Cyber Defense eMagazine December 2020 Edition

Cyber Defense eMagazine December Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

Cyber Defense eMagazine December Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES


You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Securing the Hybrid Workforce Begins<br />

with Three Crucial Steps<br />

Top 10 Data Breaches of the 21st Century<br />

Responding to Security Incidents with<br />

Behavior Analysis<br />

Data Migration Security<br />

…and much more…<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 1<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.


Welcome to CDM’s <strong>December</strong> <strong>2020</strong> Issue ----------------------------------------------------------------------------------------- 6<br />

Securing the Hybrid Workforce Begins with Three Crucial Steps ------------------------------------------------- 24<br />

By Rick Vanover, Senior Director of Product Strategy, Veeam<br />

Top 10 Data Breaches of the 21st Century ------------------------------------------------------------------------------ 28<br />

By Nicole Allen, Marketing Executive, SaltDNA.<br />

Why Organizations Need to Reduce Friction to Manage Remote Work Environments -------------------- 33<br />

By Jay Goodman, Strategic Product Marketing Manager, Automox<br />

<strong>Cyber</strong>security: Innovation Needed ----------------------------------------------------------------------------------------- 36<br />

By Laurence Pitt, Global Security Strategy Director, Juniper Networks<br />

The Future of Security Is on The Hardware ------------------------------------------------------------------------------ 39<br />

By Ian Pratt, Global Head of Security, HP<br />

Responding to Security Incidents with Behavior Analysis----------------------------------------------------------- 42<br />

By Jeff Stein, Information Security Architect, Reputation.com<br />

Learning Hardware Security Via Capture-The-Flag Competitions ------------------------------------------------ 45<br />

By Jason M. Fung, Offensive Security Research Manager at Intel<br />

Telegram for Business Communications: Understanding The Risks And Rewards--------------------------- 49<br />

By Otavio Freire, CTO and Co-Founder, SafeGuard <strong>Cyber</strong><br />

How Are Financial Services Firms Addressing the Requirements of Digital Transformation, Security,<br />

And Compliance? ---------------------------------------------------------------------------------------------------------------- 52<br />

By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks<br />

Revealed: How Banking and Finance GRC Leaders Struggle to Address Regulators’ Demands for <strong>Cyber</strong><br />

Evidence with Confidence ---------------------------------------------------------------------------------------------------- 56<br />

By Charaka Goonatilake. CTO at Panaseer<br />

Why the Education Sector Must Address Security in The Rush to Digitise ------------------------------------- 62<br />

By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba<br />

Data Migration Security ------------------------------------------------------------------------------------------------------ 65<br />

By Devin Partida, <strong>Cyber</strong>security Writer, ReHack Magazine<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 2<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Crown Prosecution Service (CPS) Has Recorded 1,627 Data Breaches Over the Entirety of the<br />

2019-20 Financial Year, Up From 1,378 In the Previous Financial Year ----------------------------------------- 68<br />

By Andy Harcup, VOP, Absolute Software<br />

Financial Data Security Risks in The Hands of Online Shops or Intermediary Applications --------------- 71<br />

By Ben Hartwig, Web Operations Executive, InfoTracer<br />

All Aboard The COVID-19 Train: Malware Trends Taking Advantage of The Pandemic ------------------- 75<br />

By Bar Block, Threat Intelligence Researcher at Deep Instinct<br />

The Coming Security Perspectives------------------------------------------------------------------------------------------ 79<br />

By Milica D. Djekic<br />

Amidst Election Noise, <strong>Cyber</strong>criminals See an Opportunity with Retail ---------------------------------------- 81<br />

By Chris Kennedy, CISO & VP of Customer Success, AttackIQ<br />

What’s in Your Wallet? The <strong>Cyber</strong>security Costs of COVID --------------------------------------------------------- 84<br />

By Mark Sangster, Vice President and Industry Security Strategist, eSentire<br />

Making the Journey to the Intelligent SOC ------------------------------------------------------------------------------ 87<br />

By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />

Joint Investigation Reveals Evidence of Malicious Android COVID Contact Tracing Apps----------------- 91<br />

By Peter Ferguson, <strong>Cyber</strong> Threat Intelligence Specialist at EclecticIQ’s Fusion Center<br />

A Hybrid Workplace Means New Threats and More Pressure on IT Leaders ---------------------------------- 94<br />

By Tim Sadler, Cofounder and CEO of Tessia<br />

How We Securely Share Data in A Remote World -------------------------------------------------------------------- 97<br />

By Duncan Greatwood, CEO, Xage Security<br />

To Share, Or Not to Share -------------------------------------------------------------------------------------------------- 100<br />

By Kris Lovejoy, Global Consulting <strong>Cyber</strong>security Leader, EY ------------------------------------------------------------ 100<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 3<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.


From the<br />

Publisher…<br />

New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />

Dear Friends,<br />

As we publish this <strong>December</strong> issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine, many of<br />

us will look ahead to the year 2021 with great anticipation. While <strong>2020</strong><br />

has been a challenge for most in the cybersecurity community, many<br />

have weathered the storm and even become stronger as a result.<br />

From my perspective, it’s clear that it’s imperative to get back to basics.<br />

The articles in this month’s <strong>Cyber</strong> <strong>Defense</strong> Magazine, which are provided<br />

from a broad array of contributors, demonstrate that our community is<br />

moving steadily into a new phase, getting down to basics while we<br />

address broader issues as well.<br />

In addition, we’re thrilled to have now opened our 9 th annual Global InfoSec Awards for 2021 as our most<br />

prestigious awards at https://www.cyberdefenseawards.com which will take place during RSA Conference 2021.<br />

I’d like to draw your attention to my current article emphasizing the need for appropriate responses to holidayrelated<br />

scams. Without repeating it in full here, I’ll refer you to the online posting at:<br />

https://www.cyberdefensemagazine.com/halting-hackers-on-the-holidays/<br />

In addition to the important articles in the <strong>December</strong> issue, we are pleased to continue providing the powerful<br />

combination of monthly <strong>eMagazine</strong>s, daily updates, and features on the <strong>Cyber</strong> <strong>Defense</strong> Magazine home page, and<br />

webinars featuring national and international experts on topics of current interest. Finally, don’t forget to grab<br />

some knowledgebase infosec and cybersecurity tidbits from experts at https://www.cyberdefensewebinars.com.<br />

Warmest regards,<br />

Gary S. Miliefsky<br />

Gary S.Miliefsky, CISSP®, fmDHS<br />

CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

P.S. When you share a story or an article or information about<br />

CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />

@Miliefsky – it helps spread the word about our free resources<br />

even more quickly<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 4<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.



Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />

distributed electronically via opt-in Email, HTML, PDF and Online<br />

Flipbook formats.<br />


Stevin Miliefsky<br />

stevinv@cyberdefensemagazine.com<br />

InfoSec Knowledge is Power. We will<br />

always strive to provide the latest, most<br />

up to date FREE InfoSec information.<br />

From the International<br />

Editor-in-Chief…<br />

From the international point of view on cybersecurity matters, we<br />

close out <strong>2020</strong> with both relief and expectation. I’m pleased to<br />

observe that there appear to be deliberate efforts to achieve<br />

international cooperation in our space. That includes mindfully<br />

moving beyond COVID concerns and implementing cybersecurity<br />

measures on a more generalized and cooperative basis.<br />

One aspect will remain consistent: the need for both coordination<br />

and compliance measures in the international arena. The farreaching<br />

threats neither know nor respect national borders. Recent<br />

reports show even the organizations specializing in cybersecurity<br />

services are not immune from hackers.<br />


Pierluigi Paganini, CEH<br />

Pierluigi.paganini@cyberdefensemagazine.com<br />


Yan Ross, JD<br />

Yan.Ross@cyberdefensemediagroup.com<br />


Marketing Team<br />

marketing@cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

Toll Free: 1-833-844-9468<br />

International: +1-603-280-4451<br />

SKYPE: cyber.defense<br />

http://www.cyberdefensemagazine.com<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />

276 Fifth Avenue, Suite 704, New York, NY 10001<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />


Gary S. Miliefsky, CISSP®<br />

From the international perspective, we continue to hope that in our<br />

world of cybersecurity and privacy, there may be room for both<br />

national and global interests.<br />

As always, we encourage cooperation and compatibility among<br />

nations and international organizations on cybersecurity and<br />

privacy matters.<br />

To our faithful readers, we thank you,<br />

Pierluigi Paganini<br />

International Editor-in-Chief<br />

Learn more about our founder & publisher at:<br />

http://www.cyberdefensemagazine.com/about-our-founder/<br />


Providing free information, best practices, tips and<br />

techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />

magazine is your go-to-source for Information Security.<br />

We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />




<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 5<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Welcome to CDM’s <strong>December</strong> <strong>2020</strong> Issue<br />

From the U.S. Editor-in-Chief<br />

Just a few months ago, I wrote in this space about the prospects for entering a period of the<br />

“New Normal.” At the time, it appeared (to me, at least) that the prospects were fairly remote;<br />

that is, until we could establish some degree of stability, the concept of “normal” would be<br />

elusive.<br />

As I write this message today, I’m pleased to observe that our contributors and commentary<br />

indicate that the responses of the cybersecurity community are effectively establishing a “New<br />

Normal” for both organizations and infrastructure.<br />

For example, one observation reflects the magnitude of challenges in migrating from “5000<br />

workers in one place to workers in 5000 places.”<br />

Clearly, the process of normalizing won’t return us to the old patterns of cybersecurity. But the<br />

new ones appear to be coming to the fore in an informed and professional manner.<br />

As in past issues, let me suggest reviewing the Table of Contents first, so you can prioritize<br />

reading the articles which most closely pertain to your own cybersecurity concerns. (I make this<br />

suggestion with full confidence that all of the articles have value to all of our readers, just to<br />

differing degrees.)<br />

With that introduction, we are pleased to present the <strong>December</strong> <strong>2020</strong> issue of <strong>Cyber</strong> <strong>Defense</strong><br />

Magazine.<br />

Wishing you all success in your cyber security endeavors,<br />

Yan Ross<br />

US Editor-in-Chief<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

About the US Editor-in-Chief<br />

Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & US Editor-in-Chief for<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine. He is an accredited author and educator and<br />

has provided editorial services for award-winning best-selling books on<br />

a variety of topics. He also serves as ICFE's Director of Special Projects,<br />

and the author of the Certified Identity Theft Risk Management Specialist<br />

® XV CITRMS® course. As an accredited educator for over 20 years,<br />

Yan addresses risk management in the areas of identity theft, privacy,<br />

and cyber security for consumers and organizations holding sensitive<br />

personal information. You can reach him via his e-mail address at<br />

yan.ross@cyberdefensemediagroup.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 6<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 7<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 8<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 9<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 10<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 11<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 12<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 13<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 14<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 15<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those<br />

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep<br />

understanding of your web application vulnerabilities, how to prioritize them, and what to do about<br />

them. With this trial you will get:<br />

An evaluation of the security of one of your organization’s websites<br />

Application security guidance from security engineers in WhiteHat’s Threat Research Center<br />

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well<br />

as share findings with internal developers and security management<br />

A customized review and complimentary final executive and technical report<br />

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/<br />

PLEASE NOTE: Trial participation is subject to qualification.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 16<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 17<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 18<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 19<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 20<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 21<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 22<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 23<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Securing the Hybrid Workforce Begins with Three Crucial<br />

Steps<br />

By Rick Vanover, Senior Director of Product Strategy, Veeam<br />

It is clear that remote working is here to stay. According to a survey conducted by Bayt.com, a leading<br />

job site in the Middle East, 90% of professionals in the Middle East and North Africa (MENA) region<br />

expect remote work to increase over the next few years and 74% of professionals prefer jobs that allow<br />

them to work remotely. The shift to a remote workforce has redefined the way organizations structure<br />

their business models. As executives reestablish work policies to accommodate remote employees well<br />

beyond the initially anticipated duration, a new era of work will emerge: the hybrid workforce, one more<br />

largely split between office and remote environments. While this transition brings a wave of opportunity<br />

for organizations and employees, it also opens new doors for bad actors to capitalize on strained IT<br />

departments who have taken on additional responsibility to ensure sensitive data remains secure,<br />

whether on or off the corporate network.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 24<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

