Cyber Defense eMagazine December 2019

1
8 Most Common Cybersecurity Mistakes
You Should Avoid in 2020 and Beyond
Government Agencies Are Prime Target for
Cyberattacks
Visibility and Anomaly Detection in The
Age of Iot
How to Become a Cybersecurity Sleuth?
The Blockchain And Wireless Technologies
Automatic for The SOC People
Really, Imagine a Day Without Water
…and much more…

DECEPTION-BASED
THREAT DETECTION
By the time an attacker
tastes the difference,
their presence is known.
S
Sugar Sugar Sugar
“Attacker mistakes are made when
they cannot distinguish real from fake.”
Tony Cole, CTO Attivo Networks
Detecting threats needs to be comprehensive, however it doesn't have to be
complicated. Designed for simplicity, Attivo Networks brings uncertainty to
the mind of the attacker, redirecting them away from the target assets and
providing defenders with high-fidelity alerting that is backed with actionable
attack and forensic data on malicious activity and insider policy violations.
Suga
Deceive. Detect. Defend.
attivonetworks.com

2

3
CONTENTS
Welcome to This Very Special December 2019 Edition ..................................................................................... 7
8 Most Common Cybersecurity Mistakes You Should Avoid in 2020 and Beyond ............................................ 20
3-D Secure: The Legacy Protocol Making a Comeback to Secure Online Payments .......................................... 25
Oh, my! PerCSoft’s Irony ................................................................................................................................ 28
Persistent Cybersecurity Industry Challenges: Salary Survey Finds Parity Gaps for Gender, Diversity and
Trouble Sustaining Work-Life Balance ............................................................................................................ 32
Protecting Against Modern Cyberattacks ....................................................................................................... 36
BeyondTrust Cybersecurity Predictions for 2020 & Beyond ............................................................................ 39
Government Agencies Are Prime Target for Cyberattacks .............................................................................. 44
Visibility and Anomaly Detection in The Age of Iot ......................................................................................... 47
Why Outsmart Cyber Attackers When You Can Remove Them Entirely?......................................................... 50
Cyber Safety Tips for The Holidays ................................................................................................................. 53
How to Become a Cybersecurity Sleuth? ........................................................................................................ 56
The Security Challenges of Robotic Process Automation—A Primer ............................................................... 60
The Blockchain And Wireless Technologies .................................................................................................... 64
Benefits of Having an SSL Certificate in 2019 .................................................................................................. 68

4
The Internet Got Safer In 2019: A Cybersecurity Year in Review ..................................................................... 71
The Perspectives Of The 5th Industrial Revolution ......................................................................................... 74
The Rise of Cybercrime-As-A-Service .............................................................................................................. 78
The Email Security Challenges ........................................................................................................................ 81
The Only Recession in Cybersecurity .............................................................................................................. 85
Automatic for The SOC People ....................................................................................................................... 88
Multifactor Authentication & The Sobering Reality for Organizations Without It............................................ 91
The Growing Costs of Cyber Attacks on UK Small Businesses .......................................................................... 94
Why Insider Data Breaches Will Continue in 2020 .......................................................................................... 97
Out-Smarting the Cybersecurity Skills Shortage ............................................................................................ 100
New Security Report Highlights Trends in Mid-Market Business Malware .................................................... 104
It’s Time for A Tough Conversation About Trust ........................................................................................... 107
Hindsight Is 2020: Three Security Visions for The Start of The New Decade .................................................. 109
How to Stay Safe on Public Wi-Fi Networks (Detailed Guide) ....................................................................... 113
Browser Extensions Are a Leaky Vessel for Phishers to Exploit ..................................................................... 117
Really, Imagine a Day Without Water ........................................................................................................... 120

5
@MILIEFSKY
From the
Publisher…
New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com
Dear Friends,
We’re almost into 2020 but we still have so much to accomplish this year
with a free new job posting site almost fully operational – we’ll share the new
URL with you on our January 2020 edition. Thanks to those of you who
attended the InfoSecurity North America show in New York City last month
at https://www.infosecuritynorthamerica.com/ as we now head into the new
year with the biggest infosec show on earth coming to us in late February –
it’s the RSA Conference 2020, held once again in San Francisco, CA, USA
and found online at https://www.rsaconference.com.
Our 8 th annual InfoSec Awards for 2020 are open and we hope to find more winners this year who are market
leaders, innovators and those offering some of the best solutions for cyber security in the global marketplace. For
those women who did not make our Top 25 Women in Cybersecurity for 2019 or missed out on the deadline, we
have added Women in Cybersecurity as a new category this year and you can even ask our judges if they will
create a new category for your unique product or service. If you’re an infosec innovator, please consider applying
at: https://www.cyberdefenseawards.com/
We offer our own statistics that you are free to reuse anytime, from this page:
http://www.cyberdefensemagazine.com/quotables/. We have many new interviews going live on
https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com this month, so please check them out
and share links to them with your friends and co-workers.
With over 5m views on Cyber Defense Magazine, this month alone, please keep on spreading the link and help
share new and informative ways to get one step ahead of the next threat!
Warmest regards,
Gary S. Miliefsky
Gary S.Miliefsky, CISSP®, fmDHS
CEO, Cyber Defense Media Group
Publisher, Cyber Defense Magazine
P.S. When you share a story or an article or information about CDM, please use #CDM and @CyberDefenseMag
and @Miliefsky – it helps spread the word about our free resources even more quickly.

@CYBERDEFENSEMAG
CYBER DEFENSE eMAGAZINE
Published monthly by the team at Cyber Defense Media Group and
distributed electronically via opt-in Email, HTML, PDF and Online
Flipbook formats.
6
InfoSec Knowledge is Power. We will
always strive to provide the latest, most
up to date FREE InfoSec information.
From the Editor-in-Chief…
Turning a corner as winter has arrived, more
positive changes are coming to CDM – new
platforms, expanded infosec offerings and much
more.
Meanwhile, the cyber criminals, terrorists and nation
state actors are not letting up - more threats than
ever and new waves of creative cyber-attacks
approach. In 2020, expect:
• Nation State Cyberespionage and Cyberwarfare
• Supply Chain Management Exploitation
• Cloud-based Identity Attacks
• New Deep Fake Spear Phishing Attacks
• Mobile Devices Become the Ultimate Backdoor
• IoT Devices Become New Critical Targets
• Ransomware will continue to escalate
….and we expect much more…so please keep reading,
keep sharing and watch for the latest exploits as well as
the best defenses to get one step ahead of the next
threat, only here, at Cyber Defense Magazine.
To our faithful readers, we thank you,
Pierluigi Paganini
Editor-in-Chief
PRESIDENT & CO-FOUNDER
Stevin Miliefsky
stevinv@cyberdefensemagazine.com
EDITOR-IN-CHIEF & CO-FOUNDER
Pierluigi Paganini, CEH
Pierluigi.paganini@cyberdefensemagazine.com
EDITOR-AT-LARGE & CYBERSECURITY JOURNALIST
Yan Ross, JD
Yan.Ross@cyberdefensemediagroup.com
ADVERTISING
Marketing Team
marketing@cyberdefensemagazine.com
CONTACT US:
Cyber Defense Magazine
Toll Free: 1-833-844-9468
International: +1-603-280-4451
SKYPE: cyber.defense
http://www.cyberdefensemagazine.com
Copyright © 2019, Cyber Defense Magazine, a division of
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)
276 Fifth Avenue, Suite 704, New York, NY 10001
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
PUBLISHER
Gary S. Miliefsky, CISSP®
Learn more about our founder & publisher at:
http://www.cyberdefensemagazine.com/about-our-founder/
WE’RE TURNING A CORNER INTO
8 YEARS OF EXCELLENCE!
Providing free information, best practices, tips and
techniques on cybersecurity since 2012, Cyber Defense
magazine is your go-to-source for Information Security.
We’re a proud division of Cyber Defense Media Group:
CYBERDEFENSEMEDIAGROUP.COM
MAGAZINE TV RADIO AWARDS

7
Welcome to This Very Special December 2019 Edition
In my capacity as Editor-at-Large, I’m pleased to welcome readers of Cyber Defense Magazine to the
December edition – our 84 th produced over the past seven years, consistently growing in article content
and readership each and every year, since our inception. In 2022, we will have marked our first decade
in production. By then, you’ll see even more improvements, new platforms and our continued evolution.
If I have learned one enduring fact about cyber threats and security, it’s that this phenomenon is dynamic,
not static. Permanent books, like those in print, tend to go out of date quickly. Only a dynamic medium
can help cyber professionals keep up to date with developments in the field.
My own journey has led me from law practice to education, to writing and teaching about identity theft, to
privacy issues, and ultimately to cyber security. During the past 20-plus years, I have experienced and
learned from the continuing interplay between malicious cyber-attackers and home team defenders.
Featured status among the cyber issues is often determined by political and regulatory vectors. The
front-burner issues of today are often replaced tomorrow by new headlines. Specialized concerns, such
as privacy, health care, financial organizations, zero-trust technical fixes, and human awareness training
all seek to attract eyeballs and dollars.
State, federal, and international jurisdictions compete for authority and funding in meeting cyber
challenges. Yet, for all the defensive activity and expenditures, breaches and ransomware incidents
continue to grow in number and severity from year to year.
As a public medium and forum, we are fortunate to have many who are willing to share their cyber
thoughts and positions with Cyber Defense Magazine and our readers. Let me take this occasion to
invite you all to suggest topics and developments to cover in future editions.
Wishing you all success in your cyber security endeavors,
Yan Ross
Editor-at-Large
Cyber Defense Magazine
About the Editor-at-Large
Yan Ross, J.D., is a Cybersecurity Journalist & The Editor-at-Large for Cyber
Defense Magazine. He is an accredited author and educator and has provided
editorial services for award-winning best-selling books on a variety of topics.
He also serves as ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS® course.
As an accredited educator for over 20 years, Yan addresses risk management
in the areas of identity theft, privacy, and cyber security for consumers and
organizations holding sensitive personal information. You can reach him via
his e-mail address at yan.ross@cyberdefensemediagroup.com

8

9

10

11

12

13
Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep
understanding of your web application vulnerabilities, how to prioritize them, and what to do about
them. With this trial you will get:
An evaluation of the security of one of your organization’s websites
Application security guidance from security engineers in WhiteHat’s Threat Research Center
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well
as share findings with internal developers and security management
A customized review and complimentary final executive and technical report
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/
PLEASE NOTE: Trial participation is subject to qualification.

14

15

16

17

18

19

20
8 Most Common Cybersecurity Mistakes You Should Avoid in
2020 and Beyond
By Sam Chester
Be it stolen customer data, phishing, or ransomware attacks, successful cyberattacks can affect
businesses of any size and in any industry. A 2018 study by Juniper Research unveils that breaches in
cybersecurity are likely to result in the theft of over 146 billion records by the year 2023, while identity
theft has affected over 60 million Americans (as found by a 2018 survey by Harris Poll).
Whether you are offering personal services or running a business operation, establishing an online web
presence has now become a necessity for success. A security breach can destroy your business in
numerous ways including loss of website visitors due to downtime, loss of customer trust and business
revenue, along with loss of sensitive customer data.
Thanks to the expanding awareness of cyber attacks and online threats, business enterprises are
investing millions into improving their cybersecurity through the latest technology and tools. Still, an
analysis of even the most complex online attacks reveals that website security is often imperiled by the
most elementary mistakes that can be easily fixed by enterprises.

21
Below we look at the top eight mistakes in cybersecurity that you should dodge in the coming years.
1. Poor Password Management
Weak passwords are among the principal reasons for most of the cybercrimes including brute force
attacks. An instance of a successful brute force attack is the March 2018 Magento case where almost
1,000 user accounts were compromised due to weak user account passwords. Examples of weak
passwords that are still used include “123456,” “password,” and “qwerty.”
Listed below are some of the best practices in password management that can improve cybersecurity:
• Use of complex passwords that incorporates alphanumeric and special characters.
• Enable 2-Factor Authentication (or 2FA) that can be used with strong passwords to safeguard
user access.
• Avoid the use of the same passwords in multiple business accounts.
• Use of desktop or smartphone apps that can securely store (or even regenerate) passwords
instead of writing them down on a post-it or note pad.
• Maintain the habit of periodically changing passwords for all your accounts.
2. Perception of Being Exempt from Online Attacks
Small-scale business enterprises or SMBs have this false opinion that their business is too small or trivial
to be targeted by hackers. The fact is that every business, large or small, are possible targets for hackers.
A 2018 study on the state of cybersecurity in small and medium-sized businesses revealed that 67% of
the SMBs have encountered a cyberattack while another 58% have had a data breach in the previous
12 months.
Furthermore, companies that do not manage credit card data or any customer information believe that
cybercriminals will not target their security network. In truth, hackers are targeting several computer
networks to find vulnerabilities and obtain sensitive information or cause damage.
The fact is if your business has a digital presence, you are at risk and must adopt cybersecurity as a
business strategy to guard both your stored data and website resources.
3. Public Wi-Fi Usage
Be it at the local coffee shop or at the airport, public Wi-Fi hotspots are becoming extremely common and
free for public use. But free Wi-Fi does not necessarily mean that you should always use them whenever
available to you.
Internet networks such as public Wi-Fi are often not secure and are increasing the number of man-inthe-middle
(or MITM) attacks that are used to intercept confidential data like credit card details and login
credentials.

22
You can prevent (or decrease) the chances of such cyber-attacks by:
• Curbing the use of public Wi-Fi connections for performing sensitive tasks like making online
payments or file sharing.
• Employ a Virtual Private Network (or VPN) when accessing from a public place. The use of VPNs
keeps your online activities safe from being intercepted by hackers.
4. Ineffective Privilege Management
Are you providing the bulk of your users with unrestricted rights and privileges to your security network?
Or do you have many users with “admin” privileges?
Neglecting the security risk posed by human users can be harmful to any business. This can involve
granting admin privileges or access to critical business data to temporary workers, freelancers,
consultants, or even your clients. The April 2018 Credit card data breach reported by Lord & Taylor that
compromised 5 million credit cards along with other data breaches in 2018 could have been prevented
through proper privilege management.
As most security networks allow full account privileges to admin users, hackers try to break into admin
accounts to gain access to the backend data. The following privilege management practices can be useful
in improving cybersecurity:
• Restricting the number of admin users to only those who actually need it.
• Assigning user rights and privileges on the basis of user roles.
• The additional approval process for high-risk tasks such as deletion done by admin users.
• Withdrawing access rights with third-party users at the end of the working relationship.
• Annual training programs with employees to understand safe cybersecurity practices.
5. The “Outdated Network” Problem
Regardless of which network technology or tool that you use, they have to be regularly updated to fix any
crucial security bugs that hackers can abuse. The 2018 case of the Spectre and Meltdown security flaws
in computer CPUs affected a bulk of computer processing equipment that needed the release of security
patches and fixes for hardware & software, along with operating systems.
While countering every attack may not be possible, you must be well-versed in the overall architecture
and structure of your security network and implement practices to keep all your tools and website
components updated to their latest version. Along with the latest anti-virus software tools, deploying

23
security mechanisms like ransomware blockers along with frequent updates can boost your cybersecurity
measures.
6. Bad Email Practices
According to the U.S Federal Bureau of Investigation (or FBI), there has been a 60% rise in the year
2018 in fraudulent email activities aimed at theft of money or personal information. Among the most
famous email phishing scams in 2018, technology companies, Google and Facebook were deceived of
over $100 million by a hacker impersonating as a computer parts vendor.
Even after many repeated warning against responding to unsolicited email messages, email users
continue to fall victim to bogus emails about investment opportunities, job offers, and tax savings.
Here are email security best practices that are necessary to improve cybersecurity:
• Don’t open links or attachments sent through unsolicited emails.
• Confirm the source of emails by checking the sender’s email address or contacting them by phone
or in person.
• Don’t respond to unsolicited emails.
• Don’t share sensitive information such as credit card details or passwords.
7. Just an “IT” Problem
Is cybersecurity just an “IT” issue? Can it be fulfilled by employing IT security personnel who will
implement solutions that can safeguard your network? If your response to these questions is “Yes,” then
you are in for a blow. Cybersecurity is no longer the responsibility of the IT department but demands
accountability from everyone in the firm including the C-suite.
While IT personnel can devise and execute the best of security systems and processes for your business,
guaranteeing cybersecurity at every level must be the duty of every department group and employees.
Here are some steps to assure that cybersecurity is not just limited to the IT department:
• Proper employee training on the business risks linked with cyberattacks.
• Highlight the significance of applying regular updates and safe email practices to your employees
and its pertinence to cybersecurity.
• Plan and administer a complete risk management framework that covers cybersecurity.
8. The “Shadow IT” Issue
With the increase of offsite cloud-based solutions and smartphone apps, your workforce is now accessing
both in-premise applications (that are mostly secure) and many shadow applications that may not be
secure against cyber-attacks.

24
While it’s not feasible to restrict employees from accessing these shadow applications from their devices,
companies should be able to monitor these applications and sort them on the basis of their risk profile.
Moreover, you can formally approve the “safe” and “trusted” apps so that they can be used just like any
other in-house application.
Closing Thoughts
The increasing numbers and complexity of cyber-attacks around the globe is surely a catalyst for raising
awareness about cybersecurity practices and investment in the most modern security tools.
Nevertheless, committing a majority of the cybersecurity blunders (as described in this post) can still
threaten and compromise the best of IT security systems and infrastructure.
About the Author
Sam Chester is a cybersecurity engineer who highlights the ways to
be safe online. He is the co-founder of BestVPNZone.

25
3-D Secure: The Legacy Protocol Making a Comeback to
Secure Online Payments
By Jennifer Singh
Consumers today are spoiled for choice – which clothes to wear, gadgets to buy and payment networks
to use to acquire these goods. The competition is tight for merchants and issuing banks, who must do
everything they can to deliver an unforgettable experience and ensure repeat business isn’t threatened.
This includes having a security strategy in place to protect the consumers, issuer and merchant before,
during and after a fraudulent card-not-present (CNP) attack.
3-D Secure emerged as a solution to enable authentication through payment networks, such as Visa,
Mastercard or American Express, when making CNP purchases. What used to be a massive point of
friction in the e-commerce experience ultimately failing businesses and consumers, has come a long way
since version 1.0. Its comeback focuses on a new approach to authentication, including a wider range of
data capabilities, biometric technology and improved user experience.

26
The major difference is the addition of a risk-based authentication (RBA) engine. Through effective riskbased
data modeling, the protocol removes the consumer from the equation and subsequently sets the
stage for a vastly improved experience. The only caveat aside from user experience, is that RBA brings
its own set of complexities which should not be overlooked.
The Trials and Tribulations of a Data Overload
As with any model, the more data that can be collected, the better. In 3-D Secure’s case, merchants can
share much more data than before, which ultimately allows issuers to improve their authentication models
over time. The benefit is that when CNP transactions are evaluated with better accuracy, there is less
friction in the purchasing process for the consumer as more transactions are authorized out of sight.
Getting to the point where an improved customer experience is delivered can be the challenge in itself.
To start, there are four different types of data that can be shared: transaction and consumer data,
authentication data, merchant data, and device data. Moreover, not all data points are required or
conditional, meaning merchants can choose what, if anything, they want to pass on to the issuer. Risk
models are developed based on the expectation of access to specific types of information. When that
information is not shared or is incomplete, the model is rendered useless.
The Merchant’s Role in Preventing Skewed Results
There is a disconnect between merchants and issuers that also must to be addressed in order to improve
outcomes across the entire ecosystem. The fees of sending e-commerce transactions through 3-D
Secure are more expensive, meaning there is little or no incentive to do so outside of those transactions
that are already viewed as suspicious or high risk.
In this instance, the model is being fed skewed data, which limits its capabilities in preventing instances
of fraudulent transactions. Issuers therefore need to put a bigger emphasis on helping merchants
envision the long term value of this added cost. In a perfect world where merchants send all their
transactions through 3-D Secure, there would be a reduction in system-wide fraud, false positives,
checkout times and cart abandonment – all cost-effective benefits that lead to higher profits and brand
loyalty for merchants and banks.
We still have a long way to go until merchants are entirely on board, but in the meantime issuers need to
tune their authentication models correctly. There are ways to navigate the unknowns regarding data
collection, one being to create different models for various types of vendors and using them
interchangeably. If an issuer is willing to deploy sophisticated machine learning algorithms, another option
is to create a flexible model that can adapt given the type of data it ends up receiving. Whatever issuers
decide, they definitely have their work cut out for them, but the benefits of 3-D Secure are too valuable
to pass up in the face of a constantly evolving battle against fraud.

