Cyber Defense eMagazine January 2020 Edition

1
Best Practices for Building A
Comprehensive Cyber Risk
Management Program
The Dark Truth of Insider Threat
What’s the Security Misconfiguration
Antidote? Automation.
The Ultimate Guide to SSL/TLS
Decryption
Getting PKI Right
How to build a career in Cyber Security
…and much more…
1

2
2

3
CONTENTS
Welcome to This Very Special January 2020 Edition ........................................................................................ 6
Best Practices for Building A Comprehensive Cyber Risk Management Program ............................................ 20
The Dark Truth of Insider Threat ................................................................................................................... 24
What’s the Security Misconfiguration Antidote? Automation. ....................................................................... 27
How To Mitigate The Risks Of Remote Desktop Protocol ............................................................................... 30
How to Know If Someone Is Watching You on Your Camera .......................................................................... 33
8 Common Types of Small Business Cyber Attacks ........................................................................................ 36
The Ultimate Guide to SSL/TLS Decryption ...................................................................................................... 40
Encryption Is Key to Guarantee Data Is Anonymous ...................................................................................... 46
Europe Cybersecurity Market Size to Steer At 13% CAGR To 2025 ................................................................. 49
Iot Security and Privacy ................................................................................................................................ 53
Getting PKI Right .......................................................................................................................................... 56
Seven Security Predictions For 2020 ............................................................................................................. 59
How To Build A Career In Cyber Security ....................................................................................................... 64
Fraud: A Look Back At 2019 And What to Expect in The New Year ................................................................. 67
Anomaly Detection Is the Next Cybersecurity Paradigm ................................................................................ 70
More Spending Won’t Solve Your Hardest IT Challenges In 2020 And Beyond. Here’s What Will. ................... 74
The Decade Ahead for Cybersecurity ............................................................................................................ 77
Moving Network Security to The Cloud ......................................................................................................... 80
3

4
@MILIEFSKY
From the
Publisher…
New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com
Dear Friends,
It’s now 2020. Do you have 2020 vision on the threats, vulnerabilities and assets on
your network as we ring in a new year? Do you know what an OODA Loop is? Have
you been to FairInstitute.org? Are you turning up your human firewall using
companies like www.knowbe4.com one of our black unicorn award winners among
nine other amazing players, found here:
https://cyberdefensemagazine.tradepub.com/free/w_cyba53/? Are you
leveraging time-based security and new deception technologies like those from
www.attivonetworks.com to slow down the breach or totally mitigate it, leaving
the bad guys in a sweet or salty trap? If not, now is the time. It’s also nearly the time where more than a dozen of our team
members head to the biggest infosec show on earth coming to us in late February – it’s the RSA Conference 2020, held once
again in San Francisco, CA, USA and found online at https://www.rsaconference.com.
Our 8 th annual InfoSec Awards for 2020 are closing in less than a month and a few days and we hope to find more winners
this year who are market leaders, innovators and those offering some of the best solutions for cyber security in the global
marketplace. For those women who did not make our Top 25 Women in Cybersecurity for last year or missed out on the
deadline, we have added Women in Cybersecurity as a new category this year and you can even ask our judges if they will
create a new category for your unique product or service. If you’re an infosec innovator, please consider applying at:
https://www.cyberdefenseawards.com/ We offer our own statistics that you are free to reuse anytime, from this page:
http://www.cyberdefensemagazine.com/quotables/. We have many new interviews going live on
https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com this month, so please check them out and share
links to them with your friends and co-workers.
With over 5m views on Cyber Defense Magazine just for the month of December, we expect big improvements and changes
to how we handle growth, respond to customer and partner needs as we all work together to continue to learn new and
better ways to get one step ahead of the next threat!
Warmest regards,
Gary S. Miliefsky
Gary S.Miliefsky, CISSP®, fmDHS
CEO, Cyber Defense Media Group
Publisher, Cyber Defense Magazine
P.S. When you share a story or an article or information about CDM, please use #CDM and @CyberDefenseMag
and @Miliefsky – it helps spread the word about our free resources even more quickly.
4

@CYBERDEFENSEMAG
CYBER DEFENSE eMAGAZINE
Published monthly by the team at Cyber Defense Media Group and
distributed electronically via opt-in Email, HTML, PDF and Online
Flipbook formats.
5
InfoSec Knowledge is Power. We will
always strive to provide the latest, most
up to date FREE InfoSec information.
From the International
Editor-in-Chief…
It’s 2020 and the threat matrix continues to evolve. We’re
finding the US and global media outlets are enjoying Deep
Fake as much as they enjoy emoji keyboard software for their
mobile phones, downloaded with keylogger technology
planted within.
If you don’t have your glasses on, you might believe this is Tom
Cruise running for President of the USA in 2020, for a small
example: https://www.youtube.com/watch?v=5Btb8gLy3-E
was this a mix of real ‘look alike’ and some innovative facial
morphing of Deep Fake?
When it comes to dealing with threats, expect these to scale
this year:
• Nation State Cyberespionage and Cyberwarfare
• Supply Chain Management Exploitation
• Cloud-based Identity Attacks
• New Deep Fake Spear Phishing Attacks
• Mobile Devices Become the Ultimate Backdoor
• IoT Devices Become New Critical Targets
• Ransomware will continue to escalate
….from Italy with Love, America and Cyber Defense Media
Group – you complete me. Show me 2020!
To our faithful readers, we thank you,
Pierluigi Paganini
Editor-in-Chief
PRESIDENT & CO-FOUNDER
Stevin Miliefsky
stevinv@cyberdefensemagazine.com
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER
Pierluigi Paganini, CEH
Pierluigi.paganini@cyberdefensemagazine.com
US EDITOR-IN-CHIEF
Yan Ross, JD
Yan.Ross@cyberdefensemediagroup.com
ADVERTISING
Marketing Team
marketing@cyberdefensemagazine.com
CONTACT US:
Cyber Defense Magazine
Toll Free: 1-833-844-9468
International: +1-603-280-4451
SKYPE: cyber.defense
http://www.cyberdefensemagazine.com
Copyright © 2019, Cyber Defense Magazine, a division of
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)
276 Fifth Avenue, Suite 704, New York, NY 10001
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
PUBLISHER
Gary S. Miliefsky, CISSP®
Learn more about our founder & publisher at:
http://www.cyberdefensemagazine.com/about-our-founder/
WE’RE TURNING A CORNER INTO
8 YEARS OF EXCELLENCE!
Providing free information, best practices, tips and
techniques on cybersecurity since 2012, Cyber Defense
magazine is your go-to-source for Information Security.
We’re a proud division of Cyber Defense Media Group:
CYBERDEFENSEMEDIAGROUP.COM
MAGAZINE TV RADIO AWARDS
5

6
Welcome to This Very Special January 2020 Edition
In my capacity as US Editor-in-Chief, I’m pleased to welcome readers of Cyber Defense Magazine to the
January 2020 issue. Based on our current experience, some 5 Million individual online inquiries will land
on our pages this month.
We find ourselves at the beginning of a new decade. It’s a good time to recall how recently it seems we
were entering the new century. And what was the most pressing concern at the end of 1999?
Y2K! Almost no one thinks of that much anymore, but at the time, it was feared that the entire digital
system on which so many functions depended might come to a crashing halt. 50 years ago, when
programming dates were being assigned to many operating systems and program features, it seemed
that a 2-digit year format would suffice. As we approached the time when “xx99” would turn into “xx00,”
dire predictions emerged – fortunately few of which ever came to pass.
If we consider for a moment the increasing speed at which cyber developments occur, and place that in
the perspective of 20-year increments, we must be prepared to deal with new and growing challenges to
cybersecurity.
Foremost among them will likely be based on Artificial Intelligence, Machine Learning, the 5G network,
and no doubt more we have not yet seen or imagined.
That is the value proposition of Cyber Defense Magazine: keeping our audience informed and ahead of
the curve of these very developments.
Wishing you all success in your cyber security endeavors,
Yan Ross
US Editor-in-Chief
Cyber Defense Magazine
About the US Editor-in-Chief
Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for Cyber
Defense Magazine. He is an accredited author and educator and has provided
editorial services for award-winning best-selling books on a variety of topics.
He also serves as ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS® course.
As an accredited educator for over 20 years, Yan addresses risk management
in the areas of identity theft, privacy, and cyber security for consumers and
organizations holding sensitive personal information. You can reach him via
his e-mail address at yan.ross@cyberdefensemediagroup.com
6

7
7

8
8

9
9

10
10

11
11

12
12

13
Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep
understanding of your web application vulnerabilities, how to prioritize them, and what to do about
them. With this trial you will get:
An evaluation of the security of one of your organization’s websites
Application security guidance from security engineers in WhiteHat’s Threat Research Center
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well
as share findings with internal developers and security management
A customized review and complimentary final executive and technical report
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/
PLEASE NOTE: Trial participation is subject to qualification.
13

14
14

15
15

16
16

17
17

18
18

19
19

20
Best Practices for Building A Comprehensive Cyber Risk
Management Program
By Haythem Hammour, Product Marketing Manager, Brinqa
A primary goal for most information security organizations today is the identification, prioritization and
remediation of cyber risk. Businesses struggle with risk management for a variety of reasons, including
disconnected teams and stakeholders, limited resources, data overload and lack of consistency.
The enterprise IT infrastructure is evolving at a rapid pace. SaaS, IaaS, and cloud-native technologies
have enabled businesses to embrace digital transformation, but they have also made enterprise IT
environments more diverse and complex, and difficult to manage and secure. Software applications also
represent an important attack surface. Most organizations’ software infrastructure comprises very diverse
entities – internally developed applications, externally sourced software, desktop applications, web
applications, mobile applications, open source components, SaaS, APIs and web services.
The cybersecurity infrastructure to secure these elements is equally diverse. Different products may be
used for testing for vulnerabilities in network, cloud, and container infrastructure. Separate, dedicated
security products may be used for static application testing, dynamic or web application testing, and
software composition analysis. Securing software infrastructure also requires DevSecOps, mobile
security, penetration testing, and more. And, in most cases, these components and the corresponding
security infrastructure are owned and managed by different teams, with little communication and
collaboration.
20

21
A further challenge arises from the use of the cybersecurity tools themselves. They provide valuable and
useful insights, but this data can easily get lost in a deluge of irrelevant information. Threat intelligence
is a prime example of the need to identify and utilize relevant information while ignoring the noise. Making
things more difficult is the reality that information about a particular entity may be distributed across
multiple tools and locations.
Organizations need to be able to connect, model and analyze relevant security, context and threat data.
That’s the best way to deliver knowledge-driven insights for cyber risk prioritization, reporting and
remediation. Companies need to implement a cyber risk management program that can:
• Intelligently connect vulnerability, asset and threat data from all sources for complete visibility and
understanding of cyber risk.
• Prioritize remediation to address the most impactful, exploitable, and prevalent risks.
• Eliminate the noise of false positives and irrelevant information.
• Automate closed-loop remediation of risks at scale through creation, tracking and escalation of
tickets.
• Narrow communication gaps across teams with a common data model, nomenclature, and
language.
• Communicate real-time program metrics and risk indicators to all key stakeholders.
Information security organizations looking to build out their own cyber risk management programs should
have the following best practice recommendations at the top of their minds:
Develop a comprehensive, extensible cybersecurity data ontology – Security teams must implement a
cyber risk management process that is built on a comprehensive, standardized, and dynamic data
ontology. Such an ontology will clearly define, delineate, and represent the common IT, security, and
business components that comprise the enterprise technology infrastructure, and the relationships
between them. To deliver risk insights that are relevant to a business, security teams must ensure that
any unique organizational factors that have an impact on risk analysis are reflected in the cyber risk data
ontology. The ontology must also be able to evolve with changes in the IT and cybersecurity landscape,
without adversely impacting the risk management processes.
Expand the scope of cyber risk management to include network, applications, cloud, and emerging
technologies – Organizations need comprehensive coverage of risk analysis and management across
the entire enterprise technology infrastructure. InfoSec organizations must implement a consistent cyber
risk management strategy across critical infrastructure components using dedicated, purpose-built
processes for vulnerability management, network security, application security, cloud security, and
emerging technologies such as IoT.
Adjust risk prioritization models as necessary – Another critical factor for success comes from being able
to leverage information from disparate cybersecurity tools and stakeholders to develop and present new
21

22
knowledge and insights in the form of risk scores, ratings, alerts and notifications. To do so, security
teams need to have complete visibility and control over the risk methodology—resulting in accurate and
relevant results and a better understanding of the factors driving risk prioritization and remediation.
Automate remediation management – Instead of ad hoc decisions, security teams should formulate and
implement policies for risk remediation through automated ticket creation, tracking, and validation.
Strong, comprehensive capabilities around consolidation, dynamic ownership and SLA assignment can
significantly improve the effectiveness of the remediation process.
Leverage cybersecurity process automation where possible – Cyber Risk Management involves
processing and analyzing massive volumes of IT, security, and business data. This can be very time and
resource intensive, and automation should be used where possible to alleviate these needs. Automated
processes for risk analysis, prioritization and reporting not only make the program more efficient, but also
lead to more consistent and accurate results.
Develop and communicate integrated analytics – For a cyber risk management program to function
effectively, it must intuitively engage and inform all the varied stakeholders across IT, security, and
business at the appropriate instant in the risk lifecycle. The ability to visually communicate key risk and
performance indicators through powerful metrics and reports are crucial to program success.
Organizations must empower and encourage stakeholders to develop and communicate the metrics and
reports that matter to them.
The pace of change in enterprise IT is not letting up and cyber risk management programs must evolve
and grow to keep pace. Best practices are taking shape as businesses and the public sector come to
terms with the scale of the challenge. These include establishing and maintaining an extensible
cybersecurity data ontology as well as process automation, integrated analytics, use of the open risk
prioritization model and more. With such practices in place, the challenge of protecting complex
enterprise software infrastructure becomes more manageable and dynamic.
22