While threats to company data range in attack method, ransomware continues to be the most prominent<br />

risk known to organizations worldwide, with a 41% increase in 2019 alone. According a recent study by<br />

Sophos, 49% of the organizations surveyed in UAE mentioned a ransomware attack in the last year. In<br />

July this year, researchers at cybersecurity firm Palo Alto uncovered a strain of ransomware that hit<br />

government-run organizations in the MENA region 1 . It’s important that companies focus on<br />

acknowledging this threat and deploying strategies to prepare, defend and repair incidents, before<br />

adapting to a hybrid workforce model. This process will prevent organizations from falling victim to attacks<br />

where data loss or ransom payment are the only unfortunate options. To win the war on ransomware,<br />

organizations should incorporate a plan for IT organizations that ensures they have the resilience needed<br />

to overcome any attack. Let’s explore three crucial steps for ransomware resilience in more detail.<br />

Focus on education first, avoid reactive approaches to threats later<br />

Education – beginning after threat actors are identified – should be the first step taken on the path towards<br />

resilience. To avoid being caught in a reactive position, should a ransomware incident arise, it’s important<br />

to understand the three main mechanisms for entry: internet-connected RDP or other remote access,<br />

phishing attacks and software vulnerabilities. Once organizations know where the threats lie, they can<br />

tactfully approach training with strategies to refine IT and user security, putting additional preparation<br />

tactics in place. Identifying the top three mechanisms can help IT administration isolate RDP servers with<br />

backup components, integrate tools to assess the threat of phishing attacks to help spot and respond<br />

correctly, and inform users on recurrent updates to critical categories of IT assets, such as operating<br />

systems, applications, databases and device firmware.<br />

Additionally, preparing how to use the ransomware tools in place will help IT organizations familiarize<br />

themselves with different restore scenarios. Whether it be a secure restore process that will abort when<br />

malware is detected or software that can detect ransomware ahead of restoring a system, the ability to<br />

perform different restore scenarios will become invaluable to organizations. When an attack does<br />

happen, they will recognize, understand and have confidence in the process of working towards recovery.<br />

By taking the education aspect of these steps seriously, organizations can decrease the ransomware<br />

risks, costs and pressure of dealing with a ransomware incident unprepared.<br />

Implement backup solutions that maintain business continuity<br />

An important part of ransomware resiliency is the implementation of backup infrastructure to create and<br />

maintain strong business continuity. Organizations need to have a reliable system in place that protects<br />

their servers and keeps them from ever having to pay to get their data back. Consider keeping the backup<br />

server isolated from the internet and limit shared accounts that grant access to all users. Instead, assign<br />

specific tasks within the server that are relevant for users and require two-factor authentication for remote<br />

desktop access. Additionally, backups with an air-gapped, offline or immutable copy of data paired with<br />

the 3-2-1 rule will provide one of the most critical defenses against ransomware, insider threats and<br />

accidental deletion.<br />

1<br />

https://www.cyberscoop.com/ransomware-thanos-middle-east-palo-alto_networks/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 25<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Furthermore, detecting a ransomware threat as early as possible gives IT organizations a significant<br />

advantage. This requires tools in place to flag possible threat activity. For endpoint devices displaced<br />

remotely, backup repositories that are set up to identify risks will give IT further insight into an incredible<br />

surface area to analyze for potential threat introduction. If implementations don’t prohibit attacks, another<br />

viable option is encrypting backups wherever possible for an additional layer of protection – threat actors<br />

charging ransom to prevent leaking data do not want to have to decrypt it. When it comes to a<br />

ransomware incident, there isn’t one single way to recover, but there are many options aside from these<br />

that organizations can take. The important thing to remember is that resiliency will be predicated on how<br />

backup solutions are implemented, the behavior of threat and the course of remediation. Take time to<br />

research the options available and ensure that solutions are implemented to protect your company.<br />

Prepare to remediate an incident in advance<br />

Even when there are steps in place that leverage education and implementation techniques to combat<br />

ransomware before an attack hits, organizations should still be prepared to remediate a threat if<br />

introduced. Layers of defense against attacks are invaluable, but organizations need to also map out<br />

specifically what to do when a threat is discovered. Should a ransomware incident happen, organizations<br />

need to have support in place to guide the restore process so that backups aren’t put at risk.<br />

Communication is key, having a list of security, incident response, and identity management contacts in<br />

place if needed – inside the organization or externally – will help ease the process towards remediation.<br />

Next, have a pre-approved chain of decision makers in place. When it comes time to make decisions,<br />

like whether to restore or to fail over company data in an event of an attack, organizations should know<br />

who to turn to for decision authority. If conditions are ready to restore, IT should be familiar with recovery<br />

options based on the ransomware situation. Implement additional checks for safety before putting<br />

systems on the network again – like an antivirus scan before restoration completes – and ensure the right<br />

process is underway. Once the process is complete, implement a sweeping forced change of passwords<br />

to reduce the threat resurfacing.<br />

The threat that ransomware poses to organizations both large and small is real. While no one can predict<br />

when or how an attack will happen, IT organizations that have a strong, multi-layered defense and<br />

strategy in place have a greater chance for recovery. With the right preparation, the steps outlined here<br />

can increase any organization’s resiliency – whether in office, remote or a combination of the two –<br />

against a ransomware incident and avoid data loss, financial loss, business reputation damage or more.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 26<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Rick Vanover (MVP, vExpert, Cisco Champion)<br />

is the director of Technical Product Marketing &<br />

Evangelism for Veeam Software based in<br />

Columbus, Ohio. Rick's IT experience includes<br />

system administration and IT management; with<br />

virtualization being the central theme of his<br />

career recently.<br />

Rick can be reached online at<br />

(rick.vanover@veeam.com) and at our company<br />

website https://www.veeam.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 27<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Top 10 Data Breaches of the 21st Century<br />

This article looks into the biggest data breaches of the 21st century (so far!).<br />

By Nicole Allen, Marketing Executive, SaltDNA.<br />

This article looks into the biggest data breaches of the 21st century (so far!). We thought we’d do it as a<br />

countdown to the top breach by looking primarily at the number of impacted users. Of course there is<br />

more to it than the number of users impacted as there is usually a huge reputational and financial cost<br />

associated with each breach.<br />

In today’s world user data is a highly valuable currency. The most powerful companies in the world are<br />

the digital giants that monopolise data, prompting ongoing conversations about antitrust legislation and<br />

digital privacy.<br />

Companies that contained a breach in less than 30 days have saved more than $1 million compared to<br />

those that took more than 30 days, according to IBM. Not long ago, it would have been big news that a<br />

breach exposed the privacy of a few million individuals. Breaches which affect hundreds of millions or<br />

even billions of people are now way too common.<br />

Have a read through these whoppers and let us know what you think!<br />

10. Yahoo (2013-2014)<br />

Impact: 3 million - 1 billion user accounts<br />

Yahoo announced in September 2016 that in 2014 it had fallen victim to what at that time would be the<br />

biggest data breach in history, whilst in sales talks with Verizon for its core site service. This caused<br />

Yahoo to knock $350 million off their sales price to Verizon. The attackers, which the company believed<br />

were “state-sponsored actors”, comprised names, email addresses, telephone numbers, date of birth,<br />

passwords and encrypted security questions. Following these attacks in <strong>December</strong> 2016, Yahoo<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 28<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

disclosed another breach by a different attacker. This time taking email addresses, names, date of births<br />

and passwords of 1 billion user accounts. As a result of reputational damage, Yahoo changed their name<br />

to ‘Altaba Inc’.<br />

9. Target (2013)<br />

Impact: 40 million consumers<br />

Retailer, Target, reported a data breach in <strong>December</strong> 2013 and stated that the credit and debit card<br />

numbers as well as the full names, addresses, email addresses and telephone numbers of about 40<br />

million consumers were stolen after hackers obtained access to Target's point of sale payment card<br />

readers from a third party HVAC vendor.<br />

The CIO and CEO of Target both stepped down, and the company projected the breach cost them at<br />

least $162 million.<br />

8. Uber (2016)<br />

Impact: 57 million Uber users and 600,000 drivers’ PII compromised<br />

Uber became aware that the names, email addresses and mobile phone numbers of 57 million Uber app<br />

users and driver licence numbers of 600,000 Uber drivers had been stolen by hackers. Uber’s handling<br />

of the crisis made it particularly noteworthy: they waited for almost a year before officially admitting the<br />

intrusion and offered $100,000 to criminals to delete the data in such a manner that no verification could<br />

be made.<br />

At this time, Uber claimed it was a ‘bug bounty fee’, however soon after this news was released, they<br />

fired their CSO. The relatively misuse of $100K (mice nuts for Uber) massively understates the impact<br />

this breach and its poor handling had on the company’s reputation.<br />

7. Capital One (2019)<br />

Impact: 106 million bank customers and applicants.<br />

As one of the largest banks in the US, Capital one experienced a data breach in March 2019 which<br />

exposed the personal information of nearly 106 million customers and applicants. The breach resulted in<br />

a hacker gaining access to personal information related to credit card applications from 2005 to early<br />

2019. The hacker was revealed as Paige Thompson, who used to work as a software engineer for<br />

Amazon Web Services, the cloud hosting company that Capital One was using. According to the US<br />

Department of Justice, Thompson broke into the server and gained access to 140,000 social security<br />

numbers and 80,000 bank account numbers.<br />

According to Capital One, they fixed the issue immediately and those whose information was affected<br />

were offered ‘free credit monitoring and identification protection’. Morgan Stanley estimated Capital One<br />

could face between $100 to $500 million in U.S fines.<br />

As a result of the well publicised breach, Michael Johnson, former Chief Information Security Officer, was<br />

demoted from his position within Capital One 4 months after the major data incident.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 29<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

6. Equifax (2017)<br />

Impact: 143 million customers personal information and credit card data of 209,000 customers.<br />

Equifax, one of the biggest US credit bureaus, confirmed in September, 2017 that a flaw in an application<br />

on one of their platforms contributed to a data leak that could impact around 40% of the US population.<br />

The violation was found on July 29 2017, although the organisation suggested it had actually started in<br />

mid-March. The breach compromised the personal information of 143 million consumers (including social<br />

security numbers, birth dates, addresses and in some cases driver's licence numbers). It is known that<br />

209,000 customers had their credit card information leaked.<br />

Equifax failed for a number of lapses in safety and response. Chief among them was that the vulnerability<br />

of the application which allowed access to the attackers was unpatched. Inadequate segmentation of the<br />

system facilitated lateral movement for the attackers i.e. once they were in - it was way too easy for them<br />

to get access to the other elements of the system.<br />

5. eBay (2014)<br />

Impact: 145 million users<br />

eBay was the victim of a breach of encrypted passwords between February and March 2014. This<br />

resulted in ebay forcing all of its 145 million users to reset their passwords. To control this cache of user<br />

info, attackers used a small collection of employee passwords.<br />

The compromised information contained encrypted passwords and other sensitive records, including<br />

names, e-mail addresses, addresses, phone numbers and dates of birth. After a month-long investigation<br />

by eBay, the breach was disclosed in May 2014. What is unique about this incident is that the hacking<br />

had hardly any effect and their CEO stated they only saw “a small decline in user activity”.<br />

4. Adobe (2013)<br />

Impact: 153 million users<br />

As security blogger Brian Krebs wrote in early October 2013, Adobe initially announced that hackers had<br />

stolen approximately 3 million encrypted consumer credit card information, plus login details for an<br />

undetermined amount of user accounts. Later that month, Adobe raised that estimate for 38 million "active<br />

users" to include IDs and encrypted passwords. Krebs reported that a file posted just days earlier<br />

"appears to include more than 150 million Adobe usernames and hashed password combinations".<br />

An agreement in August 2015 called on Adobe to compensate court costs of $1.1 million and an<br />

unspecified sum on customers to resolve charges for violation of the Customer Records Act and<br />

discriminatory market practices. The sum payable to the customers was listed at $1 million in November<br />

2016.<br />

3. Marriott International (2014)<br />

Impact: 500 million users<br />

In November 2018, Marriott International revealed that attackers had stolen around 500 million customers<br />

data. The breach originally occurred on Starwood Hotel brand support systems starting in 2014. When<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 30<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Marriott bought Starwood in 2016 the perpetrators stayed in the network and incredibly were not found<br />

until September 2018. A combination of contact details, passport numbers, Starwood Preferred Guest<br />

numbers, travel details, and other sensitive information was taken by the attackers.<br />

