded, at an estimated worldwide cost of between $14 billion and $18 billion. 6 Some systems remain
exposed to this threat today.
6
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
165

This is a classic example of why relying on patch management alone is a failing and costly strategy.
Heterogeneous or legacy-bound systems require a strategy for actively disrupting cyberattacks when installing a
patch will take time and could hinder important functionality. Likewise, homogeneous networks require
the same strategy for defense before a patch can be installed.
One example of this adversary-focused approach is a strategy my team and I developed for protecting
the Department of Defense networks against the Heartbleed vulnerability. After a researcher published
a method of getting target systems to spew data from memory, teams across the cybersecurity space
acted quickly to spread word of the vulnerability. By contrast, my team used the attempt at exploiting
these vulnerable systems to identify those systems and neutralize the incoming threats to vulnerable
devices until an upgrade could take place. In short, we interfered with the adversary’s attacks and used
their methods to benefit us.
Exploiting adversary methodology offers a critical strategy for protecting uneven defenses and networks
in need of an upgrade. Every adversary must complete a series of actions in sequence to attempt an
attack. Rather than simply blocking an adversary based on simple indicators of compromise (IOCs) or
even next generation firewall rules, why not disrupt the adversary’s methodology? And if you can, use
the adversary’s methodology to your favor? Cybersecurity professionals can not only increase adversary
work factor but can also decrease their operational expenses by reducing the number of incidents to
respond to.
Cybersecurity strategy for incompatible networks
Any network, including heterogeneous networks and those running outdated software, can add a valuable
layer of defense by operationalizing knowledge about the adversary and adopting a strategy of adversary
disruption rather than passive response and recovery.
Proactive Threat Interference® from Trinity Cyber aids this strategy by invisibly monitoring threats outside
a network’s perimeter and adapting to intercept and neutralize cyberattacks based on the adversary’s
tactical toolbox. Ultimately, an integrated security posture – with threat interference, an impermeable
firewall, and endpoint security – represents the strongest safeguard against infiltration and costly
remediation.
166

About the Author
Mr. Ryan is Co-founder and Chief Executive Officer of Trinity Cyber, Inc., a
disruptive technology company fundamentally redefining commercial
cybersecurity.A recognized leader in cybersecurity, Steve left the National
Security Agency in 2016 as the Deputy Director of its Threat Operations
Center after a distinguished 32-year career as a custom chip designer and
cybersecurity operator. Steve excels in leading special projects and
challenging the status quo to develop unique solutions to the world’s most
complex problems. He has applied his unique skills and vision to develop a
fundamentally new approach to cybersecurity. The solution he developed
propelled Steve to found Trinity Cyber and create its Proactive Threat Interference® capabilities. Only
through approaching the problem in a singularly different way, Steve has developed a methodology and
technology that finally addresses the cyber threat at its core – the adversary.Steve holds a Bachelor of
Science degree in Electrical Engineering from the University of Rhode Island. He was a primary architect
of the NSA’s NTOC, bringing together intelligence and defensive missions to identify and stop cyber
threats at very large scale. Steve is a recipient of the Presidential Rank Award, the Exceptional Civilian
Service award, and a first-place winner of the Department of Defense CIO Award.
167

The Security Challenges of Robotic Process Automation—A
Primer
By Kevin Ross, Global Solutions Engineer, CyberArk
Robotic process automation (RPA) is one of the hottest technologies in the IT market today. These
systems enable software robots to replicate the actions of human workers for tasks such as data entry,
and they can bring greater efficiencies and accuracy to many key business processes.
The technology has the potential to deliver huge benefits to companies. These include increased
efficiency of workflows, improved accuracy of transactions, and significant cost savings through the
reduction of labor by automating the execution of repetitive, time-consuming manual tasks.
RPA can also be a significant IT security risk, particularly around the credentials used to manage RPA
implementations. Because of that, organizations need to be vigilant about how they secure their RPA
deployments.
The Benefits of RPA
Companies that include manufacturers, financial services firms, engineering firms, and insurance
companies use RPA to automate all kinds of routine tasks. The software “bots” that are key components
of the software follow a set of programmed rules to carry out activities people would ordinarily perform.
168