23
About the Author
Haythem Hammour Product Marketing Manager. Haythem brings
education, experience, and serious credibility to his role as Product
Marketing Manager at Brinqa. A customer-focused Information
Security professional and Cyber Security evangelist, Haythem uses his
engineering background and diverse experience to inform his work and
to successfully collaborate with engineers and creative teams. He is a
Cyber Security scholar, and is an official member of both the Product
Marketing Alliance and the Forbes Communication Council.
haythem.hammour@brinqa.com I ☎ (512) 372-1004
8310 N Capital of Texas Hwy, Suite 155, Austin, TX 78731
www.brinqa.com |Twitter | LinkedIn | Free! Webinars
https://twitter.com/hammour_haythem
23

24
The Dark Truth
of Insider Threat
By Richard Menear, CEO, Burning Tree
In any business, we inherently want to
trust the people we work with. By and
large, we can. However, the reality is
that insiders remain one of the main
threats to your organisation’s
information and cyber security, and if
you think your company can’t be
breached — think again!
Although it can sometimes be difficult to separate incidents caused by insiders from general data
breaches, Verizon’s 2019 Data Breach Investigations Report found that 34% of all breaches in 2018
happened as a result of insider work. The same report also found that 68% of data compromise is internal.
Internal incidents can be especially tricky to detect because actors know exactly where sensitive data is
stored and have a good understanding of your cyber security processes and the solutions you have
implemented. As such, some breaches may go undetected for months — or even years.
But with the cost of an insider attack remaining high (the average cost rose 15% from 2018 to 2019), it
has never been more crucial for organisations to be aware of insider threats.
Defining “insiders”
We might think of “insiders” as disgruntled or malicious employees waiting to steal your corporate data
and sell it on the dark web. Malicious intent from a disgruntled employee can be the worst type of insider
threat — with fraudulent activity often going undetected and eroding company profitability. However, more
often than not, a data leak is simply due to a mistake or unintentional misuse.
According to reports, privileged IT users or admins are the most dangerous insiders. It is normal for IT
operational staff to have direct administrative access to all systems. The information on these systems
can be highly confidential or valuable and is often subject to strict compliance requirements such as
GDPR. Plus, even if personal information is locked down at the application, IT administrators can access,
copy, change or delete data — which could result in a GDPR compliance issue.
24

25
Focus on detection
Although prevention, mitigation and response are crucial parts of security policies, when it comes to
insider threats, it is essential to shift the focus to detection. This means investing in and deploying suitable
solutions.
The different approaches used to detect and eliminate insider threats depends on infrastructure and
applications.
Privileged Access Management
Weak authentication or shared credentials can further extend the risk of a highly privileged account being
compromised, so application access control and password rotation are vital for improved adaptive
authentication.
At the simplest level, insider threat detection solutions will ‘vault’ administrative passwords to protect and
safeguard passwords, only releasing them as and when required.
Solutions could include AD Bridging to onboard Unix servers, policy enforcement, management of
workstations, password rotation and command auditing.
For example, One Identity’s Privileged Access Management solutions and Quest’s audit and reporting
solutions enable you to provide the full credential when necessary or limit access with granular delegation
for least privileged access. Security can also be enhanced by requiring a second factor of authentication
for user, administrative or superuser access.
Privileged Session Management
To proactively detect and limit insider threats, Privileged Session Management is also crucial. By
monitoring activity, software can help to identify and alert security officers to any broken rules — allowing
them to inspect and respond to suspicious activity as it happens.
One Identity and Quest’s software records and logs all privileged activity — down to the keystroke, mouse
movement and windows viewed — in real-time. Privileged access is then granted based on established
policies with appropriate approvals. This eliminates shared credentials and assigns individual
accountability, resulting in enhanced security and easier compliance.
Process control is key
Without adequate security controls around Privileged Account Management in place, the resulting
damage and fraud from an insider attack could be disastrous. Changing user behaviour and vetting
privileged users is arguably as important as implementing the right software.
25

26
As such, process control is also key to managing privileged users. Over the years, Burning Tree has
helped many companies address required change within their security practices. This involves
implementing a combination of appropriate software and enhanced processes to provide a complete
Privileged Account Management solution that helps to detect and prevent insider attacks.
To find out how we can help tackle insider threats within your organisation, contact us today. If you would
like to learn more about corporate cyber security issues, please follow us on LinkedIn to stay up to date
with our latest articles.
About the Author
Richard is responsible for the overall management and day to day
running of Burning Tree. He supports the Directors in the delivery of
their assignments and on the development of the consulting practice
in the field of Information Risk Management. Richard specialises in
Operational Risk Management and has held senior positions in a
number of Global Financial Institutions.
With a successful track record of over 26 years in Financial Services
and 13 years in Risk Management, Richard has a wealth of
experience. He was Head of Operational Risk for a Global service
unit of HSBC Bank and worked at a number of UK based banks
helping them achieve AMA status under the Basel II accord.
https://burningtree.co.uk/
26

27
What’s the Security Misconfiguration Antidote? Automation.
By Joshua Williams, Senior Cloud and Automations Solutions Engineer, FireMon
The collective security community is spending too time much worrying about vulnerabilities. They need
to shift some of those resources and take a good hard look at misconfigurations, especially in the cloud.
According to Gartner, through the year 2023, 99 percent of all firewall breaches will be caused by
misconfigurations, not flaws.
What’s more, data sources such as the Identity Theft Resource Center suggest that there were
approximately 1,244 reported data breaches in 2018 in the United States and more than 30 percent (377
total) were directly attributed to unauthorized access.
Misconfigurations Continue to Result from Human Error
Misconfigurations, aka human error, almost always occur during the change process, when new rules
are added, modified or deleted. This often happens manually, and the misconfigurations leave an
organization’s network vulnerable to a data breach. In fact, many data breaches today are the result of
this user error. This typically occurs when a system operator has misconfigured a platform or server.
When this happens, a malicious actor can gain unauthorized access and an organization is now at risk.
Firewall and cloud misconfigurations come in all shapes and sizes and no business is immune to their
threats. Misconfigurations can include overly permissive access, incorrect access, open ports to known
vulnerable hosts, rules that bypass the proxy, and access that violates internal or regulatory compliance
standards.
Bottom line, a simple misconfiguration can open your server up to remote access by anyone with an
internet connection, or allow data to be accessed, stolen and used for nefarious purposes.
Misconfigurations can also significantly violate compliance rules and cause devastating service outages.
27

28
Just a few months ago, Imperva announced that a misconfiguration of an Amazon Web Services cloud
enabled hackers to access customer information using its Web Application Firewall product. In
November, Texas Health Resources was breached from a misconfiguration error in its billing system,
which impacted 82,000 patients.
Why is This Happening
Misconfigurations are happening for a number of reasons. FireMon’s sixth annual “State of the Firewall”
report found that there are several key reasons for the increase. First, the pace of business and digital
transformation is simply happening faster than the ability to protect it. The Internet of Things and our
quest to connect every aspect of our business to the internet to move data at lightning speed is outpacing
the level of security needed to protect all the new access points.
Further, we are facing a widening gap in finding the right security talent. The lack of experienced and
properly trained security professionals are driving increases in misconfigurations and the overall number
of breaches annually.
Of course, we are also seeing more firewalls deployed on premise and in the cloud and the number of
rules associated with these firewalls also increase simultaneously. The legacy process of manually
changing policies within a growing firewall environment is a recipe for further disaster and needs a
process change.
The Right Level of Automation Can Remove Human Error and Protect Businesses
The automation of network rules, policies and configurations on premise and off can greatly remove
human error and protect businesses of all sizes from data breaches. It eliminates
guesswork and manual input, especially when rolling out error-prone, late-night changes across multiple
vendors, platforms and data centers. When businesses automate their firewall policy change
management processes, they can move valuable resources to higher priority security needs.
Overall, automation can increase operational efficiency, reduce security cost and increase compliance.
However, it’s important to note that automation isn’t something that you simply turn on.
Businesses need a solution that aligns security automation to meet them where they are in their digital
transformation initiative. By mapping to the current workflow and processes, automation can give
customers the flexibility to automate at their own pace and confidence level.
Organizations should also implement automation that doesn’t add any new complexities or make their
security operations more complex. The best automation allows customers to keep their hands on the
wheel, and ultimately free up the resources of an already short-staffed team to enable speed, lower
compliance risk and close the innovation gap.
28

29
As more and more businesses begin to automate their network security management processes, we will
begin to see a decrease in misconfigurations and ultimately breaches caused by incorrect access and
open ports.
About the Author
Joshua Williams is a Senior Cloud and Automations
Solutions Engineer at FireMon. In this role, Josh helps
enterprises navigate unique network security challenges and
map requirements to meet their needs. Previously, Josh
worked on the FireMon development team to integrate cloud
platforms and on-premise devices into its award-winning
platform. Before joining FireMon, Josh was an engineer for
a major stock exchange and a government agency where he
led the implementation of automation practices across
security and network devices. Josh also teaches as an
adjunct professor of Computer Science at a community
college in Kansas City. He can be reached on LinkedIn and
the company website: www.firemon.com.
29

30
How To Mitigate The Risks Of Remote Desktop Protocol
By Chris Morales, head of security analytics at Vectra
Remote Desktop Protocol (RDP) is an invaluable tool for any business wanting to save money and create
efficiencies through centrally controlling all its computer assets no matter how far away or isolated.
However, such a capability is also a tempting prospect for cybercriminals looking to exploit the system
for their own gains, with Vectra research highlighting that malicious RDP behaviours are experienced by
nine out of ten organisations.
The research also reveals which industries and size of organisations have the most RDP detections,
along with examples of how cybercriminals and state-sponsored actors are using RDP.
Why is RDP so attractive?
Traditionally, a business that wanted to fix issues on its computers that were situated away from its central
offices had two choices; either send out engineers to resolve the issue or have them permanently
stationed locally. Neither option is ideal with a call out costing in the region of US$2,200, while having an
engineer based on a remote site is unlikely to be cost effective. Further, as more than 60 percent of
machine issues can be fixed remotely, it is no wonder more and more companies are turning to RDP.
Using the protocol, one engineer can do the work of a whole team without the need to leave a central
control room through being able to potentially access and control every computer on the network.
However, it is this very capability that makes infiltrating an organisation’s RDP so attractive for threat
actors, enabling them to cause chaos without being detected. No wonder the FBI has warned that such
activity has been on the rise since mid-late 2016.
30

31
Industries under threat
According to our research, manufacturing was the most targeted sector for malicious RDP behaviours,
accounting for 20 percent of incidents monitored across nine industries, followed by finance and retail.
Manufacturing also accounted for the highest number of RDP Recon and Suspicious Remote Desktop
activities observed.
An RDP Recon incident is when several failed attempts to establish an RDP connection are detected,
potentially indicating that a threat actor is trying to access a system using different login combinations or
is looking to identify active accounts. Conversely, Suspicious Remote Desktop is activated when unusual
characteristics are detected following a successful RDP connection, such as an RDP server that is usually
logged into using English keyboard inputs, is accessed by someone using a German keyboard.
In relation to the size of an organisation experiencing RDP attacks, medium manufacturing firms topped
the list with large manufacturing businesses also making the top ten. Medium retailers and medium
financial institutions also witnessed high levels of malicious RDP behaviour. As a whole, medium
organisations experienced the most RDP detections with 6.9 per 10,000 workloads or devices, small
organisations had 6.5, while large businesses had 4.5.
There are two factors worth considering when looking at these numbers. First is that the size of the
company in relation to the number of employees is not indicative of number of devices. For example,
manufacturing has significantly more connected devices than workers. The second is that larger
organisations are likely to have greater resources focused on countering cyber threats.
Using RDP to attack
RDP has been used in many cyberattacks recently, the most notable of which is SamSam. This hacking
and extortion scheme affected more than 200 organisations, enabling the perpetrators to amass US$6
million in ransom payments and inflict US$30 million of damage. Through RDP the threat actors were
able to carry out privilege escalation, malware infection and execute files without user authorisation or
action.
State-sponsored actors are also using RDP to commit espionage and sabotage. Take APT40, a threat
actor cell identified by FireEye as supporting China’s naval ambitions for modernisation. The group uses
RDP to move laterally through the networks of organisations involved in the development and production
of naval technologies to steal data, carry out reconnaissance and execute malware.
FireEye research also points to a threat actor group using RDP to carrying out clandestine operations on
behalf of Iran, called APT39. The group leverages RDP against targets in the Middle East, Europe and
the United States to facilitate movement and long-term access to a network to gather information and
cause sabotage.
Mitigating the risk of RDP attacks
While there are significant risks of threat actors maliciously using RDP to gain access to a network,
businesses around the world find it invaluable for their day-to-day operations, seeing the benefits far
outstripping any danger.
Therefore, those continuing to use RDP must look to mitigate these risks. This can be achieved through
limiting RDP access to only those that need to use it and employing strong credential and authentication
31

32
policies. This includes stipulating that employees must use their own unique username and password
when accessing the RDP. Such a move should ensure that unauthorised people do not get their hands
on RDP credentials and help to identify the source of any cyberattack.
To further protect their networks, businesses need to be able to quickly detect and deal with those
cyberattacks that target RDP. This can be achieved by putting in place solutions that can monitor remote
access behaviours to determine whether or not the network has been infiltrated and then enable a
response if necessary.
In this way business can be sure that their useful RDP tool continues to benefit them instead of being
used as an attack vector by cyber criminals.
About the Author
Chris Morales, head of security analytics at Vectra. Christopher Morales is
Head of Security Analytics at Vectra, where he advises and designs incident
response and threat management programs for Fortune 500 enterprise clients.
He has nearly two decades of information security experience in an array of
cybersecurity consulting, sales, and research roles. Christopher is a widely
respected expert on cybersecurity issues and technologies and has
researched, written and presented numerous information security architecture
programs and processes.
Chris can be reached online at https://www.linkedin.com/in/cmatx/ and at our
company website https://www.vectra.ai/
32