27
About the Author
Jennifer Singh,Director, Channel Partnerships – North America
Entersekt.As an innovator and community builder, Jen has grown
technology businesses from ideation to scale. Jen currently leads
channel partnerships for Entersekt’s North American business,
driving adoption of the company’s digital banking and payment
solutions. Prior to Entersekt, Jen founded the digital identity
solutions group at Thomson Reuters, an incubated business
venture focused on the development of new identity verification and
authentication services. She is a key evangelist, author and
featured speaker on topics such as digital innovation, cybersecurity,
fraud prevention and disruptive technologies. Jen supports her
local community by leading House of Genius Atlanta, hosting the
Rebel Women breakfast series and sitting on the Founding Partner Board for The Lola.

28
Oh, my! PerCSoft’s Irony
By Charles Parker, II; MBA/MSA/JD/LLM/PhD
PerCSoft is a Wisconsin business. The organization provides online data backup services for dental
offices. This operates by placing data in the cloud. They had hundreds of dental offices as clients. The
focus was to secure the patient medical records and other data from the various attacks, including
ransomware.
Irony
The irony of this pwnage has not fallen on deaf ears. In this industry, it’s not often the irony though has
this much depth. The firm’s function was to secure backups for their clients. In certain instances where
there would be an issue with the client’s data, such as with a natural disaster or a successful ransomware
attack. In their marketing materials, the safety from ransomware is emblazoned. The organization, whose
function was to secure data from ransomware had their files encrypted with ransomware, making them
not accessible.

29
Ransomware
PerCSoft, the online data backup service, was successfully attacked with ransomware. This attack
encrypted files for approximately 400 US dental offices. It appears the tool used was Sodinokibi, a
ransomware variant aka Sodin or REvil malware. This was addressed as a critical vulnerability with
Oracle WebLogic Servers, and with CVE-2019-2725 with a severity score of 9.8/10. This operates as a
deserialization remote code execution vulnerability. This was designed to encrypt files and delete the
shadow copy backups. This prevents the victim from recovering the data from other sources and puts
the victim in a very difficult situation.
Attack
The ransomware was detected on August 26. This was, relatively, a very successful attack, and
apparently profitable for the attackers, as they were paid. There were over 400 dental practices affected.
To appreciate the full extent of just this aspect, imagine the number of patients seen every day, multiplied
by two weeks, and then multiply this by 400, to be conservative. This attack did not merely affect a few
offices, but also all the people that work there and the patients. The practices were not able to access
patient history, charts, schedules, x-rays, or patient balances. I can only imagine how difficult this was to
work through for the affected staff members and patients.
Remediation
PerCSoft ended up paying the attackers. While not published, this course may have been required as
their primary files and all of their backups being encrypted or deleted, and they simply had no choice. It
was not reported who was paid or how much. As of 8/29/2019, 80-100 of the 400 dental office files had
not been decrypted. In these instances, the decrypt key did not work, which is an issue. The restoration
of the other offices was a bit slow. On a positive note, the organization did communicate on a regular
basis with their clients and interested parties through, among other means, Facebook from their postings.
Defenses
Perhaps PerCSoft should have followed a few of the basic industry standards and processes to reduce
the potential for an epic fail. The practices include:
• Backing up your data. This can be done on- or off-site. Dedup is an option, dependent on the
circumstances and budget.
• System inventory. Over time, we tend to become complacent with the network. Periodically we
should take an inventory of the assets on the network. This reduces the opportunity for missed
patches and also detects any unknown or shadow assets using your equipment and network.

30
• Conduct cybersecurity training throughout the year and make it relevant. The once a year
cybersecurity mandatory training to check the box simply still does not work. This needs to be
done through the year with relevant, current training. Granted, your task is not to entertain the
staff during these, however, you still need to attract and retain their attention. This will assist with
them internalizing the message and applying it, as some level, to their work, when the need
presents itself. The alternative is to play the same VHS tape from the 1990s and having your staff
in an infinite loop of mass password resets, patching vulnerabilities, scanning for issues, and
headaches.
• Patch cycle. While this may not directly impact the ransomware attack, it is still prudent and an
industry-standard to address this with regularity, in addition to the critical and time-sensitive
patches requiring immediate attention.
Lessons Learned?
PerCSoft paid the ransom, as noted previously. This may have been their only option given the germane
circumstances. The organization may not have backups of their client’s data. The organization having to
pay the ransomware fee to operate is bad enough. This however should ask you, in a researcher role, to
wonder why they had to pay the attackers only to operate. There generally are so many issues with this
avenue, it is hardly recommended.
Resources
Kobialka, D. (2019, August 29). Ransomware attack hits backup provider, US dental offices. Retrieved
from https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/dental-offices-hit/
Krebs, B. (2019, August 29). Ransomware bites dental data backup firm. Retrieved from
https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/
Kumar, M. (2019, May 1). Hackers found exploiting oracle WebLogic RCE flaw to spread ransomware.
Retrieved from https://thehackernews.com/2019/05/ransomware-oracle-weblogic.html
Percsoft Dental Technology Consulting. (2019). Facebook posts. Retrieved from
https://www.facebook.om/pg/percsoft/posts
Wei, W. (2019, August 30). Ransomware hits dental data backup service offering ransomware protection.
Retrieved from https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html

31
About the Author
Charles Parker, II has been in the computer science/InfoSec industry for over a
decade in working with medical, sales, labor, OEM and Tier 1 manufacturers,
and other industries. Presently, he is a Cybersecurity Lab Engineer at a Tier 1
manufacturer and professor. To further the knowledge base for others in various
roles in other industries, he published in blogs and peer reviewed journals. He
has completed several graduate degrees (MBA, MSA, JD, LLM, and PhD),
completed certificate programs in AI from MIT, other coursework from Harvard,
and researches AI’s application to InfoSec, FinTech, and other areas, and is
highly caffeinated. Charles Parker, II may be reached at
charlesparkerii@protonmail.com.

32
Persistent Cybersecurity Industry Challenges: Salary Survey
Finds Parity Gaps for Gender, Diversity and Trouble Sustaining
Work-Life Balance
By Trevor Daughney, VP of Product Marketing, Exabeam
Annually, Exabeam conducts a Cybersecurity Salary, Skills and Stress Survey* to gain insight on trends
in the salaries of security professionals, as well as education levels, job satisfaction and attitudes toward
innovative and emerging technologies such as artificial intelligence and machine learning.
This year’s survey shed light on parity gaps in gender and diversity hiring, along with employee burnout
and fatigue. Additionally, the survey revealed more positive findings in the industry’s interest in machine
learning, job security and stable median salaries.
Persistent Parity Gaps for Gender and Diversity Staffing
When we consider the continuous threats and external adversaries that cyber professionals face, we
understand that fighting them often requires a multidisciplinary approach. Building a diverse team of

33
people creates a more holistic view of the problem and delivers a range of valuable problem-solving skills.
In that way, diversity truly improves the overall outcomes of the team.
Yet, among the security analysts surveyed in the United States, UK, Canada, India, Australia, and the
Netherlands, 91 percent of respondents of the survey were male – up from 90 percent in 2018 –
representing the gender disparity in cybersecurity.
A wide racial disparity continues, with African-Americans represented by less than three percent of
respondents to the survey. Of the total number of respondents, the majority, or 65 percent, identified as
Caucasian. People of Latino/Hispanic descent made up just 13 percent of respondents. Even fewer (9
percent) were Asian followed by people of Middle-Eastern descent (4 percent).
The lack of diversity among the representation in this survey is a microcosm of the wider problem plaguing
the cybersecurity industry.
Industry struggles with achieving and maintaining a work-life balance
Stress and work-life balance are important aspects of any profession, and survey participants reported
that both factors significantly affected their work—indicating struggles with both burnout and fatigue.
These unfortunate realities of the role are being exacerbated by a skills shortage and an unrelenting
barrage of advanced cyberthreats. Sixty-two percent of professionals in the sector cited their jobs are
stressful or very stressful, and 44 percent don’t feel they are achieving a work-life balance. Further, while
a minority of respondents (40 percent) were actively looking for a new job, more than half (51 percent)
said their reasons for doing so were poor compensation and unsupportive senior leadership.
Despite this, 78 percent stated that they would recommend a career in cybersecurity, with 58 percent of
participants stating that the challenge in the workplace was the most important aspect of their job.
One obvious strength of the security space is that there are plentiful opportunities to take risks and
innovate. However, if employees are stressed, don’t feel supported by executive leadership, or don’t
enjoy balance in their lives, it’s difficult to achieve their full potential. Therefore, companies must focus
on inclusion and building productive environments where teams can deliver exceptional work.

34
Automation is welcome and seen as helpful, yet is currently underutilized
When it came to discussing automation, AI and SOAR solutions in their work, 80 percent of participants
stated that the tools could improve security in their organizations. Also, 65 percent stated that they did
not feel professionally threatened by automation compared to 10 percent who said that they feel
threatened.
Despite this feedback, only 16 percent said that they use some sort of automation in their work, and over
a third (36 percent) stated that they had no plans to use automation at all, despite that it could help them
and improve security.
This suggests that while professionals aren’t worried about automation impacting their jobs negatively
and possibly improving their workload, they still prefer to work manually without the assistance of
automation technology. This could, in turn, contribute to the increased levels of stress and work-life
imbalance reported.
Industry indicates job security
On a positive note, jobs in the security sector have staying power since nearly half (41 percent) of
professionals surveyed have been building a career in the industry for 10 years or more. Seventy-one
percent say they are satisfied or very satisfied with their jobs and responsibilities, which is a downturn
from 2018, when 83 percent of respondents reported their satisfaction. Seventy-six percent feel secure
or very secure in their current role. Somewhat unsurprising was that 78 percent of participants said they
would recommend a career in cybersecurity.
Median salaries remain stable and in-line with expectations
Unchanged from 2018 were median salaries, which averaged between $75,000-$100,000. Roughly 71
percent of cybersecurity professionals stated that they were either satisfied or very satisfied with their
salary, with the highest satisfaction response rates for those earning between $100,000 and $150,000.
Cybersecurity salary breakdowns by demographics provided interesting insights. While only 9 percent of
participants identified as women, they reported the same average median salary ($75,000 – $100,000)
as their male counterparts. Likewise, while there were less than a dozen participants who identified as
African-American, these professionals reported the highest median salaries based on a racial breakdown.
Caucasian professionals reported an average median salary range of $75,000 – $100,000.

35
In an increase from 2018, participants reported increased median cybersecurity salary ranges in Asia,
matching North American salaries at around $75,000 – $100,000 per year. Of the new regions we added
to our questionnaire, professionals in the Middle East also reported median salaries of $75,000 –
$100,000.
Download the full cybersecurity salary report for more on how cybersecurity professionals responded to
trends in the field.
*This year’s survey was compiled from an international pool of 479 security professionals who work in
cybersecurity, threat management, or information security.
About the Author
Trevor Daughney, vice president of product
marketing .Trevor Daughney is Vice President of Product
Marketing at Exabeam. Trevor is a marketing executive with
a track record of building high performing teams to take
enterprise cybersecurity SaaS and software technology and
turn them into successful global businesses. Prior to
Exabeam, he led enterprise product marketing at McAfee,
Ping Identity and Symantec. Trevor approaches marketing
with a global mindset, and builds on his experiences living
and working in the US, Canada and Asia. He has an MBA
from the University of California, Berkeley.

36
Protecting Against Modern Cyberattacks
By Bala Sethunathan, CISO and Global Director of the Security Practice at SoftwareONE
Modern cyberattacks are increasing in complexity and sophistication, as hackers are developing attack
tools at a faster rate than organizations can protect against them. Due to the evolving threat landscape,
no organization is safe from a modern cyberattack. The question is no longer if a company will be
attacked, but rather when and how extensive the impact will be. For instance, the frequency of phishing
and ransomware attacks continues to rise, often crippling or devastating their targets.
According to the recent Cloud Security Threat Report (CSRT), 73 percent of firms experienced cloud
incidents, such as a data breach, due to immature cybersecurity strategies and solutions. What can
organizations do to ensure they have a comprehensive cybersecurity strategy that protects data both onpremises
and in the cloud? What does a modern cybersecurity approach look like and is it possible for
organizations to stay one step ahead of cybercriminals? Organizations across the globe ask themselves
these questions every day as they strive to better understand their risks, vulnerabilities and more.
Know your threat landscape
Cyberattacks are no longer just the result of hackers working round the clock to breach a network. They
are often much more subtle - and damaging as malicious attackers share information and tools within the
dark-net. Just as cyberattacks and threats have evolved, so must organizations in the way they manage

37
and combat them. Before an organization can even start to protect its assets, it must first understand its
overall threat and cyber defense landscape.
When an organization starts a cybersecurity assessment, it needs to think differently. It’s not just about
securing the organization’s traditional infrastructure, but also analyzing and understanding the threats
that might be unique to their industry or customers. Recommended steps include:
• Take inventory: The first step for any organization to protect against modern cyberattacks is
quite basic, but often time-consuming -- take a comprehensive inventory of the existing
information systems.
• Understand the cyber risk environment: Once you’ve conducted your inventory, start to think
about where modern cyber risks originate, including fraudsters, human error, and partners who
might have risky security practices.
• Behavior: Now think about behavior. When a new employee joins an organization, he or she
receives the appropriate IT and login credentials and access based on their position and what is
required to accomplish daily tasks. There are two types of insider threats from employees: those
that are dissatisfied or those who have been compromised. They both pose a serious security
threat as their access to information and to systems is legitimate and needs continuous
monitoring.
Modern threat landscapes are continuously evolving, forcing organizations to analyze risks across their
entire IT footprints to ensure they are protecting their critical assets.
Develop a cyber-protection plan
Once an organization understands its threat landscape it must develop a cybersecurity strategy that
protects its assets. Organizations need to ask several key questions when developing this strategy:
• Existing technology. Start with what is already in place and assess whether it copes with latest
threats. Make sure it is being utilized, is securely configured and updated with the latest patches.
• Evaluate new technology vendors. Ask how they approach security from a combined people,
process, and technology perspective. Make sure they align with your security policies and
complement your existing cybersecurity stack.
• Workflow process. Identify the weak links. How does the workflow operate, who does it touch,
and is the level of security proportionate to the value of the asset?
• People, people, people. Who has access to the organization’s assets and from where?
Companies, especially large enterprises, have various types of users and more frequent
employee turnover. A company can have the latest and greatest technology but people will always
be the weakest link.

38
Conclusion
Unfortunately, no technology or risk strategy will ever be 100 percent secure because the expanding
threat landscape is constantly introducing new types of cyberattacks. However, by staying on top of the
threat landscape and remaining vigilant across technologies, people and processes, organizations can
mitigate their risks and better respond to future cyber threats.
About the Author
As SoftwareONE’s Chief Information Security Officer and Director of Security
Practice, Bala Sethunathan is accountable for directing the company’s cyber
security strategy. As a technology leader, he drives risk-centric cyber standards
and practices while maintaining cost-efficiency for SoftwareONE’s customers.
He joined SoftwareONE to setup a cyber security practice and was vital in
implementing a cyber security framework, robust Security Operations Centre
(SOC) and business practices to engage cyber security as one of the business
enablers. He has held leadership positions in at BHP and IBM prior to joining
SoftwareONE. Bala Sethunathan can be reached at
bala.sethunathan@softwareone.com First Name can be reached online at
(EMAIL, TWITTER, etc..) and at our company website
https://www.softwareone.com/en/

39
BeyondTrust Cybersecurity Predictions for 2020 & Beyond
2020 Prediction Contributors: Morey Haber, CTO/CISO at BeyondTrust and Christopher Hills, Sr.
Solutions Architect, Office of the CTO at BeyondTrust
It’s possible that the earliest security predictions began on that old medium known as “print”, but that
medium’s notoriously poor search capabilities mean the answer remains elusive. One thing’s for certain,
the practice of security predictions has evolved over the year to now showcase a diversity of flavors that
range from the practical and scientific to the fanciful. While some security soothsayers “predict” trends
that are already well underway and established, others seem to rely on the cyber-equivalent of waterwitching
sticks to issue wild prophesies.
What does BeyondTrust presage for 2020?
A confluence of factors means 2020 is primed for the breakout of some spectacular new threat vectors
as well as the re-emergence of some old threat vectors that present new wrinkles. We also provide 5-
year cyberthreat predictions that highlight emerging technologies and tectonic tech shifts that will have
profound implications for securing the businesses of the future, upending some of today’s standard
security practices.

40
For 2020
The Death of Traditional Software Piracy, The Rise of Malware Auto-Updates
Just over 10 years ago, the Internet was riddled with Warez, keygen (key generators), and pirated
software websites. It was easy to find versions of your favorite operating systems, applications, and tools
with cracked versions and license keys that operated under the guise of being free—even though they
were illegal and probably infected with malware.
With the paradigm shift to the cloud and application stores, many of these popular applications have
disappeared from Warez sites, resulting in a welcome decrease in malware-infected applications
downloaded by users. So, threat actors have concocted new attack methods. Since many of the cloudbased
applications auto-update, cyber criminals are now targeting cloud-based update mechanisms. The
attack techniques waged include man-in-the-middle attacks, spoofed DNS, stolen keys, and even
compromising cloud accounts to infect applications and auto-update unsuspecting end users with
malware.
Since the vast majority of users unreservedly trust the auto-update mechanisms of their applications,
they are oblivious to the threats when their cloud connection is compromised. In 2020, this topic will
command headlines as high-profile applications and operating systems are exploited by these cunning
emerging threats.
Reruns of Old CVEs
January 2020 will usher in the end of life of Windows Server 2008 R2 and Windows 7. With millions of
devices still running these operating systems, a myriad of vulnerabilities will continue to exist unless they
are patched, or the operating systems are replaced. Microsoft is unlikely to patch any new Critical
vulnerabilities, which will pose an unacceptable risk to many organizations. These assets, and their
vulnerabilities, will be documented on vulnerability reports as an end of life operating system and
vulnerabilities that are aging. These make for an easy asset attack vector for threat actors, and this will
be especially true for new vulnerabilities that have no remediation path after January 2020.
To that end, vulnerabilities uncovered years ago will return to the cyber spotlight because of active
exploitation and their age. This will make an old CVE a “new” threat. And, since it is costly and potentially
technically difficult to replace some of these end-of-life operating systems, 2020 will experience threat
actors actively assailing these systems since they present the lowest hanging fruit in many organizations
for exploitation.
Identity-Theft Royal Flush - Owning Every Account an Individual Owns
For the last several years, we have witnessed a surge of privileged attack vectors. A typical modus
operandi involves threat actors compromising accounts to gain a foothold, then engaging in lateral
movement, and then compromising additional assets and accounts via stolen credentials. The end goal
varies—from the exfiltration of sensitive data, to gaining a persistent presence, or causing a business

41
disruption. The year 2020 expects to showcase more of this, but there will be an additional component
in lateral movement that security professionals need to raise visibility for; account-to-account lateral
movement compromising a user’s entire identity.
As threat actors refine their strategies, they will begin to target all the accounts associated with an identity
(human or non-human) and impersonate users via DeepFake technology. This will be characterized, not
only by DeepFake email and SMS messages, but also a distinct rise in sophistication that entails
DeepFake phone calls with spoofed accents and vocal patterns, social media hijacking, and even
biometric hacking based on data that has already been compromised. Identity theft will bluntly occur due
to malicious artificial intelligence software used to impersonate an identity in novel ways we have not
even yet conceived.
An Election on the Edge of Cybersecurity
It matters not whether you are Republican, Democrat, Libertarian, Green Party, an Independent—or even
unable to participate in the U.S. elections—the potential for election hacking has implications for
everyone.
The votes in the next major U.S. elections will most likely be tabulated and recorded by person, by voting
precinct, by county, and by state. At each step in the voting process, paper and electronic systems will
record our votes and be stored in secure systems to tally who our next president and regional government
officials will be. This is a contentious election cycle. Considering all the previous allegations regarding
voter fraud and foreign government hacking of our electoral system, as well as old school paper ballot
issues (i.e. hanging chads), the 2020 United States election will doubtlessly prove to be one for the record
books—and potentially one to dread.
While data loss security incidents tend to dominate news cycles, election security helps to really bring
the critical issue of data integrity into focus. For the upcoming election, it’s not a matter of who actually
wins, but rather whether or not the votes, storage, and tallying of the populace’s opinion has been
tampered, altered, hacked, or degraded in any fashion that will make headline news and cast doubt on
the integrity of the entire process. This will be true regardless of whether or not threat actors or foreign
governments truly succeed in altering the outcome of the United States electoral process.
Ethical hackers have already demonstrated at cybersecurity conferences the vulnerability of electronic
voting systems. The risks of voter fraud, through electronic hacking, will be a top news story in 2020. The
issue will particularly be stirred up by those individuals who find themselves at the losing end of the final
ballot numbers. If the U.S. presidential race is close, hacking will become the center of attention and
cybersecurity forensics will be required to prove, or disprove, whether or not a threat actor truly
succeeded in altering the election. This will also play out in congressional races and other down-ticket
offices, potentially undermining leadership for our next slate of elected representatives. We will all be
waiting breathlessly long after the final vote has been tallied to learn if the vote integrity, and security,
has been upheld.