In some cases, the RPA bots work together with humans for functions such as moving or copying data
between applications.
Companies that rely on a large human workforce for process work, in which people perform high-volume,
transactional functions, stand to gain from using RPA, according to the Institute for Robotic Process
Automation and Artificial Intelligence (IRPA AI).
RPA software can deliver efficiencies to enterprise applications such as enterprise resource management
(ERP), customer relationship management (CRM), supply chain management, and applications that
support functions in human resources and finance.
Clearly the emerging technology is having a huge impact on the way enterprises perform day-to-day
business processes.
According to Deloitte, 53 percent of organizations have started to leverage RPA to robotize and
automate repetitive tasks to allow the human workforce to focus on higher value work. Overall, RPA
adoption is expected to increase to 72 percent in the next two years and, if adoption continues at its
current level, RPA will achieve near-universal adoption within the next five years.
While RPA software is being deployed in all industries, the biggest adopters include banks, insurance
companies, telecommunications providers and utility companies.
These companies traditionally have lots of legacy systems, and implement RPA tools to enhance
integration among these systems and quickly accelerate their digital transformation efforts while
leveraging their IT investments.
This is creating new security risks that organizations need to be aware of.
Addressing the Security Risks
Considering the scale and speed at which bots work and the number of systems and applications they
can access, security should be a primary consideration when deploying the technology.
As with any other newer technology, RPA can easily become a new attack vector for bad actors if security
isn’t factored into the platforms.
RPA software interacts directly with critical business systems and applications, which can introduce
significant risks when bots automate and perform routine tasks. Bots don’t need administrative rights to
perform their tasks.
But they do need privileged access to log in to ERP, CRM and other enterprise business systems to
access data, copy or paste information, or move data through a process from one step to the next.
Privileged access without security is a recipe for disaster.
According to a recent study, 84 percent of organizations believe that IT infrastructure and critical data is
not secured unless privileged accounts are fully protected.
The typical approach in providing privileged access credentials to bots is to hard-code privileged access
credentials into the script or rules-based process a bot follows. With another method, the script might
169

include a step to retrieve credentials from an insecure location such as an off-the-shelf application
configuration file or database.
As demand for RPA increases among lines of business, the number of privileged account credentials
hard-coded into scripts or stored insecurely grows. That significantly increases the associated risks.
With these approaches, the credentials end up being shared and reused repeatedly. Unlike the
credentials used by humans, which typically must be changed regularly, those used by bots remain
changed and unmanaged.
As a result, they’re at risk from cyber criminals and other bad actors who are able to read or search scripts
to gain access to the hard-coded credentials. They are also at risk from users who have administrator
privileges, who can retrieve credentials stored in insecure locations
As RPA deployments expand to include larger numbers of bots, the risks become exponentially greater
for organizations. If privileged account credentials used within an RPA platform are left unmanaged and
unprotected, that can transform RPA processes into a backdoor through which attackers can gain access
to corporate systems and do damage.
Organizations can take three critical steps to start mitigating the risk of the RPA pipeline becoming
compromised, building security directly into their RPA workflows and processes.
1. Store and manage privileged credentials securely
To keep privileged account credentials from falling into the wrong hands, they can remove credentials
from bot scripts and other insecure locations.
Instead, they can be stored in a system that encrypts the credentials; holds them in a secure location;
hands them securely to authenticated bots on-demand; automatically rotates credentials at regular
intervals or on-demand; removes human intervention from the process; and scales to meet rapid growth
in RPA use.
2. Limit the bots’ application access
If an attacker acquires privileged account credentials, companies can minimize the impact by limiting the
number of applications to which the credentials allow access.
That means granting bots privileged access only to the specific applications they need, preventing other
applications from executing. This prevents bad actors from using multiple applications on a client machine
and gaining the local administrator rights allowing them to install spyware and other malware.
3. Protect administrator credentials or else
Companies should deploy a secure infrastructure that protects and manages administrator credentials in
the same way as bot credentials, using encryption and secure storage and automatic rotation; and allows
isolation and monitoring of administrator activity.
By taking the necessary steps, organizations can benefit from RPA and minimize the risks.
170

About the Author
Kevin Ross is a Sr. System Engineer at CyberArk (NASDAQ: CYBR). He is
an experienced system engineer with a demonstrated history of working in
the computer software industry. Previous to CyberArk, he was a support
engineer and project manager at Barracuda (NYSE: CUDA). He’s skilled in
Session Initiation Protocol (SIP), Domain Name System (DNS), Mac,
Transmission Control Protocol (TCP), and more. He has a B.S. in Computer
Information Services from Southern Adventist University. Kevin can be
reached online at LinkedIn. For more information
at: https://www.cyberark.com/
171

5 Simple Ways to Protect Your Smartphone from Cyber
Attacks
By Jamshaid Chaudhary, Kamil Web Solutions
Where the onset of the internet has been a blessing for almost everyone, it has also proved to be a curse
for many of us. Hackers are improvising new ways to burst the privacy bubble of people. Security experts
warn us that most cyber-attacks initiate from our smartphones. And despite the alarming number of
hacking incidents in the last decade, an average person doesn’t know how to protect his smartphones
from these attacks.
In addition to getting personal information of people, these hackers target company employees to hack
into a business smartphone to obtain vital information. Therefore, taking appropriate precautions to
protect your phone is more important than it has ever been.
Here are 5 simple ways to keep your smartphone’s data secured.
Use Trusted Wi-Fi and Bluetooth
Most people connect to public Wi-Fi without giving it a second thought. What they don’t know is that these
public Wi-Fi’s can be used to obtain sensitive information from the connected devices. Most hotels and
event venues have their security protocols in place, but free public Wi-Fis in areas like shopping centers,
cafes, airports and parks and far less secure and should be used wisely.
172