33
How to Know If Someone Is Watching You on Your Camera
In this era of video chatting and social media live streaming, your computer’s webcam can never be
more relevant.
By Anda Warner, Marketing Specialist , SEOforX
In this era of video chatting and social media live streaming, your computer’s webcam can never be
more relevant. But just like any other tech devices, webcams are prone to hacking, which can lead to a
serious, unprecedented privacy breach. Think of a case where authorized person access and illegally
takes control of your webcam, without your knowledge. Such a person will effortlessly spy on you and
the people around you and, depending on the value and quantity of data he steals, there can be dire
repercussions on your part.
And because it hasn’t happened to you yet shouldn’t be a reason for you to imagine that you are safe.
The art of criminals recording video footage and then extorting money from people through isn’t an idle
Hollywood cliché. It happens to real people. That is why you should be extra careful whenever you see
any suspicious changes to your camera.
33

34
How do hackers pull this off?
Well, a webcam hacker doesn’t need much to take control of your webcam. All the hacker needs to do is
get a malware program that hijacks a webcam and remotely install it into your computer. Then without
your knowledge, he starts to take videos and images of you from his remote location. And if he is
interested in your personal information such as files stored in the computer and your regular browsing
history, the malware will help him accomplish that, too.
That being said, you don’t need to panic as there are ways of knowing if a hacker is watching you on
camera. Besides, it isn’t easy for anyone to control your webcam remotely without you noticing that
something is amiss. Once you realize your vulnerability, you can always use a VPN to keep the hackers
at bay.
Now that we are all on the same page, let’s look at 4 signs that you can use to check if your webcam is
being used by hackers to spy on you.
1.Does the camera misbehave, e.g. change position without your command?
If your webcam is modern enough, then it has the ability to rotate and move in different directions in order
to capture the best video/image at the most convenient angle. That is a cool feature when you are using
it, but it increases your vulnerability when a hacker takes charge. Always be keen to check if the camera
is moving or rotating without your command. If you realize any unusual movement, that is an indication
that someone is spying on you.
And because webcams work synonymously with built-in microphones and speakers whenever you videochat,
a misbehaving camera will most likely affect the mic and speakers as well. Be aware of any changes
in them as well.
2.Strange storage files
After a hacker records footage via your webcam, that footage - be it video or audio - will be saved among
your existing storage files. That is to mean that if a file pops up from nowhere, then that would be a red
alert. “Always check out for files you did not create, most particularly in your webcam recordings folder.
You cannot also rule out the chances of the hacker having relocated some of his and some of your files
to new folders or to a location where you aren’t likely to check on a regular basis,” suggest Diceus, an
outsourcing Java development company. For that, always comb every corner of your storage locations
and confirm that your webcam settings are in accordance your specifications at all times.
3.Is the indicator light misbehaving?
Does your webcam indicator blink abnormally or go on without you prompting it? If yes, someone could
be controlling it without your consent. Sometimes other computer programs or browser extension that
34

35
you are running in the background could be using your webcam thus causing the abnormal blinking. On
other occasions, the indicator will malfunction because of a technical problem with your computer. But
you shouldn’t leave anything to chance when it gets to your cybersecurity. Be on top of things at all times.
4.Check for background apps
Sometimes malware will be sneaked into your computer as a normal application. This is especially the
case when you are fond of downloading apps from unsecured websites, so a malware app finds an easy
way to your operating system. Always be on the lookout for software/apps that are running on your
computer without you having installed them.
About the Author
Anda Warner is an experienced marketing specialist with a demonstrated
history of working in the marketing and advertising industry. Anda
possesses a strong entrepreneurial mindset and has devoted her career to
enhancing the sphere of marketing and event production.
warnderanda@gmail.com
website www.seoforx.com
35

36
8 Common Types of Small Business Cyber Attacks
By Jonathan Krause, Owner, Forensic Control
Whilst large scale cyber-attacks are well documented, there is also an increasing number of e-commerce
small businesses at threat from targeted attacks. A report released by Verizon showed that approximately
43% of cyber-attacks targeted small and medium enterprises (SMEs). Out of these, only 14% are
prepared to defend themselves against cyber threats.
A further study conducted by the Ponemon Institute revealed that there is a rise in the number of attacks.
67% of SMEs experienced a cyber-attack in the form of either phishing, ransom-ware, or advanced
malware, with another 58% also having experienced a data breach.
About half of these victims (47%) confirmed that they did not understand how to protect their
organisations against digital attacks. That needs to change.
It’s vital that small businesses owners educate themselves on the basics of cyber security. They need to
learn about the different types of attacks that can be launched against them.
Organised criminal gangs conducted 39% of the attacks. The methods used varies as well. Hacking
accounted for 52%; Malware for 28%; and unauthorised users for 15% of the attacks.
Small businesses currently seem to lack the resources and knowledge to fight them, with many spending
less than £500 annually on Cybersecurity products. This low spend could be linked to the fact that 54%
of small enterprises believe that their companies are 'too small' to be targeted by cyber criminals.
According to Hiscox it costs on average $200,000 to deal with a cyber security incident.
That's a big cost for a small business. It's also reported that 60% of the affected companies close down
within six months after the incident.
36

37
These stats make it clear why small businesses are almost the perfect target. They don't have the
knowledge and they don't spend enough to protect themselves properly, because they don't think they
will be targeted.
The Most Common Types Of Cyber Attacks Small Businesses Face
There are many different cyber-attack types, but these are the most common that small business owners
will face:
· Malware – Also known as malicious software. It's one of the most prominent digital threats to small
and medium-sized enterprises. It is designed to damage and gain access to a specific network and the
digital devices connected to it. In most cases, security is breached when a user clicks on a bad link and
downloads infected files into their devices. These links are placed on the internet by cyber criminals who
have harmful intentions.
· DDoS – Distributed denial of service happens when a group of infected computers attacks a server,
website, or any other network device by sending a high volume of messages and connection requests.
This group of infected computers is known as Bot Network or simply Botnet. The attacked device slows
down or “crashes”, which makes it unavailable to the users.
· Phishing – This is a common scam whereby cyber criminals trick people into clicking a link within a
fake email or website. They do this so that they can gain access to a network or digital device. Phishing
allows criminals to have access to private passwords, financial records, credit card information, and other
data.
Cyber criminals understand that it is easy for employees in an organization to click on interesting links
over a particular website or email. This gives them ready access to the organization's network and
computers.
· Inside attacks – There has been an incredible increase in cases of insider attacks. They mostly come
from trusted outsiders, employees and contractors who have authorized access to a particular network.
The following may lead to an inside cyber-attack:
1. Components of a system are affected by an unintentional mistake
2. Intentional attempts to harm or destruct an organization – this is often done by a former or current
dissatisfied employee
3. An attempt to find specific data that is not accessible by the user
4. Checking for weaknesses on the network
· Email initiated attacks – These occur when an individual clicks on a link or attachment in an email,
either by mistake or thinking that the link or attachment is legitimate. The emails are nicely formatted,
and the links in these emails are attractive and enticing. However, once you click on the link, it may collect
personal data, download a virus to the computer, or open up a file back at the command server asking
for further instructions. The majority of small businesses do not have measures to prevent all that from
happening. This enhances the spread of malware.
37

38
· Password attacks - In this situation, an automated system is used to generate various password
combinations in an attempt to try and access a particular network. Consistently changing the users’
passwords, accounts and admin credentials is one way of fighting this crime. The credentials can be
changed in period intervals preferable to the business. It's easy enough to do this quarterly or even
monthly.
· Ransom-ware– This type of attack encrypts a device on a network and locks it down, rendering the
device unavailable to the user until there is a payment. Some hackers may remove the encryption and
unlock the device after payment. In some extreme cases, the hackers do not remove the encryption,
forcing the business to incur more expenses in recovering the device.
· Website hijacking – In this scenario, hackers set up a legitimate website to download viruses and
malware to any device that accesses the site. Legitimate sites are often not on the blacklist. Therefore,
website hijacking can go unnoticed for quite some time, and this makes it a dangerous cyber-attack
Ways of Preventing Cyber Attacks for Small Businesses
Hackers and other cyber criminals are discovering new ideas every day to access small businesses'
computers, networks and information.
If you’re in the UK you can benefit from Cyber Essentials. Cyber Essentials helps you to guard against
the most common cyber threats and demonstrate your commitment to cyber security.
It's hard to prevent cyber-attacks completely, but small business owners should always strive to educate
themselves so they don't fall victim to one.
Below are some ways of minimizing such attacks:
· Use of anti-virus and firewalls. This is one of the most common methods of dealing with malware.
However, the anti-virus and firewall should be regularly updated to counteract any viruses, programs,
and network or DDoS attacks. Encryption tools should also be used to scan files and links for malware.
· Minimize the use of removable media, such as USB drives, on the business’s computers.
Additionally, it is advisable to routinely monitor and scan every device connected to your network or
computer system.
· Make daily back up and duplicates of all files and data. This way, it will be easy to restore your
data in the event of a digital attack which compromises the system or network.
· Limit the employees' access to files, folders and programs required for critical routine tasks.
· Always remind the employees to stay away from unsolicited links and attachments in emails.
· Carry out regular vulnerability tests and risk assessments on computer systems and networks.
This helps to identify and rectify possible entry points into the net.
38

39
· Provide staff especially those in the IT department, with training on the current online threats and
trends in digital attacks.
· Using multifactor authentication. This is adds a layer of security, so there are more hurdles for an
attacker to bypass before they get access to sensitive information.
· Invest in Cybersecurity insurance. Cyber criminals are becoming more and more sophisticated,
meaning they can strike even the most security-conscious companies. Most of the insurance policies
today will cover the cost of any lost data, as well as partly pay for the process of recovering any lost
information.
· Protect your hardware that contains essential data such as hard- drives, USB drives, and laptops.
Losing such equipment could have severe implications on the security of the company if it landed in
criminals’ hands.
Conclusion
Loss of data has been one of the significant challenges that organizations face and fall victim to. Cyberattacks
are on the rise today, with 43% of the attacks targeting small and medium businesses.
Cyber criminals are getting wiser and more cunning by the day. They are continually designing new ways
of infecting businesses' computers with malware with the aim of stealing sensitive data and disrupting
the core activities of an organisation. Business cyber security needs to be a priority, with the whole
organisation providing a united front.
The options highlighted above can be used to minimize and negate the occurrence of cyber-attacks in
small businesses. Regular backups, duplicating files and data, installing updated anti-viruses, and limiting
the use of removable media on the business’s computers are some of the best ways to minimize cyberattacks
and improve security. Companies must also train all their staff on cyber-security and establish a
robust security strategy.
About the Author
Jonathan Krause, Owner of Forensic Control. He is a leading cyber security
and digital forensic specialist based in London, UK. After working as a
computer forensic specialist in the Hi-Tech Crime Unit for the Metropolitan
Police at New Scotland Yard, Jonathan founded Forensic Control in 2008.
Since then, Jonathan and his team have advised on hundreds of data
breaches for corporate clients of all sizes. Jonathan can be reached online
at jonathan@forensiccontrol.com and at our company website
https://www.forensiccontrol.com/
39

40
The Ultimate Guide to SSL/TLS Decryption
Six Features to Consider When Evaluating SSL/TLS Inspection Solutions
By Babur Khan, Technical Marketing Engineer, A10 Networks
Encrypted traffic accounts for a large and growing percentage of all internet traffic. While the adoption of
Secure Sockets Layer (SSL), and its successor, Transport Layer Security (TLS), should be cause for
celebration – as encryption improves confidentiality and message integrity – these protocols also put your
organization at risk as they create encrypted blind spots that hackers can use to conceal their exploits
from security devices that are unable to inspect SSL/TLS traffic.
The threat of SSL/TLS blind spots is a serious one. According to a Ponemon survey, legacy security
infrastructure is not built to take care of these evolved, hidden attacks, and almost two out of three
organizations are not able to decrypt and inspect their SSL/TLS traffic.
To stop cyberattacks, you need to gain insight into encrypted data; to gain insight into encrypted data,
you need a dedicated security platform that can decrypt SSL/TLS traffic and send it to the security stack
for inspection in clear text. This paper describes six features to consider when evaluating an SSL/TLS
inspection platform. With this information, you will be able to easily define evaluation criteria and avoid
common deployment pitfalls.
40

41
The current state of insecurity
Worldwide spending on information security will exceed a staggering $124 billion in 2019 as organizations
stack up security products around their network perimeters. Unfortunately, as SSL traffic increases, our
collective $124+ billion investment in security is falling far short of protecting all our digital assets.
Attackers are wising up and taking advantage of this gap in corporate defenses. In fact, as much as 70%
of cyberattacks will use encryption as part of their delivery mechanisms by 2019. As a result, companies
that do not inspect SSL communications are providing an open door for attackers to infiltrate defenses
and steal data.
Cybercriminals can use encryption to hide the delivery of malware as well as the extraction of data, which
leaves legacy security devices blind to data breaches. Such breaches can have a disastrous impact on
your company’s reputation and brand, and you could be subject to disciplinary action and fines. For
instance, over 200,000 computers worldwide were affected by last year’s WannaCry ransomware attack
most notably, Britain’s National Health Service (NHS), causing serious disruptions in the delivery of health
services across that nation. To prevent cyberattacks, enterprises need to inspect all traffic and encrypted
traffic in particular, for advanced threats such as WannaCry.
Existing security solutions can’t hack it
While some security solutions can decrypt SSL/TLS traffic, many are collapsing under growing SSL/TLS
bandwidth demands and SSL key lengths. Today, the use of 2048-bit SSL keys has become common,
and the impact is startling.
NSS Labs looked at how decryption impacts performance in its 2018 SSL/TLS Performance Tests. They
measured product performance with a Next Generation Firewall (NGFW) with decryption turned on
versus turned off and found significant performance degradation and increased latency in the tested
products.
• A 92% drop in the average connection rate. Connection degradation ranged from 84% to 99%.5
• An increase in latency in the average application response time of 672%. Latency ranged from
99% to 2,910%.
• A 60% drop in the average throughput. Throughput degradation ranged from 13% to 95%.
The importance of being earnest…when evaluating ssl/tls inspection platforms
To eliminate the SSL/TLS blind spot in corporate defenses, you should provision a solution that can
decrypt SSL/TLS traffic and enable all security products that analyze network traffic to inspect the
encrypted data. You must carefully evaluate all the features and performance of your SSL/TLS inspection
platform before selecting a solution. If you deploy an SSL/TLS inspection platform in haste, you might be
blindsided later by escalating SSL bandwidth requirements, deployment demands or regulatory
implications.
41