42
The Next Five Years
The End of End-User Passwords
There is a push by major operating system and software application vendors to remove the dependency
on passwords for end users. Authentication techniques—from biometrics to keyboard pattern
recognition—have proven reliable enough to make this a reality. In the next five years, expect to see
these techniques go mainstream and gain corporate acceptance. The average non-IT end user will no
longer require a password for routine computing. However, expect credentials and passwords for
privileged accounts and legacy systems to stick with us for at least 10 more years.
The Rise of Next-Gen Processors
Microprocessors based on x86 and x64 technology are beginning to show their age. While we can expect
them to persist for the next 20 years, ARM-based computers and tablets are on the rise. A nextgeneration
Windows and MacOS is rumored to already be running on ARM. These processors herald a
tidal shift in terms of security, power, and even performance. In the next 5 years, expect the shift from
legacy CPU architectures to ARM. The benefits of security protection strategies, as in ChromeOS, will
become more mainstream as they operate on these next-gen processors. We will require new security
solutions to protect against the unique characteristics inherent of these new devices as threat actors
learn to leverage them.
Facial Recognition-Based Transactions
Overseas, there was a recent demonstration of a vending machine authorizing a transaction strictly based
on facial recognition technology. In addition, major airlines in the United States have been experimenting
with facial recognition to authorize boarding passes versus paper, photo ID, and even passports. While
this technology is still relatively immature, it shows substantial promise. It also has the potential to
introduce new extraordinary security risks and data privacy concerns.
Within the next 5 years, expect facial recognition technology to mature and be available in our daily lives.
This technology will also provide the basis for many password-less authentication techniques as
discussed above. However, using facial recognition technologies as a means of authentication or
authorization presents vexatious cyber risk and data privacy concerns that will need to be addressed
before it is widely used around the world. This includes how to securely store and process facial
biometrics, how images are linked to individuals, and most importantly, how to reconcile identity conflicts
when identical twins or family members can be used to spoof this technology.

43
Cloud Security and Landscape
I know we bludgeon the cloud angle to death, but the ever-popular cloud-based architecture and modeling
will continue to grow. The cloud market continues its massive expansion with more demands for
availability, scalability, and security. Over the next five years, cloud offerings will double, even triple, what
they are today.
Inevitably, we will witness an uptick in cloud-based threat vectors and the need for stronger security
baked into cloud offerings. Cybercriminals will continue to invest strong focus and resources on
leveraging cloud-based threat vectors since the environment is still fluid and evolving, which increases
success in finding security gaps and targeting data at scale.
We foresee demand for technologies that secure cloud-based assets, cloud-based identities, cloudbased
keys, and all other aspects of cloud continuing to ramp up over the next 5 years.
Final words
Cybersecurity predictions are more than just a fun exercise. The more CISOs and other IT staff
understand the security implications of evolving technologies, the better prepared they are to make the
right investments for their business. Its the difference between being proactive versus reactive, and
having a security approach that enables new technologies and business opportunities, versus one that
clamps down on them.
About the Author
With more than 20 years of IT industry experience and author of
Privileged Attack Vectors and Asset Attack Vectors, Mr. Haber joined
BeyondTrust in 2012 as a part of the eEye Digital Security acquisition.
He currently oversees the vision for BeyondTrust technology
encompassing privileged access management, remote access, and
vulnerability management solutions, and BeyondTrust’s own internal
information security strategies. In 2004, Mr. Haber joined eEye as the
Director of Security Engineering and was responsible for strategic
business discussions and vulnerability management architectures in
Fortune 500 clients. Prior to eEye, he was a Development Manager for
Computer Associates, Inc. (CA), responsible for new product beta
cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability
Engineer for a government contractor building flight and training simulators. He earned a Bachelor of
Science in Electrical Engineering from the State University of New York at Stony Brook.

44
Government Agencies Are Prime Target for Cyberattacks
By Gerry Grealish, Chief Marketing Officer, Ericom Software
On August 16, , 2019, 22 small towns, municipalities and local governments in Texas were hit by a
coordinated ransomware attack. The hackers demanded a total of $2.5 million to unlock the files. Almost
one month later, not a single entity had paid ransom and over half those affected were up and running
after restoring from backups.
In June of the same year, Lake City, Florida a small town of just over 12,000 people was crippled by a
ransomware attack that immobilized the city, preventing employees from using email and citizens from
paying bills online. The city opted to pay a ransom of $460,000 in bitcoin to the attackers. Riviera Beach,
another Florida city, also suffered a ransomware attack and paid nearly $600,000 in ransom. New
Bedford, Massachusetts rejected demands for $5.3 million in ransom, as did Atlanta. The list goes on.
To Pay or Not to Pay?
The question that every government agency will ultimately have to face when hit by a ransomware attack
is whether it should pay the ransom or not.

45
Unfortunately, security experts and law enforcement officials often offer conflicting advice. Law
enforcement officials discourage governments from paying ransom, since capitulation incentivizes
cybercriminals to continue targeting similar organizations. Security and business consultants, such as
Forrester for example, acknowledge that paying the ransom is a viable option for retrieving encrypted
information – as well as the fastest and sometimes, least costly.
One practical concern is that paying ransom does not guarantee agencies will retrieve the information
that was seized. A survey of nearly 1,200 IT security professionals across 17 countries conducted by
CyberEdge Group, a research and marketing firm, revealed that of the 38.7% of individuals who chose
to pay ransom following an attack, less than one fifth (19.1%) were able to regain access to all critical
data.
Plan of Cyberattack
Ransomware attacks are most often initiated via spear-phishing emails with appeals customized to
targeted employees. When the unsuspecting recipient clicks on a malicious link within the email or opens
an infected attachment, web-based command and control servers deploy malware payloads via device
browsers.
Despite being one of the oldest hacking techniques around, phishing remains the vehicle of choice
for malicious actors, who excel at generating innovative and highly effective ways to manipulate
recipients. The rise of free hosting providers has significantly contributed to the increase in phishing
volume, since malicious actors can easily and inexpensively launch and importantly, quickly take down
sites before they can be categorized as malicious.
By coupling free hosting sites with targeted social engineering techniques, threat actors easily defeat
traditional, reputation-based cyber security tools and systems. Detection and categorization-based
cybersecurity solutions are powerless against this onslaught. And while employee training is essential,
human error is inevitable. Just one erroneous click by a distracted employee can paralyze an entire city.
According to a 2019 report from Cybersecurity Ventures sponsored by Herjavec Group, a business will
fall victim to a ransomware attack every 14 seconds in 2019, and every 11 seconds in 2021. Ransomware
damages are predicted to reach a global cost of $11.5 billion in 2019.
Secure Zero Trust Browsing for Government Entities
Government entities can circumvent most cyberthreats if they operate under the Zero Trust principle that
no individual or element is to be trusted. No traffic, whether internal or external, should be assumed safe.
Zero Trust solutions leverage granular security policies that allow organizations to control, restrict and
monitor communications between data, applications, networks and individuals. All elements are microsegmented,
and access is restricted in accordance with stringent security policies and user
authentication.

46
It’s a basic fact of contemporary life that the internet is not safe. In fact, the internet is a critical part of the
delivery chain for most threats. Zero Trust supporters address this fact by recommending that known
secure sites be whitelisted and access denied to all other sites. This is, however, highly impractical for
most businesses, which rely on the internet for many essential business tasks. Limiting access reduces
productivity, leaves employees frustrated and increases workloads for IT staff, who must divert attention
from critical tasks to manage access requests. Users are forced to wait for IT approval and intervention
in order to complete their tasks.
When it comes to browsing, Zero Trust security must ensure that no site can interact with vulnerable
endpoint browsers and through them, organizational networks. One method of implementing Zero Trust
browsing that is rapidly gaining traction is remote browser isolation (RBI), which sequesters all direct
interaction with websites in virtual browsers located remote from endpoints.
When a user opens a browser or tab, a virtual browser is spun up within a container in the cloud. All direct
contact with websites and applications occurs within that container - no content reaches the end-user’s
device. A safe media stream is sent from the remote browser to the user’s endpoint browser, allowing
them to interact naturally with the site. Some RBI solutions also sanitize downloads through a content
disarm and reconstruction process before releasing them to the endpoint. When the user stops browsing,
the container along with all content from the browsed site is destroyed.
RBI protects government agencies from users’ erroneous clicks on phishing emails by opening linked
sites in the remote container. In addition, some solutions address credential theft by blocking known
malicious sites and opening suspicious sites in read-only mode.
Public sector organizations are on track to embrace the Zero Trust paradigm. Until that happens,
however, their security situation will continue to be challenging and complex. Zero Trust Browsing using
RBI provides a practical path to rapidly reduce threats and realize both security and productivity when it
comes to threats delivered via the web.
About the Author
Gerry Grealish is the Chief Marketing Officer at Ericom, where he is responsible
the company’s outbound marketing and business development activities. He is a
security industry veteran, with over 20 years of Marketing and product experience
in cybersecurity and related technologies. In addition to his work at Ericom, Gerry
is a frequent contributor to cybersecurity dialogue in areas such as Zero Trust
Security, Cloud Access Security Brokers (CASB), and Web/Cloud Security.
Connect with Gerry on LinkedIn.

47
Visibility and Anomaly Detection in The Age of Iot
By Craig Sanderson, Senior Director of Security Products at Infoblox
Historically, organizations have struggled to gain visibility of what users, devices and applications
are accessing their network infrastructure. If the maxim “you can’t protect what you can’t see”
holds true, then the prospect of the Internet of Things (IoT) business transition which will result
in billions of devices connecting to IP networks is a nightmare in waiting. Identification and
classification of IoT devices is particularly problematic because the range of new device types
leveraging the IP network is going to explode making it harder for IT security teams to manage
and control policies that protect these new devices from themselves and the existing IP connected
services.
Beyond controlling accessing and setting policy, IoT also presents a sizable headache when it
comes to detecting breaches and enabling effective response. The plethora of protocols that IoT
devices will leverage, spanning a broad range of vertical industries from Healthcare to Retail will
make it hard for traditional security platforms to detect breaches. Malware sandboxes whose
expertise is identifying abuse of well-known operating systems such as Windows servers will
have a steep learning curve to apply the same detection for the bespoke applications running on
proprietary software platforms. Instead organizations will have to rely heavily on secure IoT
endpoint platforms to try and reduce the potential attack surface area. Surely there must be a

48
simpler way to approach these problems. A common denominator that can cope with the breadth
of platforms and devices that IoT will present.
That common denominator could well be an infrastructure that is already prevalent across all IP
networks, whether they be corporate network, public clouds, next generation data centers and
even the Internet. That infrastructure would be the DHCP, DNS and IP address management
(DDI) infrastructure which for the past 30 years has provided internet scale to all IP connected
devices. How could this ubiquitous infrastructure be applied to the address the challenges of IoT?
Device Identification and Classification
Starting with device identification and classification. IP connected IoT devices are going to require
an IP address. If the addresses are statically provisioned, organizations will need an IP address
management platform to manage the IP address space, even more so given the dramatic increase
in consumption of addresses. Even if the devices are going to use IPv6 where address space is
not constrained, managing and tracking those addresses is an important operational need.
Similarly, if the devices obtain their addresses dynamically, they will still need a DHCP (Dynamic
Host Configuration Protocol) server to provide those addresses. In either case the centralized
platforms that manage the IP address space will have a comprehensive view of what devices are
on the network. More so, through the static address management process there is the opportunity
to classify the device at the moment of provisioning. In the case of DHCP, the DHCP request
from the IoT device provides a fingerprint that would enable the DHCP server to classify what
devices is requesting an address. There does not seem to be any better common way to identify
and classify the broad range of IoT devices than with an IP address management and DHCP
platform.
Threat Detection
In the case of threat detection there is an advantage to protecting devices over users. Anomaly
detection for users is difficult because it’s hard to predict what a user’s normal behaviour is.
Machines on the other hand tend to be far more predictable which means anomaly detection
could be a fruitful way of identifying compromised machines. One common means of applying
anomaly detection across the breadth of IoT devices would be to leverage their DNS activity.
Since statically configuring applications and services is impractical and not scalable, most IoT
devices will leverage DNS to dynamically locate the services and platforms it needs to interact
with. DNS provides that flexibility enabling services to be re-located between networks whilst
maintaining a common point of reference: the fully qualified domain.
On this premise, it’s possible to monitor and model the services the IoT device seeks to
communicate with. If for example there is an IoT thermostat made by a manufacturer in Germany,
it may communicate back to the manufacturer for software updates, leveraging DNS to resolve
the address of the update server in Germany. DNS servers could model that behaviour and if the
device began to deviate from its typical pattern of behaviour, perhaps by attempting to resolve

49
services in a previously unknown location, that would provide an indication of compromise. The
common need for IoT devices to use DNS to locate services provides a simple, scalable and
consistent model for detecting potential breaches.
Given the looming challenges of IoT, it’s worth considering how the DNS and DHCP platforms
that serve IT infrastructure today could be repurposed as a scalable tool for device classification
and breach detection.
About the Author
Craig Sanderson is the Senior Director of Product Management for Infoblox
security solutions. Craig has been in the security industry for 19 years in a number
of roles including Technical Consultant, Solution Architect, Product Manager and
Business Development manager.
Craig can be reached online at (csanderson@infoblox.com) and at our company
website https://www.infoblox.com/

50
Why Outsmart Cyber Attackers When You Can Remove Them
Entirely?
By Kowsik Guruswamy, Chief Technology Officer at Menlo Security
Cyber threat actors have gotten smarter--or lazier--depending on your perspective. It used to be fairly
common for attackers to spend days or even weeks probing targeted networks for vulnerabilities to
exploit. Once identified, they would break down traditional cybersecurity defenses around the network
perimeter and steal as much information as they could, or cause as much chaos as possible, before the
hole was patched and they were shut out.
Today, threat actors are much more subtle. Instead of trying to break down the castle walls, they simply
steal the keys and stroll through the front door. By tricking users into willfully giving up their credentials
through spear phishing, threat actors can simply remain undetected for days, weeks or even months until
the time is right to execute their mission-- to extricate data, hold systems hostage, spy on users or all of
the above.
Is this lazy or creative? Depends on who you ask, maybe it’s a generational thing.

51
The point is that 94% of malware attacks conducted through email, according to the Verizon 2019 DBIR.
Spinning up a seemingly legitimate email from a trusted individual or brand is fairly easy when anyone
can become a Photoshop wizard overnight. Email addresses and domain names can be masked, and it
is alarming how much personal information is publicly available on social media accounts. An enterprising
threat actor could easily find the name and email address of a manager or vendor and send an email with
a malicious attachment, such as a link to a compromised site or fake login page. By sending multiple
versions of the spoofed email with slight variations, threat actors can scale the attack, knowing that at
least one will eventually be clicked by the user.
This shift in strategy means that no matter how strong your cybersecurity defenses, your organization’s
cybersecurity posture is almost entirely reliant on users. Web filtering through traditional security solutions
need a reputational footprint of an attack based on third-party or internal threat intelligence. If an attack
is new or has been slightly modified, it can sneak through. In fact, many malware attacks have grown
sophisticated enough to identify whether they are in a sandbox and shut down until instructed to ramp up
again when executed on users’ devices. Users – whether apathetic, unsavvy or both – are then
responsible for determining what they can safely click on. As a result, phishing attacks are growing
increasingly more successful. Verizon’s research also shows that 30% of phishing messages are opened
by targeted users, so it is clear current defense mechanisms are not working.
What’s an enterprise to do? How can an enterprise build a robust cybersecurity strategy when attackers
continue to target the weakest link: the user? Traditional cybersecurity solutions and conventional threat
prevention products rely on detect and respond tactics and have failed to keep up with the evolving nature
of sophisticated phishing attacks. These solutions analyze web links in an email and make a ‘good vs.
bad’ determination. Unfortunately, this approach requires a reputational footprint to make a decision that
does not detect (and ultimately block) new or modified attacks.
Enterprises need to rethink how they can protect users from cybersecurity threats by implementing a
Zero Trust Internet policy. Instead of trying to determine what web content is bad, enterprises should just
assume that all content is risky and isolate everything to be safe. Making an isolate or block determination
is much safer than an allow or block approach, preventing even unknown attacks from executing malware
on end users’ devices or directing users to fake login pages where credentials can be stolen. All email
links and attachments can be opened in a safe isolation session in the cloud, protecting users from giving
away credentials or opening attachments in a sandbox or on the endpoint.
The result: 100 percent malware free email.

52
Depending on how you look at it, threat actors are either getting smarter or lazier and going after the
weakest link in the cybersecurity chain: the user. It’s time to take the responsibility out of their hands and
implement a Zero Trust Internet strategy to cybersecurity.
About the Author
Kowsik Guruswamy is CTO of Menlo Security. Previously, he was co-founder
and CTO at Mu Dynamics, which pioneered a new way to analyze networked
products for security vulnerabilities. Prior to Mu, he was a distinguished
engineer at Juniper Networks. Kowsik joined Juniper via the
NetScreen/OneSecure acquisition where he designed and implemented the
industry's first IPS. He has more than 15+ years of experience in diverse
technologies like security, cloud, data visualization, and computer graphics.
Kowsik has 18 issued patents and holds an MSCS from University of
Louisiana.

53
Cyber Safety Tips for The Holidays
Practicing Good Cyber Hygiene to Avoid Holiday Cyber Attacks
By Dr. Bob Duhainy, Walden University Doctor of Information Technology core faculty member
While millions of holiday shoppers will be spending money on the best gifts for their loved ones, cyber
criminals will be highly active due to the huge increase of online financial transactions, increasing the
chances of stealing confidential information.
Security experts at Carbon Black caution that individuals can expect to see more attempted cyberattacks
starting with Black Friday and continuing through the holiday shopping season. Experian also reported
that 43% of consumers who had their identity stolen say it happened while shopping online during the
holidays. To stay safe online during the holiday shopping season, take the following cyber security steps:
Understand your threats. It is important to realize the various vectors malicious actors are utilizing so
you can properly defend yourself. Threat intelligence is an important service that information security
professionals and everyday users should leverage for better protection. Before stepping out the door,
examine current activity and take precautions to protect yourself. For example, the Cybersecurity and
Infrastructure Security Agency (CISA), an entity within the Department of Homeland Security, provides
free and up-to-date current activity and alerts, as well as a weekly vulnerability summary. CISA will also
provide updates to state-run activities, which security professionals can digest and make useful to their
organization, friends and family.
One currently active alert from April 2018, coded under GRIZZLE STEPPE for malicious Russian cyber
activity, denotes a vulnerability with Simple Network Management Protocol (SNMP) enabled network

54
devices. Russian actors can extract device configurations, collect login credentials and impersonate
privileged users, among other actions. By understanding threats to this level of detail, the appropriate
mitigations can be implemented. Make threat intelligence actionable intelligence.
Zombie devices to botnets. While your local coffee shop may seem like a great place to get some
online shopping done, remember that free, public wireless networks make it easier for cyber hackers to
obtain your information. Make sure you use WPA-2 for authentication and 802.1x for remote access using
IPsec/VPN tunnel before entering your personal information for an online order. Be aware of the VPN
you utilize because not all VPNs are 100% secure. As of October 2019, an advanced persistent threat
(APT) was discovered to exploit vulnerabilities in Palo Alto, Fortinet and Pulse Secure products, which
allow actors to collect credentials. These stolen credentials can later be used at accessing a root shell
for increased privileged activity.
Metadata spoofing attacks. Cyber criminals exploit vulnerabilities of web-based applications due to
vulnerabilities associated with various apps, especially when they are outdated. Keep up with the latest
security updates on your computers, browsers and mobile devices. Setting your antivirus software to
auto-update will also help safeguard your computer from the latest viruses.
In addition, ensure that you remain abreast of threat intelligence and immediately apply required patches
to your systems. Many examples have been encountered in which patches were available but had not
been installed as directed, resulting in an information assurance event or compromise. Think back to the
Marriott, Target and Office of Personnel Management hacks – each could have been prevented by
appropriate patching.
Authentication attacks. Once malware has been unleashed onto an electronic device, cyber criminals
use brute force attacks to break the encrypted password saved in the form of an encrypted text. Never
save your personal information – including your name, passwords, address and credit card information
– using the remember me feature on shopping websites. Logging out of your account after each purchase
ensures that your personal information won’t be compromised if your online retailers have a data breach.
People often make the mistake of using the same password for multiple applications, even adding add a
number or symbol to the original password after it expires. With an inverse correlation between security
and convenience, users must carefully assess their circumstance. A trusted password manager can
assist in producing strong and random passwords.
Masquerading emails. During this time of the year, email marketing campaigns are prevalent, and
phishing is an area of major concern. The Anti-Phishing Working Group (APWG) reported that phishing
attacks have increased to their highest levels since 2016. Simple Mail Transfer Protocol does not possess
the necessary mechanisms to verify legitimate email addresses. Users cannot trust in Domain-based
Message Authentication, Reporting and Conformance (DMARC) to protect them from spoofed emails.
As you’re sifting through your inbox for the best holiday sales, verify the sender’s credentials before
clicking any links. Even e-mail attachments and links forwarded from trusted entities may have a
malicious code. Get in the habit of manually typing websites in your internet browser to avoid any
unforeseen cyberattacks.
In addition to phishing, malicious actors are also exploiting vishing and smishing approaches. Always be
suspicious of unsolicited information requests and make sure you know where your information is going.