It was thought that the credit card numbers and expiration dates of more than 100 million customers were<br />

stolen, but Marriott was uncertain whether the credit card numbers could be decrypted by the attackers.<br />

According to a report in the New York Times, the hack was eventually traced to a Chinese security agency<br />

trying to collect data on US civilians.<br />

2. Facebook (2019)<br />

Impact: 540 million users data was exposed to the internet<br />

Facebook allowed two apps to access it’s users data stored personal information on insecure servers<br />

without putting security measures in place. It was discovered by Amazon Web Service that a Mexican<br />

digital publisher, Cultura Colectiva, had uploaded the user's Facebook ID, comments, likes, reactions<br />

and account names. Facebook and Amazon worked together to remove both sets of data. A further 419<br />

million phone numbers connected to Facebook profiles were identified digitally through geographies in<br />

September 2019, including: 133 million records on Facebook located in the USA, 18 million in the UK<br />

and 50 million records in Vietnam.<br />

The event placed consumers at risk for spam calls and sim switching threats as a consequence of an<br />

intruder being able to change a user's password while they have their phone number. These cases react<br />

quickly to the rising pressure on Facebook by British and US authorities after the Cambridge Analytica<br />

controversy.<br />

1. WhatsApp (2019)<br />

Impact: 1.5 billion users worldwide<br />

WhatsApp suffered a highly advanced cyber attack on 14 May 2019 that compromised its messaging<br />

network to deliver ransomware to a multitude of users' mobile devices. The Guardian reported that the<br />

assault affected 1.5 billion people, and that the breach was a "significant infringement of rights."<br />

WhatsApp then filed a complaint in the US court in October 2019 attributing the attack to a spyware<br />

company called NSO group, an Israeli company called <strong>Cyber</strong> Weapons. The software of the NSO group,<br />

pegasus, has the potential to capture personal and confidential data from a specific device, such as:<br />

reading messages, browsing contacts, and accessing cameras and microphones.<br />

Data breaches are hard to recognise, costly to fix and inflict reputational harm that certain businesses<br />

can not recover from. However, considering the importance of the data and the inevitability of cyber crime,<br />

the most that businesses can do to minimise the consequences of an infringement is to adopt a robust<br />

risk control strategy for identification, mitigation, and contact after a data breach.<br />

For more information on this article, or to talk to a member of the SaltDNA team, please contact us on<br />

info@saltdna.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 31<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About SaltDNA<br />

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software<br />

solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered<br />

encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for<br />

Organisations who value their privacy, by giving them complete control and secure communications, to<br />

protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more<br />

information visit SaltDNA<br />

About the Author<br />

Nicole Allen, Marketing Executive at SaltDNA. Nicole completed<br />

her university placement year with SaltDNA, as part of her degree<br />

studying Communication, Advertising and Marketing at University<br />

of Ulster. Nicole worked alongside her degree part time during her<br />

final year and recently started full time with the company having<br />

completed her placement year with SaltDNA in 2018/19.<br />

Nicole can be reached online at (LINKEDIN, TWITTER or by<br />

emailing nicole.allen@saltdna.com) and at our company website<br />

https://saltdna.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 32<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why Organizations Need to Reduce Friction to Manage<br />

Remote Work Environments<br />

The business world has changed and managing your endpoints is more important than ever<br />

By Jay Goodman, Strategic Product Marketing Manager, Automox<br />

The business world has changed and many of the resulting adjustments, like remote work, are here to<br />

stay. Keeping your teams healthy and safe during this period is a top priority, as is making sure their<br />

remote endpoints are managed and secure. But with these changes come a list of concerns and issues<br />

that many organizations just are not ready to address, sometimes highlighting legacy support policies<br />

and even out-of-standard technological needs.<br />

According to a 2018 survey, 90 percent of IT professionals believe their remote workforce poses a<br />

security risk, and 36 percent reported that a remote employee was the cause of a security incident. Two<br />

years later, as we've all been forced into remote work situations, the friction of everyday management of<br />

the full enterprise has increased, putting a strain on the IT and support staff as well as the users.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 33<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

So how can we address common areas of friction in endpoint management as well as ways to identify<br />

pain points in an environment?<br />

For starters, we must move beyond the friction that exists in legacy infrastructures.<br />

The Remote Architecture<br />

Why do we need heightened awareness during this new normal? Simply put, the legacy remote<br />

architecture was never designed for these problems and realities. Remote work used to be an<br />

accommodation, rather than a permanent situation.<br />

Endpoints within the traditional confines of the office were easily protected between firewalls and<br />

gateways, and easy to access for IT teams to carry out general maintenance such as software support,<br />

patch management and enforcing IT policies. When those critical systems move beyond the office walls,<br />

things get complicated as general visibility is lost. Layers of access control and security are established<br />

for a reason, but they were not designed for a remote company.<br />

Embracing a Modern Approach<br />

Alongside digital transformation comes pressure on IT teams to keep pace with the rapid speed of<br />

business. However, legacy patching tools are particularly prone to shortcomings for supporting remote<br />

workers, leading to potentially poor experiences for end users or something even worse, like the<br />

acceptance of having a vulnerable attack surface.<br />

Endpoint device management tools are a core part of protecting an increasingly remote workforce. IT<br />

admins require reliable remote access to endpoints and devices in order to maintain and patch while<br />

minimizing user disruption. Your IT strategy should be investing in this area to thrive in the new normal.<br />

Good <strong>Cyber</strong> Hygiene is a Must<br />

<strong>Cyber</strong> hygiene for remote work requires IT staff to have a detailed inventory of their endpoint security, as<br />

well as full visibility over the patch status of those endpoints. Remote devices need to be secured against<br />

threats, just like an organization’s equipment that is located within a company office. An unpatched<br />

endpoint is a cybersecurity risk, no matter where it is located.<br />

Every one of us has had to adapt to this environment within the past seven months, and while it’s<br />

presented significant challenges to almost every business, it has also provided an opportunity for<br />

organizations to recognize the benefits of applying more efficient and secure ways to operate.<br />

Fortunately, we have new solutions and technologies that can help organizations get a jump start to<br />

modernize their systems in order to seamlessly go remote and stay protected. Endpoint management<br />

tools provide a management interface to simplify or automate deployment, patching and configuration<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 34<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

management of managed devices – which reduces the burden on IT operations – especially during this<br />

unclear time of remote work.<br />

The global COVID-19 pandemic will not be the last business-disrupting event to occur, so it’s important<br />

to start implementing the right tools for the future of work now. Organizations need to react to these<br />

scenarios in a way that ensures an outcome where they come out stronger and more resilient each time.<br />

Rather than putting reactionary band aids on problems, make the investments that show you’re planning<br />

towards the future, and that future is one that seamlessly supports remote and hybrid work models.<br />

About the Author<br />

Jay Goodman is the Strategic Product Marketing<br />

Manager of Automox. He is a product marketing<br />

expert and intelligence consultant with experience<br />

working with Fortune 500 companies and startups<br />

alike. Jay joined Automox in 2019 and is responsible<br />

for the messaging and intelligence gathering<br />

functions within the company. Previously, Jay was a<br />

Product Manager for McAfee and an avid participant<br />

in the cybersecurity and competitive intelligence<br />

communities.<br />

Jay can be reached online at (automox@famapr.com, @AutomoxApp, etc..) and at our company website<br />

https://www.automox.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 35<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong>security: Innovation Needed<br />

Managing Complexity and Consistency, and Giving Users the<br />

Simplification, Automation and Security They Want.<br />

By Laurence Pitt, Global Security Strategy Director, Juniper Networks<br />

Innovation is at the heart of cybersecurity – both because cybersecurity professionals are inherently<br />

curious by nature and because threat actors are continually innovating and evolving their attack<br />

approaches and the exploits themselves. Nonetheless, the last several months have demonstrated the<br />

need for change and new directions of innovation.<br />

A recent presentation by cybersecurity specialist Robert Hannigan examined the great work from home<br />

migration and the changes it’s driven. He examined some interesting phenomena, such as how Security<br />

Operations Centers (SOCs) are experiencing a drop in the number of alerts – but not because volumes<br />

have reduced. Rather, it is because alerts have moved beyond their purview on the corporate network.<br />

Today, we’re assuming that many of what would formerly be SOC issues are instead sitting on home Wi-<br />

Fi.<br />

Threat actors understand this and are exploiting it actively. Some of the early confusion caused by contact<br />

tracing applications and COVID packages gave them early and easy entry points for data theft and<br />

ransomware, as well as phishing schemes that played on emotions with “must click” links purporting to<br />

offer information on COVID-19 spread and governmental stimulus programs. Instead, these dropped<br />

malicious payloads. In the most recent shifts, we’re seeing scammers targeting online shoppers looking<br />

for pre-Black Friday deals, as well as bored home workers seeking free (but illegal) downloads of<br />

television shows and movies.<br />

As we move into this mid- and post-pandemic world with remote and in-office work blending, what must<br />

organizations consider, in order to sustain data and application security and privacy while still considering<br />

the best user experience? How does remote work change the security stack mix? And what’s still<br />

missing?<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 36<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Experience Must Come First<br />

These questions take us beyond initial inquiries about connection speeds that, until only recently,<br />

dominated remote work conversations but are now taking a backseat to blended remote work/in-office<br />

security. More timely questions include: What do VPNs protect or leave exposed? What needs to happen<br />

next?<br />

Experience is an important, if subjective, metric. It helps us frame and prioritize issues around user<br />

access, usage and interaction with business-critical applications and services, shifting our thinking on<br />

necessary protections. Our job has not fundamentally changed, but the factors we must recognize and<br />

compensate for have expanded, just as much as have the “how” and “where” of our daily interactions.<br />

A good experience makes users more loyal to and comfortable with the applications they depend on.<br />

Without a good experience, it is all too easy for a competitor to redirect users with a few simple clicks,<br />

showing the potential of a shinier, more responsive alternative. Think about your smartphone, as an<br />

example. We all download new applications every week or so, looking for a tool to simplify a task in our<br />

lives. But if that app doesn’t prove its worth or is cumbersome from the start, a new app quickly replaces<br />

it and is readily available on the app stores.<br />

What Users Want: Simplification, Automation and Security<br />

Talking to users about their experiences helps in sorting through what works and what does not.<br />

Understanding how they prioritize activities will help you pull this insight into the context of delivering<br />

services and applications for a modern enterprise.<br />

1. They want to simplify their environment to deliver a slicker customer experience, which can often be<br />

achieved simply by maximizing existing investments in technology.<br />

2. They are leveraging data and analytics for automation of tasks, giving time back to the IT team with a<br />

focus on innovation rather than management.<br />

3. They need to secure what they have with effective data usage and automation to ensure consistency<br />

and reduce false positives.<br />

Managing Complexity and Consistency<br />

A frequent theme among customer requests centers around reducing complexity and making more from<br />

existing investments, while overcoming the daily struggles of too many management interfaces, sites and<br />

overlapping technologies. The hurdles are not only technical, but also staff-related in ensuring specialists<br />

are well-trained in their roles.<br />

How can things be made simpler? Talk to users and consider ways to streamline activities. Automation<br />

rules could dynamically change traffic behavior or routing to make sure that services are correctly<br />

prioritized and delivered for users. For more granular but consistent control, multi-tenant options would<br />

make a good conversation. It provides role-based management at different levels, reducing individual<br />

workloads yet still maintaining overall control of the environment.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 37<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Remote Possibilities – Funding the Work from Home Migration<br />

So, what about remote users? For the IT team, this has meant an increased workload. They have moved<br />

from managing a small number of remote users to dealing with hundreds or thousands of remote users<br />

acting as ‘micro-branches.’<br />

For many users, the experience at home is not an issue, but it certainly is one for organizations whose<br />

remote workers need access to sensitive data or real-time systems. Those users will be using the same<br />

Virtual Private Network (VPN) client as everyone else to achieve this and it is no longer suitable. A VPN<br />

punches a big hole in the side of the network, allowing users access but also leaving gaps at the edge<br />

for attackers to sneak in. It protects only data in transit, leaving much else exposed.<br />