42
SSL traffic is growing, and it will continue to increase in the foreseeable future due to concerns about
privacy and government snooping. Many leading websites today, including Google, Facebook, Twitter
and LinkedIn encrypt application traffic. With SSL traffic accounting for a growing percentage of all
internet traffic, you should factor in performance needs and future bandwidth usage when evaluating an
SSL inspection solution. However, you should also make sure that your proposed architecture will comply
with regulatory requirements such as the European Union’s (EU’s) General Data Protection Regulation
(GDPR) or healthcare’s Health Insurance Portability and Accountability Act (HIPAA).
Six features to consider when selecting an ssl/tls inspection platform
Because SSL/TLS inspection potentially touches so many different security products from firewalls and
intrusion prevent systems (IPS) to data loss prevention (DLP), forensics, advanced threat prevention
(ATP), and more, you should develop a list of criteria and evaluate SSL/TLS inspection platforms against
these criteria before selecting a solution. An SSL/TLS inspection platform should:
1. Meet current and future ssl/tls performance demands
Performance is one of the most important evaluation criteria for an SSL/TLS inspection platform. You
need to assess current internet bandwidth requirements and ensure the inspection platform can also
handle future SSL throughput requirements.
2. Satisfy compliance requirements
Privacy and regulatory concerns have emerged as one of the top hurdles preventing some organizations
from inspecting SSL traffic. While your security team may have deployed a wide array of products to
detect attacks, data leaks, and malware, and rightfully, so you have to walk a thin line between protecting
your company’s intellectual property without violating employees’ privacy rights.
Companies that don’t comply with these regulatory rules can be subject to hefty fines and lawsuits. In a
study by the Ponemon Institute, 36% of surveyed companies said compliance/regulatory failure was a
major factor in justifying funding of their organizations’ IT security budget. Forrester Research also
recently reported that as many as “80% of companies will fail to comply with GDPR”
To address regulatory requirements like GDPR, HIPAA, Federal Information Security Management Act
(FISMA), Payment Card Industry Data Security Standard (PCI DSS), and Sarbanes-Oxley (SOX), an
SSL/TLS inspection platform should be able to bypass sensitive traffic, such as traffic to banking and
healthcare sites. Once sensitive traffic is bypassed, you can rest easy knowing that confidential banking
or healthcare records will not be sent to security devices or stored in log management systems.
42

43
3. Support heterogeneous networks with diverse deployment and security requirements
You have to contend with a wide array of security threats from external actors as well as potential
malicious insiders. Therefore, to safeguard digital assets, you need to deploy an ever-increasing number
of security products to stop intrusions, attacks, data loss, malware, and more.
Some of these security products are deployed inline, while others are deployed non-inline as passive
network monitors. Some analyze all network traffic, while others focus on specific applications, like web
or email.
However, virtually all of these products need to examine traffic in cleartext in order to pinpoint illicit activity.
Recently, though, the rise in SaaS adoption has caused many applications to move to the cloud.
Productivity and storage applications like Office 365, Box, Dropbox, G Suite, etc., are commonly used by
many companies. However, many of these applications have their own security stacks in the cloud and,
in the interest of a better user experience, SaaS vendors generally recommend bypassing on-premise
security stacks.
You will need the flexibility to deploy best-of-breed security products from multiple vendors to prevent
getting locked into a single vendor solution. The security landscape constantly evolves to combat
emerging threats, and in one or two years, your company may want to provision new security products;
your SSL/TLS inspection platform needs to be able to interoperate with these new products. An
inspection platform that supports flexible deployment, traffic steering and granular traffic controls will be
able to provision a wide range of security solutions into the future.
4. Maximize the uptime and the overall capacity of your security infrastructure
A security infrastructure blocks cyberattacks and prevents data exfiltration. If your security infrastructure
fails, threats may go undetected and your company may be unable to perform business-critical tasks,
resulting in loss of revenue and brand damage.
Most firewalls today can granularly control access to applications and detect intrusions and malware.
Unfortunately, analyzing network traffic for threats is a resource-intensive task. While firewalls have
increased their capacity over time, they often cannot keep up with network demand, especially when
multiple security features like IPS, URL filtering, and virus inspection are enabled. Therefore, your
SSL/TLS inspection platform should not just offload SSL processing from security devices, but should
maximize uptime and performance of these devices.
When evaluating an SSL/TLS inspection platform, look for a platform that can:
• Scale security deployments with load balancing.
• Avoid network downtime by detecting and routing around failed security devices.
• Support advanced health monitoring to rapidly identify network or application errors.
• Provide better value by supporting N+1 redundancy rather than just 1+1 redundancy.
43

44
Your SSL/TLS inspection platform should not be another point product and should not introduce risk to
your network. Instead, it should lower risk by maximizing the availability and the overall capacity of your
security infrastructure. Only then can the full potential of your SSL/TLS inspection platform be unlocked.
5. Securely manage ssl certificates and keys
When providing visibility to SSL traffic, your SSL/TLS inspection solution must securely manage SSL
certificates and keys. SSL certificates and keys form the basis of trust for encrypted communications. If
they are compromised, attackers can use them for snooping on encrypted traffic and stealing data.
To ensure certificates are stored and administered securely, look for an SSL/TLS inspection platform
that:
• Provides device-level controls to protect SSL keys and certificates.
• Integrates with third-party SSL certificate management solutions to discover, catalog, track and
centrally control certificates.
• Supports FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules
(HSMs) that can detect physical tampering and safeguard cryptographic keys.
6. Simply and easily deploy and manage your enterprise security solution
When investing in either a firewall or a decryption solution, two of the biggest problems are the complexity
and the lack of rich usable analytics. A solution that can be easily deployed allows your organization to
become operational and prevent hidden threats as soon as possible. Unfortunately, most decryption
solutions are too complex to be deployed easily. If your solution is deployed quickly, usually after paying
hefty professional services fees, more problems can emerge; are the analytics provided with the solution
humanly consumable and useful? Is the solution providing any usable insights?
When managing encrypted traffic, rich analytics with data delivered in an easy-to-consume format is
critical in order to free up valuable human analysts to make effective and informed decisions. Real-time
analysis provides deep insights into anomalies and threats in encrypted traffic, so adaptive controls and
policy updates can be set through behavior analysis. Products from partners like Splunk may be deployed
in your security network to capture insights into the traffic flowing through network devices.
Furthermore, as your organization grows and spreads to multiple, geographically-distributed
deployments, a ‘single pane of glass’ solution becomes necessary to provide management and analytics
available at a single centralized location. Simplicity becomes a must.
When choosing an SSL/TLS inspection solution, look for a platform that:
• Is easy to use and can be deployed in minutes.
• Ensures the application of security best practices, reducing human errors introduced during
deployment.
• Provides detailed real-time analytics that will help in advanced troubleshooting.
44

45
• Enables troubleshooting of issues that you might have with the platform itself, with ease.
• Provides customizable dashboards that deliver tailored statistics widgets.
• Provides a centralized management option to support your organization as it grows, allowing all
your geographically distributed deployments to be managed and analyzed from a central location.
Conclusion
As privacy concerns are propelling SSL/TLS usage, you face increased pressure to encrypt application
traffic and keep data safe from hackers and foreign governments. In addition, because search engines
such as Google rank HTTPS websites higher than standard websites, application owners are clamoring
to encrypt traffic. At the same time, you face threats like cyberattacks and malware that can use
encryption to bypass corporate defenses.
With SSL accounting for nearly 85% of enterprise traffic in North America and more applications
supporting bigger keys and complex ciphers like ECC for PFS, you can no longer avoid the cryptographic
elephant in the room. If you wish to prevent devastating data breaches, you must gain insight into your
SSL/TLS traffic. Since legacy firewalls are inefficient at decrypting and inspecting traffic simultaneously,
creating bottlenecks in your network, a dedicated SSL/TLS inspection platform that will support your
existing security infrastructure is necessary.
Before provisioning an SSL/TLS inspection solution, consider criteria like performance, flexibility,
analytics, ease-of-use, and secure key management, which are critical to your organization’s success.
Armed with this information, you can make a well-informed decision and avoid the deployment pitfalls
that SSL/TLS inspection can potentially expose.
About the Author
Babur Nawaz Khan is a technical marketing engineer at A10 Networks. He
primarily focuses on the company’s enterprise security solutions, including
Thunder® SSL Insight for TLS inspection and Cloud Access Proxy, which is a
SaaS access security and optimization solution. Prior to his current role, he was
a member of A10 Networks’ corporate systems engineering team, working on
application delivery controllers. Khan holds a master’s degree in computer
science from the University of Maryland, Baltimore County. Babur can be
reached online at our company website http://www.a10networks.com
45

46
Encryption Is Key to Guarantee Data Is Anonymous
By Julian Weinberger, CISSP, Director of Systems Engineering at NCP engineering
Regulatory initiatives such as the EU General Data Protection Regulation (GDPR) have granted
consumers powerful rights to determine how organizations collect and use personally identifiable
information. Companies that hold on to personal data without consent, or who fail to employ adequate
measures to protect it, may face stringent penalties.
Yet, there is one important exception. Anonymized data – information held without key details to prevent
identification – is exempt from the rules.
Data in anonymized form is meant to reduce the chance of a breach or damage from its loss because it
cannot be used to identify specific individuals. Received wisdom holds that with no threat to personal
privacy there is no risk of punitive fines.
Anonymized data is ideal for medical trials and market research. Healthcare organizations, for example,
can take patient names, addresses, and dates of birth out of digitally stored medical records to use
information for research purposes without the risk of disclosing individual identities.
46

47
It’s not just medical research that benefits from anonymized data. Transport for London recently mined
anonymized mobile phone data of passengers to gather information that enabled it to create more
accurate travel times and arrival estimates.
While anonymized data undoubtedly has its uses, it is far from perfect.
Deciphering the Datasets
On its own, anonymized data is impossible to decipher – until, that is, someone starts to cross-reference
it against publicly available data sets such as an electoral roll or a national census.
Belgium’s Université Catholique de Louvain (UCLouvain) and Imperial College London discovered this
can be achieved with alarming accuracy. The study found that an anonymized dataset containing 15
demographic attributes could be used to identify individuals in the state of Massachusetts with 99.98
percent accuracy. Considering the state population is close to seven million people, the findings are
remarkable.
In another prominent example, researchers found that publicly available anonymous data about routes
taken by New York City cab drivers could be used to reveal their home addresses. The de-anonymizing
process seems to be more accurate with smaller datasets – especially when cross-referenced against
the right database.
Data Encryption
European regulators have shown they are ready to issue stiff penalties to organizations that do not take
proper precautions with anonymized data. Most recently, Denmark’s data protection agency fined a taxi
company approximately $180,000 for failing to anonymize data properly.
Clearly, organizations cannot expect anonymized database data alone to protect sensitive customer
information. Firms must be proactive and implement the proper security measures and technology to
ensure customer privacy is safeguarded.
Encryption is one of the most reliable strategies for protecting the privacy of digital assets, especially if
the organization needs to send or share them over the public Internet. Encrypted data is encoded and
can only be accessed with the correct key, usually using symmetric- or public-key encryption. Data
treated this way is impossible to decipher, effectively rendering it unintelligible to outside observers.
Encryption is essential to protect database data in storage but also on the move. A professional,
enterprise-quality virtual private network (VPN) is an extremely effective way to secure digital
communications.
In summary, database anonymization is useful for storing personal information that is collected in the
course of research. However, researchers cannot trust anonymization alone to keep personal data
47

48
protected from third-parties. Implementing a robust, enterprise-standard VPN is the best way to
guarantee customers’ personal information remains fully protected at all times.
About the Author
Julian Weinberger, CISSP, is Director of Systems
Engineering for NCP engineering. He has over 10 years of
experience in the networking and security industry, as well
as expertise in SSL ‐ VPN, IPsec, PKI, and firewalls. Based
in Mountain View, CA, Julian is responsible for developing IT
network security solutions and business strategies for
NCP.
NCP can be emailed at info@ncp-e.com, reached on Twitter
at @NCP_engineering, and on our company website at
https://www.ncp-e.com/en/.
48

49
Europe Cybersecurity Market Size to Steer At 13% CAGR To
2025
Europe Cybersecurity Market is estimated to be over USD 25 billion in 2018 and is expected to register
a lucrative growth between 2019 and 2025 with a CAGR of over 13%
By Shashie Pawar , PR & Media Communicator (Graphical Research)
According to the Graphical Research new growth forecast report titled “Europe Cybersecurity
Market By Industry (Banking, Government, Manufacturing, Transportation, IT & Telecom, Insurance,
Securities), Industry Analysis Report,, Industry Analysis Report, Regional Outlook (Germany, UK,
France, Spain, Netherlands, Norway, Italy, Ireland, Sweden), Growth Potential, Competitive Market
Share & Forecast, By Product Type (Identity, Authentication and Access Management (IAAM) [Access
Management, Identify Access Management], Infrastructure Protection [Endpoint Protection, Email/Web
Gateway, Security Information and Event Management (SIEM), Vulnerability Management, Cloud
Security, Data Loss Prevention (DLP)], Network Security [Internet Service Provider Equipment, Virtual
Private Network (VPN), Unified Threat Management (UTM), Firewall], Security Services [Implementation,
Managed Security Services, Consultancy & Training, Hardware Support]), By Organization (SME,
Government, Large Enterprises)”, Determined to exceed USD 65 billion by 2025.
49