55
Use multi-factor authentication. Whenever possible, use multi-form authentication (MFA) to secure
your devices and data. Use two of the three possible authentication methods: something you know,
something you have and something you are. Going one step further, adaptive MFA applications can
compare locational data, travel patterns, device context and network context. By combining these results
with a developed baseline, adaptive MFA can further secure your systems. Make use of MFA to make it
more difficult for attackers to compromise your data and systems.
In addition to these tips, be discrete about any upcoming holiday travel plans. Do not share your location
or go live on social media while you’re on vacation. Using the check-in feature makes you more vulnerable
to digital and physical consequences as this lets hackers know where you are and where you aren’t. Hold
off on sharing your vacation details online until after your trip is over.
Good cyber hygiene, the practice of proactive cyber safety habits, is the best way to protect your
information from online criminals. Adopting these cyber safety tips during and beyond the holiday season
will greatly reduce your probability of becoming a victim of cybercrime.
About the Author
Dr. Bob Duhainy, core faculty member with Walden University’s Doctor of
Information Technology program, has nearly 30 years of experience in
technology and computer security. He teaches a variety of courses in data
communications and computer security online. He is involved in various
security-related research projects, including advanced authentication
techniques interoperability, nefarious code detection and system
vulnerability assessments. Dr. Duhainy received training from the National
Security Agency (NSA), Federal Bureau of Investigation (FBI), United
States Secret Service (USSS), Central Intelligence Agency (CIA), Director
of National Intelligence (DNI) and Department of Homeland Security (DHS)
on various topics. He is also an active member of IEEE, ACM, AFCEA,
Cisco Networking Academy, ISC 2 and the FBI-InfraGard.

56
How to Become a Cybersecurity Sleuth?
By Edith Santos, Director of Global Incident Response for NTT, Ltd.
So, you want to become a cybersecurity sleuth? Excellent! We need you and so does everyone else. A
quick online search for cybersecurity jobs will reveal countless available positions. There is a great
demand for more practitioners in this field, as everyone is battling the shortage of workers with
cybersecurity skills. Cybersecurity Ventures predicts “…there will be 3.5 million cybersecurity job
openings by 2021.” [1] With the rapid advancement of technology and continuously changing threat
landscape, there simply aren’t enough cybersecurity personnel to fill these positions. Just having curiosity
and an interest in this field is a great first step.
How does one enter the cybersecurity field, especially if one’s background is not in Information
Technology (IT), Computer Science or Engineering? A report by Frost & Sullivan shows that 87% of
practitioners “…did not start their careers in cybersecurity, but rather in another career.” Cybersecurity
practitioners come from diverse technical and non-technical backgrounds such as marketing, finance,
accounting, military, and law enforcement. So, it can be done, and many have done it--including myself.
Here’s how:

57
Learn
There are several paths to cybersecurity that one can follow. Research the different paths and learn what
the required skill sets are, evaluating all of them to help you decide which ones are of interest. For
example, do you want to review data and identify unusual behavior like a cybersecurity analyst? Or would
you prefer to use new technology and processes to enhance security capabilities, like a cybersecurity
engineer? Perhaps, you would prefer to analyze digital evidence in response to an attack or breach, like
those in digital forensics incident response disciplines. The National Initiative for Cybersecurity Careers
and Studies presents the NICE Cybersecurity Workforce Framework [2] , published by NIST [3] , that can
help you explore the different paths and roles available, along with the required skills and knowledge.
Take advantage of this. Once you have identified which paths are of interest to you, learn about that
subject matter and continue learning. The nature of our industry necessitates that you be on a continual
path of learning.
If you don’t have a degree, or are still in school at this point, I highly recommend you pursue a degree in
Computer Science, or one of the cybersecurity degrees that many colleges and universities now offer.
This is also a great place to network with like-minded people. If you have a degree in another area, but
want to make a transition into cybersecurity, I suggest you take information security courses that can
provide you with the fundamentals of Information Technology. These days, most community colleges and
universities offer courses through their Continuing Education program and many are even available
online. To become a security practitioner, one must learn the fundamentals of information systems,
operating systems (such as Windows and Linux), and the architecture of network environments. You
need to be familiar with how they operate and work together. You can’t protect a system if you don’t know
how it works.
There are many free and very affordable computer and cybersecurity courses online. These include
courses available from CompTIA, Cybrary, Coursera, Udemy, Department of Homeland Security -
NICCS, and the Federal Virtual Training Environment (all of which are free to government personnel and
veterans). Many vendors also have free online webinars or their own YouTube channel with free training
videos. Take advantage of any free and affordable courses, hands-on labs, capture the flag events and
cyber challenges, as these will help you narrow down the path where you’re most passionate.
You must constantly be filled with curiosity, as it’s the only way you will learn. Buy books, audiobooks, or
listen to podcasts while you are in transit, washing dishes, or grilling out. This is one of the main reasons
why I love this field, because you truly are always learning something new. It never gets boring!
Network
Networking is very important, as it helps you to meet others that are as passionate about cybersecurity
as you. When you meet others in this field, ask them about their journey and let them know where you
stand in yours. Ask for their advice. You will learn that most are more than willing to provide guidance.
Read blogs and articles that focus on the areas you are thinking about pursuing. Then follow the authors
on social media platforms and learn from them. Leverage social media to connect with others in the

58
industry. Perform online searches for cybersecurity events in your area and try to attend as many as
possible. Research authors who have published books in the cybersecurity field. Many of them will be
happy to advise and mentor you on your journey.
Join associations that focus on the specialized skills of interest to you and connect with their members.
Attend conferences, learn as much as possible and network during attendance. Don’t be afraid to ask
someone if they’re willing to mentor you, or even if you can shadow them for a day. I have asked this,
and it has been asked of me. Ask those you have networked and connected with if internships are
available in their company. If not, maybe they can connect you with another company that offers this.
Look for cybersecurity meet-up groups in your area. Members of these meet-ups operate in many
different fields of cybersecurity and usually happy to share their knowledge and experiences. Even after
you become a cybersecurity sleuth, never stop networking!
Soft Skills
In addition to the necessary technical skills, soft skills are also a must! Response to attacks and incidents
are rarely handled by individual people. Rather, it takes a team to handle cyberattacks and you must
have the soft skills in order to contribute. Regardless of the role you land, be inquisitive and listen,
communicate well, focus on strong team collaboration, develop your problem-solving techniques, and
polish your writing skills. You must be attentive to details, able to effectively communicate your findings
to the team (technical), management and executives (non-technical). It takes an organized approach, as
a team, to help protect the impacted cyber environment.
Lastly, in an effort to get into the field, never be afraid to take a lesser job than what you
wanted. Sometimes, simply getting a foot in the door is the hardest part. Once inside, you can develop
your skills and eventually work your way into the job that really interests you. Once you’re in a
cybersecurity role, realize that you will never have all the answers. You will find that you need others, just
as much as they need you, to be successful in this field. Adopt this approach and you will become a great
cybersecurity sleuth, desired by all. And when you do become a cybersecurity sleuth, remember to pay
it forward. Make it a point to guide or mentor someone else on their journey as well.
[1] https://cybersecurityventures.com/women-in-cybersecurity/
[2] https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
[3] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
181.pdf?trackDocs=NIST.SP.800-181.pdf

59
About the Author
Edith Santos is the Director of Global Incident Response for NTT, Ltd.
Prior to joining NTT, Edith served in law enforcement for nearly two
decades, working undercover as a detective as well as a hostage
negotiator before joining the Dallas Secret Service task force. Her
background in law enforcement, as well as her time in the private sector
working for Bank of America, has equipped her to oversee the
organization’s global digital forensics and incident response teams. Edith
was recently named a winner of the 2019 Cyber Defense Global Awards
for the Women in Cybersecurity category from Cyber Defense Magazine.
The award recognizes her commitment to mentoring and blazing a trail
for other women in the industry.
She can be reached at edith.santos@global.ntt.

60
The Security Challenges of Robotic Process Automation—A
Primer
By Kevin Ross, Global Solutions Engineer, CyberArk
Robotic process automation (RPA) is one of the hottest technologies in the IT market today. These
systems enable software robots to replicate the actions of human workers for tasks such as data entry,
and they can bring greater efficiencies and accuracy to many key business processes.
The technology has the potential to deliver huge benefits to companies. These include increased
efficiency of workflows, improved accuracy of transactions, and significant cost savings through the
reduction of labor by automating the execution of repetitive, time-consuming manual tasks.
RPA can also be a significant IT security risk, particularly around the credentials used to manage RPA
implementations. Because of that, organizations need to be vigilant about how they secure their RPA
deployments.
The Benefits of RPA
Companies that include manufacturers, financial services firms, engineering firms, and insurance
companies use RPA to automate all kinds of routine tasks. The software “bots” that are key components
of the software follow a set of programmed rules to carry out activities people would ordinarily perform.

61
In some cases, the RPA bots work together with humans for functions such as moving or copying data
between applications.
Companies that rely on a large human workforce for process work, in which people perform high-volume,
transactional functions, stand to gain from using RPA, according to the Institute for Robotic Process
Automation and Artificial Intelligence (IRPA AI).
RPA software can deliver efficiencies to enterprise applications such as enterprise resource management
(ERP), customer relationship management (CRM), supply chain management, and applications that
support functions in human resources and finance.
Clearly the emerging technology is having a huge impact on the way enterprises perform day-to-day
business processes.
According to Deloitte, 53 percent of organizations have started to leverage RPA to robotize and
automate repetitive tasks to allow the human workforce to focus on higher value work. Overall, RPA
adoption is expected to increase to 72 percent in the next two years and, if adoption continues at its
current level, RPA will achieve near-universal adoption within the next five years.
While RPA software is being deployed in all industries, the biggest adopters include banks, insurance
companies, telecommunications providers and utility companies.
These companies traditionally have lots of legacy systems, and implement RPA tools to enhance
integration among these systems and quickly accelerate their digital transformation efforts while
leveraging their IT investments.
This is creating new security risks that organizations need to be aware of.
Addressing the Security Risks
Considering the scale and speed at which bots work and the number of systems and applications they
can access, security should be a primary consideration when deploying the technology.
As with any other newer technology, RPA can easily become a new attack vector for bad actors if security
isn’t factored into the platforms.
RPA software interacts directly with critical business systems and applications, which can introduce
significant risks when bots automate and perform routine tasks. Bots don’t need administrative rights to
perform their tasks.
But they do need privileged access to log in to ERP, CRM and other enterprise business systems to
access data, copy or paste information, or move data through a process from one step to the next.
Privileged access without security is a recipe for disaster.
According to a recent study, 84 percent of organizations believe that IT infrastructure and critical data is
not secured unless privileged accounts are fully protected.

62
The typical approach in providing privileged access credentials to bots is to hard-code privileged access
credentials into the script or rules-based process a bot follows. With another method, the script might
include a step to retrieve credentials from an insecure location such as an off-the-shelf application
configuration file or database.
As demand for RPA increases among lines of business, the number of privileged account credentials
hard-coded into scripts or stored insecurely grows. That significantly increases the associated risks.
With these approaches, the credentials end up being shared and reused repeatedly. Unlike the
credentials used by humans, which typically must be changed regularly, those used by bots remain
changed and unmanaged.
As a result, they’re at risk from cyber criminals and other bad actors who are able to read or search scripts
to gain access to the hard-coded credentials. They are also at risk from users who have administrator
privileges, who can retrieve credentials stored in insecure locations
As RPA deployments expand to include larger numbers of bots, the risks become exponentially greater
for organizations. If privileged account credentials used within an RPA platform are left unmanaged and
unprotected, that can transform RPA processes into a backdoor through which attackers can gain access
to corporate systems and do damage.
Organizations can take three critical steps to start mitigating the risk of the RPA pipeline becoming
compromised, building security directly into their RPA workflows and processes.
1. Store and manage privileged credentials securely
To keep privileged account credentials from falling into the wrong hands, they can remove credentials
from bot scripts and other insecure locations.
Instead, they can be stored in a system that encrypts the credentials; holds them in a secure location;
hands them securely to authenticated bots on-demand; automatically rotates credentials at regular
intervals or on-demand; removes human intervention from the process; and scales to meet rapid growth
in RPA use.
2. Limit the bots’ application access
If an attacker acquires privileged account credentials, companies can minimize the impact by limiting the
number of applications to which the credentials allow access.
That means granting bots privileged access only to the specific applications they need, preventing other
applications from executing. This prevents bad actors from using multiple applications on a client machine
and gaining the local administrator rights allowing them to install spyware and other malware.
3. Protect administrator credentials or else
Companies should deploy a secure infrastructure that protects and manages administrator credentials in
the same way as bot credentials, using encryption and secure storage and automatic rotation; and allows
isolation and monitoring of administrator activity.

63
By taking the necessary steps, organizations can benefit from RPA and minimize the risks.
About the Author
Kevin Ross is a Sr. System Engineer at CyberArk (NASDAQ: CYBR). He is
an experienced system engineer with a demonstrated history of working in
the computer software industry. Previous to CyberArk, he was a support
engineer and project manager at Barracuda (NYSE: CUDA). He’s skilled in
Session Initiation Protocol (SIP), Domain Name System (DNS), Mac,
Transmission Control Protocol (TCP), and more. He has a B.S. in Computer
Information Services from Southern Adventist University. Kevin can be
reached online at LinkedIn. For more information
at: https://www.cyberark.com/

64
The Blockchain And Wireless Technologies
By Milica D. Djekic
A Perspective
The Blockchain by itself is any well-protected record of data that is transmitted through cryptographically
assured communications channel. It may appear that such information is well-secured, but would that be
true in practice? Basically, it’s quite challenging to the opponent to monitor such a data transfer, and the
experience would suggest that the risk in those cases could be quite maintainable. The Blockchain is not
the silver bullet that would resolve all our concerns and put all our fears at rest. It’s more like the new
technology that has its positive as well as negative sides, so it still needs a lot of effort to complete its
improvement, development and deployment. Many consumers worldwide would be satisfied with that
solution, while the hackers would find more and more lucid ways to overplay such advancement. We
might say in comparation with the Darknet products and services the Blockchain is still on its course to
full functionality.
Some experts believe that the Blockchain technology could easily apply to the Internet of Things (IoT)
security and as so it could serve within the real industrial, warfare or general population environment. On
the other hand, we would mention the wireless transmission of information and start wondering how those
technologies could be correlated with the Blockchain. The point is there are so many conveniences with

65
the wireless systems, but they still deal with some limitations. Essentially, the Blockchain has an obvious
weakness which is its access control and a lot of hard work must be put into the service in order to learn
how to manage such a risk. Also, if we talk about the IoT solutions there is the big question regarding
how well secured our endpoints are; for instance, what happens when someone gets their IP addresses
and the other access permissions. Finally, it’s well-known that any encrypted Wi-Fi connection would
deal with some access control details and from that perspective – it would not be that easy for someone
coming from the outside to intercept a signal in or close to the user’s range.
An introduction
The main fact with the wireless web is that it would deal with some encryption, but such a method of
assurance would be an end-to-end cryptography. That sort of protection could offer suitable access
control, but the signal getting transmitted through the surrounding could be easily grabbed from the air
and put through some well-planned cryptanalysis. In practice, there is a wide range of procedures and
methodologies that could be applied in order to surveill the entire network traffic. From the current point
of view, wireless communications may look like secure, but they would in fact be more vulnerable and
less responsive to cybercrime attacks.
The obvious concern with wireless networks is that anyone who wants to connect with their signal would
need to seek some kind of access to that network in order to become part of such an infrastructure. There
would be a plenty of cutting-edge wireless solutions and anyone offering something getting that brand
new would claim that his service was unbreakable. What irony – the entire researchers community would
report frequently about the successful network breaches, but the point is that we are still so far away from
being safe and secure at our spots. So, would there be anything new in case of the Blockchain
technologies? The fact is any offering on the marketplace has its pluses and minuses and maybe the
“encrypted records” technology could provide less stress, but it’s still far from perfect!
The challenges of wireless information transfer
The major challenge with the wireless information transfer is its range. It’s well known that NASA can
communicate with rovers on Mars using radio link. Some space industry projects would receive the
findings day-by-day from some systems being outside of the Solar system. On the other hand, the biggest
preoccupation with our so “on the ground” solutions is that both – Blockchain as well as IoT – have
become so dependent on web communications. In other words, those wireless technologies would
undoubtedly rely on TCP/IP channels and any device or object being the member of such a system would
get its IP address assigned there. The IP address is the number hackers would most love to get, and
once they obtain it, all our nightmares would turn into a reality. In other words, even if Wi-Fi encryption
would work well in protecting anyone getting the access to your internet traffic, the security of your end
client could remain vulnerable.
Could Blockchain channel offer a better link cryptography?
From the perspective of cyber defense, the Blockchain could be applied to the well-developed link
encryption. The entire industry 4.0 could use these solutions as a route to next-generation industrial

66
systems. As is quite well-known, the Darknet systems would relate to the decentralized network topology
and some streams would believe that could be the next phase in our technological development and
progress. To be clear, we would not recommend any such developments, but rather expect that the
human element would triumph over everyone and everything adverse!
The applications of the link encryption
Through this effort, we would discuss how it works dealing with link encryption; in practice that would
mean that we would utilize communications channels where traffic would stay invisible to anyone who
would want to see it from the outside. As the creators of the Tor project would say, it’s more like the coin
with two sides that would remain hidden behind the menu in some exclusive restaurant. There is the
certain probability that the side could be up or down, but no one has the X-ray glasses to see the accurate
result of the prognosis. Maybe those X-ray glasses could be a good starting point to arrive at some much
more far reaching cyber security solution.
Why we need to protect our wireless communications?
Let’s try to imagine that the NASA radio link to the Mars is not encrypted and some bad guys just tuned
into that frequency and as they do the satellite jamming from the Earth – they could do some rovers’
sabotage from some distant location as well. From that point of view, we believe it’s quite clear why we
need such strong wireless communications protection as well as the well-developed procedures and
policies that would offer us a chance to effectively mitigate any potential threat coming either from the
outside or inside. Above all, wireless systems are rapidly developing through this 4 th industrial revolution
and what we so urgently need in the coming times include better security as well as more reliable
communications systems.
The end points
Reliability is the key factor of further progress. If you can offer communications that would be resistant
to many external elements – that means you can trust that technology would not leave you without vitally
significant service just around the next corner. This trustworthiness means you can be confident that
the system would work with a certain degree of accuracy, and offer you a convenient user’s experience.
If we think this way, we can expect progress at any stage of our activities, whether they are personal or
business.

67
About The Author
Milica D. Djekic is an Independent Researcher from Subotica, Republic
of Serbia. She received her engineering background from the Faculty of
Mechanical Engineering, University of Belgrade. She writes for some
domestic and overseas presses and she is also the author of the book
“The Internet of Things: Concept, Applications and Security” being
published in 2017 with the Lambert Academic Publishing. Milica is also a
speaker with the BrightTALK expert’s channel. She is the member of an
ASIS International since 2017 and contributor to the Australian Cyber
Security Magazine since 2018. Milica's research efforts are recognized
with Computer Emergency Response Team for the European Union
(CERT-EU) and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests
are cyber defense, technology and business. Milica is a person with disability.

68
Benefits of Having an SSL Certificate in 2019
Why Need an SSL Certificate for Your Website?
By Haroon Bhutta, CEO, Island SEO Consultant
SSL certificate means small data files that are digitally compiled to a cryptographic key to a business's
details. When these data are installed on the web server, the security gets activated. Once this is done
the website protocol also gets activated and the secure connection from a server to a browser starts.
This includes the hostname, server name, and domain name. To know how important SSL certificate is
you need to understand a few basic things. For example, how important is a seatbelt while driving or how
important are wearing protective eyewear is whole watching an eclipse.
Basically, if you have a blog or website in today's time, you need to have an SSL certificate. The benefits
of an SSL certificate will be explained now for easier understanding. SSL certificate works as a protection
for all your data. Its basic function is to ensure that your server to client communication is secure. While
the installation process is going on, all your information, irrespective of the size, gets encrypted. To
explain this in simplified language, it means all the data and information are locked and protected.