Instead, organizations should look at the latest technologies which extend the corporate network into the<br />

home. It’s past time to give home workers the exact same high levels of reliability they had when working<br />

exclusively in the office (henceforth to be referred to as “the good old days”), but with the benefits of<br />

management, security and visibility for the IT team. All are ensuring the best and most secure user<br />

experience.<br />

Funding Investments<br />

Employees quickly embraced working from home as a benefit, with many now saying they would prefer<br />

to remain fully remote. Others want to sustain partial remote work, even while they are now reentering or<br />

looking to reenter office environments.<br />

There is a potential cost saving here, as organizations look to shave real estate costs through hot-desking<br />

and smaller offices as options instead of allocated per-user spaces. Rather than reincorporating these<br />

savings into the bottom line, they should be reallocated towards new and innovative ways of improving<br />

overall user experience across the business.<br />

Of course, the business will want proof of the return from any new investment and cybersecurity ROI has<br />

always been a challenging topic. Nonetheless, the result of the sensible investment will be happy and<br />

loyal users, reliable and innovative services and measurable business and competitive benefits for the<br />

organization.<br />

About the Author<br />

Laurence Pitt is the Global Security Strategy Director of Juniper<br />

Networks. He is passionate about technology, particularly cyber<br />

security. His depth and breadth of knowledge of the dynamic security<br />

landscape is a result of over twenty years’ experience in cyber<br />

security. He understands the security concerns businesses face<br />

today and can bring insight to the challenges they will face tomorrow.<br />

Laurence joined Juniper Networks in 2016 and is our senior security<br />

specialist in EMEA. Security throughout the network is a key area<br />

where Juniper Networks can help as business moves to the cloud<br />

and undertakes the challenge of digital transformation<br />

Laurence can be reached on Twitter at @LaurencePitt and at<br />

https://www.juniper.net/us/en/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 38<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Future of Security Is on The Hardware<br />

The Virtualization Revolution Removes Security Onus From Users by Leveraging New Hardware-<br />

Powered Approach<br />

By Ian Pratt, Global Head of Security, HP<br />

Today’s threat landscape is constantly evolving, and the COVID-19 pandemic has created even more<br />

opportunities for cybercriminals, as the attack surface widens. Thriving darknet marketplaces are making<br />

it easier than ever to launch timely campaigns, so whenever there is a new opportunity, cybercriminals<br />

are quick to look for ways to exploit it. This ability to move quickly and innovate means organizations can<br />

no longer rely on looking for known threats, making it harder than ever to detect threats in real-time and<br />

putting organizations at risk. This is why it’s vital that we reinvent our approach to security so that<br />

organizations can stay a step ahead of hackers. But where to start?<br />

Detection alone is no longer enough<br />

Modern cybercrime is well-funded and well-resourced, and has become a professional, commoditized<br />

industry worth more than $680 billion. <strong>Cyber</strong>criminals are rapidly adopting new models, technologies,<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 39<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

and techniques, innovating at pace to create new threats to bypass detection-based security and break<br />

into critical IT systems. Detection is often evaded using polymorphic malware, and occasionally even<br />

zero-day exploits may be deployed, but many simple approaches are very successful too. For example,<br />

in October, HP identified a large-scale TrickBot campaign using Microsoft’s ‘Encrypt with Password’<br />

feature. This helped malicious documents slip past network security and behavioural detection tools, as<br />

the malware was only deployed if users entered the password sent in the phishing email.<br />

Detection-based security tools not only suffer from frequent false negatives, but also generate copious<br />

noise due to false positives that have to be triaged. In fact, research shows that some SOC teams are<br />

receiving over 10,000 alerts per day, which they must sift through to find true threats. This can result in<br />

alert fatigue, meaning threats to the business can be missed. Once hackers have bypassed defences,<br />

the clock really starts ticking as they will use their initial point of compromise to move laterally to other<br />

systems, often by obtaining credentials, whereupon they can insert backdoors, exfiltrate data, destroy<br />

backups, and crypto-lock data.<br />

Should users really be your last line of defence?<br />

The other challenge that organizations face is that the main target for attacks is most often endpoints, or<br />

more specifically, the users of those devices. Security tools are meant to protect users – firstly, by<br />

ensuring that malicious links and files do not make it into their inbox or browser in the first place, and<br />

secondly, by detecting malicious content when a user clicks on it. However, once again this relies on<br />

technology’s ability to detect and stop malicious actors in real-time, which as explained above, is<br />

inevitably prone to frequent failure.<br />

As a result, users are still finding themselves having to act as a last line of defence against increasingly<br />

sneaky attackers. <strong>2020</strong> has already seen a 176 percent increase in malicious Microsoft Office files, while<br />

hackers have also been using the COVID-19 pandemic as a lure to infect users; for example, through<br />

fake notifications from government agencies or reports on new treatments, tricking them into clicking on<br />

malicious files or links. User education can only take things so far; eventually, someone will unwittingly<br />

expose the company to compromise – and more worryingly, most of them will not even know they have<br />

been compromised at all.<br />

Security needs to be built from the ground up<br />

It’s time to reinvent how we approach security, by building it in from the chip up. Key to this is making the<br />

shift to a protection-first model, one that doesn’t rely on detection but instead uses sound security<br />

engineering practices – such as fine-grained isolation, the principle of least privilege (PoLP), and<br />

mandatory access control. This approach is embodied in micro-virtualization, where risky workloads –<br />

such as opening web links, downloads and attachments – are performed within hardware enforced micro-<br />

VMs (virtual machines), isolated from the rest of the device or network. This way, it doesn’t matter if a<br />

document or web page is riddled with malware, because the hacker has nowhere to go, nothing to steal<br />

and no way to persist. This means users can go back to their day jobs and click with confidence.<br />

By isolating key attack vectors – such as browsers, email and downloads – organizations are able to<br />

drastically reduce their attack surface, as all the most common avenues to compromise endpoints<br />

become dead-ends. Furthermore, when threats are executed within micro-VMs, the full kill-chain of the<br />

attack is captured into a detailed ‘flight recorder’ trace, providing the security operations centre (SOC)<br />

team with rich, high fidelity threat intelligence and indicators of compromise (IOCs) that can be used to<br />

help defend other systems.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 40<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

It’s time to do things differently<br />

Incremental innovation in security is failing to disrupt threat actors. A new, hardware-powered approach<br />

is needed that stops putting the burden of security on users by isolating threats, ensuring they cannot<br />

infect PCs or spread through corporate networks. This is just the tip of the iceberg and marks the<br />

beginning of a virtualization revolution in security, where users no longer fear opening links and<br />

attachments, and organizations can let their teams focus on their day jobs without worrying about making<br />

security mistakes.<br />

About the Author<br />

Ian Pratt is Global Head of Security for Personal Systems at HP Inc.<br />

He heads a new security business unit that is building on HP's<br />

strengths in hardware, systems software, ML, and its ability to deploy<br />

at massive scale, to create industry-leading endpoint security solutions<br />

that are deployed on millions of machines and used by some of the<br />

most security-conscious organizations in the world.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 41<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Responding to Security Incidents with Behavior Analysis<br />

By Jeff Stein, Information Security Architect, Reputation.com<br />

When dealing with security incidents, time is critical in an effective response effort. Very often, the amount<br />

of data and sources which need to be reviewed to make an informed decision on what has occurred, as<br />

well as the steps to take in response to the situation, can be overwhelming. Utilizing behavior analysis<br />

with your security incident response process can provide invaluable insight and aid in building a deeper<br />

understanding into the scope of an incident.<br />

At a high level, a security incident exercise is a response to attacks, which compromise computer,<br />

systems or organizational data. Proper analysis of data in a security incident helps to minimize loss of<br />

information and disruption of services. As outlined by NIST SP 800-61, the NIST guidance related to<br />

incident response comprises a number of key phases and steps, with each phase in the process leading<br />

to the next. Depending upon the outcome of your response effort, the process provides the ability to<br />

reiterate on prior steps as the incident is handled.<br />

NIST specifies four major phases included in this process. However, once an event is underway, the<br />

steps begin with the detection of a potential security incident. There are additional phases of the process<br />

whereas with the detection phase, you are actively engaging with the live incident. These steps include<br />

the actual response and mitigation of the issue, also known as containment and eradication.<br />

There are also post-incident phases such as recovery and longer-term remediation of the root cause of<br />

the incident. The remediation of an event is done to ensure that a similar situation does not arise from<br />

the same origins where the same attack targets the affected systems again. When looking at behavior<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 42<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

analysis through the lens of a security incident, the subject matter can be utilized at each phase during<br />

the incident response.<br />

In my experience working security incidents, I have used behavior analysis as an enabler to find additional<br />

data points quickly in order to make informed decisions on how to execute a response appropriately.<br />

Behavioral analysis is a data-oriented approach to review trends associated with a sub-set of activities<br />

done by a group such as users or systems proactively. Building a model from the data allows you to infer<br />

certain characteristics as well as potential future actions of the group under review. While the approach<br />

has many business functions it also provides benefit when used in information security. Key in leveraging<br />

behavior analysis with security incidents is to identify important sources of data to your investigation.<br />

Some sources will be very common such as user, network or machine activity logs, while others will be<br />

unique to the circumstances related to your event and organization.<br />

Once you have identified your data, the behavior trends you see will help guide the investigation. One<br />

pitfall I have found is in issues with the uniformity of the data, where patterns do not obviously arise. To<br />

overcome this and effectively use behavior analysis, you must ensure you have a large enough sample<br />

size to produce accurate data. If your size is too small, the range of activity between your standard<br />

deviations can be very broad, resulting in a lack of patterns as highlighted above.<br />

I have also found additional use for behavioral analysis in the preparation and post-incident phases of<br />

the security incident lifecycle referenced in NIST SP 800-61. All of the data sources utilized during the<br />

incident response can be combined with the characteristics of a fully identified, root cause of the event.<br />

The outputs then lead to behavioral analysis being used to create dashboards and alerts based upon the<br />

known information identified during the security event. Behavioral analysis can also go a step further in<br />

not only alerting on the known information identified during the security event, but also finding new trends<br />

from previously unknown data. This is done by combining it with the same set of known markers, to root<br />

out future incidents before they happen.<br />

In other words, behavioral analysis can help you identify your expected trends in any number of security<br />

domains and highlight anything, which deviates a certain degree from those behaviors. In my experience,<br />

leveraging behavioral analysis in this fashion can advance the maturity of your security program by<br />

establishing a foundation for a threat-hunting program. By combining the behavioral analysis established<br />

through your incident response with threat intelligence resources, you can be more fully prepared to<br />

detect advanced attacks against an organization.<br />

In conclusion, leveraging behavior analysis can significantly improve the overall process and outcome<br />

related to incident response. The subject can be used to not only help identify issues with a known<br />

security incident but also help predict events before they occur. By embracing behavioral analysis with<br />

your security incident response process, you can elevate the maturity of your security program and<br />

proactively protect the enterprise from unknown threats rather than taking a reactionary stance.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 43<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Jeff Stein, is currently the Information Security Architect at<br />

Reputation.com, an industry leader in online reputation<br />

management and a Pluralsight author educating learners on topics<br />

in information security. His prior experience includes the FinTech<br />

space and both the United States House of Representatives and<br />

the United States Senate. In addition to holding numerous security<br />

and IT certifications, including his CISSP, he received a Master of<br />

Science in Information Security and Assurance from Western<br />

Governors University. Jeff can be found online on his blog,<br />

https://www.securityinobscurity.com and reached at both<br />

jeff@sioblog.net or on twitter at @secureobscure and at our<br />

company website https://www.reputation.com and on twitter at<br />

@Reputation_Com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 44<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Learning Hardware Security Via Capture-The-Flag<br />

Competitions<br />

By Jason M. Fung, Offensive Security Research Manager at Intel<br />

Software security has been studied by many for decades. As attackers find new ways to break through<br />

protections, defenders learn and harden their design accordingly. As it becomes increasingly challenging<br />

to find low hanging fruit in the software layer, attackers naturally move down the stack to look for ways to<br />

compromise systems in the hardware layer. It is paramount for system designers to gain proficiency in<br />

securing hardware design and stepping up hardware security assurance efforts.<br />