50
The Europe cybersecurity market growth is attributed to strong government initiatives to promote data
safety and hefty investments in cybersecurity solutions. The increasing cases of data breaches and
malicious cyber-attacks on critical business infrastructure have driven several business enterprises
toward partnering with government agencies for enhanced cybersecurity. For instance, in July 2016, the
EU Commission announced a Public-Private partnership program on cybersecurity with USD 2 billion
investments by 2020. The private sector is estimated to contribute USD 1,498 million, with the remaining
USD 502 million contributed by various governments across the region. This is expected to spur the
growth of cybersecurity solutions in the region.
The network security segment is expected to register an accelerated growth over the forecast period with
a CAGR of over 15%. These solutions protect data integrity and usability of critical business networks,
safeguarding enterprises against intrusions and virus attacks on their IT networks. The proliferation of
new devices, applications, and complex networking architectures has increasingly made network
management difficult for enterprises, driving them toward adopting network security solutions for
efficiently managing modern complex networks. The rapidly changing network has pressured enterprises
to deploy network monitoring tools, accentuating the growth of network security solutions.
The large enterprises segment is projected to exhibit a lucrative growth of over 10% in the Europe
cybersecurity market. Large enterprises are severely affected by cyber-attacks due to the involvement of
substantial financial assets. Malicious attacks can also hamper an enterprise’s market image and cause
investor dissatisfaction; hence, large enterprises are proactively adopting cybersecurity solutions for
mitigating such risks. Increasing budget allocations and the growing awareness regarding cybersecurity
are further expected to accentuate the adoption of cybersecurity solutions by large enterprises.
The banking sector is anticipated to exhibit an accelerated growth between 2019 and 2025, growing at a
CAGR of over 15%. The rapid adoption of digital banking platforms and stringent government regulations
for financial institutions have driven banks toward adopting cybersecurity solutions to prevent financial
abuse and mitigate losses. For instance, in June 2017, the Financial Conduct Authority (FCA), a leading
bank regulator in the UK made it mandatory for all banks in the UK to adopt cybersecurity measures.
50

51
Some of the key vendors in the Europe cybersecurity market include Check Point Software, Sophos
Group plc, BAE Systems, Cisco Systems, Inc., Symantec Corporation, CyberArk Software Ltd., F-Secure
Corporation, Proofpoint Inc. , McAfee LLC , F5networks, Inc., Microsoft Corporation, FireEye, Inc.,
Fortinet, Inc., Hewlett-Packard, Ltd., IBM Corporation, Intel Corporation, Oracle Corporation, Palo Alto
Networks, Inc., Rapid7, RSA Security, LLC., Splunk, Inc, and Trend Micro, Inc.
The Europe cybersecurity market research report includes in-depth coverage of the industry, with
estimates & forecast in terms of revenue in USD million from 2019 to 2025, for the following segments:
Europe Cybersecurity Market Share, By Product Type
• Identity, Authentication and Access Management (IAAM)
• Access Management
• Identity Access Management
• Infrastructure Protection
• End Point Protection
• Email/Web Gateway
• Security Information and Event Management (SIEM)
• Vulnerability Assessment
• Cloud Security
• Data Loss Prevention (DLP)
• Others
• Network Security
• Internet Service Providers (ISPs)
• Virtual Private Network (VPN)
• Unified Threat Management
• Firewall
• Security Services
• Implementation
• Managed Security Services
• Consulting & Training
• Hardware Support
• Others
Europe Cybersecurity Market Size, By Organization Type
• SME
• Government
• Large Enterprise
Europe Cybersecurity Market Forecast, By Industry
• Banking
• Government
• Manufacturing
• Transportation
51

52
• IT & Telecom
• Insurance
• Securities
• Others
Source:https://www.graphicalresearch.com/industry-insights/1246/europe-cybersecurity-market
About the Author
Preeti Wadhwani leads the next-generation technology team at
Graphical Research. She has more than 4 years of market research
and consulting experience in niche and emerging technologies
including SMAC (Social, Mobile, Analytics and Cloud), IoT,
virtualization, and containers.
52

53
Iot Security and
Privacy
Security and Privacy in the IoT age
By Lokesh Yamasani, Director – IT
Security (Security Officer), Satellite
Healthcare
We are living in a digital age, let alone so-called “Age of IoT”. What makes it an “Age of IoT”? The answer
is simple. It is the ability to be able to connect and manage everything from fish tanks, baby monitors to
industrial devices, home monitoring devices via internet to accomplish our objectives. Such convenience
has led to increased attack vector through which these devices/things could be easily compromised. The
scary part is that someone with barely any technical skillset could easily compromise these
devices/things. (i.e., someone could easily learn on the internet on how to compromise these things and
simulate the same a.k.a “Annoying Script Kiddies”), let alone nation state actors, hacking groups, and
other known/unknown threat actors/groups.
With that being said, privacy has become a major concern in the IoT age along with security. (Funny
Story: Most recently, I attended a work meeting where someone I was talking to had their smartwatch
turned on. Towards the end of our conversation, that person’s smartwatch started responding to what we
were talking about). Now that we got security and privacy icebreakers out of our way. Come on in, feel
comfortable. Let’s dissect the security and privacy aspects of Internet of Things. Shall we?
Chapter 1: Security
Before talking about the “security” of IoT architecture. Let’s get to the basics of IoT architecture. The IoT
architecture consists of: 1. Things (Things that are equipped with sensors) 2. Gateways (Data from things
goes to the cloud/infrastructure through these gateways) 3. Data gathering and processing Infrastructure
(Data is gathered, processed here and decision is made based on the data received and Artificial
Intelligence techniques) 4. Control Apps (The apps that send the actual commands to perform an
operation on that smart device). To put in the real world context:
Me: Hey google, I am bored!
Google Assistant: Yes, here are the options. Do you want Mickey Mouse adventures? Car adventures?
Do you want to listen to music?
Me: I want to listen to music.
Google Assistant: Music playing….
53

54
There is quite an amount of technology or rather amalgamation of multiple technologies and related
architectures involved behind that simple transaction. Wherever there is an amalgamation of multiple
technologies and related architectures, there are IoT protocols that run the IoT universe. (Did I say I
wanted to be a Geologist?). As a sample, let’s look at two IoT network protocols:
a) Bluetooth
Bluetooth protocol is mostly used in smart wearables, smartphones, and other mobile devices,
where small fragments of data can be exchanged without high power and memory. Bluetooth
protocol is effective for short-range communication. However, as we all know the threats related
to Bluetooth are becoming more prevalent these days: Blueborne, Bluebugging, Bluejacking, and
Bluesnarfing. With consumers keeping these smart devices that operate on Bluetooth protocol
powered on all the time, the likelihood of such Bluetooth attacks is “High”.
b) ZigBee
ZigBee is an IoT protocol that allows things that are retrofitted with “sensors” to work together.
ZigBee is used with apps that support low-rate data transfer between short distances. ZigBee was
created by ZigBee alliance. When it was designed, security related tradeoffs were made to keep
the devices low-cost, low-energy and highly compatible. Some parts of ZigBee’s security controls
are poorly implemented (what are those poorly implemented controls?). As an example, Killerbee
is a Python-based framework used to exploit the security of the devices implemented with Zigbee
standard. Killerbee provides facilities for sniffing the keys, injecting network traffic, decoding the
packets captured, and packet manipulation that takes advantage of “Trust Center Link Key”. If a
cyber-attacker has to take advantage of that “Trust Center Link Key” within the Zigbee protocol.
Cyber-attacker must capture Zigbee network traffic at the same time the device joins the IoT
network.
As noted above, these security risks are just the tip of the iceberg. On top of these security risks,
since the backend IoT infrastructure is virtualized and in cloud, it is prone to the same security
risks as any cloud and virtualized infrastructure. Hence, it is highly vulnerable and exploitable.
Bottom-Line: As I’m writing this as a security officer for a healthcare company, what does it all
mean to me? What’s the answer to reduce the likelihood of threat and exploitation of vulnerability?
One simple solution from securing the backend IoT infrastructure perspective is to implement zero
trust access model. On the consumer side, deprecate all the less secure protocols. Design and
regulate the mandatory use of relatively more secure protocols (IEEE – Help us please!). In the
future, patient care is delivered at Home and we can already imagine a situation where sensors
that capture patient data are compromised and used as bots to join a network of bots to perform
malicious activity thereby compromising patient care. That could be a wide spread reality and we
are almost seeing that wide spread reality these days.
Chapter 2: Privacy
Next on, Privacy! I’m going to take on it from a healthcare perspective. Imagine, a home care dialysis
patient using one of these IoT sensors that captures the needed data such as: blood pressure level, fluid
levels, heartbeat rate, Total body water percentage etc. Instead, it has also captured patients’ other
54

55
information such as DNA information, Patient’s private conversations etc. that was never needed within
the context of that particular diagnosis.
By default, most sensors do not give patients the ability to influence where they want their data to be
stored, seen by whom etc. within the context of their diagnostics. This leads to patient data gathering
misuse, patient data storage and processing misuse. Privacy issues like this are some of the privacy
risks at the tip of the privacy iceberg (Yeah, let’s create stringent privacy regulations). Creating privacy
regulations is not the challenge, enforcing them is.
One of the solutions could be to give the control/ability back to patients, consumers as to what these
sensors can or cannot collect, or by design make these sensors in terms of what they can collect and
transmit. In short, giving more power back to consumers! (Consumer power)
Bottom-Line: If you are looking to manage security and privacy risks in the IoT age, use frameworks like
NISTIR 8228 - Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks and
customize the framework based on your needs. You gotta start somewhere!
About the Author
Lokesh Yamasani works as Director – IT Security (Security Officer) at
Satellite Healthcare/WellBound. He is an experienced and diligent security
expert with about 15 years of overall IT experience and over 14 years of
experience in all information security domains with a record of
accomplishment of successful security leadership with emphasis on metrics
based performance. Lokesh Yamasani can be reached online at
(yamasanil@satellitehealth.com, @LYamasani)
55

56
Getting PKI Right
Program Failures and How to Avoid Them
By Chris Hickman, chief security officer, Keyfactor
Public Key Infrastructure (PKI) has survived the test of time. Today, IT leaders and managers view PKI
as a vital layer within the security framework, helping to authenticate and encrypt sensitive endpoints,
software and applications. Historically, managing PKI has been a manual, on-premises process. Despite
its critical role within the cybersecurity framework, PKI has struggled to find a clear owner within the
organization. Add to that, results from a recent survey where just 36% of respondents said their
organizations have enough IT security staff members dedicated to PKI deployment.
With the industry’s skill shortage, shifting compliance requirements and competing budget priorities, how
can you sidestep deployment landmines and manage a program that’s right for your enterprise and its
budget?
CISOs tackling their organization’s PKI program have two options: build or buy. Deploying DIY PKI onpremises
requires significant investment while keeping the program running takes a dedicated team.
Without appropriate resourcing and continuous care and feeding, PKI can degrade, leading to vulnerable
keys, certificates, system outages or worse – a significant breach event. In addition to the added costs
of network downtime, PKI events can create preventable network vulnerabilities.
56

57
Lessons Learned
Unlike newer processes, PKI and its long history gives us countless real-life case studies of what has
worked and what hasn’t. One recent case study followed a financial institution as they opted to build an
application to manage its PKI and growing number of certificates. While the company was able to
leverage an existing data center and physical security, implementation alone took the company four
months, requiring the dedication of multiple team members across development, engineering and IT. In
addition to resourcing, the project racked up significant hardware, licensing and integration costs.
On the other hand, like other security functions, a growing number of leaders see the advantages of
outsourced or managed PKI and are opting to ‘buy’ PKI via cloud deployment. Here are 5 reasons why:
1. Robust Security: If the root key or private keys within the network are compromised, it can result
in significant disruption and downtime to PKI-dependent applications. In addition to specific tools
used to protect keys, the facility housing critical PKI functions must be secure. PKI-as-a-Service
(PKIaaS) vendors and their security policies and practices have been tested over time and at
scale. If your enterprise falls under attack, you also have one less critical system to restore, as
PKI is hosted safely in an isolated, off-premises cloud location.
2. Reduced Cost & Complexity: Moving PKI to the cloud can alleviate multiple security controls,
maintenance tasks and infrastructure costs. Frankly, the capital expenditure and expertise
needed to properly manage a solid internally run PKI is considerable, forcing many organizations
to make critical PKI operations a secondary task. Adopting the right PKIaaS platform leads to
greater productivity as IT and security teams can focus on core projects. Costs also become much
more predictable, since the many hidden and traditional expenses of PKI are replaced with a flat
rate billing model.
3. Scalability & Availability: A PKI that supports mission-critical applications must run 24/7 and
have the ability to scale as the enterprise grows and adds new devices and identities. High
availability and scalability built into cloud-delivered PKI models support growth demands, while
24/7 service monitoring ensures that critical components are always running. Most importantly,
service level agreements (SLAs) guarantee response times and ensure that there is only “one
throat to choke” should an incident occur.
4. Business Continuity: Finding and retaining IT and security staff capable of running PKI is no
simple task. Shifts in PKI ownership inevitably increase the risk of security gaps as inexperienced
hands fall on mission-critical infrastructure. Lapses in regular maintenance tasks, such as signing
and publishing certificate revocation lists (CRLs) and renewing CAs, can cause significant
outages that take days or even weeks to remediate. Deploying cloud-based PKI ensures that
regardless of personnel changes, the infrastructure can continue to operate at full capacity.
57