69
This data once locked will only be unlocked by the recipient, that is the browser or server, and is not
accessible to anyone else over the internet. All sensitive data such as credit card numbers, IDs,
passwords, and other information are protected by SSL. Protection is required against scammers and
hackers whose mischievous activities are on the rise. SSL deciphers the data into an indecipherable
format and even hackers cannot work through it.
SSL also certifies your identity, which is another important task. This is to provide authentication to your
website as now, in 2019, identity verification has become mandatory. The most important aspect of web
security is the verification of your identity. The Internet has become very deceptive in today's time and
your security is in your hands. It happened in the year 2009 that a boy had travelled all the way to meet
a girl he befriended on Facebook, only to find that he was duped. He traveled 400 miles and got cheated
on by 2 boys who were supporters of a rival football team. Not all such stories are funny and some are
quite serious where people have even lost thousands of their money on fake claims. This is exactly where
SSL helps.
During the installation of the SSL certificate, a validation process is set up by a third party known as a
Certificate Authority, or CA. They will provide you with a certification to verify you and your business's
identity. If you need help with installing an SSL certificate, Island SEO Consultant can help. Once these
identities are proved, your website will be given trust indicators who validate your integrity. This enables
more traffic to your website and users also develop faith and know where they are dealing. Simply think
of this as verified accounts on Twitter wherein the only different point is that you need to get your identity
verified and not the account.
This verification ensures that no hoaxer or imposter can create a fake blog or website and pretend to be
you. The technical term for this is Phishing or Spoofing. SSL also brings in huge traffic to your website
and saves you from various kinds of frauds. This is important for you and your business's reputation. SSL
certificate helps your website in search engine ranking, which is extremely important. When Google
changed its algorithm in 2014, an upper hand was given to many HTTPS-enabled websites. This was
quite evident when SEO experts conducted many studies on a global level.
Strong associations have been found between high rankings in the search engines and HTTPS. Which
website owner and blogger do not want their page to list on the first page? Nobody wants to miss this
chance and who helps you with this? SSL certificates are what come into play here. It further helps in
satisfying all your PCI/DSS requirements. When you accept any online payment, you must know a couple
of things regarding PCI/DSS requirements. While you receive a payment, your blog or website needs to
be PCI, Payment Card Industry, compliant and installing an SSL certificate is one major prerequisite of
PCI. If you own a software or web application, or work with a software development company, then they
will already know that having an SSL is mandatory.
Irrespective of whether you want an SSL certificate or not, it is imperative. It also helps in improving
customer's trust in your business or website. The process that involves authentication and encryption of
the data helps users understand the security of the websites. When they get to know that they are
venturing into a safe site they may keep visiting your website for their work. However, when they see that
a website is not secure they do not visit the page, usually won’t re-visit. Now you must have understood
how important a verified and validated website is and what kind of results you will get.

70
Google has made SSL compulsory since 2018 to give users maximum benefit and safe browsing
experience of the internet. In addition to this, Google has also decided to blacklist all those websites that
do not have an SSL certificate installed. Any website or blog which fails to comply with this condition will
be flagged by Google. They have also thought of warning the users with a message that will flash on the
screen. The warning message will be 'Not Secure' and this will be on the URL bar itself. In the coming
time, it may also happen that these websites get completely blocked and are unable to load on the
internet.
It is not a good thing for your website when users see the message 'Not Secure' or when it gets flagged,
worst-case scenario, it gets blocked. This is what Google has finally decided to do with all websites that
do not have an SSL certificate and surely you, as a blog or website owner, will not like it. So what are
you thinking about? Now that you know the importance and benefits of an SSL certificate, check the ones
that are reasonably priced and provides great protection for your blog or website.
About the Author
Haroon Bhutta, CEO of Island SEO Consultant. He has been writing technology
and online marketing for over 6 years. He owns his own SEO firm in Midtown NYC
where he specializes in website design and software development.
Haroon Bhutta can be reached online at (haroon@islandseoconsultant.com,
https://www.facebook.com/islandseoconsultant) and at our company website
https://www.islandseoconsultant.com/

71
The Internet Got Safer In 2019: A Cybersecurity Year in Review
By Daniel Kanchev, Chief Enterprise Architect, SiteGround
It’s just a fact: In 2019 the Internet got safer by default. SSL encryption adoption is now at an all-time
peak, with the latest numbers pointing at 56 percent of all websites using the https protocol as default.
Web browsers like Google Chrome sought to protect users by working to ensure that https:// pages can
only load secure https://subresources. Further, the first CMS Security Summit took place, bringing
together content management system professionals, researchers, and hosting providers to discuss how
to make the Internet a safer place for everyone.
It’s clear that the industry has made strides toward a more secure web in 2019, but there’s still plenty of
room for improvement. From physical security keys to HTTP/3, here’s a look back on the progress made
in the cybersecurity space this year. Whether you’re a web developer, a small business looking to secure
your site, or just a regular Internet user, like all of us, these advancements in security will continue to play
a key role in 2020 and beyond.

72
This year, privacy and security were taken more seriously than ever before. End users can control their
preferences to a degree that was not previously possible. GDPR-compliant sites, that do not collect any
personal data or use cookies without consent are a good example of this idea in practice. Even though
there is not yet an official legal U.S. equivalent, some companies decided to extend the practice created
for their EU users to their US visitors as well. In an age where using a public WiFi network can
compromise a user’s login data across a variety of accounts, data privacy is an area web developers and
security professionals will need to continue innovating.
To further the topic of privacy and data protection, physical security keys are becoming a more and more
popular method for authentication. Developers who want to allow their users to use physical security keys
can implement the FIDO2 standard, which allows users to authenticate online services through a variety
of personal devices. Physical security keys are currently largely being used by companies like Google,
Facebook, Twitter and GitHub, but the idea is growing in popularity, so hopefully, it will become a more
wide-spread practice soon. If you want to use physical security keys right now you can check the Google
Titan key and the Yubico YubiKey.
As we move into 2020, more products focused on privacy and security are available for the average
Internet user. DuckDuckGo, a search engine, is a prime example of this by not tailoring search results to
a customer’s Internet history. By ensuring that every customer gets the same, unfiltered results, they not
only protect user data, but also avoid a more skewed representation of information.
Additionally, a relatively new internet protocol, called QUIC, has the potential to rise in popularity among
web hosts, as it considerably increases site-loading speed even when users have poor connectivity. It’s
the base for the next version of the HTTP protocol - HTTP/3. To explain this further, HTTP is the
foundation protocol of the internet. Prior to HTTP/2 and QUIC encryption was not mandatory. All websites
that do not use SSL are still loaded via HTTP 1.0 or 1.1. With time, however, new protocols were
developed to improve the web experience for all users. HTTP/2 solves many problems and makes
websites much faster. The W3Techs statistics portal says that out of the top 10 million sites, 41.7 percent
use HTTP/2. Each new protocol helps make sites faster and safer by default, such as the upgrade from
HTTP/2 to HTTP/3 and the movement of traffic to TLS 1.3. Past encryption protocols were easily
susceptible to attacks, meaning it’s safest for systems to be upgraded to the latest versions when
possible. In 2020, over 90 percent of real-user encrypted traffic will move to TLS 1.3.
The world of cybersecurity can seem overwhelming at times. It’s key to remember that the most important
thing for web developers, small businesses and even regular users, to do is to invest in security
education. Security is not a goal - it is an ongoing process, and the sooner we all realize this and start
paying attention, the more secure your systems will be and the more protected your users will be. It may
sound like a cliché, but it’s still the truth.

73
About the Author
Daniel leads the enterprise hosting team at SiteGround. He is
responsible for developing, shipping and monitoring complex cloud
hosting solutions for WordPress and other open-source systems
and for clients with custom requirements or large-scale websites.
With over 10 years’ experience in the web hosting industry, he has
worked in pretty much every field from system administration,
advanced tech support and monitoring, project management,
server and software architecture. Daniel’s free time is dedicated to
the things he loves most — being on a board (skate, snow, or wake) and being with his family.
Daniel can be reached online on LinkedIn and at our company website https://www.siteground.com/

74
The Perspectives Of The 5th Industrial Revolution
By Milica D. Djekic
New days bring us so many new things. It would appear that we literally get overwhelmed by emerging
and cutting-edge technologies. So many novel solutions deal with the prefix “smart” or “intelligent,” and
it’s a good question whether we should expect the coming developments in technology and engineering
will result in products and services becoming superior to the human mind. The fact is since the beginning
of the first computing devices the calculators of the past got the capacity to resolve so many complicated
mathematical problems much faster than the people’s brain. Even the most skillful scientists can’t solve
equations, formulas and calculations that quickly and accurately. So, from that perspective – it might
seem that machines are already a step ahead of us. But is that realistic? While human beings might
welcome such progress, security issues must be taken into account. So, does such a potential dominance
by machines present a challenge to us or should we simply try to take advantage over the possible
benefits?
It’s quite unlikely to be able to provide a straightforward answer to such a puzzle, but let’s say if we are
not scared seeing the computers, networks and datacenters coping with the fluid dynamics mathematical
models – we can overcome anything frightening about machine learning or artificial intelligence. The
current time would show that we have become so dependent on new technologies, and nearly everything
in our world relies on the internet of everything. It would look like that such a communications channel
would deal with the most effective information transfer and apparently – we would get so smart by relying
on the web for data transmission. The ongoing situation would suggest that the trends of the 4 th industrial
revolution are mainly directed to the IT solutions, but the positive aspect here is how secure we are with
those innovations. In our opinion, the novel developments such as the Internet of Things or intelligent

75
and smart engineering systems are still so vulnerable in the sense of their functioning for a reason they
may sometimes forget that these same advancements are so close to the entire cybercrime and hacker’s
communities.
Where we are today
Right now, we are nearing the point when the robots getting driven with some smart infrastructure could
support us greatly with so much suitability in supporting a better quality of life, more safety, clearer
environment surveillance and much more effective in dealing with health conditions. Indeed, it would
appear that the modern era would deal with the amazing excitement and some members of the human
community would get that privilege to use those improvements in their everyday lives. We would highlight
this sentence with the intent, because there would be a lot of people across the globe that would still
struggle in their everyday routine and desperately need the clean water and some food for their lunch.
We would have in mind so many poor people in Africa, Asia and some parts of Central and South America
who would not get lucky to enjoy the advantages of the ongoing technological revolution and who would
also get the capacity to offer much to the rest of civilization, but unfortunately their voices would not reach
that far.
Just try to imagine so poor people in Africa who would live in the tribes and so often change their location
looking for sources of water and food. Living the nomadic life is so hard and in such a case – you would
never know what the next day can bring to you and your family. Those folks would so sadly miss the
entire human development and progress and they would literally live without any awareness about any
discoveries and findings coming with the scientific research and progress. Only few hours of the flight
could bring those poor souls to the future being only the common life in some developed economy. So
many great persons over the globe would realize that and they would try to share everything they have
with those guys as they do once you come over to, say, Africa. The people would share their experiences
with each other and so many good guys over the world would get interested to support and assist in
bringing progress to all parts of the planet Earth. So amazingly, the United States are the leaders in giving
the progress to everyone and let’s stay like so!
What the lessons from the past can teach us
In terms of the current industrial revolution, we could notice that even through the history we would get
so dependable on the communications lines and for those purposes we would need to protect the both –
communications channels and end users at the once. The lessons from the past must teach us something
and if we keep ignoring the history we would remain so unprepared for the tomorrow. The nowadays we
would struggle so much in the cyberspace especially for a reason we would not understand enough the
technology getting discovered in the 19 th and 20 th centuries. The fact is we should attempt so hard to
target the user’s experience making so many people getting not only the skill with the emerging
technologies, but rather the entire maturity capacities in sense of their role as the end clients. For
instance, maybe your consumer can use the email or social media account, but he should know that
there are the entire reporting systems with the gigantic companies that would develop the overall
troubleshooting and security programs and procedures to their users on.

76
The balance between offense and defense
The modern days would indicate to us that we need the better safety as well as security on the entire
planet and this epoch would teach us that we should get fully ready in that manner for the coming times.
So many security experts would suggest that the security is the good balance between the offense and
defense and that point of view got quite common in the security industry as well as practice. Even the
cyber security would observe the things from such a perspective and for such a reason we should try to
put an extra effort teaching the people how to see the stuffs in a much broader way. The experience
would indicate that the security by itself is like a never ending scaling which pound got heavier and which
side would get stronger. Let’s make things getting perfect and in the balance!
The next times should deal with more security
The recent tendency would show that the security is the ultimate aim of the current days and for such a
reason we expect the next technological revolution dealing in such a sense. Some progressive societies
would believe that the 5 th industrial revolution would bring us a much deeper human – machine touch,
but we believe those expectations are so limited as the large portion of the civilization would still struggle
with the clean water and food as well as the adequate healthcare support. No country in this world got
the lonely island and sooner or later the situation in its region or far from so would get the reality even in
the best protected paradise in the world. So, in our opinion – the security requirements are something
that should get into consideration once we make a decision to build and develop the better future to all.
Steps needed to get taken in the future
It would undoubtedly appear that the new millennium has brought to us the new technological revolution
as well as the plenty of challenges in the area of transnational crime and terrorism. The world is simply
not the same place after the horrifying events on the 11 th September 2001 that so tragically happened in
the United States. Those events would bring the entire new wave in the Law Enforcement and the entire
defense making so deep synergy between the intelligence and policing, so far. Since then the security
landscape would start dealing with the new and more comprehensive investigations that got covered with
much proactive approach and strongly correlated with the IT security demands.
The final comments
So recently, we would read so well-researched article about the intelligence-led investigations and we
would try to compare that effort with the findings about such a topic getting published at the beginning of
this millennium. Our impressions got amazing and we would definitely notice the great progress in
security happening through the last two decades. The tendency would suggest that such a concept would
survive this historical period of time and it would just go deeper and deeper suggesting us that we are on
the good defense track. So, why not producing the synergy between the current security as well as
technological trends and making the world getting more secure with the 5 th industrial revolution!

77
About The Author
Milica D. Djekic is an Independent Researcher from Subotica, Republic
of Serbia. She received her engineering background from the Faculty of
Mechanical Engineering, University of Belgrade. She writes for some
domestic and overseas presses and she is also the author of the book
“The Internet of Things: Concept, Applications and Security” being
published in 2017 with the Lambert Academic Publishing. Milica is also
a speaker with the BrightTALK expert’s channel. She is the member of
an ASIS International since 2017 and contributor to the Australian Cyber
Security Magazine since 2018. Milica's research efforts are recognized
with Computer Emergency Response Team for the European Union
(CERT-EU) and EASA European Centre for Cybersecurity in Aviation
(ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with
disability.

78
The Rise of Cybercrime-As-A-Service
And What It Means for Businesses
By Mark Belgrove, Head of Cyber Consultancy, Exponential-e
In a sea of increasingly complex cyber warfare and nation-state hackers, it can be easy to forget that the
simplest things are still the biggest security threats. These can range from falling for an email phishing
scam to people not programming properly, leading to website vulnerabilities. In fact, because so many
cyber security methods of attack are so mainstream, carrying out these attacks has now become a
business in itself -- a bonafide service in its own right, where all you need to do is press a button and pay
an e-invoice.
Last year, the cybercrime industry was estimated to be worth $1.5 trillion; this year, the nefarious
economy shows no signs of slowing down. Though illegal, the cybercrime economy is clearly proving
reliable amid fiscal and social uncertainty across the globe; its lasting power lies in its self-sufficient and
profitable status. If you go to the right place, you can buy cybercrime-as-a-service, press a button, get an
invoice, then take on your chosen target through a third-party without needing any cyber skills of your
own. The attention to detail is now so curated that criminal organisations often have help desks.
While it might seem shocking how widespread the cybercrime-as-a-service has become, this means it’s
more important than ever to understand and attempt to mitigate it. As easy as online shopping, accessing
cybercrime tools, services, and expertise is an incredibly straightforward business these days if you know
who to look for. Also, due to the very nature of cybercrime, there’s no end to the location of potential
malicious actors, who can launch a cyber attack on a business headquartered in a completely different
country or even continent to the attacker themselves.

79
Consequently, companies of all sizes will find themselves faced with more costly, sophisticated, and
disruptive cyber attacks. Although technology threats remain mostly the same with cybercrime-as-aservice,
from an enterprise perspective, it’s important to remember that more people are able to partake
in cybercrime as a result. Moreover, the malicious hacker delivering the service is likely to have carried
out their attack many times before. As such, the danger posed by cybercrime-as-a-service must be
understood by businesses in order to mitigate its damage.
This is where the importance of data visibility becomes most apparent, which means keeping on top of
shadow IT -- no mean feat. Although a pertinent problem in companies of all sizes, the issue is (somewhat
ironically) exacerbated when a company experiences rapid growth and success -- whether that’s through
a string of fresh hires to keep up with new business or a long-awaited acquisition. In all other aspects,
business might be booming, which is brilliant -- but as growth increases, so does the struggle for IT teams
to keep on top of threats, both on and off the company network.
This can be particularly difficult for mid-market and high-growth businesses, such as startups and scaleups,
where it can be a struggle to keep on top of threats amid a continually increasing headcount. We
need cyber binoculars, if you will, to see ahead, identify threats early, and give the experts the chance to
analyse and take appropriate action. Here, a forward-thinking cyber security operations centre (CSOC),
supported by a hands-on team of analysts, can really help -- which means a CSOC that’s both reactive
and proactive. The CSOC team should undertake specific research into cybercrime-as-a-service as well.
Compliance is the cornerstone to all of this because, as networks and requirements change, disparate
security systems across the IT environment create a significant compliance headache for businesses,
making it almost impossible to accurately assess compliance adherence across a multitude of interfaces.
The result? A fragmented view of compliance that is prone to error.
Now, however, technology and systems exist that are designed to monitor for compliance to multiple
standards -- across different geographies, if needed. The specific nature of this form of monitoring
relieves a heavy burden when adhering to regulations such as European GDPR, as real-time compliance
monitoring can be continually illustrated to anyone from a regulator to a supplier. This is achieved by
collecting, aggregating and correlating system and network information. What makes this so important is
that strong cyber security protection relies entirely on data visibility -- if an organisation can’t keep track
of its data or its stored insecurely, this paves the way for a host of possible cyber security threats, from
simple phishing scams to ransomware attacks.
By taking a proactive approach to security protection, it becomes possible to use threat intelligence to
prevent attacks, rather than just react to imminent threats. Beyond technology, this should take the form
of trusted team of third-party experts who have the time and wider resources to spend on cyber security
protection. In doing so, it becomes possible to limit the chaos of added cost and simplify security to focus
on business strategy and risk. After all, when it comes to security, it’s the actionable information,
integration, and the end-to-end capabilities that equips businesses with the tools they need to take on
cybercrime-as-a-service -- giving them that much-needed edge to survive.