The good news is that through initiatives driven by the industry and collaboration with academia, we now<br />

have more resources available to educate hardware designers about secure design and assurance<br />

practices. The community-driven Hardware Common Weakness Enumeration (CWE) is an excellent<br />

example of this kind of industry effort. The latest CWE 4.2 release offers a catalogue of 75 commonly<br />

overlooked mistakes that undermine the security robustness of a hardware design. Each entry includes<br />

illustrative examples along with guidance for identifying and mitigating the concerns. This valuable primer<br />

enables designers to methodically learn from the weakness patterns and address relevant gaps in their<br />

products.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 45<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

People acquire and master skills in different ways. Security education through an industry primer works<br />

well for some, while others may find it easier to harness critical skills through hands-on, collaborative<br />

effort.<br />

Capture the Flag (CTF) competitions have always been an engaging tool to help participants learn,<br />

practice and share hacking skills with one another. Organizers hide secrets, or “flags,” in a target system<br />

protected by layers of security controls and challenges, while participants compete to find as many flags<br />

as fast as they can. While traditional CTFs do cover a broad set of targets and skills, hardware design is<br />

an area that had long been overlooked.<br />

Solid Collaboration Between Industry and Academia<br />

Hack@DAC and Hack@Sec are hardware-specific CTF competitions that offer fun and educational ways<br />

to learn about security mistakes commonly made by hardware designers as they develop complex<br />

products like System-on-chips (SoCs). The first of their kind in the industry, these CTFs are the result of<br />

strong industry and academia partnerships, fostered through a long history of successful collaborations.<br />

A co-organizer of the hardware CTFs, Professor Ahmad Reza Sadeghi leads the System Security Lab at<br />

Technische Universität Darmstadt in Germany and has collaborated on security research projects with<br />

Intel for more than a decade. Most recently, he is playing an influential role as the Director of Intel<br />

Collaborative Research Institute leading a group of international researchers on resilient autonomous<br />

systems research.<br />

Professor Jeyavijayan Rajendran runs the Secure and Trustworthy Hardware Lab at Texas A&M<br />

University. His long-lasting collaboration with Intel started as early as his summer research visit in 2012,<br />

and it led to his eventual partnership with Intel in launching the inaugural Hack@DAC CTF at the Design<br />

Automation Conference (DAC) in 2018.<br />

With a shared vision and passion to raise security capability for the hardware design community, security<br />

experts from Intel and these partners from academia collaborate to design a hands-on hacking and<br />

learning experience that effectively enable participants to gain deeper appreciations for the challenges<br />

involved in designing security robust hardware. To date, more than 150 teams have participated in these<br />

hardware CTF events. Participants come from diverse backgrounds and domain expertise; from security<br />

researchers and university students to hardware designers and EDA tool experts from the industry. Many<br />

that have taken part are convinced that more work needs to be done as an industry, and some were even<br />

inspired to take on personal missions to lead research and initiatives to make building secure hardware<br />

easier.<br />

How Hardware CTF Competitions Work<br />

Organizers start by taking a sophisticated open-source SoC and hardening it with various industry-like<br />

security protections, before carefully introducing a series of security vulnerabilities representing various<br />

Hardware CWEs for participants to find. There are multiple instances of each weakness type throughout<br />

the design, across a broad range of difficulty levels, to mimic the realistic challenges faced by SoC<br />

verification teams and appeal to participants with varying expertise.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 46<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The first stage of these competitions is a warmup in which teams have three months to review the SoC<br />

design and compete to find as many bugs as they can. Participants submit descriptions of the issue, root<br />

cause, security impact, valid test case or exploit and proposed mitigation. Judges score based on quality<br />

and completeness. Judges award bonus points to those that create and use automated tools to speed<br />

up the process. Teams with the highest scores move on to the second round, a live competition during<br />

which they use their experiences and any tools or techniques developed in the first stage to analyze the<br />

same buggy SoC design. This time however, the design includes new security protections and a new set<br />

of security vulnerabilities, and teams only have 48 hours to hack.<br />

Key Takeaways<br />

Academic researchers have historically been focused on a niche set of hardware security problems such<br />

as supply chain risks, physical attacks and cryptographic primitives. While these efforts remain<br />

significant, the industry can also benefit from research that helps address mainstream challenges,<br />

including systemic mitigations of common hardware weaknesses, automated detection techniques,<br />

secure hardware design patterns, and more. Analyzing a buggy SoC forces participants to uncover and<br />

learn about a wide range of often-overlooked hardware security issues, including misconfigured security<br />

settings in embedded firmware, faulty access controls enforced by hardware and more. Throughout the<br />

process, CTF participants learn about the ways logic- and design-related weaknesses can be carelessly<br />

introduced by hardware designers, as well as the security impact those vulnerabilities can have if left<br />

unchecked.<br />

Hardware CTFs offer environments that mirror the pressure and constraints security assurance teams<br />

often experience in the real world. It helps participants appreciate the practical challenges that might not<br />

otherwise be obvious to them. Because there are more vulnerabilities inserted into the design than<br />

participants can find manually in the allotted time, they understand how powerful automated solutions<br />

can be when it comes to helping organizations become more proactive and productive in secure hardware<br />

development. The lack of available commercial and open source automation solutions also prompts<br />

participants to appreciate the critical gaps faced by practitioners that do the work every day.<br />

Building a Foundation for Better Hardware Security<br />

By open-sourcing the SoC framework and bug list to the entire industry, we can extend the value of the<br />

CTF competitions beyond the events. The publicly available infrastructure allows researchers to test and<br />

benchmark new hardware security scanning tools, develop and demonstrate the values of novel systemic<br />

mitigations, experiment with secure design patterns, and continue learning about hardware security<br />

weaknesses.<br />

As attackers extend their focus to the hardware layer, improved hardware security practices and<br />

capabilities are imperative. Building robust, secure hardware requires more focus and stronger<br />

collaboration among industry and academia stakeholders. Hardware CTF competitions offer a fun and<br />

educational medium through which participants gain firsthand experience of the challenges hardware<br />

designers face every day. In addition to building critical security skills, participants are often inspired to<br />

take part in efforts to help the broader community to produce safe, secure hardware that can enrich the<br />

lives of every person on earth.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 47<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Jason M. Fung is the Director of Academic Research Engagement<br />

and Offensive Security Research at Intel. He has over two decades<br />

of experience in product architecture, penetrating testing, pathfinding<br />

research, risk management and security assurance<br />

consultation.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 48<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Telegram for Business Communications: Understanding<br />

The Risks And Rewards<br />

By Otavio Freire, CTO and Co-Founder, SafeGuard <strong>Cyber</strong><br />

During a virtual panel discussion at the European Central Bank's Forum on Central Banking in November,<br />

Federal Reserve Chair Jerome Powell noted the pandemic’s economic effect was to accelerate existing<br />

trends, including the increasing use of technology and automation. “We’re recovering,” he said, “but to a<br />

different economy.” Indeed, the adoption of cloud-based apps that maximize flexibility and minimize<br />

friction in business communication is just such a trend. These apps include obvious SaaS infrastructure<br />

like Microsoft Teams and Slack, but also some more unexpected apps like Telegram.<br />

The encrypted cloud-based messaging app has been a favorite of disruptive financial services and<br />

cryptocurrency firms for its simplicity, speed, built-in encryption, and independence from the Facebook<br />

ecosystem. These disruptive players have adopted chat apps to increase sales agility and<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 49<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

esponsiveness to clients. Telegram is a powerful tool, but as with any technology: the same features<br />

that benefit business also present risks. In our recent Digital Risk Survey, 600 senior IT and security<br />

professionals cited the use of unsanctioned apps as the biggest security and compliance challenge. Here<br />

we’ll take a look at the top Telegram risks in turn, so you can make a more informed choice about whether<br />

the app is right for your enterprise.<br />

Isn't Encryption Sufficient?<br />

Telegram is widely considered to be one of the most secure messaging apps in the world. It’s accessible<br />

from mobile, desktop, and has a number of third-party integrations. However, even encrypted chat apps<br />

are subject to security and regulatory compliance concerns. Telegram can host large groups (up to<br />

200,000 users) and large file sizes (up to 1.5 GB), making it a robust platform for both internal<br />

collaboration and building communities among prospects and clients. However, these same features<br />

expand the threat surface for the following risks:<br />

● Spear phishing<br />

● Malware<br />

● <strong>Cyber</strong> espionage<br />

● Data loss<br />

● Compliance risk<br />

While the chats may be encrypted, you still need visibility and controls at the message level to protect<br />

employees, and enterprise/customer data. The first three risks are related, so it’s worth looking at them<br />

together.<br />

Spear-phishing, Malware, and <strong>Cyber</strong> espionage<br />

As is the case with WhatsApp, Telegram users remain vulnerable to spear-phishing through links and file<br />

sharing. In Telegram’s large communities, it’s impossible to know everyone. Communities can easily be<br />

infiltrated by bad actors who share links or files with malicious payloads. This isn’t hypothetical. To date,<br />

different varieties of malware have targeted Telegram users to steal crypto wallets and conduct<br />

surveillance. And, more to the point, without controls, it’s difficult to analyze message content to<br />

understand if softer spear phishing attacks are underway. You don’t always need a link to hook an<br />

employee. Sometimes a persuasive offer is enough.<br />

Data Loss<br />

When it comes to file sharing in the app, risk teams should know what is being shared. Again, with limits<br />

at 1.5 GB, a lot of data can be leaked, exfiltrated, or even accidently lost to human error. We have talked<br />

with organizations that lost valuable customer data in other mobile chat apps due to simple copy/paste<br />

errors! Similar to a network environment, security, compliance, or legal teams need the ability to apply<br />

policies that stop data from leaving the organization.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 50<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Compliance Risks<br />

Given Telegram’s popularity with financial services and digital currency traders, regulatory compliance<br />

poses a clear business risk. A lack of visibility or controls can lead to unacceptable exposure. Users may<br />

intentionally or accidentally share customer PII or engage in conversations that violate regulatory<br />

compliance. And, similarly, without an ability to capture content in its native format or archive, financial<br />

services using Telegram will remain in a corner when it comes to legal readiness.<br />

How to Enable Telegram Securely and Compliantly<br />

All of this is not meant to scare you off Telegram. Being scared of new technology is not a sustainable<br />

business strategy. Here are some things to consider when looking for ways to secure Telegram:<br />

● As a cloud-based messaging app, you need security and defense at the cloud level. Cloud-tocloud<br />

defense can help teams mitigate risks or threats before they can transit to devices or into<br />

corporate networks.<br />

● The sheer volume and velocity of communication necessitates machine learning to prioritize risk<br />

detection.<br />

● Scalability for multiple languages. Telegram is popular in different regions, and it’s unhelpful if you<br />

can only identify threats in your native language.<br />

● Cross-device functionality will ensure that security is applied no matter how your employees are<br />

using Telegram. More importantly, it won’t get in the way. Obstructive security only gives users a<br />

motivation to seek unsafe workarounds.<br />

Telegram has given a competitive advantage in sales agility to more innovative and disruptive financial<br />

services firms. In all things information security, the balance is between risk and reward. Understanding<br />

Telegram’s risks can help security leaders make better decisions about the app’s suitability to their<br />

business.<br />

About the Author<br />

As the President, CTO, and Co-Founder of SafeGuard <strong>Cyber</strong>, Otavio<br />

Freire is responsible for the development and continuous innovation<br />

of SafeGuard <strong>Cyber</strong>'s enterprise platform, which enables global<br />

enterprise customers to extend cyber protection to social media and<br />

digital channels. He has rich experience in social media applications,<br />

Internet commerce, and IT serving the pharmaceutical, financial<br />

services, high-tech, and government verticals. Mr. Freire has a BS in<br />

Civil Engineering, an MS in Management Information Systems, and<br />

an MBA from the University of Virginia Darden School of Business,<br />

where he currently serves as a visiting executive lecturer. To learn<br />

more about SafeGuard <strong>Cyber</strong>, visit www.safeguardcyber.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 51<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How Are Financial Services Firms Addressing the<br />

Requirements of Digital Transformation, Security, And<br />

Compliance?<br />

By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks<br />

The financial services sector is experiencing significant commercial disruption coupled with rapid<br />

innovation as established institutions strive to become more agile and meet evolving customer demand.<br />