58
5. Lifecycle Automation: Certificate-related issues are almost synonymous with PKI oversights.
Manual scripts and spreadsheets simply cannot keep up with the thousands, or hundreds of
thousands, of certificates in use within the average enterprise. Just one expired certificate can
cause a serious network or application outage. Choosing the right PKIaaS provider can help
manage and automate the lifecycle of keys and digital certificates issued from both cloud-hosted
private PKI and any number of third-party public CAs, such as DigiCert, Entrust, Sectigo and
others.
Ultimately, teams must shift their perception of what PKI can help them and their enterprise achieve.
Whether the choice is to build or buy, next generation PKI is key in establishing a new approach to identity
management that’s sustainable, scalable and secure.
About the Author
Chris Hickman is the chief security officer at Keyfactor, a leading
provider of secure digital identity management solutions. As a
member of the senior management team, Chris is responsible for
establishing and maintaining Keyfactor's leadership position as a
world-class, technical organization with deep security industry
expertise. He leads client success initiatives and helps integrate
the voice of the customer directly into Keyfactor's platform and
capability set. For more information visit: www.keyfactor.com or
follow @Keyfactor on Twitter and LinkedIn.
58

59
Seven Security Predictions For 2020
By Corey Nachreiner, CTO of WatchGuard Technologies
Each year, the WatchGuard Threat Lab research team examines the top emerging threats and trends
across the information security landscape to develop predictions for the coming year. Even though the
threats coming at you won’t be any less intense, complicated, or difficult to manage moving forward, 2020
will be the year of simplified security. This year, we believe there are seven key security trends to watch,
and have provided actionable tips for simplifying your approach to handling each of them:
1) Ransomware Targets the Cloud
Ransomware is now a billion-dollar industry for hackers, and over the last decade we’ve seen extremely
virulent strains of this malware wreak havoc across every industry. As with any big-money industry,
ransomware will continue to evolve in order to maximize profits. In 2020, we believe ransomware will
focus on the cloud.
Recently, untargeted “shotgun blast” ransomware has plateaued with attackers showing preference for
targeted attacks against industries whose businesses cannot function with any downtime. These include
healthcare, state and local governments, and industrial control systems.
Despite its far-reaching damages and soaring revenues, ransomware has largely left the cloud
untouched. As businesses of every size move both their servers and data to the cloud, it has become a
one-stop shop for all of our most important data. In 2020, we expect to see this safe haven crumble as
59

60
ransomware begins targeting cloud-based assets including file stores, S3 buckets, and virtual
environments.
Do you have cloud security? Virtual or cloud UTM? Asking these questions is where to start. Use
advanced malware protection to detect evasive malware. More importantly, consider new security
paradigms that allow you to implement security controls, like advanced malware protection, in cloud use
cases. Finally, the cloud can be secured, but it requires work. Make sure you’ve hardened your cloud
workloads. For instance, investigate resources for properly securing S3 buckets.
2) GDPR Comes to the United States
Two years ago, the General Data Protection Regulation (GDPR) came into force, protecting the data and
privacy rights of European Union citizens. As of yet, few places outside the EU have similar laws in place,
but we expect to see the United States (U.S.) come closer to matching it in 2020.
GDPR boils down to placing restrictions on how organizations can process personal data, and what rights
individuals have in limiting who may access that data, and it has already shown teeth. To date, companies
have been fined millions of euros for GDPR violations, including massive €50 million and £99 million
judgements in 2019 against Google and Marriott respectively. While the burden placed on companies
can be intense, the protections provided to individuals are massively popular.
Meanwhile, the U.S. has suffered a social media privacy plague the last few years, with no real GDPR
equivalent to protect local consumers. As organizations like Facebook leak more and more of our
personal data, which bad actors have used in everything from targeted election manipulation to unethical
bounty hunting, U.S. citizens are starting to clamor for privacy protections like those enjoyed by our
European brothers and sisters. So far, only one state, California, has responded by passing their
California Consumer Privacy Act (CCPA), which goes in effect in early 2020.
Though the same senator who introduced CCPA in California has proposed a Federal Consumer Data
Privacy Act (CDPA) bill, we don’t think it will gain enough support to pass nationwide in 2020. However,
we do expect more and more states to jump onto California’s bandwagon, and pass state-level consumer
privacy acts of their own. In 2020, we anticipate that 10 or more states will enact similar laws to
California’s CCPA.
There isn’t a specific security tip for this prediction, but you can still take action. Contact your local
congressperson to share your opinion on regulations to protect your privacy. Meanwhile, consider the
lack of regulation here when sharing your private information online and with social networks.
3) Voter Registration Systems Targeted During the 2020 Elections
Election hacking has been a hot topic ever since the 2016 U.S. elections. Over the last four years, news
cycles have covered everything from misinformation spread across social media to alleged breaches of
state voter systems. During the 2020 U.S. presidential elections, we predict that external threat actors
60

61
will target state and local voter databases with a goal of creating voting havoc and triggering voter fraudalerts
during the 2020 elections.
Security experts have already shown that many of the systems we rely on for voter registration and
election day voting suffer from significant digital vulnerabilities. In fact, attackers even probed some of
these weaknesses during the 2016 election, stealing voter registration data from various states. While
these state-sponsored attackers seemed to draw the line by avoiding altering voting results, we suspect
their previous success will embolden them during the 2020 election, and they will target and manipulate
our voter registration systems to make it harder for legitimate voters to submit their votes, and to call into
question the validity of vote counts.
While there isn’t a specific cyber security tip for this prediction, we do have some voter preparedness tips
in the event this prediction comes true. First, double-check the status of your voter registration a few days
before the election. Also, monitor the news for any updates about voter registration database hacks, and
be sure to contact your local state voter authority if you are concerned. Be sure to print out the result of
a successful voter registration, and bring you ID on election day, even if technically unnecessary.
4) 25% of All Breaches Will Happen Outside the Perimeter
Mobile device usage and remote employees have been on the rise for several years now. A recent survey
by WatchGuard and CITE Research found 90% of mid-market businesses have employees working half
their week outside the office. While remote working can increase productivity and reduce burnout, it
comes with its own set of security risks. Mobile employees often work without any network perimeter
security, missing out on an important part of a layered security defense. Additionally, mobile devices can
often mask telltale signs of phishing attacks and other security threats. We predict that in 2020, one
quarter of all data breaches will involve telecommuters, mobile devices, and off-premises assets.
Make sure you’re as diligent implementing off-network protection for your employees as you are
perimeter protection. Any laptop or device that leaves the office needs a full suite of security services,
including a local firewall, advanced malware protection, DNS filtering, disk encryption, and multi-factor
authentication, among other protections.
5) The Cyber Security Skills Gap Widens
Cyber security, or the lack of it, has gone mainstream. A day doesn’t seem to go by where the general
public doesn’t hear of some new data breach, ransomware attack, company network compromise, or
state-sponsored cyber attack. Meanwhile, consumers have also become intimately aware of how their
own personal data privacy contributes to their own security (thanks, Facebook). As a result, it’s no
surprise that the demand for cyber security expertise is at an all-time high.
The problem is, we don’t have the skilled professionals to fill this demand. According to the latest studies,
almost three million cyber security jobs remained unfilled during 2018. Universities and cyber security
61

62
trade organizations are not graduating qualified candidates fast enough to fill the demand for new
information security employees. Three-fourths of companies claim this shortage in cyber security skills
has affected them and lessened their security.
Unfortunately, we don’t see this cyber security skills gap lessening in 2020. Demand for skilled cyber
security professionals keeps growing, yet we haven’t seen any recruiting and educational changes that
will increase the supply. Whether it be from a lack of proper formal education courses on cyber security
or an aversion to the often-thankless job of working on the frontlines, we predict the cyber security skills
gap to increase an additional 15% next year. Let’s hope this scarcity of expertise doesn’t result in an
increase in successful attacks.
While the available cyber security workforce won’t appear immediately, you do have options to help
create and manage a strong cyber defense. Taking a long-term view, you can work with your local
educational institutes to identify future cyber security professionals so that you might fill your open roles
first. In the short term, focus on solutions that provide layered security in one solution, or work with a
managed services provider (MSP) or managed security services provider (MSSP) to whom you can
outsource your security needs.
6) Multi-Factor Authentication (MFA) Becomes Standard for Midsized Companies
We predict that multi-factor authentication (MFA) will become a standard security control for mid-market
companies in 2020. Whether it’s due to billions of emails and passwords having leaked onto the dark
web, or the many database and password compromises online businesses suffer each year, or the fact
that users still use silly and insecure passwords, the industry has finally realized that we are terrible at
validating online identities.
Previously, MFA solutions were too cumbersome for midmarket organizations, but recently three things
have paved the way for pervasive MFA, both SMS one-time password (OTP) and app-based models,
among even SMBs. First, MFA solutions have become much simpler with cloud-only options. Second,
mobile phones have removed the expensive requirement of hardware tokens, which were cost-prohibitive
for mid-market companies. And finally, the deluge of password problems has proven the absolute
requirement for a better authentication solution. While SMS OTP is now falling out of favor for legitimate
security concerns, app-based MFA is here to stay.
The ease of use both for the end user and the IT administrator managing these MFA tools will finally
enable organizations of all sizes to recognize the security benefits of additional authentication factors.
That’s why we believe enterprise-wide MFA will become a de-facto standard among all midsized
companies next year.
This tip is simple – implement MFA throughout your organization. Everything from logging in to your
laptop each day to accessing corporate cloud resources should have some sort of multi-factor
authentication tied to it. Products like AuthPoint can do this for your company.
62

63
7) Attackers Will Find New Vulnerabilities in the 5G/Wi-Fi Handover to Access the Voice and/or
Data of 5G Mobile Phones
The newest cellular standard, 5G, is rolling out across the world and promises big improvements in speed
and reliability. Unknown to most people, in large public areas like hotels, shopping centers, and airports,
your voice and data information of your cellular-enabled device is communicated to both cell towers and
to Wi-Fi access points located throughout these public areas. Large mobile carriers do this to save
network bandwidth in high-density areas. Your devices have intelligence built into them to automatically
and silently switch between cellular and Wi-Fi. Security researches have exposed some flaws in this
cellular-to-Wi-Fi handover process and it’s very likely that we will see a large 5G-to-Wi-Fi security
vulnerability be exposed in 2020 that could allow attackers to access the voice and/or data of 5G mobile
phones.
Most mobile devices don’t allow the users to disable cellular to Wi-Fi handover (also known as Hotspot
2.0). Windows 10 currently does, however. If unsure, individuals should utilize a VPN on their cellular
devices so that attackers who are eavesdropping on cellular to Wi-Fi connections won’t be able to access
your data. For businesses looking to enable Hotspot 2.0, make sure your Wi-Fi access points (APs) have
been tested independently to stop the six known Wi-Fi threat categories detailed
at http://trustedwirelessenvironment.com. If the APs block these threats, attackers cannot eavesdrop on
the cellular to Wi-Fi handoff.
About the Author
Corey Nachreiner, CTO of WatchGuard Technologies
Recognized as a thought leader in IT security, Nachreiner
spearheads WatchGuard's technology vision and direction.
Previously, he was the director of strategy and research at
WatchGuard. Nachreiner has operated at the frontline of cyber
security for 16 years, and for nearly a decade has been evaluating
and making accurate predictions about information security
trends.
As an authority on network security and internationally quoted
commentator, Nachreiner's expertise and ability to dissect
complex security topics make him a sought-after speaker at
forums such as Gartner, Infosec and RSA. He is also regularly
contributes to leading industry publications and delivers
WatchGuard's "Daily Security Byte" video Secplicity.
63

64
How To Build A Career In Cyber Security
By Pedro Tavares
Nowadays, cybersecurity is seen as an attractive landscape for ambitious people and a truly great
opportunity to fight cybercrime. During the past few months, many cyberattacks have targeted companies
around the world. The reason being, there’s a significant shortage of specialized people working in this
field to resolve the problem.
This suggests that the demand for professionals working in cybersecurity has increased in all industry
sectors due to the rising number of cyberattacks happening every day.
If you want a career in cybersecurity, this is the right time to start. Although you do not need to be a young
or old person, or even to need any specialist approval, certification or academic degree, I believe that
some of them, such as online certification programs, can help you to reach your goals at the best time.
Enrolling in a University degree such as a four-year program in Computer Science or Computer
Information Systems or Information Technology can be an excellent start for those who want to get a job
in this area. The know-how and analytical mindset can be developed by studying several subjects, such
as mathematics, programming, networking, and others. If this is a possibility for you, academic research
could be a good start as well.
However, there is another way to get experience and developing your skills quickly and with great
accuracy. Of course, I'm speaking about certifications.
64

65
Certification Programs
There are some interesting certifications programs you need to consider to improve your knowledge on
specific topics., for example:
CISSP - Certified Information Systems Security Professional
ISACA: CISM - Certified Information Security Manager
CompTIA Security+
CEH (v10) - Certified Ethical Hacking Course
These certifications aren’t equivalent and each of them focuses on different topics. Focusing on the
CEH(v10) course, for instance, it will train you on the advanced step-by-step methodologies that hackers
actually use, such as writing virus codes and reverse engineering, so you can better protect corporate
infrastructure from data breaches. These ethical hacking certifications will help you master advanced
network packet analysis and advanced system penetration testing techniques to build your network
security skill-set and beat hackers at their own game.
The CEH ethical hacking course can help you:
• Grasp the step-by-step methodology and tactics that hackers use to penetrate network systems.
• Understand the finer nuances of trojans, backdoors, and countermeasures.
• Get a better understanding of IDS, firewalls, honeypots, and wireless hacking.
• Master advanced hacking concepts, including mobile device, and smartphone hacking, writing
virus codes, exploit writing & reverse engineering and corporate espionage.
• Gain expertise on advanced concepts such as advanced network packet analysis, securing IIS &
Apache web servers, Windows system administration using Powershell, and hacking SQL and
Oracle databases.
• Cover the latest developments in mobile and web technologies including Android, iOS,
BlackBerry, Windows Phone, and HTML 5.
• Learn advanced log management for information assurance and allow you to manage information
security with more clarity.
As a final note, and one of the most import things within this field is the great set of inputs for news,
articles, tools, and others.
For instance, taking as an example Twitter. Here, it’s available a huge volume of fresh news and
resources based on the type of security person you are. Twitter is real-time, which gives it an advantage
over traditional sources; you can create or join as a subscriber.
As an active security professional within the cybersecurity landscape, you can check my Twitter updates
here.
Don’t wait for the perfect moment in your life, start your next professional journey right now.
65