80
About the Author
Mark Belgrove is the Head of Cyber Consultancy of Exponential-e. With
over 25 years’ experience in the information security field, Mark runs the
global cyber security consultancy team at Exponential-e and is the
technical lead.Mark combines a strong background as a Chief Information
Security Officer (Yell Ltd) with almost 10 years of security and risk
consulting delivery into a range of clients including Merrill Lynch, Cable &
Wireless (NTL), Scottish & Southern Electric and Chase Manhattan Bank.
Mark has experience in a wide range of specialist topics including risk
management, business continuity, compliance and cyber security
governance.Mark is a Certified Information Systems Security
Professional (CISSP), Payment Card Industry Professional (PCIP – former QSA) and ISO 27001 Lead
Auditor.Mark can be reached online at LinkedIn and at our company website https://www.exponentiale.com//

81
The Email Security Challenges
By Milica D. Djekic
Let’s try to remember the times of the old, good letters when the postman was knocking at your door or
apparently leaving the message in your mailbox. The old, good habits never die, right? Even today so
many post express and delivery services would exist, but it would seem the people would not so
frequently write the letters using the pen and the piece of paper. Indeed, today so many folks would use
the post services to send the goods and sometimes the postcards, but very few of them would spend the
entire night putting some warm words into skillfully decorated letter. Also, the main drawback of such a
correspondence is that you need to wait for some period of time before that lovely message arrives. On
the other hand, the old, good habits would still exist and so many of us would spend the entire hours
composing the messages to the people belonging to both our personal and business lives. As it’s so wellknown,
the technology would evolve and even several decades back we would start dealing with the
internet and the first forms of the electronic letters. Would such a change in our habits mean the progress
to everyone of us or would we get into the position to put aside all our sentiments and emotions for a
reason the pace of life would become so fast?
The answer to this question is the technological progress would definitely accelerate our everyday routine
and some technologically advanced nations would make the real fortune selling so expensive cuttingedge
systems. Faster we do more money we would make – would that be the point? Basically, if we say
the money that could sound so attractive to many people and especially adoring motives to the bad guys
who would not play by rules. So, if you deal with the good amount of money – you could get so attractive
target to the criminals and even terrorists who would want to take control over your fortune. No one would
want to give anything he made through the hard and honest work that easily, so that’s how we would get

82
the conflict. Practically, it’s not only about the money – it’s more about any value that would mean a lot
to the good people of our world. Apparently, the good guys would cope with the values, while the bad
ones would deal with the interest to get everything at the silver plate applying only the brute force and
intimidating everyone who would try to straggle about their demands.
Dealing with email means being online
So, let’s return to the old, good habits! If we say the email, we would mean by so the nicely composed
electronic message that would arrive to you only several seconds after being sent from someone’s
computer. It would seem that the main advantage of the electronic mails would be they would come to
you so promptly and you would not need to wait for days to get those messages being delivered to you.
The major requirement to enjoy such a convenience is to get some IT device with the web connection. In
other words, if you and your friend are online – you can exchange the electronic letters so freely. In other
words, if there is no adequate equipment and the internet connectivity – you should simply spend the
entire hours preparing the old-fashioned letter and posting it to your companion on the other side of the
globe. That’s quite unsuitable and time consuming; so – many people across the world would choose to
get IT skillful and capable to cope with the challenges of this new time.
The main concern with this emerging technology is that it would get dependable on the electrical energy
as well as so vulnerable to the cyber attacks, sabotages and espionages, so far. Just try to imagine
someone getting so curious to see the content of your letter who would be ready to steal your so personal
message, open it and make a copy and finally, forward the re-packed letter to you. That’s the real
espionage, you would agree? Basically, that’s so possible with the electronic mails for a reason you could
do the email tracking in so similar way on. Also, when your favorite post officer is coming to you to deliver
the contents to you someone could assault him on the street making the real trouble to all. Practically,
that’s how the cyber attack to your email could get seen in the reality. Maybe you would get your e-
message, but there would be some concerns about such a delivery. Above all, if we talk about the
sabotage that could mean that you would never or feasibly with some delay get your letter probably
because someone would cut its route or make a diversion in some post office which could get assumed
as some server or datacenter in the cyber terms.
The email applications vs. email cloud-based systems
In the experience, there would be two basic ways of coping with the email and they are email applications
as well as cloud-based systems. Anyhow, your emails would get exchanged in some online environment,
but if you deal with the email application – you would simply drag your emails into your computer’s
surroundings. In case you cannot do that – you can always check your account on the web and confirm
what is happening there. Such a web environment would get considered as the cloud-based system and
in so many new solutions you can manage your account setting up its security and privacy parameters
there. Basically, all your emails would be into some virtual environment and even if you want to see your
account from your email software or the real web surrounding you should know that you are equally at
the risk in the both cases. The best practice would suggest that you must change your login permissions
periodically for the cyber security reasons.

83
You are never safe enough, anyway!
On the other hand, it’s good to know that there would be a plenty of tools on the black market that would
cope with the capacity to provide the access to your account and offer some tracking abilities even if you
are using the standards email encryption. It’s quite simple to confirm if any email account exists and once
you obtain so you can ask your hacking tool to share such a password with you. This would appear as
the piece of cake, right? Mainly, the point is you would never get safe enough in the cyberspace and as
we are getting the new and new generations of the products and services – we should always get in mind
how to manage the risk being correlated with their usages.
The need for a better access control
The experience would show that the hackers would so easily track anyone’s email account relying on the
professional tools. On the other hand, some of them would go that far away to make a breach to the
email account and cause some changes there. That’s the huge disadvantage which could produce the
significant unrest within the both – private and public sector. So, that’s why so many IT security experts
would appeal to the decision makers to take into account somehow better access control to the email
environment. Some steps in such a sense would get made, but there is the need to more effort that
should get invested into safe and convenient user’s experience.
Your account seeks the smart privileges management
It would be wonderful if we could mitigate the risk fully and totally, but unluckily – that’s not possible. The
history would suggest that the risks, threats and challenges would always be present, so what we can do
at this stage is only the smart privileges management. The future is not much more promising about the
world where we live and work, so someone dealing with so high expectations that tomorrow would be
easier than today could sound as quite overhopeful. The people would choose to dream about the better
days and so many of them could return to the past believing that life then got more beautiful than
nowadays. Probably because of the lack of inspiration and sometimes creativity – we would believe that
the models from the past could be the perfect solutions for the tomorrow. In total, technological boom
would defiantly teach us that our planet is not the same place any longer and maybe some ideas from
the past would get recognized today, but the conditions have changed so dramatically and if we do not
think in a bit more progressive manner – we would make the trap to ourselves only!
The concluding notes
We would start this effort with the story about the old, good habits and conclude it in so serious fashion.
The fact is the cyberspace is our past, present and it would look like from this perspective – probably the
future. Some mindful people would believe that we should so deeply understand our past if we want to
create the future being the good to everyone. Maybe this claim would cope with some sadness in the air
and possibly some pragmatics would suggest that we are getting a bit pathetic thinking like so, but the

84
fact is something that would seem as a dream today could turn into the wonderful reality tomorrow only
if we choose to get bold enough to believe into the better things!
About The Author
Milica D. Djekic is an Independent Researcher from Subotica, Republic
of Serbia. She received her engineering background from the Faculty
of Mechanical Engineering, University of Belgrade. She writes for some
domestic and overseas presses and she is also the author of the book
“The Internet of Things: Concept, Applications and Security” being
published in 2017 with the Lambert Academic Publishing. Milica is also
a speaker with the BrightTALK expert’s channel. She is the member of
an ASIS International since 2017 and contributor to the Australian
Cyber Security Magazine since 2018. Milica's research efforts are
recognized with Computer Emergency Response Team for the
European Union (CERT-EU) and EASA European Centre for
Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business.
Milica is a person with disability.

85
The Only Recession in Cybersecurity
Sleep deprived, overworked and fatigued security professionals impose huge risks to an organization
By Karl Sharman, Vice-President, BeecherMadden
Tired, overworked and fatigued employees pose huge risks to organizations. It’s obvious to think, that
when you’re tired you make fewer effective decisions. Decision fatigue is that effect especially in
cybersecurity that can lead to avoiding decisions or a person lacking self-control which can lead to
dangerous outcomes for organizations looking to protect from external threats. Is this the new inside
threat?
When I say new, that is not correct. In 2016, NIST did a study on this called ‘Security Fatigue’. This was
mainly targeted at employees who were fatigued and having to remain vigilant with security decisions.
However, there is a section in the study that looks at computer users feeling bombarded and
overwhelmed through security, so much so that they experience decision fatigue. When you consider
this outcome, this is no different to what security professionals will experience within a security team on
a daily basis.

86
Furthermore, Tessian in 2019 delivered extensive insight into decision fatigue within cybersecurity. They
stated 92% of employees feel tired at work while 76% of those admit they make more mistakes when
tired. Additionally, 91% of employees feel stressed, while 71% of those admit they make more mistakes
when stressed. Alarming findings in a complex and evolving landscape.
The ever-present threats are taking their toll on budgets, staffing and ultimately health. Career burnout is
a real and more common threat within cyber professionals, with the signs there it’s for us all to see. In
our last study, 86% of people are looking or open to moving jobs for a better opportunity or a better
working balance.
Currently organizations are increasing responsibility and pressure without increasing pay, they are
creating rigid and toxic environments and not accommodating for those who are stressed or having
negative feeling towards their role. As a headhunter, these organizations make it easier to attract
candidates to other opportunities.
How do you identify it to avoid a culture and staffing crisis in one of your more important functions?
- Poor performance or productivity
- Inability to keep to commitments
- Cynicism or pessimism
- Detachment
- Lack of motivation
- Self-medication – such as drinking
- Dis-interest or distraction
Not detecting these signs early can hit organizations at the bottom line. However, there are simple,
effective methods in order to prevent these:
- Ensure employees are well fed
- Ensure employees are getting enough sleep
- Limit and simplify choices
- Have a process for making decisions and how to communicate these
- Create a culture where speaking out is OK
- Provide clear expectations to all employees and define what ‘good’ looks like
- Build the right working environment (breaks, working hours, flexibility, temperatures, lighting etc)
If it’s a challenge, it can be changed. Basic changes can decrease risk to your organisation and primarily
your security team. Pressure, stress and fatigue are leading to worse sleep affecting key employees
within decision making. According to a variety of reports, the shortage for cybersecurity professionals
with be 3.5 million within the next 2 years, without considering the repercussions of this issue that could
easily double with people threatening and currently leaving the industry. It is important to remember, the
only recession within cybersecurity is sleep.

87
About the Author
Karl Sharman is a Cyber Security specialist recruiter & talent advisor
leading the US operations for BeecherMadden. After graduating from
University, he was a lead recruiter of talent for football clubs including
Crystal Palace, AFC Wimbledon & Southampton FC. In his time, he
produced and supported over £1 million worth of talent for football
clubs before moving into Cyber Security in 2017. In the cyber security
industry, Karl has become a contributor, writer and a podcast host
alongside his full-time recruitment focus. Karl can be reached online
at karl.sharman@beechermadden.com, on LinkedIn and at our
company website http://www.beechermadden.com

88
Automatic for The SOC People
How Automation Can Quell Those Pesky False Positives
By Steve Salinas, Director of Product Marketing, Siemplify
As a newly hired cybersecurity analyst, you’re excited to start vanquishing threats and thwarting bad guys
in their tracks. You’re armed with the latest shiny security tools and raring to go – those hackers don’t
stand a chance.
Unfortunately, nobody told you that at least half the alerts (or more) you will address will be false alarms.
Commonly termed “false positives,” they will bog you down for 30 minutes (if you’re fast), shamelessly
wasting your time and skills. Recent numbers from a Ponemon Institute study are downright depressing
for today’s analysts: Organizations typically get about 17,000 alerts per week, with 80 percent being false
positives. A similar Ponemon report cited forty-nine percent of businesses report false positives as a top
challenge.

89
Faced with an overwhelming volume of alerts and the draining reality of false alarms at the SOC (Security
Operations Center), you begin to wear down. Just like the jaded townspeople in the story of the boy who
cried wolf, you become apathetic and start turning a blind eye. Similar to 31.9 percent of your security
colleagues, you begin to ignore alerts due to the high number of false positives.
And that’s how we get here: Of the typical 17,000 alerts received per week, only 4 percent ever get
investigated. Ouch. Cyber wolves everywhere lick their virtual chops at these numbers as the odds of
slipping real threats past overwhelmed, alert-fatigued defenses become quite favorable.
Misconfigured detection tools are to blame for triggering many of the false positives, and with the growing
security stack and increasing complexity of current defense technology, this trend doesn’t appear to be
slowing. Expanding cloud and Internet of Things (IoT) adoption is only expanding the attack surface and
encouraging organizations to invest in more security tools.
Where does all this leave worn-out analysts and overloaded security operations centers? In desperate
need of an ally. Thankfully machine-learning enabled automation is emerging as a method to streamline
alert handling.
Provides Context
Context is a critical factor in identifying and confirming the validity of threats. Data drives these contextual
relationships, and automation excels collecting, organizing and correlating data in real time. It leverages
the data necessary to identify contextually related alerts, cross-references case details from multiple
systems, spots trends, prioritizes cases and drives faster response.
Manual workflows can’t process or analyze data fast enough to keep pace with evolving threat
landscapes or deliver at scale. Besides, humans are notoriously awful at following a consistent standard.
Programmed cognitive automation removes the “people risk” by adhering to a regular, repeatable
standard when managing and analyzing data.
Shrinks Volume
Automation shrinks the pool of alerts by swiftly weeding the potentially malicious from the benign.
Machine learning quickly recognize the familiar “seen-before” alerts as false positives and removes them
from the queue. The smaller number of “not-seen-before” alerts can then be passed on for further
investigation.
This validation works a massive glut of alerts down to a manageable number for human examination.
With the assistance of the right automation tools, cases can be reduced up to 80 percent. Automated
triage saves time, and lets humans utilize superior cognition for higher-level tasks, rather than burn out
on the mind-numbing process of examining each alert.

90
Allows Transparency and Drive Learning
Automation also precisely records workflows, which permits a deeper investigation of false positives.
Why did each one occur? How can a recurrence be prevented? If controls are too sensitive, what should
the readjustment be?
From this insight, databases of knowledge can be compiled to feed artificial intelligence systems, build
out playbooks and teach future analysts, foregoing the need to retain so-called tribal knowledge and
manual processes to triage, investigate and respond to incidents. In fact, automation’s most profound
contribution may be its ability to allow examination of today’s misfires to create the information necessary
to prevent tomorrow’s.
Don’t Overlook the Benefits of False Positives
The benefits of false positives? Sounds funny, right? We just finished discussing all the adverse effects
false positives can have on an organization, and, yet, eliminating them may not be the best course of
action. False positives do provide a valuable service as they can be a useful guideline for monitoring
sensitivity control.
An optimal defense threshold is high enough to detect real threats yet low enough not to trigger too many
false positives. If your organization is recording zero false positives, you’re most likely missing something.
The best strategy is having a few false positives, with automation in place, to help create a stronger
screening process moving forward.
Navigating the evolving threat landscape, while striking the perfect defense threshold balance, can be
exceptionally challenging for today’s SOC (security operations center). Security automation leverages
data in real time, and with the capability it provides to learn from mistakes, false positives will no longer
be a debilitating hindrance but rather another tool for the defense.
About the Author
Steve Salinas is a 20-year veteran of the IT and cybersecurity industries. He
is currently director of product marketing at Siemplify, a leading independent
SOAR provider. For more information, visit: https://www.siemplify.co or
follow @Siemplify on Twitter.

91
Multifactor Authentication & The Sobering Reality for
Organizations Without It
By François Amigorena, CEO and founder, IS Decisions
Organizations without multi-factor authentication (MFA) are open to attack when their employees
share passwords or fall for phishing scams.
Compromised credentials are considered to be one of the biggest threat to companies today. Why? Well
it’s quite simple to explain. The attacker is using valid (stolen but valid) credentials so why would your
security tools flag anything unusual? For them, the person accessing your network is who they say they
are.
This is a well-known threat among organizations and still many of them are not doing what needs to be
done regarding password security. A few years ago, we surveyed 500 IT Security Managers in the US
and UK and the results showed that only 38% of organizations use MFA to better secure corporate
credentials. Sadly, some recent research show that things haven’t really changed.
4 MFA myths that explain the reluctance in adopting MFA

92
Only large enterprises can benefit from MFA
Not true. This is a false idea. A company doesn’t need to be a certain size to use MFA and benefit from
it. Actually, using MFA should be part of any business’ security strategy, regardless of size. Whether it’s
an SMB or a large enterprise, the data to protect is as sensitive and the disruption as serious.
Furthermore, MFA doesn’t have to be complex, costly or frustrating!
MFA is only useful to protect privileged users
Still not true. Many organizations think they don’t need MFA because they don’t have any privileged
users. They find MFA too much for users who don’t have access to valuable data. Well, guess what?
Those “non-privileged” users have access to a lot of information which, if used inappropriately, can be
harmful to the company. To illustrate this, we’ll take an example. Imagine a nurse decides to sell a
celebrity patient’s data to a journalist. I don’t think I need to explain how this shows the value of data and
the possible harm if inappropriately used.
Furthermore, most hackers don’t start with a privileged account, they usually take advantage of any
account that falls for phishing scams and then, they laterally move within the network until they find
valuable data to exfiltrate.
MFA can be bypassed
This is true. A perfect security solution doesn’t exist yet. However, MFA is pretty close. As some of you
might have heard, a warning was issued last month by the FBI on events where hackers were able to
bypass MFA. There were two main authenticator vulnerabilities which were ‘Channel Jacking’, involving
taking over the communication channel that is used for the authenticator ⁠and ‘Real-Time Phishing’, ⁠using
a machine-in-the-middle that intercepts and replays authentication messages. According to experts, such
attack types require considerable costs and effort. Most cybercriminals who encounter MFA prefer
moving on to an easier victim than trying to bypass this measure. Simple precautions can also be taken
to avoid certain vulnerabilities such as choosing MFA authenticators that do not rely upon SMS
authentication. (The National Institute of Standards and Technology (NIST) discourages SMS and voice
in its latest Digital Identity Guidelines).
Despite the recent attacks, the FBI still affirms that MFA is effective and that it’s one of the easiest steps
an organization can take to improve security.
MFA impedes users
This is not entirely true, or at least it doesn’t have to be. Every time you want to implement a new
technology, there is this same challenge: how can I implement it in a way that least disturbs my
employees. If it disrupts employee’s productivity, adoption will be slowed down or stopped. Therefore
flexibility is needed when using an MFA solution. Users don’t need to be prompted for MFA each time
they log in. This is why the circumstances must be customized according to each company’s needs.

93
Being a victim of compromised credentials could happen to anyone – privileged or non-privileged
user. Using MFA should be part of any business’ security strategy, regardless of size and can be
one of the easiest ways to keep accounts secured.
About the Author
Twitter: https://twitter.com/IS_Decisions
François Amigorena is the founder and CEO of IS Decisions, and an expert
commentator on cybersecurity issues. IS Decisions being a provider of
infrastructure and security management software solutions for Microsoft
Windows and Active Directory. The company offers solutions for user-access
control, file auditing, server and desktop reporting, and remote installations. Its
customers include the FBI, the US Air Force, the United Nations and Barclays
— each of which rely on IS Decisions to prevent security breaches; ensure
compliance with major regulations; such as SOX and FISMA; quickly respond
to IT emergencies; and save time and money for the IT department.
Linkedin: https://www.linkedin.com/company/is-decisions/
Facebook: https://www.facebook.com/ISDecisions/

94
The Growing Costs of Cyber Attacks on UK Small Businesses
By Dan Baker, Content Writer, SecureTeam
The amount of cyber attacks in the UK and across the world continues to grow each year and small
businesses are increasingly the targets of these attacks. In fact, UK small businesses are being
targeted by an estimated 65,000 cyber attacks every day. Fortunately, the majority of these attacks fail.
However, due to the volume of attacks, several cybercriminals achieve their aims and a small business
in the UK is successfully hacked every 19 seconds.
The Growing Threat of Cybercrime
Many small business owners don’t realise or believe that they are at risk of cybercrime and mistakenly
believe that hackers only target big companies. Unfortunately, the tools available to cybercriminals
have expanded and now even unsophisticated hackers have access to complex tools that have been
created by more advanced cybercriminals, allowing them to target smaller businesses with these
powerful hacking tools.
With 43% of cyber attacks in the UK targeting small businesses, it has never been more vital for small
business owners to prepare for the inevitable breach. Nearly 2/3rds of UK businesses that employ

95
between 10 and 49 people, estimated at around 130,000 companies nationwide, were the victim of
some form of cybercrime in 2018.
Where You Are Most Vulnerable
The most common form of cyber attacks are phishing attacks through fraudulent emails or by being
directed to fraudulent websites. 49% of cyber attacks that target small businesses are fraudulent emails
and 72% of businesses have been affected by fraudulent emails.
The main defence against this form of cyber attack is strong staff training in regards to cyber security.
Phishing attacks are so successful because only 25% of small businesses give their staff formal cyber
security training, leaving the rest vulnerable to social engineering attacks.
Small businesses that are based in the North West, the South East and the West Midlands are more
likely to suffer from cyber attacks than the rest of the country. 25%, 23% and 21% of small businesses
based in these areas reported cyber attacks respectively. However, by understanding the risk of
cybercrime and the common nature of cyber attacks you will be in a much stronger position to protect
your business.
Covering the Risk of Cyber Attacks
Many small business owners mistakenly believe that they are not at risk of cyber attacks and therefore
make little to no effort to prepare for one. Only 39% of small businesses in the UK have formal policies
covering cyber attacks and only 14% have formal incident management processes in the event of an
attack. By not having a clear strategy in place to manage the impact of a cyber attack, small businesses
significantly hamper their ability to detect and prevent any breaches.
One out of three small businesses has admitted to not installing any security software over the past two
years. 40% of small businesses also do not regularly update their cyber security software or back up
their data and IT systems.
In addition, 66% of businesses that are the victim of cyber attacks fail to make any changes in their
policies or systems that would prevent further breaches. In fact, over half (56%) of small businesses
that have suffered a cyber security breach proceed to be the victims of further attacks.
The Rising Cost of Cyber Attacks
The average cost of cyber attacks on UK small businesses continues to rise each year. In fact, the total
cost of cyber attacks has more than doubled since 2017 with the average attack now costing
businesses £6,160.
The direct costs to small businesses include ransoms paid or hardware that has to be replaced,
however, this is just the beginning. Cyber attacks can cause further damage through loss of business
thanks to down periods for recovery time or loss of trust from the damage done to your reputation.