As a result, financial services organisations are undergoing rapid digital transformation to meet changing<br />

customer needs and preferences, and to compete with a new generation of digital-native competitors.<br />

Hybrid cloud environments play a key role in this strategy, allowing greater speed, flexibility, and visibility<br />

over application delivery than on-premises data centres while also reducing costs.<br />

But the move to hybrid cloud introduces new challenges as well. So, as financial services organisations<br />

plot their strategy for transformation, firms must make critical technical decisions about the clouds and<br />

form factors best suited to host their hybrid environment. They also need to consider how they will secure<br />

web applications against evolving threats such as ransomware, data theft, and DDoS attacks through<br />

measures such as DDoS protection and using a Zero Trust model. At the same time, they must also<br />

maintain regulatory compliance, governance, and auditability across complex, fast-evolving<br />

infrastructures.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 52<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

To understand more about these challenges, we recently conducted a survey with Gatepoint Research<br />

involving senior decision-makers to gain insight into the current state of financial services technology and<br />

the future direction for organisations in this sector. Here are some of the key findings:<br />

Today’s Financial Services Technology Landscape<br />

Although financial services businesses are making a steady move to the cloud for application delivery,<br />

on-premises data centres continue to play an important role.<br />

While adoption of public cloud infrastructure is strong, with almost half of those surveyed hosting<br />

applications primarily in the cloud, most respondents (58 percent) continue to rely primarily on their<br />

private on-premises data centre for application delivery. 35 percent of organisations described their<br />

environment as a hybrid cloud, though with an emphasis on their own private data centre. This shows<br />

that even as transformation continues, the traditional data centre remains prominent in the technology<br />

strategy of financial services organisations.<br />

That said, the balance between on-premises and cloud infrastructure may well shift soon. When<br />

respondents were asked about their plans for the coming year, 57 percent of decision-makers reported<br />

that they intend to move more applications to the cloud.<br />

Ransomware and PII Lead Security Concerns<br />

Today, financial services organisations face a broad spectrum of security threats, including many being<br />

targeted at sensitive customer data. The survey highlighted that organisations’ biggest security concerns<br />

or consequences were ransomware (57 percent); personally identifiable information (PII) data theft (55<br />

percent); and phishing or fake sites (49 percent).<br />

While threats to customers and their data are seen as the highest risk, dangers to the company’s brand<br />

image and reputation were not far behind. 38 percent of leaders cited concerns about hacking and cyber<br />

defacement, tied with brand damage and loss of confidence. Nearly as many (37 percent) were<br />

concerned about DDoS attacks, which can undermine a firm’s perception among customers through<br />

impaired service quality and customer experience. Meanwhile, insider attacks remain an issue, named<br />

by 28 percent of respondents, if not quite at the same level as most external threats.<br />

To address the changing security landscape, many organisations have started initiatives around the Zero<br />

Trust model, in which traditional concepts of secured zones, perimeters, and network segments are<br />

updated with a new understanding that a threat can come from anywhere or anyone inside or outside the<br />

organisation. As of June <strong>2020</strong>, 41 percent of respondents had already established a timeline for their<br />

Zero Trust model initiative with 15 percent having projects currently underway. Still, nearly two-thirds<br />

have no current plans or initiatives around the Zero Trust model.<br />

Moving to Improve Flexibility, Agility, Scalability and Security<br />

Technologies and strategies planned for the coming year reflect a key focus on the competitive<br />

requirements of fast-paced digital markets. The top-two initiatives included moving from hardware<br />

appliances to more flexible software form factors and deploying hybrid cloud automation, management,<br />

and analytics to increase operational efficiency.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 53<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

With DDoS attacks a prime concern, 29 percent of respondents planned to deploy or replace an existing<br />

web application firewall (WAF) or DDoS protection solution. Surprisingly, even several years after the<br />

introduction of modern Perfect Forward Secrecy (PFS) and Elliptical Curve Cryptography (ECC)<br />

encryption standards for enhanced security, 29 percent of organisations are only now working to upgrade<br />

their Transport Layer Security (TLS) capabilities to support these technologies.<br />

Even as cloud adoption continues to be strong, five percent of decision makers intend to repatriate<br />

applications from private cloud environments to their private data centre. While not a high number, this<br />

is not entirely insignificant. Given the diversity of form factors, architectures, and deployment methods to<br />

choose from, it is important to make sure that the approach fits the organisation’s needs before<br />

proceeding.<br />

Addressing the Requirements of Hybrid Cloud and Rising Demand<br />

Moving forward, decision-makers view capabilities related to risk as especially important for their financial<br />

platforms. When it comes to the most important capabilities for financial platforms running in hybrid cloud<br />

environments, regulatory compliance, comprehensive application security and redundancy/disaster<br />

recovery are top must-haves.<br />

In addition to the importance placed on redundancy/disaster recovery, many respondents (43 percent)<br />

named centralised management and analytics as important capabilities. Along with elastic scale for<br />

variable/seasonal demands (25 percent), this shows a recognition of the requirements to provide effective<br />

service through redundancy, scalability, and a sound infrastructure.<br />

Compared with risk-related and operational priorities, cost saw considerably less emphasis in the survey.<br />

While 28 percent of respondents placed importance on automation for operational efficiency and reduced<br />

costs, just 18 percent prioritised flexible licensing and pricing.<br />

Desired Benefits from New Technology Investments<br />

As they plan new technology investments, decision-makers are motivated foremost by risk reduction—<br />

far outpacing business factors such as revenue, customer experience, and competitive advantage.<br />

By a large majority, security was the most likely benefit to spur funding for new technology. Operational<br />

considerations followed, including operational improvements (65 percent) and cost savings (63 percent).<br />

Regulatory compliance, emphasised earlier in the survey as a priority for a hybrid cloud requirement, was<br />

not necessarily top-of-mind in the technology funding stage—but still of high importance (57 percent).<br />

Revenue generation was named as a highly important benefit by only 35 percent, followed by customer<br />

satisfaction at 32 percent. Even in an industry undergoing rapid digital transformation, just 32 percent of<br />

decision-makers cited business advantage from new technology as a prime factor—and only 17 percent<br />

were moved by the ability to accelerate development speed.<br />

The results of the survey offer a snapshot of an industry in transition, as decision-makers seek to keep<br />

control over security and compliance and maintain operational consistency, as they look to tap into the<br />

agility and scalability of the cloud. It is clear that, while security is important for digital transformation<br />

initiatives, application delivery and managing multi-cloud environments are of equal importance. Above<br />

all financial services organisations must maintain their good reputation and ensure customer trust. Firms<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 54<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

must demonstrate that they are protecting customer assets, providing an ultra-reliable service, working<br />

with trustworthy partners and reducing risk to the business.<br />

About the Author<br />

Ehab has more than 13 years’ experience in the IT industry. Prior to A10<br />

Networks he worked at security firm Symantec as territory manager for<br />

enterprise where he was instrumental in driving new business acquision.<br />

He also held a regional channel leadership position at Blue Coat Systems<br />

(acquired by Symantec) and regional sales manager position at Sophos.<br />

The early part of his career was spent at Naizak Distribution Services as<br />

account manager for several key security vendors.<br />

Ehab can be reached online at (ehalablab@a10networks.com) and at our<br />

company website www.a10networks.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 55<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Revealed: How Banking and Finance GRC Leaders<br />

Struggle to Address Regulators’ Demands for <strong>Cyber</strong><br />

Evidence with Confidence<br />

By Charaka Goonatilake. CTO at Panaseer<br />

It’s one thing to keep data secure and assets protected, but another thing entirely to have the evidence<br />

at hand to prove your security controls coverage and its effectiveness to third parties.<br />

And when those third parties include financial regulators with the power of life and death over your<br />

organisation’s trading licence, answering their questions accurately, confidently and in a timely manner<br />

is everything.<br />

Keeping on top of regulators’ demands for cyber-related data is perhaps the most business-critical<br />

function of a bank’s or financial services company’s GRC (governance, risk and compliance)<br />

department. However, according to intensive research conducted for Panaseer among a cohort of 200<br />

well-placed GRC leaders at 5,000+ employee finance institutions on both sides of the Atlantic, all is not<br />

well with how they and their teams address these issues. Within the research findings, described in<br />

more detail below, a picture emerges of GRC teams grappling with growing volumes and complexities<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 56<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

of data requests, and with signs that the labour-intensive methods they have traditionally employed for<br />

dealing with regulator requests are becoming serious causes for concern.<br />

Searching questions are not simple to answer<br />

Behind each regulatory request is a simple guiding principle on the part of the regulator: ascertaining<br />

the organisation’s true security posture in the context of specific legislation. The old adage “the simplest<br />

things are the most complicated” rings very true here; particularly as IT and business infrastructures at<br />

these organisations are so vast and interwoven. Also, that the complex and often urgent nature of the<br />

enquiries means there is seldom an efficient or repeatable way of addressing them through nonautomated<br />

means.<br />

Unfortunately, standard GRC tools are not fully automated; they typically rely on significant manual<br />

input. Furthermore, they do not provide complete insight into the current status of security controls<br />

coverage, the performance of those controls and – crucially – any gaps between them.<br />

This lack of consolidated visibility into all assets – devices, applications, user accounts, databases, etc.<br />

– across the enterprise makes it difficult for GRC teams to pinpoint control coverage gaps and external<br />

regulatory policy compliance.<br />

This is highly problematic because answers to regulators’ questions will invariably lie in data scattered<br />

across the organisation. Much of what GRC teams need to compose their responses to regulatory<br />

questions will come from data collected by security colleagues (see below), but in any case GRC tools<br />

are geared up to obtain subjective data collated via qualitative questionnaires that build an<br />

approximated picture from representative samples rather than reflecting the full, quantifiable reality.<br />

Incomplete and/or unreliable information prevents any clear assurance of whether the relevant controls<br />

are deployed and operating on all assets.<br />

Requests are coming thick and fast<br />

Financial institutions have plenty of cyber-related regulations to worry about and, for the largest in<br />

particular, the number grows almost by the month. Data privacy laws, as just one example, are now in<br />

force in 120 countries. This puts acute pressure on the GRC departments of international institutions,<br />

for whom local regulations apply regardless of whether their operations in a certain national jurisdiction<br />

constitute a major or a minor presence.<br />

We know that these increasingly cyber-related requests, and the difficulty in addressing them<br />

autonomously with existing GRC toolsets, is creating friction between GRC teams and their cyber<br />

colleagues. A separate Panaseer study polled a group of 420 CISOs at large financial institutions about<br />

these knock-on effects and found – on average – GRC teams were requesting metrics from security<br />

once every 16 days, at a cost of up to 5 days per month being diverted away from front-line cyber<br />

fighting resources. A total of 29 percent claimed risk teams demand data from them every single day.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 57<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Data accuracy and request volume are the biggest GRC cyber challenges<br />

In our GRC leaders peer survey, “access to accurate data” and “number of report requests to deal with”<br />

were cited as the top two security challenges.<br />

The number one issue is accurate data (or rather, a lack of it), cited as the most significant security<br />

issue by more than one-third (35 percent) of respondents. This appears to be a bigger problem among<br />

the smaller institutions surveyed, with 40 percent of those employing between 5,000 and 9,999 people<br />

placing it first versus 33 percent at those with 10,000+. This disparity could be explained by the sheer<br />

scale of manually-intensive resources that the largest institutions are able to call upon to collate richer<br />

data and invest time validating it. In any case, it’s clear that the same difficulties in grappling with<br />

complexity and sprawl afflict smaller institutions despite having fewer endpoints, applications and<br />

systems than their larger peers.<br />

The response “number of report requests to deal with, understanding and clarity of report requests” was<br />

cited as the greatest security challenge by 29 percent of respondents.<br />

More GRC leaders should be more confident in data shared with regulators<br />

The magnitude of these challenges is borne out in the apparent lack of supreme confidence GRC<br />

leaders have about the quality and timeliness of the data provided to regulators in response to<br />

requests. It is worth remembering that these are some of the largest and most advanced financial<br />

institutions in the world, with enormous resources and an acute sensitivity to the needs of maintaining a<br />

spotless regulatory compliance record that never risks harm to their public reputations or continuity of<br />

business operations.<br />

With all that being said, only 39 percent of respondents stated they were “very confident” in the<br />

accuracy of security data provided to regulators on request. More staggeringly still, a further 7 percent<br />

admitted they were “neither confident nor unconfident”, which any fair-minded observer would have to<br />

agree constitutes something of a damning indictment.<br />

It doesn’t get much better in terms of the confidence levels GRC leaders have for responding to<br />

regulatory requests quickly enough. Here, far less than half (41 percent) claimed to be “very confident”<br />

in their ability to fulfil the security-related requests of regulators in a timely manner.<br />