66
About the Author
Pedro Tavares is a cybersecurity professional and a
founding member and Pentester of CSIRT.UBI and the
founder of seguranca-informatica.pt.
In recent years he has invested in the field of
information security, exploring and analyzing a wide
range of topics, such as pentesting (Kali Linux),
malware, hacking, cybersecurity, IoT and security in
computer networks. He is also a Freelance Writer.
Segurança Informática blog: www.segurancainformatica.pt
LinkedIn: https://www.linkedin.com/in/sirpedrotavares
Contact me: ptavares@seguranca-informatica.pt
66

67
Fraud: A Look Back At 2019 And What to Expect in The New
Year
By Christina Luttrell, IDology
The approach of the new year is a good time to reflect on the fraud landscape and its impact on
businesses and consumers. Fraudsters continue to push the envelope, exploring new tactics and
expanding the tried and true. At the same time, businesses have deployed more identity verification and
anti-fraud technologies, more companies are sharing fraud data in consortiums, and Americans are doing
more to protect themselves.
However, it’s still important to understand the advances in fraud schemes and tactics, their potential
impact, the best methods for protecting against them, and how to successfully manage customer
expectations in their wake.
Recent IDology research captures the fraud trends that dominated in 2019 and offers a glimpse into fraud
in 2020.
Card-funded fraud, phishing, and account takeover. Credit, debit, and prepaid card
fraud remains the most predominant form of fraud. This is closely followed by phishing,
which includes business email compromise (BEC) and account takeover. In addition, the
emergence of real-time ACH payment initiatives and higher adoption rates of person-toperson
(P2P) payments are driving increases in ACH/wire fraud.
67

68
Mobile fraud vulnerabilities. While mobile devices provide an effective means of
delivering authentication and biometric capabilities, they also create points of vulnerability.
The level of mobile fraud stayed the same this year for 50% and increased for 28% of
respondents to the IDology report. As more consumers utilize one-time mobile passcodes
for multi-factor authentication, circumventing and intercepting them becomes more
lucrative for fraudsters, especially with orchestrated multi-channel attacks.
Elusive small-dollar fraud. Criminals are always on the hunt for new ways to commit
fraud at scale, but they also don’t want to get caught. Over the last 12 months, the average
transactional dollar value of attempted fraud attacks in the under $500 range increased
by 31%. These low dollar amounts are likely to be missed by consumers as they scan
their card statements; when these schemes are carried out on a large scale, they add up
to a lot of money for fraudsters who aren’t afraid to nurture a fraud scheme over time in
order to get the biggest benefit.
Challenging synthetic identity fraud. Synthetic identity fraud (SIF) ranks as the top
fraud type that executives believe will be most severe in the next three years. Why? By
nature, SIF is difficult to detect, stop, and report. There are no real people from whom to
recoup losses. Businesses simply don’t know how many cases of seemingly real accounts
are synthetic identities incubating until a “bust out” occurs. And because businesses are
unable to accurately determine and report synthetic fraud, regulators are asking how well
they can apply Know Your Customer (KYC) regulations.
Declining consumer trust. Businesses are still working to understand the implications of
large-scale chronic breaches and related fines and settlements. IDology found that
companies see the biggest casualty of large-scale breaches and settlements as the loss
of customer trust. Protecting against fraud doesn’t always equate to an “easy” customer
experience, and deploying a safe and easy process can prove elusive. Maintaining the
delicate balance between strong fraud prevention and a seamless user experience is the
number one challenge fraud executives and professionals say they face.
Balancing it all in 2020
While their defenses may be improving, businesses are bracing for more attacks. SIF, mobile attacks,
card-funded fraud, phishing, new account fraud, account takeover, and faster ACH fraud are looming
threats.
Fraudsters continue to push the envelope and expand mobile tactics, such as SMS text interception,
while fighting anti-fraud machine learning with their own machine learning and credential-stuffing
68

69
technologies. They’re also collaborating and sharing best practices on the dark web while they continue
to avoid detection by lowering transaction amounts and opting for larger-scale attacks.
While it’s logical that a higher number of hurdles for users to clear corresponds to greater fraud
deterrence, there’s also a higher likelihood of frustration and abandonment, leading consumers to move
to a competitor. In this balancing act, most businesses lean toward frictionless experiences at the risk of
more fraud. While the decision to capture revenue over stopping fraud is not surprising, it could result in
greater material risks down the road.
Basic identity proofing and data matching are no longer sufficient methods for verifying identities.
Leveraging multiple layers of data, including mobile network data, device information and geolocation,
as well as the integration of machine learning and artificial intelligence to improve the processing of that
data, is the key to balancing fraud and customer experience. By utilizing smart layers of identity attributes
and analyzing disparate identity characteristics behind the scenes, businesses escalate to additional
authentication methods only when necessary and can quickly greenlight legitimate customers.
About the Author
Christina Luttrell is the chief operating officer for IDology, a GBG
company and leader in multi-layered identity verification and fraud
prevention. In her 10 years at IDology, Luttrell has significantly advanced the
company’s technology, forged close relationships with IDology customers
and driven the development of technology innovations that help
organizations stay ahead of constantly shifting fraud tactics without
impacting the customer experience. Luttrell has been recognized as one of
the Top 100 influencers in identity by One World Identity.
69

70
Anomaly Detection Is the Next Cybersecurity Paradigm
It’s time to move beyond static lists of things forbidden and things allowed.
By Aron Hsiao, Director of Marketing and Insights, Plurilock
Static lists have long been at the heart of cybersecurity.
Today, virtually every cybersecurity practice currently depends on lists of some kind. In network security,
lists of addresses, ports, peers, and keys. In malware and environment security, lists of suspicious code
and process "signatures." In access management and authentication, lists of user credentials.
It’s rapidly becoming clear that these lists are no longer adequate. Their management, maintenance, and
distribution drives countless billions in GDP, yet cybersecurity is as far from a solved problem as it’s ever
been. Both breach rates and breach concerns amongst regulators and the public continue to grow
exponentially.
Why Cybersecurity is Still Hard
At the end of the day, the problem is that these lists all fall short in the same way. We think of them as
lists of exclusions and protections, but each such list is also secretly a direct avenue for attack, precisely
through what it allows—or at least doesn’t forbid.
70

71
• A list of valid credentials is also by nature a list of methods to compromise protected data,
accounts, and privileges.
• A configured firewall is also by nature a set of ports, addresses, and subnetworks that will remain
vulnerable.
• A set of malware signatures is also by nature a description of the patterns that malware can avoid
exhibiting in order to escape detection.
• A PKI is inherently a set of doors that can always be opened with the right data—no matter how
narrow or obscure we try to ensure that these doors remain.
• And so on.
For years, security professionals have bemoaned "security through obscurity" even as so much of
cybersecurity is fundamentally still about obscurity—ensuring that these lists remain either obscure or
difficult to understand or decode. At the end of the day, it’s all security through obscurity. Once these
things are no longer obscure, the doors are open.
If the last several decades have taught us anything, they’ve taught us that malicious actors are amazingly
adept at finding ways to get ahold of or exploit these lists—these avenues for attack. Crooks pursue this
strategy precisely because these lists are, unavoidably, avenues for attack.
No matter how sure we've been of each new (and often newly complex) protection method, each has
always become, in the end, the latest door through which malicious actors enter.
New Authentication Practices: Behavioral Biometrics
Governments and security-critical organizations, faced over the last decade with millions or billions of
new users, growing cloud profiles, and ballooning data and systems footprints—not to mention expanding
attack and risk surfaces—have increasingly looked for new approaches.
In user authentication and PAM circles, behavioral-biometric authentication methods are now the leading
solution to this problem. While usernames, passwords, tokens, fingerprints, and mobile SIMs are all
attack vectors that bad actors can use to impersonate real users and gain illicit access, behavioralbiometric
systems are fundamentally different.
In behavioral-biometric systems, which are driven by machine learning and observation over time, there
is no particular credential that can be stolen and reused in order to gain entry. There are also no
biographical or other credentials used or kept on file to act as objects of theft in order to access still other
systems.
Instead, behavioral-biometric technologies recognize people based on tiny, machine-observable patterns
in input or sensor data that they generate as they go about their business. In other words, on behavioralbiometric
systems users must be “recognizable" in wholly organic, multifaceted, and embodied ways—
71

72
ways that are difficult if not impossible to simulate. Authentication happens inadvertently, as users simply
act like—and are—themselves.
Generalizing Behavioral Biometrics to Anomaly Detection
At Plurilock we’ve long considered behavioral biometrics to be our core competency, yet recently we’ve
been increasingly engaged in research and development on machine-to-machine security models for the
Internet of Things and in new ways to detect and stop malware.
It’s rapidly becoming clear that all of these are cases in which stronger, more efficient, and more costeffective
security can be achieved using a group of very similar anomaly detection technologies.
The claim that "identity is the new perimeter" has been making the rounds over the last year or two, and
we don't disagree with it for human users. But this claim is actually a specialized instance of a more
general claim that will shape cybersecurity in the decades to come. After all, identity is exactly the
problem—and more and more, anomaly detection methods are the best way to establish it. So it’s not
identity that is the new perimeter—it's anomaly.
Securing User Accounts, Things, and Environments
But how does anomaly detection address the other problems I just mentioned?
Recall that behavioral biometrics enables us to recognize real users. It does this not with lists of static
facts like credentials or fingerprints—that are in fact themselves vulnerabilities—but through the ability to
recognize, without biographical data or physical markers, whether someone is “being themselves” or not.
It’s fundamentally about detecting user anomalies.
Because users are human beings, we’ve long called this a biometric technology. But the same
approach—using machine learning for anomaly detection—is now proving to be effective in other areas
of cybersecurity as well. Devices are more and more like individuals in our era of highly complex things—
individual in timings, characteristics, and tendencies. This is especially true as machine learning and
automation—and the unique ways in which these affect memory, process, and latency characteristics—
take hold across more and more devices.
In the realm of malware, too, the Spy vs. Spy game of signature library updates versus new threat
"strains" in the wild will soon be supplantable by anomaly detection through machine learning. Computing
environments, process tables, and schedulers are now deep and nuanced enough to offer—once again—
rich signal environments that enable the recognition of both normal and anomalous states. The result is
software security without signature scanning.
Rather than relying on static policies—which credentials grant access, which don’t, which MAC
addresses and keys are in, which are out, which code fragments are allowed, and which aren’t—it's time
for the cybersecurity industry to begin to think in terms of recognition and anomaly detection, just as
behavioral-biometric solutions now do with human users.
72

73
Making the Transition
The shift from list-based and credential-based forms of cybersecurity isn't one that can or will happen
overnight, but it's one that needs urgently to happen nonetheless—and one that will happen simply
because the traditional paradigm can’t be sustained much longer. It’s just too expensive, complex, and
ineffective at this point.
The old, static methods for securing data, accounts, and cyber-systems haven't kept pace with the threat
landscape—and the gap is now growing exponentially. For corporate officers and security professionals
tasked with protecting users, systems, and data, it's time to reorient thinking toward anomaly detection
technologies as tomorrow’s keys to cybersecurity.
It’s time to stop thinking about how to keep our many lists obscure—and to start considering technologies
that make list-based cybersecurity (and its vulnerabilities) obsolete.
About the Author
Aron Hsiao is the Director of Marketing and Insights at Plurilock
Security Solutions, Inc. One of a number of PhDs on Plurilock’s
senior team, Aron’s research background is in the analysis of
human-computer interaction systems. Aron previously worked at big
data startup Terapeak, at e-commerce giant eBay, Inc., and as an
instructor at NYU, CUNY, and The New School for Social Research.
In addition to his academic work and work at Plurilock, Aron is also
the author of a number of books on Linux, cybersecurity, and open
source technologies.
Aron can be reached online at aron.hsiao@plurilock.com and at
http://www.plurilock.com/.
73

74
More Spending Won’t Solve Your Hardest IT Challenges In
2020 And Beyond. Here’s What Will.
By Chris Hallenbeck, CISO of the Americas at Tanium
U.S. state and local governments have been observing the proposed State and Local Cybersecurity
Government Act of 2019, especially since it was endorsed by the National Association of State Chief
Information Officers (NASCIO) in July. The federal legislation contains the promise of more funding for
cybersecurity efforts and improved collaboration and resource-sharing among federal state and local
governments.
Overall, it is intended to provide an advantage to governments in the battle over cyberattacks. But, like
so many other examples of an ongoing technology challenge that is met with the promise of resources,
the additional funding that this legislation will provide could inadvertently steer things in the wrong
direction.
Learning from the enterprise
More funding can actually lead to weaker defenses, not stronger ones. When IT gets a windfall, decisionmakers
tend to buy more tools to tackle their security issues and IT operations challenges—attempting
to address each new threat or operational issue with a promising new product. But rather than providing
teams with more control, these point tools add more complexity to the environment. It becomes harder
74