96
After suffering a cyber attack many small businesses lose many of their customers and face difficulty
attracting future customers and some fail to recover from the impact of cybercrime.
A Relentless Threat
Cybercriminals pose a relentless threat to small businesses, a threat that is often not taken seriously.
However, it is only by understanding the threat that is posed by cyber attacks that you can adequately
protect yourself from them. The chances of a business falling victim to a successful cyber attack
continue to increase dramatically and business owners should make efforts to strengthen their system
security.
If you are concerned that your business might be at risk of a cyber attack or think that it may have
already been targeted by one then contact a cyber security specialist for advice on how to safeguard
your business from cybercrime or how to best manage an incident.
About the Author
Dan Baker is a Content Writer that works with SecureTeam, a cyber
security consultant that provides a range of cyber security solutions to
small and medium businesses across the UK. Dan can be reached online
at dan@addpeoplepr.co.uk or at our company website
https://secureteam.co.uk/

97
Why Insider Data Breaches Will Continue in 2020
By Randy Reiter CEO of Don’t Be Breached
Insider Data Breaches That Occurred in 2019
More than two thirds of corporations are not prepared to combat Insider Data Breaches as reported on
Business Wire November 6, 2019 (per the 2020 Insider Threat Report, produced by Gurucul). Employee
insider threat is a major concern for all organizations. Employees often can access a company's most
sensitive database data since they (unlike external hackers) are inside the security perimeter and may
have privileged status to access confidential data in DB2, Informix, MySQL, Oracle, SQL Server and
Sybase databases.
Firewalls, intrusion detection systems and in place security measures that keep external hackers out
often do not detect malicious insiders. Remember the Bradley Manning and Edward Snowden data
breaches. They bypassed some of the most secure computer systems in the world by being an
insider.

98
Some of the most damaging Insider Data Breaches that occurred in 2019 include:
• Capital One data breach that compromised the personnel data of 100 million customers. Capital
One encrypts data as a standard, however since the breach was done by a rogue insider, the
insider was able to steal decrypted confidential database data.
• Trend Micro had a rogue employee that sold the confidential data of 68,000 customers to a third
party.
• Two Twitter employees leaked proprietary and confidential user data for over 6,000 Twitter users.
• AT&T employees were bribed by a foreign national to plant malware and unlock 2 million phones
How to Protect Confidential Database Data from Insider Threats and Hackers?
Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing,
law enforcement, defense, homeland security and public utility data. This data is almost always stored in
Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server
and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly
installed database utilities to steal confidential database data.
Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from
a network tap or proxy server with no impact on the database server. This SQL activity is very predictable.
Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or
SQL commands that run millions of times a day.
Advanced SQL Behavorial Analysis of Database Query and SQL Activity
Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database
activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively
monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL
activity from Hackers or Rogue Insiders can be detected in a few mili seconds. The Hacker or Rogue
Insider database session can be immediately terminated and the Security Team notified so that
confidential database data is not stolen.
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum
amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to
10,000 unique SQL queries sent to a database. This type of data protection can detect never before
observed query activity, queries sent from a never observed IP address and queries sending more data
to an IP address than the query has ever sent before. This allows real-time detection of Hackers and
Rogue Insiders attempting to steal confidential web site database data. Once detected the security team
can be notified within a few milli-seconds so that a data breach is prevented.

99
About the Author
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company.
He is the architect of the Database Cyber Security Guard product, a
database data breach prevention product for Informix, MariaDB, Microsoft
SQL Server, MySQL, Oracle and Sybase databases. He has a Master’s
Degree in Computer Science and has worked extensively over the past 25
years with real-time network sniffing and database security. Randy can be
reached online at rreiter@DontBeBreached.com,
www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks.

100
Out-Smarting the Cybersecurity Skills Shortage
By Ofer Or, vp of Product, Tufin
Organizations across the globe are struggling to recruit the talent they need for their open security roles.
Unfortunately, the problem is expected to worsen. In fact, Harvard Business Review first identified the
problem in 2017, stating that the issue had actually been top of mind in some organizations since 2015.
Fast forward four years later and current research shows that more than half of global companies are at
risk of cybersecurity attacks as a result of the shortage.
Following are several ideas on how to combat this problem, ranging from internal changes, to technologybased
tactics that organizations can begin implementing today.
Manage Network Complexity
An organization’s cybersecurity needs are directly related to the size of its network. In other words, the
more complex and fragmented the network, the more work that must be done to protect it. As
complexity increases, visibility and control remain critical but become even more difficult to attain.
One approach to combatting the cybersecurity skills gap is to examine areas where your own organization
could reduce the workload while maintaining or increasing efficiency and thus requiring fewer man-hours
to complete. While reducing the number of vendors and platforms is typically not an option in large
organizations, a few considerations that could streamline the management of your complex hybrid IT
environment include:

101
• Centralizing Network Security Policy Management: Managing security configurations across
vendors and platforms, on-prem and hybrid cloud, from a single console will reduce the effort of
managing multiple platforms and ensure consistency across the distributed network.
• Providing Network Visibility: Understanding the connectivity of your network allows you to identify
the specific elements to be modified, meaning change requests can be fulfilled easier and with
better accuracy.
• Documenting Network Changes: When it comes time to proving compliance, if all network change
requests are documented, searchable and readily available, your audit tasks will be fulfilled, and
your staff’s time will be freed up for other critical functions.
• Policy Cleanup Automation: As time goes by, firewall policies tend to grow in size and complexity.
New access is added, but rules and objects are never removed. Cleaning up redundant rules can
create a more readable, easier-to-manage policy, but firewall teams seldom have the time for a
cleanup project. By automating the decommissioning of redundant rules and objects this can be
achieved quickly and with a fraction of the effort.
Automate Network Changes
Far too many organizations manually process routine and low-risk connectivity requests. These manual
processes not only require a significant amount of time, but they’re also prone to errors and
misconfigurations which can lead to serious downtime, a failed audit, or worse yet, a breach.
Automating network changes through a well-documented process increases an organization’s
operational efficiency, without the need for additional staff. It also eliminates resource-intensive mistakes
and re-dos. Ultimately, this means gaining better control over access changes and reducing overall risk,
using the staff that you already have in place.
Empower Novice Engineers
In many cases the skill shortage means that the team has diverse knowledge levels leading to an uneven
distribution of the workload. Experienced engineers who are very familiar with the network and/or the
security standards will be assigned with most routine changes and tasks and will not have time to work
on any strategic projects. The only way to distribute the load more evenly is to integrate the expertise into
an automated process to empower the novice staff with the daily changes.
For example, a large utility company in the US leveraged security policy automation to empower their
entry-level engineers and free their experienced staff to focus on strategic projects. By leveraging
automated risk analysis against a unified security policy (USP) they were able to ensure that access
requests did not violate their network segmentation policy and did not introduce new risks. By leveraging
policy-driven automation, the company ensured valid implementation of changes even by those
engineers who hadn’t memorized every routing table. The automated process itself also helps ensure
consistent implementation and documentation of all changes across the team.

102
Empower Other Teams
Network and security teams are often assigned tasks that originate from other teams in IT. In some cases,
these tasks can be offloaded into the broader IT group, especially with the right tools in place. Gartner
fellow and research vice president Tom Scholtz states, “Many routine security functions can be
performed as well by other IT or business functions.” Tom recommends that organizations identify
functions or capabilities (such as user awareness communication) that can be handled elsewhere in the
business or IT department.
One example is provisioning network access for new servers or decommissioning access for outdated
servers. The server team can be tasked with these changes as long as they have appropriate guidelines
and guardrails to ensure they do not introduce new risks. An automated process for cloning the access
policy from one server to another (or to a group of servers) can repeatedly save valuable time for the
network team. Another automated process for decommissioning server access can complement the task
and tighten network security.
In addition, with automation, these tasks can be automatically integrated into the work of other teams and
be completed without needing additional assets from the scarce cybersecurity resources. In this way,
teams can decommission servers in the firewalls as part of the actual server decommissioning process
that is happening elsewhere in IT, or clone its firewall rules as part of setting it up. This is also the case
with risk analysis. In the manual days, every change request had to be manually checked for risks using
resources that are in short supply. With change automation, risk analysis can happen as part of the
automated change process, and only in cases where there is an actual risk, it will be forwarded to the
risk officers for further analysis.
Another example is managing application connectivity. Network teams have to enable connectivity for
application teams in order to support the business. The language barrier between application owners and
network engineers doesn’t make the task any easier. Application-driven automation for establishing and
troubleshooting connectivity empowers the application teams to initiate requests and analyze
disconnects, ensures security policy controls are baked into the process, and leads to tight cooperation
between the teams.
With analyst firm ESG’s annual global IT survey finding that the cybersecurity skills shortage has been
increasing steadily – with 53 percent of organizations bemoaning a lack of necessary talent – it’s difficult
to overstate the need to approach this problem in an inventive way.
Organizations need to look for fresh ways to manage complexity and improve operational efficiency,
which in turn will improve security. Security policy management and automation can enable organizations
to better meet the demands of the modern era without being derailed by the cybersecurity skills shortage.

103
About the Author
Ofer Or has been with Tufin for six years and currently serves as the vice
president of product. Prior to working with Tufin, Ofer held several titles
at Check Point Software Technologies and Microsoft. Ofer received his
Bachelor’s in Political Sciencve and Sociology, and his Master’s in Law
from Bar-Ilan University. You can connect with Ofer on LinkedIn:
https://www.linkedin.com/in/ofer-or-662503/

104
New Security Report Highlights Trends in Mid-Market Business
Malware
By Emil Hozan, Security Analyst, WatchGuard Technologies
As the security landscape continues to grow and shift, WatchGuard’s Threat Lab research team
continues to offer insights into the latest malware and network attacks with its quarterly Internet Security
Report (ISR). This edition of the report covers the top cyber threats affecting midmarket businesses in
the second quarter of 2019 and is based on anonymized network telemetry data from tens of thousands
of WatchGuard appliances deployed around the world. It includes both bulk data from Q2 2019 – for
example showing there was a slight decrease in malware variants (to approximately 22.6 million total)
and a more than doubling of network attacks (to approximately 2.2 million total) – and a variety of other
critical security insights and trends for the midmarket.
From new types of malware, to a spike in SQL injection attacks, to malware campaigns hiding malicious
content on legitimate Content Delivery Networks like CloudFront and SharePoint, let’s dig into some of
the key insights and trends from the latest report.
Quarterly Malware Decreases, Year Over Year Increases, and New Malware Variants Emerge
Overall, malware detections decreased by 5% in Q2 from Q1, but were still up 64% over the previous
year. In addition, zero day malware attacks – unique malware attacks where a signature does not already
exist – accounted for 38% of all malware detections, which was within a few percentage points of the

105
previous two quarters. There was also increasing overlap between the most-widespread malware
detections affecting individual networks and the most prolific malware by volume, with three threats found
in both lists. Finally, multiple popular backdoor shell scripts (including both the Backdoor.Small.DT and
Trojan.GenericKD tools from the Kali Linux penetration testing/ethical hacking suite) appeared for the
first time in the list of top malware attacks, possibly showing that hackers are leveraging Kali Linux more
often.
Network Attacks Explode
Network attacks more than doubled from Q1 to Q2 2019. This was the largest percent increase we’ve
seen since 2017. Two attacks debuted on the top 10 list: EXPLOIT Nodejs js-yaml load() and WEB
Directory Traversal -4. The former accounted for 2.9% of all network attacks by volume and exploits a
vulnerability in the YAML markup language package JS-YAML for Node.js. Specifically, it exploits how
the library parses a custom data type, which results in remote code execution. The latter network attack,
WEB Directory Traversal -4, allows web users to escape a web server’s root directory and potentially
gain access to any file on the computer system. The most common target is the “/etc/passwd” file, which
is the file storing user login credentials. Granted the passwords are normally hashed, but attackers can
still attempt to crack the hashes and obtain legitimate user login credentials. A final startling discovery
was the 1,288.39% increase in WEB SQL injection attempt -33 attacks from Q1. A yearly comparison to
Q2 2018 shows that same attack at an enormous 29,149.23% increase!
DNS-Level Attacks Leverage Legitimate Content Delivery Networks
The Threat Lab’s research found multiple malware campaigns using popular content delivery networks
(CDNs) like CloudFront and CloudFlare to prevent detection by anti-malware services that only look at
the root domain of a questionable URL. These fell into three categories: malware domains, which are
web sites outright hosting malware; compromised domains, which are web sites that threat actors
exploited to host their own malicious JavaScript code; and phishing domains, where threat actors direct
users to spoofed login screens to harvest their credentials. Our research found malware domains at
dc44qjwal3p07[.]cloudfront[.]net and d3i1asoswufp5k[.]cloudfront[.]net. Phishing domains were identified
at ec2-18-224-214-207[.]us-east-2[.] compute[.]amazonaws[.]com and usd383orgmy[.]sharepoint[.]com.
Security Incidents Making Headlines in Q2 2019
On May 7, 2019 the Baltimore Department of Public Works suffered a major ransomware attack. Adding
to the agony, five days into the city’s downtime the alleged threat actor started openly mocking the city
on Twitter! Researchers identified the malware as RobbinHood and the perpetrator set the ransom at
around $75,000. In the end, the City of Baltimore needed to rebuild many critical systems, which had a
major impact on worker productivity. Total estimated damages reached $17 million. This is a prime
example of the importance of deploying and testing backup solutions!

106
The Threat Lab team also analyzed an MSP attack that targeted a specific piece of IT management
software. In this attack, the perpetrator leveraged weak, stolen or leaked credentials to gain
administrative access to the MSP’s copy of this management tool. From there, the attackers targeted
exposed remote management services. Once in, they exploited the MSPs’ own tools to infect their
customer base. Based on this and other MSP attacks from Q2 and Q1 2019, it is clear attackers are
specifically targeting MSPs to reach their customer bases. This attack could have been prevented with
better password security (since the attacker leveraged a legitimate admin password), user training or use
of multi-factor authentication.
What Are Some Key Lessons From Q2’19?
In summary, no target is too small. It’s no longer a matter of “if,” but “when” a target will get hacked.
Remember, many attacks can be thwarted simply by deploying authentication and MFA solutions
(specifically, MSPs should be hardening their management tools with MFA). Furthermore, due to the
increased sophistication of ransomware attacks, backup solutions should be mandatory. And don’t simply
create backups – test and verify them. As an extra precaution, use URL and domain filtering services to
help defang malicious links. Above all, implement effective user training to help employees recognize
and respond to phishing and ransomware attacks. The stakes are higher than ever before, and user
training should be at the forefront of any organization’s standard operating procedure.
About the Author
Emil Hozan is a Security Analyst at WatchGuard Technologies, focused on
network security. Emil’s responsibilities include quantifying threat data for
WatchGuard’s quarterly Internet Security Report, contributing to
WatchGuard’s security blog Secplicity, analyzing trends in network and
malware attacks, sandboxing and testing new products and exploits, and
reverse engineering malware samples
Emil can be reached online at https://www.secplicity.org/author/ehozan/ and
at our company website https://www.watchguard.com/.

107
It’s Time for A Tough Conversation About Trust
By Gary Golomb, co-founder and chief scientist, Awake Security
The lay reader may think computer and network security is mostly about controlling for malware, rogue
code, exploits, ransomware, nation state attacks, and the like. In reality, computer and network security
are mostly about controlling for trust – whether between software processes, or people in business
processes.
Because adversaries are successful when you trust them, they often masquerade as – and even use –
the services you trust most. This means you can no longer blindly trust many of the things you used to.
For example, employees using personal devices for email, or storing sensitive data on cloud applications
like Google Docs that everyone has access to, may have once seemed like convenient ways to get things
done. But these negligent actions are serious threats that can negatively impact business. These types
of workers may not mean to put organizations at risk, but their lack of awareness or poor security
judgement can still cause major harm.
Negligence aside, the reality is collusive and malicious threats are almost always waiting to strike within
the enterprise. Attackers have evolved to primarily use existing tools and processes, in addition to stolen
credentials, to compromise networks. In most cases, the majority of the usage appears business justified,
allowing an attacker to “hide in plain sight” and “live off the land” without detection. These evolutions have
been very difficult for traditional security technologies to identify and remediate.
The platforms these types of attackers use to deliver exploits, control their victims, and exfiltrate sensitive
data are the very same platforms you probably use every day for business purposes: Gmail, Google

108
Drive, AWS, Office 365, etc. It used to be the case that you could generally trust a link
like “docs.google.com” and generally distrust a link like “byg7fewiuv347vscdahgf7vt832.com,” but this is
no longer the case, as attackers are increasingly using Google Docs and Office 365 to launch attacks.
A great example of this is the 2016 election hacking wherein much of the compromise originated by
stealing passwords via a fake Gmail page. This type of attack, referred to as cache poisoning or DNS
(Domain Name System) hijacking, exploits vulnerabilities in the DNS to reroute traffic from legitimate
servers, among other things. Research indicates there has been a strong emergence of similar DNS
attacks in recent years, from rerouting and intercepting email, to stealing cryptocurrencies, and so on.
Now imagine what an intern or volunteer with a legitimate inside account could do, such as setting up a
fake website to reroute unsuspecting traffic. That would likely be far more difficult to discover or
investigate than the Clinton incident was, but it’s a very real threat we must entertain.
This raises difficult questions about trust. Organizations need to really understand that their networks,
whether self-managed or outsourced, are not only no-trust, they’re likely hostile. We need to be honest
about these realities because doing so allows us to develop a plan for remediating potential risks and
threats. Ideally, organizations will have safeguards in place to ensure people or computers can only
access information they truly have the appropriate trust level for; those trust levels are granularly defined;
the controls are configured conservatively; and the controls work perfectly.
Of course, recognizing these hidden or seemingly trusted threats can be nearly impossible to achieve,
even for mature organizations. As such, monitoring and auditing for every user, device and application –
whether managed or unmanaged – is paramount. Being able to quickly detect and understand the intent
of every threat allows teams to respond accordingly. If all resources in a high-risk network aren’t
monitored for appropriate behavior and information access patterns, your next breach may come sooner
than expected.
About the Author
Gary Golomb is co-founder and chief scientist of Awake Security. He
previously served in the United States Marines 2nd Force Reconnaissance
Company. Gary can be reached online on LinkedIn and at
https://awakesecurity.com.

109
Hindsight Is 2020: Three Security Visions for The Start of The
New Decade
By Dan Cole, Director, Product Management, ThreatConnect
With the advent of the next decade upon us, predictions for the future are sure to abound. Prophets will
prophesy, forecasters will forecast, augurs will augur, and soothsayers will… sooth… say… But we don’t
need to be consulting oracles and interpreting bones – it’s a fool’s errand anyway, especially in the world
of infosec, which moves at a level of speed and unpredictability not seen in other sectors. Instead,
information security leaders should focus on the known, and ready themselves by putting into practice a
clear security vision for the near future. As we head into 2020, there are three concrete cybersecurity
concerns which should be at the top of every cyber analyst’s mind.
The California Consumer Privacy Act (CCPA)
While not quite as famous as California Senate Bill 420, the CCPA is far more likely to get your legal bills
high. The CCPA is a California bill which will create new consumer rights relating to personal information
collected by businesses. The bill takes effect at the exact start of the New Year. Much like California’s

110
former governor, this bill also fights predators. The intentions of the Act are to provide residents with a
suite of rights, including the rights to:
• Know what personal data is being collected about them.
• Know whether their personal data is sold or disclosed and to whom.
• Refuse the sale of their personal data.
• Access their personal data.
• Request a business to delete any personal information collected on them.
• Sue companies which collected data that was later stolen or breached.
• Protection against discrimination for exercising such privacy rights.
Much like GDPR, the CCPA will impact businesses far beyond its immediate geographic borders. Any
company which serves California residents and has at least $25 million in annual revenue will need to
comply with the law. In addition, companies that have personal data on at least 50,000 people or that
collect more than half of their revenues from the sale of personal data will also be required to comply.
From an IT perspective, the CCPA will necessitate that security teams work closely with database
administrators. Tools for dealing with the issue will need to have full visibility into data stored across a
range of the internal corporate environment, while still ensuring that access to such data is properly
secured. If the data is stored on the cloud, the problem becomes even more complicated. But hey, your
companies will have a whole 30 days to figure that out before it can be fined for violations. And it’s only
up to $7,500 per record. So, if you meet the minimum threshold of 50,000 people that’ll only cost around…
375… million… dollars…
The 2020 Elections
Hoo boy, here’s a big one. Election fraud has been gaining an increasingly acute level of scrutiny,
especially following accusations of Russian meddling in 2016. While paper ballots have significant pros
over electronic ones, it seems that many electorates are all aboard the electric train, so we need to find
ways to prepare to roll with the punches. As Bruce Lee said, “Be water, my friend.”
In an act that is unprecedented in U.S. history, seven government agencies have issued a joint statement
warning that foreign powers intend to manipulate the 2020 elections. While your SecOps team might not
be responsible for protecting voting booths, if your organization is tasked with stewarding any appreciable
volume of personally identifiable information, you could still come under attack. Any sort of personal
information could be used by malicious actors to target groups or areas that may be crucial in the
upcoming election. While this threat may not imply some sort of qualitative break with the past, it means
that the threat level we can expect for the next year to be higher, putting an even greater level of pressure
and responsibility on cybersecurity teams.
SecOps teams should be on the lookout for DDOS attacks , phishing, and malware attacks against
infrastructure and networks that may be deemed critical to the elective process. While these are standard
threats that cyber analysts have been dealing with for years, their level of sophistication is increasing,
and the channels for attack are sure to multiple alongside the spread of 5G and IoT.