These are not the responses one would expect of senior risk and compliance professionals presiding<br />

over slick, well-functioning processes. Another finding compounds this troubling perspective: only 27.5<br />

percent of respondents said they were “very satisfied” that their organisation’s security reports align to<br />

regulatory compliance needs like GDPR and CCPA.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 58<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Too manual, meaning too inefficient, prone to errors and lacking context<br />

The tools that GRC teams commonly use to collate data in response to regulatory requests rely heavily<br />

on qualitative questionnaires. Some questions will be binary, others significantly more detailed. As<br />

outlined above, this will be owing to the absence of a vigorous, data-driven (bottom-up) approach to<br />

establishing the on-the-ground reality of which security controls are in place, what they cover and how<br />

they are operating. Rather, these questionnaires feed into a process that seeks to establish whether<br />

certain parameters are in place by garnering attestation from stakeholders and by sampling data.<br />

There are many limitations to such a manual, questionnaire-driven approach, including:<br />

- Massively inefficient – The largest institutions may employ 100 people or more to manually<br />

undertake qualitative compliance checks. Consider for a moment how wasteful that is, and how<br />

lacking in scalability in the face of yet greater requirements. Most organisations have automated<br />

some aspects of their processes according to our survey (more details below), with 2.5 percent<br />

automating none whatsoever.<br />

- Lacking in context – GRC tools cannot isolate and identify applications associated with<br />

particular business processes, or the interrelationships between assets and the people who<br />

interact with them, or – more to the point – the impact that risks posed by these factors may<br />

have on the business. The disconnected, check-box nature of qualitative assessment makes it<br />

all but impossible to assess the total, cumulative risk generated by ‘toxic combinations’ of risk<br />

factors. Our survey found a groundswell of support for improvement in this regard, with 30<br />

percent agreeing the ability to prioritise risk remediation based on impact to the business is<br />

“very important” and a further 66 percent as “somewhat important”.<br />

- Too much subjectivity – Qualitative questionnaires lead to evidence significantly more subjective<br />

than objective. Sampling also leads to less reliable results than an approach able to take in the<br />

full picture. Other accuracy issues include the potential for human error, bias or even abuse that<br />

must be considered when employing a non-automated system.<br />

- Point in time rather than real time, all the time – The results of such manual processes give only<br />

a ‘point-in-time’ estimation of compliance posture, which may be sufficient to satisfy the request<br />

but which will need the same process repeated again and again whenever the same verification<br />

is sought.<br />

In our GRC leaders study, 92 percent of senior risk and compliance professionals responded positively<br />

to the value of harnessing both quantitative and qualitative security controls assurance, reflecting the<br />

strong appetite for an improved toolset.<br />

Attitudes to automation are encouraging<br />

While GRC leaders may be labouring under a broken, inefficient and ‘top-down’ system, there is plenty<br />

of evidence from our research to suggest they are progressive in their outlook toward more<br />

streamlined, automated and comprehensive methods of surfacing security metrics.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 59<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

One of the reasons for this is expediency, with the tightening effect of increasingly stringent legislative<br />

requirements making the search for alternative approaches more pressing. Recent examples of this,<br />

such as the Monetary Authority of Singapore (MAS) Notice 655 on <strong>Cyber</strong> Hygiene (which calls for<br />

banks to attest to having endpoint detection and response software deployed and operational on every<br />

asset, at all times), reflect a heightened level of expectation on the part of regulators that such requests<br />

should not be considered unreasonable.<br />

Automating processes would go a considerable distance to solving these challenges, but our survey<br />

found there is some way left for organisations to go. A total of 93.5 percent of GRC leaders agreed that<br />

it is important to automate security risk and compliance reporting, but only 26 percent have so far<br />

achieved it. And while those instances where data collection (49 percent of respondents) and data<br />

analysis (67 percent) processes are being automated represent good news, until full automation arrives<br />

there will still remain many of the problems associated with manual processes, such as human error<br />

and inefficiencies in achieving pace and scale.<br />

Rethinking the GRC toolset with CCM<br />

The whole challenge of responding to regulatory requests would be alleviated by GRC tools that can<br />

harness accurate data in an automated rather than manual way, access the required information<br />

without dragging overstretched cyber teams into the fray, and easily transform it into the formats<br />

different regulators demand.<br />

With a consistent up-to-date view of security controls deployments, the accuracy and timeliness of<br />

responses will be improved since assessments will be derived from instrumentation instead of<br />

subjectivity.<br />

The latest Gartner Hype Cycle for Risk Management details a new technology that promises to deliver<br />

this capability. Called ‘Continuous Controls Monitoring (CCM)’, Gartner defines it as: “…a set of<br />

technologies that automates the assessment of operational controls’ effectiveness and the identification<br />

of exceptions”.<br />

Purpose-built CCM tools sit on top of existing tooling, ingest data from across security, IT and business<br />

tools, and can clean, normalise, and de-duplicate data before correlating aggregated data to individual<br />

assets. They can also integrate with GRC tools to automatically populate them with security controls<br />

assurance data.<br />

By using CCM to align security controls with framework standards, GRC teams can track and report<br />

adherence to best practice standards and regulatory mandates.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 60<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The compelling benefit of CCM is its ability to reflect “what’s really going on” in a fast and non-disruptive<br />

way, uncovering gaps in security controls deployment coverage wherever they are, and preventing<br />

even the merest suggestion that the organisation’s risk management is itself ‘risky’.<br />

That’s something that benefits every aspect of the organisations charged with upholding the best<br />

practice policies of security and compliance, from GRC leaders and cyber teams all the way up to the<br />

leadership of the business.<br />

About the Author<br />

Charaka has spent the last 5 years engineering and building Hadoopbased<br />

security analytics applications to detect <strong>Cyber</strong> threats. He led a<br />

team on business development for the BAE Systems <strong>Cyber</strong>Reveal<br />

product to over 40 clients in Financial Services, Technology,<br />

Telecommunications, Energy, Pharmaceuticals and Foreign<br />

Government based across EMEA, North America and APAC.<br />

Charaka is the brains behind our big data technology. His team lead the<br />

way in generating innovative techniques for deriving new security insight<br />

for our customers.<br />

First Name can be reached online at @charakag<br />

and at our company website http://panaseer.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 61<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why the Education Sector Must Address Security in The<br />

Rush to Digitise<br />

By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at<br />

HPE Aruba<br />

There has never been a greater need to connect students, classrooms, and buildings. Enrolment of<br />

students (who are always more tech savvy and more expectant than the year that preceded them)<br />

continues to rise, and the benefits of technology – better grades and greater staff well-being – are<br />

necessary if schools are to maintain high levels of performance during the challenging time of digital<br />

transformation.<br />

What’s key, however, is that cyber security is taken seriously. Not in a way that restrains a school’s<br />

ambitions to innovate, but so that technology is controlled and managed with caution to protect the<br />

students. This will become increasingly important as schools and universities expand deployment of<br />

digital, collaborative and immersive learning environments across new and modernised buildings and<br />

campuses.<br />

Here’s a closer look at some of the advances many schools are making today, and the security measures<br />

that can, and should, be taking to protect their data and reputation.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 62<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The changing face of education<br />

There are exciting times ahead for the education industry. Typically, this sector is one of the last to make<br />

extensive change, but thanks to the ambitions of teachers keen to engage better with students, the<br />

classroom of yesteryear is starting to transform. In many schools, where once Wi-Fi was limited to a<br />

handful of classrooms, now any room can be used as an IT suite. New tech such as eLockers are being<br />

trialled as a way of empowering students and encouraging self-paced learning. And, rather than deter<br />

the use of personal devices, they are becoming increasingly more embedded in the educational toolset.<br />

And so by enabling a more digital workplace, staff will be freed up to make faster decisions and engage<br />

students whose learning styles vary. Already we’re seeing education employees reap the rewards of<br />

technology. In Aruba’s recent study of more than 1,000 employees, almost three quarters (74%) said<br />

they could accomplish more throughout the day and had the opportunity to develop new skills (74%).<br />

However, as the smarter classroom gradually becomes a reality, so the question of security – and how it<br />

is managed – must be addressed.<br />

Keeping security in check as progress is made<br />

Worryingly, just under half (49%) of teachers admit they rarely (if ever) think about cybersecurity, despite<br />

91% acknowledging its importance. In addition, more than three-quarters (76%) believe there is room for<br />

improvement in the way connected tech is managed.<br />

This is a challenge for institutions. Schools, colleges and universities alike share the same priority:<br />

providing the best possible education to cater to students whose expectations are growing exponentially.<br />

To connect with them in a meaningful way requires reliable, optimised, and personalised learning<br />

experiences. But an influx of Internet of Things (IoT) devices and a cohort that aren’t all trained in security<br />

best practices, puts networks at risk of intrusion. And, more seriously, puts young people at risk of<br />

communication from people who may wish to abuse, exploit or bully them.<br />

Tackling this issue requires both accountability and an autonomous approach to security. Ensuring there<br />

is ownership over IoT security is imperative, and some institutions have appointed “digital champions”<br />

who review technology and share practices that foster innovation.<br />

Technology, too, will play its part in managing the cybersecurity risk. Colleges and universities must<br />

implement new tools that go beyond traditional cybersecurity measures, such as User and Entity<br />

Behavior Analytics (UEBA), which identify patterns in typical user behaviour and flag any anomalies.<br />

These kinds of solutions don’t hinder employee creativity, collaboration, or speed as many clunky security<br />

systems do. Instead, they provide real-time protection and enable quick responses should a network<br />

breach occur.<br />

Enthusiastic pupils are a huge opportunity<br />

It’s important that a focus on security doesn’t take away from the bold ambition demonstrated by the<br />

education sector. In many ways, this industry in a totally unique position. Every day, it interacts with an<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 63<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

enthusiastic generation that gets more technologically sophisticated each year. In few other sectors is<br />

there such a huge cohort of people as adaptable and receptive to new ways of working.<br />

This is where the opportunity lies for teachers, who can challenge the traditional way of teaching. But in<br />

order to do so, they cannot be shackled by the fear of cyber risk. Instead, education employees must<br />

continue to push themselves to investigate what other innovations can be implemented in order to<br />

enhance student learning.<br />

There’s no doubt it can feel overwhelming for many to think about how to make improvements while<br />

dealing with a demanding timetable. However, by investing in automation technology that streamlines<br />

processes and provides protection, the opportunity of a digital workplace can become a reality. This will<br />

drive greater efficiencies, freeing up space in the day to innovate and try new things.<br />

With the right technology in place, and a security strategy that ensures accountability for the management<br />

of said technology, there is huge potential for educational institutions to become efficient, productive and<br />

inspiring digital workplaces. The enthusiasm for transformation is already there. With the right security<br />

strategy, I’ve no doubt the future of education will be bright.<br />

About the Author<br />

Technologically savvy, innovative, strategic and a goal-driven IT<br />

management professional, Jacob has over 20 years of progressive<br />

success in all phases of Sales & Business Development including Profit<br />

Accountability, Business Growth, Product Development and Key Account<br />

Management, propelling unprecedented growth for organizations.<br />

Associated with Hewlett Packard Middle East, he has been successfully<br />

handling positions of progressive responsibility. He has been recognized<br />

to excel in offering Mobility solutions and Software Defined Networking,<br />

while pushing revenue charts northwards for organizations in a short<br />

span of time.<br />

Jacob can be reached online at (Jacob.chacko@hpe.com) and at our<br />

company website https://www.arubanetworks.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 64<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Data Migration Security<br />

What to Know<br />

By Devin Partida, <strong>Cyber</strong>security Writer, ReHack Magazine<br />

If you're planning a data migration soon, there are some crucial things to do to increase the likelihood of<br />

keeping it safe. Migrating data means moving it between locations, formats or locations.<br />