Whenever you are in a public place, it is best to keep your Wi-Fi turned off or use it through a VPN which
re-routes your network traffic through an encrypted connection.
Use Two-Factor Authentication
You should take benefit of every possible security procedure available to make your device as secure as
it can be. A two-factor authentication (2FA) is a solid barrier which prevents unwarranted access of your
personal data and information.
Most people don’t use this feature because it requires an extra step for verification but imagine all your
information that is put on stake if you skip 2FA. Nowadays, due to fingerprint technology and savepassword
options, this feature is much easier to use.
Use Trusted Apps
It is imperative that you should only download apps from sources that are trustable, especially the ones
that use your GPS location. While iPhone has some trustable apps for tracking like iphone location
tracking, the standards are not that high in an Android. An android phone allows installation from various
sources and people fall prey to cyber-attacks due to fishy apps.
Best way to avoid this is by sticking to apps that are allowed by App Store on the iPhone and Play Store
on Android and make sure they can be trusted before giving them any permissions.
Ignore Spam and Phishing Emails
The most common way a hacker uses to crawl his way through the company’s security protocol is by
breaking into an employee’s inbox. You should educate yourself on how to avoid these emails and identify
phishing emails from original ones.
Make sure that you don’t give your personal information to anyone online and cross-check the sender’s
identity before engaging in a conversation with him.
Keep your Apps Updated
Most people delay the updates of their operating system and apps. But delaying it for a very long time
compromises the security features of an app. Developers are trying to keep up with the hackers by rolling
regular security updates for apps and operating system, and you should download these update as soon
as possible to keep your data secure.
173

Author the Author
Jamshaid Chaudhary.I began writing as a professional on my
personal blog and then discovered my true calling, which is writing
about technology, News and gadgets in general. I am a technical writer,
author, and blogger since 2010. An industry watcher that stays on top
of the latest features, extremely passionate about juicy tech news and
everything related to gadgets. For tech tips, visit
http://crazytechpoint.org/ my email address is
jamsheed1480[at]gmail[dot]com. Company Name: Kamil Web
Solutions Site: https://www.kamilwebsolutions.ae/
174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS
“Amazing Keynote”
“Best Speaker on the Hacking Stage”
“Most Entertaining and Engaging”
Gary has been keynoting cyber security events throughout the year. He’s also been a
moderator, a panelist and has numerous upcoming events throughout the year.
If you are looking for a cybersecurity expert who can make the difference from a nice event to
a stellar conference, look no further email marketing@cyberdefensemagazine.com
194

You asked, and it’s finally here…we’ve launched CyberDefense.TV
At least a dozen exceptional interviews rolling out each month starting this summer…
Market leaders, innovators, CEO hot seat interviews and much more.
A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.
195

Free Monthly Cyber Defense eMagazine Via Email
Enjoy our monthly electronic editions of our Magazines for FREE.
This magazine is by and for ethical information security professionals with a twist on innovative consumer
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best
ideas, products and services in the information technology industry. Our monthly Cyber Defense e-
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here
to sign up today and within moments, you’ll receive your first email from us with an archive of our
newsletters along with this month’s newsletter.
By signing up, you’ll always be in the loop with CDM.
Copyright (C) 2019, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a
CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,
CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,
Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com
All rights reserved worldwide. Copyright © 2019, Cyber Defense Magazine. All rights reserved. No part of this
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,
recording, taping or by any information storage retrieval system without the written permission of the publisher
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at
marketing@cyberdefensemagazine.com
Cyber Defense Magazine
276 Fifth Avenue, Suite 704, New York, NY 1000
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 11/01/2019
196

TRILLIONS ARE AT STAKE
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES
Released:
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH
In Development:
197

198

199

200

201

Nearly 8 Years in The Making…
Thank You to our Loyal Subscribers!
We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know
What You Think. It's mobile and tablet friendly and superfast. We hope you
like it. In addition, we're shooting for 7x24x365 uptime as we continue to
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)
around the Globe, Faster and More Secure DNS
and CyberDefenseMagazineBackup.com up and running as an array of live
mirror sites.
4m+ DNS queries monthly, 2m+ annual readers and new platforms coming…
202

203

204

205