111
The Roll Out of 5G
5G means more than just access to 1080p Twitch streams while you’re on the go (have you checked out
lara6683? She’s awesome). Advanced AI in devices, combined with cloud computing and now edge
computing, will lead to the creation of a distributed computing environment connecting billions of devices
and leading to a new generation of consumer and business applications. The International
Telecommunications Union (ITU) divides 5G’s use cases into three main categories:
· Enhanced Mobile Broadband (eMBB)
· Massive Machine-Type Communications (mMTC)
· Ultra-Reliable and Low-Latency Communications (URLLC)
The first of those (eMBB) will give you faster access to cat videos, but the other two are worth mentioning
as well! At the micro level, mMTC will extend the Internet of Things to a massive number of new devices,
supporting roughly ten times as many devices in an area than are presently supported. At a more macro
level, URLLC will allow for “mission-critical” communications, enabling industrial automation, drone
control, new medical applications, and autonomous vehicles.
By the end of 2020, most countries around the world will have some form of limited access to 5G, and
half of the United States is expected to have access. Considering the number of cities in the United States
that currently have access is… barely more than 20… that means this is going to be a fast rollout. With
speeds increasing by 10-20x, and the number of connected devices rapidly proliferating, the implications
for our daily lives could be massive. However, some serious cybersecurity concerns remain.
With the multiplication of connected devices, there will be an even greater number of vulnerabilities under
threat from bad actors. At the same time, SecOps teams will find themselves inundated with a flood of
data, as the proliferation of devices compounds the number of connections exponentially.
Combine the sheer increase in volume along with a dramatic boost in speed, and it becomes clear that
cybersecurity teams will need to increasingly rely on software such as SOAR platforms, which orchestrate
and automate responses to security events. Through the usage of such platforms, SecOps teams will be
able to proactively program playbooks to respond to events, allowing analysts to turn their high-level
knowledge into automated routines relieving them of the mundane – and increasingly impossible – job of
providing triage to every event or threat that comes through.
Conclusion
I know how much we in the tech community love to speculate on the future. My fingers are crossed that
the singularity is near, and I, for one, welcome our new Skynet overlords. But as much fun as such
speculations are, our cybersecurity practices, unfortunately, need to be a bit more grounded. These three
issues are not far flung, they are not Jules Verne, they are not Heinlein, Asimov, Dick, or Herbert – these
are concerns we need to focus on now, these are happening in 2020.

112
I mean, if you want to be able to afford nanotech immortality, you’ll need to at least keep your job for a
few more years, right?
About the Author
Dan Cole, Director of Product Management at ThreatConnect, has spent the
last decade as a product manager working to create awesome software that
gets to the core of solving the unique problems faced by a myriad of industry
verticals. From large financial and insurance providers, to global telecom
carriers, to federal agencies, Dan believes that the right software can free
companies and users to focus on and enable their key missions. Learn more
about Dan and visit him online at https://threatconnect.com/.

113
How to Stay Safe on Public Wi-Fi Networks (Detailed Guide)
Connecting to public networks is easy but staying safe on these networks is not easy as we think! Here
are some tips to stay safe on public hotspots.
By Susan Alexandra, Contributing Writer
Public Wi-Fi is a free commodity shared by an organization for the benefit of its clients. Most public Wi-
Fi is not password protected, however, and some public Wi-Fi can also be accessed without authorized
consent.
Increasingly available, free public Wi-Fi can be accessed in shopping malls, entertainment centers,
restaurants, cafes, libraries, universities, hospitals, airports, airplanes, trains and more.
Whether in your home-town or visiting a new place, you can surf the internet, download content, and
spend endless time on social media without paying a single penny.

114
Is It Safe to Connect to Public Wi-Fi?
Free public Wi-Fi is appealing, but it also comes with significant risk and is not safe. As a free service, it
can be used by anyone, including hackers, predators, spies, fraudsters, and all sort of cyber criminals –
so you never know who is sharing the public Wi-Fi connection with you and what their intentions are.
Using public Wi-Fi exposes all your online activities to spying and snooping. There is no data privacy or
security whether it's your personal details like photographs, bank accounts, and social media connections
or business-related information like emails and business files. A hacker armed with a little skill and
knowledge can see what you are doing, which websites you visit and with whom you are connected.
Hacking your passwords is much easier for cyber criminals when you are connected via public Wi-Fi,
putting the security of your accounts at risk – from social media account credentials to email account
logins, bank account information and more. Once your account password is breached, a hacker can lock
you out of your accounts and utilize them for fraudulent or illegal purposes.
Apart from your online activities, public Wi-Fi also makes your offline data and device security vulnerable.
It’s easier for predators to get access to the offline data on your device while you are connected via public
Wi-Fi with malware. This malware can hijack your device and access all the data on it. Viruses can even
destroy the internal system of your device and you can lose all your crucial data.
Hackers and predators can also trace your location when you are connected to public Wi-Fi and gather
information regarding your locations, including information on your family members. This information can,
for those with malicious intentions, be used to cause physical or material harm to you or your loved ones.
Clearly, many potential risks come with using public Wi-Fi – many of which are capable of causing a
prodigious amount of damage. Still, does that mean we should avoid using public Wi-Fi completely?
Staying Safe on Public Wi-Fi
Public Wi-Fi has rapidly become a commodity and sometimes it is hard to resist the temptation to briefly
use it in a pinch. After all, it's free and enormously convenient. There are no guarantees for staying safe
while connected online, but there are a variety of ways to enhance your online security and reduce your
risk of being hacked when using public Wi-Fi.
1. Virtual Private Network (VPN)
A VPN or Virtual Private Network is the safest way of connecting to the internet. It provides access to
servers located around the world and allows you to establish a secure connection from these remote
servers. As a result, you can connect from a server in another country while being physically present in
another location. A VPN allows your computer’s IP address to be hidden so your physical location cannot
be determined, which helps eliminate security concerns related to location tracking and identity theft.
A VPN also provides an encrypted tunnel for all your online activities. All the data sent and received
through the VPN is encoded, so nobody can see what you are doing online. This removes opportunities

115
for spying, snooping, and third-party interferences on your activity so you can safely enjoy the perks of
public Wi-Fi without worrying about prying eyes.
There are a number of free and paid VPN solutions available. Free VPNs reduce the risks associated
with public Wi-Fi, however, they also have security limitations. For this reason, it’s much better to invest
in a paid VPN service to ensure maximum protection. Study the tariffs of ProtonVPN and you’ll see how
cheap VPN providers might be.
2. Password Protected Public Wi-Fi
Most public Wi-Fi is not password protected, however, there are a few businesses that offer passwordsecured
Wi-Fi. These businesses provide you with a password on request and are safer than using open
public Wi-Fi.
There are two benefits of password-secured Wi-Fi. First, the password is provided only on request and
there are a limited number of users connected to the wireless portal, reducing the chances of cyber
criminals and predators scanning for hacking opportunities. Second, it’s not unusual for cyber criminals
to set up fake public Wi-Fi portals and deploy them in busy areas to lure users into thinking they are the
real thing. The names of these fake wireless portals are typically very similar to legitimate networks in
the vicinity, for example, “Free Starbucks Wi-Fi” alongside Starbucks Wi-Fi. Criminals use these fake
wireless portals to scoop up the personal data of people who are fooled into using them. Fake portals
aren’t password protected, however, so if you have the option of using password protected Wi-Fi there
is much less chance of falling prey to a fake public hotspot.
3. Turn Off Wi-Fi
Many people like to set their device to auto connect to Wi-Fi so they can automatically connect to a
network as soon as they are in range. This practice is safe when at home or in the workplace and the
connections are secure, but it can make your device vulnerable if you are in public places.
There are several malicious and fake public Wi-Fi hotspots operated for the sole purpose of hacking and
hi-jacking data. If your device automatically connects to one of these networks there is a high probability
your device will be infected with malware designed to steal online and offline data. Turning the Wi-Fi auto
connect functionality off when you are in public places can help protect your device and data.
4. Anti-Virus
There are loads of viruses that can attack your device when you click on malicious links. These links are
often disguised masquerading as a system upgrade, for instance, and are not easy to detect. Being
cautious about the links you click on can help keep your device safe, but when you are connected to
public Wi-Fi you are at increased risk of malware. Alarmingly, even a single device on a Wi-Fi connection
that contains malware can automatically infect all the other devices that also connect to the network.
Anti-virus is essential to protect your devices and keep them safe from malware and viruses. AV software
will notify you about invading malware and block it from accessing your device, and alert you about
suspicious links as well as any other unusual activity within your device. Installing and actively using AV
software dramatically reduces security threats to your devices and data.

116
5. Safe Browsing
Additional diligence is imperative while browsing and using public Wi-Fi. Never use online banking or
enter any kind of password while on public Wi-Fi unless you are actively using a VPN which hides and
encrypts your data. The same goes for sharing personal information and photographs.
To ensure maximum online security when using a public hotspot, visit only SSL secured sites. SSL is a
standard security technology for establishing an encrypted link between a web server and a browser.
These sites are marked with HTTPS and have a padlock symbol in the address bar to symbolize security,
which means data is encrypted on the site. The padlock symbol is typically found on shopping sites and
other websites where payment transactions are made.
Remembering all of these points can help protect you from many security issues you may encounter
when using public Wi-Fi. For maximum online safety, avoid using public Wi-Fi as much as possible.
About the Author
Susan Alexandra is an independent contributing author to Cyber Defense
Magazine, SecurityToday and Tripwire. She is a small business owner, traveler
and investor in cryptocurrencies.

117
Browser Extensions Are a Leaky Vessel for Phishers to Exploit
By Atif Mushtaq, CEO, SlashNext
Some of the most common and helpful ways to optimize web browsers are by adding extensions, such
as those offered by Google Chrome. These typically small software add-ons can be attached to a browser
for better functionality, ad-blocking and more. But the customizations and increase in productivity they
provide don’t come without risk. In fact, malicious activity conducted through browser extensions as an
attack vector is on the rise.
Researchers at CSIS discovered a new Android malware called Joker that conducted ad fraud and data
theft from two dozen apps that garnered nearly 500,000 downloads from the Google Play store. Joker’s
file was capable of stealing victims’ SMS messages, contact lists and device information, plus covertly
interacting with advertisement websites to generate fake clicks and sign up infected users with
unwarranted premium service subscriptions.
Another infamous attack was on one of the most popular Chrome extensions, the Evernote note-taking
and organizing application. Over 4.5 million users have downloaded Evernote for their virtual notation,
leaving their data susceptible to hackers who exploit a vulnerability that would allow cyber criminals to
bypass Google Chrome’s security policies.
A cybersecurity organization called Guardio uncovered the hole back in June, discovering the
vulnerability could enable attackers to gain access to users’ browsers and extract user information. The

118
flawed method in which Evernote interacted with websites allowed hackers to use cross-scripting
techniques to circumvent the browser’s Same Origin Policy (SOP). SOPs prevent users from accessing
information from web pages by utilizing scripts from other pages from the same source. Fortunately,
following the discovery of this vulnerability, Evernote released a vulnerability patch in an update to fix the
issue.
Earlier this year, hackers used an extension called SingleFile, which allowed users to save and archive
webpages as single HTML file, to spoof login pages and phish unsuspecting users’ credentials.
Unfortunately, these are just two examples of the many instances of browser extension exploitation.
Fortunately, Google is responding to these issues. After announcing last fall that the company planned
on increasing user protections for third-party extensions and other applications, Google is ramping up
restrictions to reduce the exposure of user data. All extensions are only allowed to request necessary
information in order to implement or update application features. Google is also requiring that extensions
which handle users’ personal information to publish their privacy policies and meet updated cybersecurity
guidelines.
However, the problem remains that browser extensions still don’t operate like web applications, meaning
they are not protected by the same SOPs. Browser extensions are still a vessel by which attackers can
“phish” users by using the extension to avoid the SOP protections maintained by the browser itself.
Hackers can then extract user logins/passwords and access the victims’ accounts, empowering them to
use the stolen credentials for malicious theft of money and data.
In a study published in January, researchers from the French institution Université Côte d’Azur, found
that 197 extensions from various internet browsers, such as Chrome and Firefox, and were susceptible
to the threat of malicious websites. These rogue sites had bypassed SOP protections and were able to
gain access to victims’ information.
Cyber attackers are launching these malicious extensions under the guise of useful applications. By
offering naïve users (often the employees of targeted organizations) a browser add-on for various tools
such as grammar checks, archiving assistance, and more, hackers are able to carry out browser-based
phishing schemes that ultimately trick victims into exposing their credentials and private information which
the cyber criminals can then exploit.
This is all part of the great and growing problem of browser-based cybercrime. Most users are now well
aware of the threat of email phishing attacks, but many don’t know just how numerous and widespread
the rest of the attack landscape is. There are just so many options at hackers’ disposal — in addition to
browser extensions and email, pop-up ads, social media, instant messengers, and more are all available
attack vectors for malicious activity.
The responsibility definitely lies with the app stores themselves to vet the safety and security of incoming
apps, which is no easy feat as there’s many ways to bypass security tools looking for specific malware
and attributes that can be masked with minimal coding.
As a security team, there’s also a few steps that can be taken to reduce a user’s exposure. Cybersecurity
awareness training and prohibiting new software downloads to corporate computers without the express
authorization of the IT team are a couple of examples. Employers should also do their research to find

119
effective and forward-looking cybersecurity solutions. Too many products are reactive and don’t
proactively investigate for real-time threats. These are some of the initial necessary measures
organizations need to take toward protecting data from the abundant and dangerous threats that are
plaguing users from browser extensions.
About the Author
Atif Mushtaq is founder and CEO of SlashNext, the company
pioneering a new, more effective way of protecting companies
from the growing problem of Web-based phishing. Prior to
founding SlashNext, Atif spent nine years at FireEye as a senior
scientist, where he was one of the main architects of FireEye’s
core malware detection technology. He has spent most of his
career on the front lines of the war against cybercrime. He has
worked with law enforcement and other global organizations to
take down some of the world’s biggest malware networks
including Rustock, Srizbi, Pushdo and Grum botnets.

120
Really, Imagine a Day Without Water
By Michael Yehoshua
On October 23, toothpaste maker Colgate and world champion swimmer, Michael Phelps, the
ambassador for the company’s Save Water initiative, headed over 1,100 organizations across the Unites
States for the fifth annual ‘Imagine a Day without Water’. The annual nationwide education initiative was
created by the US Water Alliance and it Value of Water Campaign to raise awareness of the importance
of country’s water supply and the infrastructure that maintains it.
The coverage of the nationwide water awareness day focused on ways to conserve water in the context
of long-term fears concerning the future of the planet’s supply of fresh water in the light of global warming.
But nothing was reported concerning a far more imminent threat to the US water supply - that of crippling
cyber-attacks directed by hostile nations-states and organized groups of cyber criminals.
While there are now calls for the US Congress to make rulings designed to protect the power grid from
cyber-attacks and many warnings been written about the horrors of a city deprived of its power and rapidly
descending into chaos, the vulnerability of vital water utilities has hardly been discussed at all.
But water utilities are as vulnerable to cyber-attacks as power stations and the effects of disrupting a
city’s water supply could be more devastating than cutting off its electricity. After all, people lived for
hundreds of thousands of years without access to electricity. But in all humanity’s long past, no-one has
ever been able to survive more than a few days without water. Toilets and sewage systems also depend
on a constant water supply. Cyber-attacks designed to damage infrastructure in such a way as to stop or

121
pollute the water supply could make great cities almost uninhabitable for weeks on end. Farming regions
are also heavily dependent on water supplies for irrigation and cyber-attacks aimed at agricultural regions
could even impact the country’s food supply.
An orchestrated attack on the US water supply sponsored by a hostile nation state would wreak untold
chaos on a target country’s economy and way of life, the primary aim of cyberwarfare. Alternatively,
financially hacker groups could hold authorities and even countries to ransom by executing targeted
malware attacks on water utilities.
Water utilities typically have outdated cybersecurity in place that has not kept pace with the age of the
internet. Where critical infrastructures once used stand-alone IT systems and operations were largely
mechanical, water utilities are becoming increasingly digitalized while also embracing the Internet of
Industrial Things (IoIT). In the interest of efficiency and cost-effectiveness, third-party contractors are now
also frequently used for mission-critical functions. All these innovations carry an unseen price. They leave
the utility open numerous threat vectors.
It is now a matter of national urgency that water utilities extend their cybersecurity perimeters immediately
with modern Twenty-First Century defenses designed to stay a step ahead of state sponsored hackers
and criminal gangs. SCADAfence technology and procedures, for example, allow water utilities to identify
and examine exposures and security gaps before attacks can occur. Network maps, statistics and
dashboards are designed to fit from the smallest network to those with thousands of assets. SCADAfence
is now partnering with Fortinet’s FortiGate VPN functionality to allow secure remote connectivity to
industrial facilities and crucial infrastructure such as water utilities. Part of the process must also include
including monitoring of internal traffic on the system and being able to instantly disconnect or disable a
remote session if the user is performing actions that deviate from company policies, learned behavior, or
rule-based engines from inside the SCADAfence platform.
On October 23, Michael Phelps, the most decorated Olympic athlete of all time, urged the American
people to “try and imagine a day without water.” Unless America starts to secure its water utilities against
cyber-attacks, their imaginings could become a grim reality for many - and far sooner than Phelps,
Colgate or the climate activists anticipate.
About the Author
Michael Yehoshua is the global VP of marketing at operation technology (OT)
cybersecurity company SCADAfence. SCADAfence is the only Cybersecurity
platform built to keep complex, large-scale OT networks running smoothly as you
embrace digital transformation. Visit him online and learn more about his company
at https://www.scadafence.com.

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS
“Amazing Keynote”
“Best Speaker on the Hacking Stage”
“Most Entertaining and Engaging”
Gary has been keynoting cyber security events throughout the year. He’s also been a
moderator, a panelist and has numerous upcoming events throughout the year.
If you are looking for a cybersecurity expert who can make the difference from a nice event to
a stellar conference, look no further email marketing@cyberdefensemagazine.com

139
You asked, and it’s finally here…we’ve launched CyberDefense.TV
At least a dozen exceptional interviews rolling out each month starting this summer…
Market leaders, innovators, CEO hot seat interviews and much more.
A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

140
Free Monthly Cyber Defense eMagazine Via Email
Enjoy our monthly electronic editions of our Magazines for FREE.
This magazine is by and for ethical information security professionals with a twist on innovative consumer
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best
ideas, products and services in the information technology industry. Our monthly Cyber Defense e-
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here
to sign up today and within moments, you’ll receive your first email from us with an archive of our
newsletters along with this month’s newsletter.
By signing up, you’ll always be in the loop with CDM.
Copyright (C) 2019, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a
CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,
CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,
Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com
All rights reserved worldwide. Copyright © 2019, Cyber Defense Magazine. All rights reserved. No part of this
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,
recording, taping or by any information storage retrieval system without the written permission of the publisher
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at
marketing@cyberdefensemagazine.com
Cyber Defense Magazine
276 Fifth Avenue, Suite 704, New York, NY 1000
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 12/01/2019

141
TRILLIONS ARE AT STAKE
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES
Released:
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH
In Development:

142

143

144

145

146
Nearly 8 Years in The Making…
Thank You to our Loyal Subscribers!
We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know
What You Think. It's mobile and tablet friendly and superfast. We hope you
like it. In addition, we're shooting for 7x24x365 uptime as we continue to
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)
around the Globe, Faster and More Secure DNS
and CyberDefenseMagazineBackup.com up and running as an array of live
mirror sites.
5m+ DNS queries monthly, 2m+ annual readers and new platforms coming…

147

148

149

150