75
to get a view on the entire IT estate, how much of it is patched and up-to-date, and where vulnerabilities
lie across endpoints, both on-premises and cloud.
That’s not to say that budget relief is without merit—of course it can help. But many large enterprises and
government agencies already have 20 or more tools for security and IT operations—usually from more
than 10 different vendors—already in their arsenals. For large enterprises, the number is often higher
than 40.
In a rush to solve every issue with a so-called “tailored” solution, IT teams ultimately end up with a cluster
of fixes that don’t work well together, and they could cause more problems cumulatively than they solve
individually. It’s why these environments aren't seeing improved IT hygiene. As a result, forward-thinking
organizations are embracing a platform approach—specifically a unified platform for endpoint
management and security—to simplify their environments, provide that visibility and control, and make
themselves ultimately more resilient to disruption.
Bringing vigilance into 2020
Today, data flows throughout organizations in a variety of ways, including the cloud and on mobile
devices. Serious visibility gaps arise when we implement architectures that were designed for a time
when IT was the custodian of technology and held a tight set of reins on how it was used within the
enterprise. That is, in part, why organizations underestimate their asset inventory by as much as 20%.
At the scale of hundreds of thousands of endpoints, this poses a significant risk to the organization.
Obtaining data in real-time is as important as identifying where that data sits. Even organizations that
have visibility into each of their endpoints might need to stitch together asynchronous data from a range
of sources, such as EDR telemetry or PCI systems. If one asset is scanned for vulnerabilities every five
minutes, but the other is only scanned once a month, then it is impossible to glean any actionable insight
on the IT environment as a whole. The best you can do is take an educated guess.
Any government organization that wants to enter 2020 with a more robust security posture must prioritize
real-time, actionable data that is drawn from all assets connected to the network.
Creating your own roadmap
So how do IT leaders begin to think holistically and make better investments? It’s useful to start with an
audit. While it can be cumbersome, cataloging the capabilities that each tool provides will help to identify
redundancies and provide teams with a plan of action. If any overlap exists between them, that’s an
opportunity to consolidate. Doing so will improve both efficiency and the bottom line, but that’s not the
only benefit. It could also help increase just how much teams can see in their IT environment.
Think of all the types of tools currently deployed, from asset discovery solutions to SIEMs an CMBDs.
On an individual basis, these tools may very well provide a relatively complete, contextual or timely
solution that serves its purpose. Collectively, however, they are much less effective. Visibility gaps start
to develop, creating another unnecessary problem that will only get worse with time.
75

76
Resolving to plan in the new year
State and local governments are sorely in need of the funds that the proposed legislation would inject.
Hackers targeted municipalities more often in 2019 than they did a year ago, and critical systems in
particular have been held ransom. But without a holistic strategy this blessing could quickly become a
curse for any organization, with too many tools and low-quality data making organizations more
vulnerable to attack. To gain resilience in the long-term, organizations should prioritize a unified endpoint
management and security platform that allows for true visibility and control.
About the Author
Chris Hallenbeck is a security professional
with years of experience as a technical lead
and cybersecurity expert. In his current role as
CISO for the Americas at Tanium, he focuses
largely on helping Tanium’s customers ensure
that the technology powering their business
can adapt to disruption. Before joining Tanium
in 2016, Hallenbeck worked for six years on
the U.S. Department of Homeland Security’s
Computer Emergency Readiness Team,
where he gained a strong background in
computer-related investigative work.
76

77
The Decade Ahead for Cybersecurity
By Matthew Gyde, CEO, Security, NTT Ltd.
The Dawn of a New Era
As 2020 dawns, we stand at the threshold of a new decade that’s certain to reveal challenges to the
security landscape we could scarcely have imagined in 2010. But if the past has taught this industry
anything, it’s that a forward-thinking and progressive approach is the best way to mitigate the risk of
threats and intrusion.
In this brave new era before us, our industry must adapt to how security is acquired. While cloud-based
security, machine learning and the move from zero trust to digital trust were trending topics last year,
we’ve witnessed a fundamental shift in how security is being acquired. Automation and orchestration will
be the watchwords for 2020. Things are about to change—and drastically. Security orchestration,
automation and response (SOAR) will be the hottest area in cybersecurity in the year to come. Accepting
and embracing this approach will allow managed security service providers (MSSPs) to build trust equally
across both infrastructure and applications.
What are the driving factors behind this shift in strategy? Simply put, the threats and cyberattacks
themselves are no longer conducted at human speed. Rather, they’ve evolved to occur at machine
speed. And as the old adage goes, you must fight fire with fire. This will be accomplished by embedding
security intelligence into both infrastructure and applications.
77

78
Predictive Over Proactive
Machines, under the supervision of data scientists, will use the power of algorithms to elevate threat
detection capabilities. These algorithms will help machines recognize patterns across applications and
infrastructure. They’ll identify anomalies that point to potential attacks and orchestrate security controls
automatically—and instantaneously—without a human touch. As machines are fed more data to learn
from, they’ll become better at recognizing and identifying threat patterns and anomalies. In turn, they’ll
use this learned knowledge and adapt to apply the right controls for each situation. In summary,
cybersecurity best practices must evolve from a proactive to predictive approach.
Security in the Cloud
In the coming decade, as legacy business models and aging infrastructure wanes, we’ll witness a majority
of applications and workloads hosted in cloud environments. The threats and hackers are sure to follow
suit, targeting this influx into cloud-based ecosystems. For organizations using hosting centers or
hyperscalers, a one-size-fits-all software-based security control is difficult to apply across the whole
infrastructure. To truly mitigate cloud-based threat risks, it will take a separate application of security
assigned to the application or workload itself. Companies will then be able to monitor threats precisely
where they appear, rather than oversight of the entire infrastructure.
MVP – Most Vulnerable Player
Threats constantly probe for the most vulnerable entry point. And the bad actors have declared a clear
winner. Apps remain the most vulnerable gateway, falling prey to hostile attacks now also occurring at
machine, rather than human, speed. According to our latest Global Threat Intelligence Report,
application-specific and web-application attacks now account for a third of hostile traffic—making them
the single most common targets of hostile activity.
The Next 10 Years
Addressing cybersecurity through the next decade will require a new mindset, advanced levels of
monitoring capabilities and a growing reliance on machine-based learning and application. But I do
believe that cybersecurity organizations will rise to meet these and other challenges yet unseen, primarily
because they’re left with no choice but to improvise, adapt and overcome threats. This level of vigilance
is best served by taking an intelligent-based approach to security. Only by implementing an intelligencebased
strategy can businesses achieve a predictive, agile and automated security posture, wholly aligned
to their individual level of risk tolerance. Let’s hope the next 10 years will be remembered for the
achievements, milestones and solutions put into practice to eradicate the scourge of unseen threats.
78

79
About the Author
Matthew Gyde is the CEO, Security Division, of NTT Ltd., a leading
global technology services company. Gyde is responsible for
executing the security, services, and go-to-market strategies with
the goal of building the world’s most recognized security business
supported by a team of highly talented professionals.
His career in IT security spans more than 20 years, providing him
with a deep understanding of how security platforms should be
implemented and managed to ensure clients’ business outcomes
are achieved, while simultaneously ensuring their risk is minimized.
Matthew has completed the International Executive Program
from INSEAD Business School, Asia, and holds an Advanced
Diploma in Business Management from Randwick College,
New South Wales, Australia.
79

80
Moving Network Security to The Cloud
What Is Secure Access Service Edge (Sase) And Why It Matters
By Paul Martini, CEO, iboss
The world of technology that exists today is substantially different from that of only a few years ago. The
cloud has changed everything. Mobile phones and devices have allowed users to work from virtually
anywhere. Applications which were once hosted within datacenters have moved to the cloud. The
combination of mobility combined with business applications available in the cloud, from any location,
has allowed companies to become more agile and productive. Bandwidth is through the roof and secure
encrypted network connections are mandatory. While the revolution driven by SaaS applications provides
new possibilities, the challenges they bring to the world of network security are substantial.
Network security is an area responsible for inspecting content as it moves between devices and the
cloud. Fundamentally, network security technology stacks require access to the data in motion to prevent
malware, detect breaches and prevent data loss. Traditionally, access to this data was very straight
forward. Users were constrained to physical network perimeters, such as an office building. As devices
interacted with public cloud services, the data could be forced through on-prem firewall and proxy network
security appliances. The data was forced to flow through chokepoints before heading to and from the
internet. With mobility, users are no longer constrained to any physical location. The data leaving their
devices run on public networks and organizations do not have the luxury of forcing that traffic through
company owned firewalls and proxies. The data could be hair-pinned back through centralized
80

81
datacenters before heading out to the internet but increasing bandwidth and the need for speed quickly
makes this approach unsustainable and cost prohibitive.
Mobility changes the perspective of what the perimeter is defined by and completely inverts the traditional
network topology model. Instead of using a physical building to define a network perimeter, the device
itself becomes the perimeter. A user working on the road is a network of one. A group of three users
working from a conference is a network of three, essentially forming a remote branch office. The same
could be said for branch offices or headquarters. The device and the user is where the network is defined
and where trust should begin and end. Firewall and proxy appliances inherently do not fit this model
because they are physical infrastructure designed to protect physical locations by inspecting all of the
data leaving that location. In the new model, where should the firewall or proxy be installed? If a user is
working from home, should a company owned firewall appliance be installed at user’s home office? How
will this help when the user decides to take their laptop and work from the road, immediately leaving the
home network perimeter?
The network security functions are still required for both security and compliance. Intrusion prevention
and inspection of network content for malware and data loss are fundamental techniques that are still
required and essential. However, sending network data to appliances hosted at any specific location does
not make sense when the connectivity is not originating from any specific location. This is where the shift
of network security from on-prem network security appliances to network security delivered in the cloud
is essential. Instead of sending device and user data to the network security appliance hosted at the
datacenter, network security delivered in the cloud allows cybersecurity functions to move to where the
user is located automatically. Since users are connected to cloud applications and cloud-based network
security lives in the cloud as well, network security running in the cloud can move to the location from
which those connections are originating. The network security functions in essence live where the
applications live, in the cloud, allowing all data to be secured from anywhere.
81

82
To make things worse for an appliance-based approach to network security, the shear increases of
bandwidth and encrypted data has been explosive. Network security appliances have theoretical
throughput limits, governing the amount of data they can process and secure before becoming completely
saturated and slowing down connections. Slow connections are just as bad as down connections
because they drastically affect user productivity due to the inability to access business cloud applications
efficiently. Network security delivered in the cloud is free from these restrictions as the compute and
processing power available is not limited by any physical constraint and can scale on demand as needed.
Cloud-based network security can decrypt any volume of content and inspect it for malicious or harmful
transfers with ease. Containerized approaches to cloud network security also allow for low latency and
fast connections with the ability to take advantage of horizontal scaling to process any volume of traffic.
Moving network security to the cloud is a requirement with the new reality of an inverted network
perimeter that exists today. When evaluating cloud-based network security platforms, it’s critical that the
platform is able to deliver the same functionality found in network firewalls and proxies leaving only the
appliances behind. Containerized architectures, like that found in platforms like iboss, allow both streambased
security functions found in firewalls and file-based security functions found in proxies to be
delivered via a SaaS solution in the cloud. Containerization allows for raw packet processing capabilities
which are required for firewall functionality, such as Intrusion Prevention protection. Ensuring that the
cloud-based platform also has the policy engine capable of transitioning the network security functions
mired in appliances to the cloud-based solution should also be considered.
In the Gartner paper titled “The Future of Network Security is in the Cloud” which introduced the SASE
(“sassy”) model which describes this new phenomenon which must be addressed for a sustainable path
to the future. Cloud SaaS network security platforms, such as iboss, allow organizations to easily migrate
from traditional on-prem appliances to a sustainable cloud-based solution.
82

83
About the Author
Paul Martini is the CEO, co-founder and chief architect of iboss,
where he pioneered the award-winning iboss platform. Prior to
founding iboss, Paul developed a wide-variety of complex security
and technology solutions for clients such as Phogenix, the U.S.
Navy, and Hewlett Packard. He was also a key contributor at
Copper Mountain Networks working on designing and implementing
FPGAs and broadband network infrastructure used by Telcos to
build the cloud. His work at Science Applications International
Corporation (SAIC) involved building distributed real-time systems
for companies such as Rolls Royce. Copper Mountain and SAIC
both launched successful IPOs. Paul has been recognized for his
leadership and innovation, receiving the Ernst & Young
Entrepreneur of The Year award and being named one of Goldman Sachs’ 100 Most Intriguing
Entrepreneurs. Paul holds over 100 issued patents in cybersecurity, networking and technology and has
had his work published in many scientific journals, including the Journal of Foundations in Computer
Science and the Journal of Analytical Biochemistry. He holds a Computer Science Degree from the
University of California.
Paul can be reached online via LinkedIn at https://www.linkedin.com/in/martinipaul. For more information,
visit the iboss company website at https://www.iboss.com.
83

84
84

85
85

86
86

87
87

88
88

89
89

90
90

91
91

92
92

93
93

94
94

95
95

96
96

97
97

98
98

99
99

100
100

101
101

102
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS
“Amazing Keynote”
“Best Speaker on the Hacking Stage”
“Most Entertaining and Engaging”
Gary has been keynoting cyber security events throughout the year. He’s also been a
moderator, a panelist and has numerous upcoming events throughout the year.
If you are looking for a cybersecurity expert who can make the difference from a nice event to
a stellar conference, look no further email marketing@cyberdefensemagazine.com
102

103
You asked, and it’s finally here…we’ve launched CyberDefense.TV
At least a dozen exceptional interviews rolling out each month starting this summer…
Market leaders, innovators, CEO hot seat interviews and much more.
A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.
103

104
Free Monthly Cyber Defense eMagazine Via Email
Enjoy our monthly electronic editions of our Magazines for FREE.
This magazine is by and for ethical information security professionals with a twist on innovative consumer
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best
ideas, products and services in the information technology industry. Our monthly Cyber Defense e-
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here
to sign up today and within moments, you’ll receive your first email from us with an archive of our
newsletters along with this month’s newsletter.
By signing up, you’ll always be in the loop with CDM.
Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a
CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,
CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,
Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com
All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,
recording, taping or by any information storage retrieval system without the written permission of the publisher
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at
marketing@cyberdefensemagazine.com
Cyber Defense Magazine
276 Fifth Avenue, Suite 704, New York, NY 1000
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 01/03/2020
104

105
TRILLIONS ARE AT STAKE
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES
Released:
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH
In Development:
105

106
106

107
107

108
Nearly 8 Years in The Making…
Thank You to our Loyal Subscribers!
We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know
What You Think. It's mobile and tablet friendly and superfast. We hope you
like it. In addition, we're shooting for 7x24x365 uptime as we continue to
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)
around the Globe, Faster and More Secure DNS
and CyberDefenseMagazineBackup.com up and running as an array of live
mirror sites.
5m+ DNS queries monthly, 2m+ annual readers and new platforms coming…
108

109
109

110
110

111
111

112
112