Prioritizing data security is essential for successful outcomes. However, doing that is not as<br />

straightforward as some people think. These tips will help with that all-important matter.<br />

1. Confirm the Location of Your Critical Data<br />

If your data migration includes critical content, do you know where all of it resides? If not, you're in the<br />

majority. Research indicates that 82% of respondents from organizations did not know where those<br />

enterprises kept all the critical data. The same study showed that 55% cited data fragmentation across<br />

multiple databases as slowing their progress.<br />

That's a data security risk because it could give the false impression that all the most important<br />

information got safely moved to the new destination. That may not be a valid conclusion to make. Audit<br />

the data before a migration happens. Doing that helps ensure you find all the necessary records. Tools<br />

also exist to help find duplicate or obsolete content that you can delete before starting to move the data.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 65<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

2. Plan a Phased Migration<br />

When learning about data migrations, you'll almost certainly come across details about a process called<br />

Extract, Transform and Load (ETL). It encompasses the three main stages that happen when moving<br />

information.<br />

The extract portion involves collecting data and reading it from a database. The transform step then<br />

converts the extracted data from its previous form to the format required by the new location. Finally, the<br />

load step writes the data to the target database.<br />

Keep security in a top-of-mind position by opting for a phased approach. In other words, decide to migrate<br />

your least-important data first. Focus on the material that has business value but does not include<br />

sensitive details.<br />

You should also hold off on migrating any data deemed essential to your company's operations. Doing<br />

that allows you to vet the security of the data host's systems and avoid major unforeseen problems.<br />

3. Become Familiar with Applicable <strong>Cyber</strong>security and Encryption Protocols<br />

A frequently chosen kind of migration occurs when companies shift some of their on-premises information<br />

to cloud data centers. This decision is often a smart one from a data security standpoint. Cloud platforms<br />

usually include dedicated encryption and cybersecurity protocols that customers automatically have<br />

access to through their service packages.<br />

However, consider how you could beef up cybersecurity and data encryption with additional measures<br />

applied by your company. Taking that approach is especially wise when the information in question is<br />

highly sensitive or includes customer details.<br />

When people get word of data breaches or other security-related matters affecting their details, they<br />

rapidly lose trust in the involved companies.<br />

4. Back Up the Data First<br />

As you map out the schedule for data migration, don't start moving the content before backing up all the<br />

files. Even if things go relatively smoothly, you could still end up with missing, incomplete or corrupt files.<br />

Having the data backed up supports data security by letting you restore content when needed.<br />

Weigh the pros and cons of all the options available to you before choosing one. For example, if you're<br />

only migrating a small number of files, putting them on a USB drive might be the simplest possibility. A<br />

mirrored drive or a cloud backup service is likely more appropriate for more extensive migration efforts.<br />

5. Maintain All Necessary Compliance and Access Requirements<br />

If your data migration involves keeping some content in on-premises facilities, and moving the rest to the<br />

cloud, ensure that your security standards are identically tight across those locations. A common way to<br />

do that is to set up security policies for aspects like access control. Once you lay out the desired security<br />

environment for the data, check that the cloud host meets or exceeds them.<br />

Verify that your data security plans include specifics for all applicable laws that dictate how to handle<br />

customer information, such as the General Data Protection Regulation (GDPR). Other data privacy<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 66<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

stipulations relate to patient medical data. Your company must continue to abide by the rules before,<br />

during and after a migration.<br />

Fortunately, automated tools can make that easier by automatically applying the parameters you set.<br />

Cutting Data Migration Risks<br />

Many of today's businesses are extremely dependent on data. The trouble is that the information<br />

possessed by a company could grow to such a gigantic amount that migrating it becomes too much of a<br />

hassle or prohibitively costly.<br />

Moving smaller databases of information still includes risks that could threaten data security. However,<br />

by following the suggestions here and doing more research to determine which challenges your company<br />

faces, you can reduce data migration problems.<br />

About the Author<br />

Devin Partida is a cybersecurity and technology writer. She is also the<br />

Editor-in-Chief at ReHack.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 67<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Crown Prosecution Service (CPS) Has Recorded<br />

1,627 Data Breaches Over the Entirety of the 2019-20<br />

Financial Year, Up From 1,378 In the Previous Financial<br />

Year<br />

By Andy Harcup, VOP, Absolute Software<br />

The annual CPS report, analysed by Griffin Law, a UK litigation practice, revealed that 59 incidents were<br />

so severe that they were reported to the Information Commissioner’s Office (ICO) and potentially<br />

affected up to 1,346 people.<br />

The CPS is hardly the first agency to struggle with device and data security, but the lack of urgency<br />

shown by the government over these persistent threats to the UK’s national cyber security is troubling.<br />

In the light of international concerns surrounding hacking and ransoms, not to mention the missing<br />

‘papers’ included in this report from the ICO, can we be sure there aren’t more incidents that go<br />

unreported or undetected?<br />

The cyberspace lies at the heart of modern society, and impacts our personal lives, our businesses, and<br />

our essential services. A secure online environment is essential to principal public agencies like the CPS.<br />

However, some individuals and groups use cyberspace for malicious purposes, exploiting cyberspace to<br />

conduct illegal operations or launch damaging computer network attacks. More than ever, cyber security<br />

affects both the public and the private sector and spans a broad range of issues related to personal,<br />

organizational, and most notably, national security.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 68<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

As stated in the annual CPS report, the period from January to March saw by far the largest quantity of<br />

severe personal data incidents, with 21 data handling incidents leading to loss of ABE and media discs,<br />

as well as an additional 18 incidents of unauthorised disclosure of case information, impacting a<br />

whopping 1,233 people in total.<br />

By comparison, just 11 incidents of unauthorised disclosures of case information affected 56 people in<br />

the period of October to <strong>December</strong> 2019, 12 data handling incidents and unauthorised disclosures of<br />

case information impacted 34 people in January to March, and 23 people were impacted in April to June<br />

2019 by 15 total personal data incidents.<br />

In total, 1,463 of the total data breaches recorded over the entire financial year, were due to unauthorised<br />

disclosure of information, with 78 being considered ‘severe’. A further 143 of the total incidents were due<br />

to loss of electronic media and paper, and in 22 of these instances, the data was never recovered. Finally,<br />

the final 21 reported cases were due to loss of devices, including laptops, tablets and mobile phones,<br />

although only one of these devices was not eventually recovered, and no CPS data was compromised<br />

as a result.<br />

The Crown Prosecution Service oversees some of the most sensitive data imaginable, from confidential<br />

case files to personal details of witnesses and victims in criminal trials. Against this backdrop, these<br />

figures paint a worrying picture of the organisation’s approach to data and device security, with many<br />

incidents appearing to put the safety of individuals at risk. The claim that, ‘no CPS data has been<br />

compromised,’ in my opinion, requires further clarity.<br />

The data reveals little follow-up action is ever taken and that every faith is placed in the encryption<br />

software installed on government-issued devices. What we know to be true, based on our data, is that<br />

critical security controls like encryption are prone to failure. So to assume that data is protected merely<br />

because a device has encryption installed is a bold assumption.<br />

Moving forward, the CPS needs to up its game, with a much more rigorous approach to securing personal<br />

data. Key to this effort is ensuring that every mobile device or laptop is protected and retrievable, so that<br />

they can be wiped or frozen in the event of loss or theft. Additionally, staff need better training on how to<br />

reduce data loss incidents, to preserve the integrity and public trust in the CPS brand.<br />

It’s vital that key government departments and criminal prosecution services take data security seriously.<br />

It’s not uncommon for a missing file or laptop to fall into the wrong hands, giving hackers and cyber<br />

criminals access to critical public data. Key to tackling this problem is the implementation of sophisticated<br />

and robust end-point security, providing IT professionals within the department with full visibility and<br />

control over their device: meaning they can freeze or access a laptop, file or device, even if it lands in the<br />

wrong hands.<br />

In order to ensure a high level of security, organisations should take steps to quickly pinpoint potential<br />

threats and neutralise any cyber breaches as and when they occur with effective and resilient endpoint<br />

security. This should equip organisations with the ability to communicate, control and repair remote<br />

devices beyond corporate networks as well as measure the health of security control apps and<br />

productivity tools, so that workers can safely stay productive.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 69<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Andy Harcup, VP EMEA of Absolute Software<br />

Andy Harcup has professional experience in cyber security technology sales<br />

and consulting that spans over 15 years. He helps clients understand how<br />

security solutions can support and protect their digital business whilst at the<br />

same time either saving or increasing revenues. The cyber-criminal<br />

community along with security technology solutions are constantly evolving,<br />

and helping customers navigate that ever-changing landscape to help<br />

secure their business is Andy’s ultimate goal.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 70<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Financial Data Security Risks in The Hands of Online<br />

Shops or Intermediary Applications<br />

By Ben Hartwig, Web Operations Executive, InfoTracer<br />

Online retail fraud continues to rise year on year. Fraudsters are becoming more sophisticated and<br />

although we can put more and more consumer protection laws in place for protection, there is always a<br />

risk when providing your personal information online.<br />

Even if apps and stores that have access to your credit card or other details take measures to keep data<br />

safe, there is always the chance that hackers can steal data to use, or sell on the dark web. The risks<br />

are very real, but there is plenty you can do to mitigate these risks.<br />

Online shopping - The Process and The Risks<br />

Online shopping has made all of our lives that little bit more simple, and though people are venturing out<br />

less to buy items in real life, online business is booming. It is as simple as finding what you want and<br />

entering your card details, but there are still a lot of risks with this.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 71<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Financial fraud can take a number of forms, you may pay for an item and never receive it, receive<br />

something fake, or even have more money than you authorized taken. Even if you don’t get money taken,<br />

your details may be stolen and sold on the dark web, or used for identity theft. This can have grave<br />

impacts further down the line.<br />

There are scary cybersecurity statistics out there to show how much of an issue this is. The University of<br />

Maryland study says that hackers attack every 39 seconds, on average 2,244 times a day.<br />

What to Be Aware of When Shopping Online<br />

There are many signs you can use to try and establish whether a store is genuine or not. Naturally, if you<br />

have heard of the store or used it successfully before this is a big benefit. Other signs include:<br />

● Unsecure connections - https domains and a padlock sign in the browser (not on the website)<br />

are secure.<br />

●<br />

●<br />

●<br />

Wi-Fi warnings. Wi-Fi networks may warn you when a site is not trustworthy.<br />

Unusual domains with extra hyphens or characters.<br />

Crazy pricing. If it sounds too good to be true, it probably is.<br />

Other Apps That May Cause Fraud<br />

There are not just issues when shopping online, using other applications can leave you susceptible to<br />

fraud. For example, fake applications such as banking or investment apps, gaming apps that charge fees<br />

and take payments and other types of applications where you fill in personal details.<br />

Fake applications are becoming a huge problem, too, as so many people get fooled by similar branding<br />

to trusted apps.<br />

How to Protect Your Money Online: Basic Rules<br />

There are a few things you should always do when looking to protect your money online.<br />

●<br />

●<br />

●<br />

●<br />

Only download applications you know you can trust, with security certificates.<br />

Ensure you have antivirus software if you are using a laptop.<br />

Always have a secure password that you don’t use for each and every site.<br />

Double check every site or app is trustworthy before entering your details.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 72<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Security Tips for Online Shopping<br />

Here are some of the top security tips for online shopping:<br />

● Ensure that you have the most up to date browser, antivirus and operating system as this is<br />

the only way to ensure you have an option that is familiar with the most recent threats and<br />

advances in technology used by the hackers.<br />

●<br />

Check that the address you are buying from is real, not a fake or scam url.<br />

● Where you can, buy from a mobile device not a PC, as these are less susceptible to viruses<br />

that can steal your data.<br />

● Use a credit card rather than a debit card as these will keep you more protected using<br />

chargeback schemes, which can help you to get the money back if you fall foul of fraud.<br />

● As well as having secure passwords and different passwords, keep all of your passwords<br />

safe with a password manager, this can be done for you within Apple devices’ password keychain.<br />

● Don’t purchase anything from a cold email. In fact, don’t even click on the links. If you get an<br />

email claiming to be from a company, google them first to get their secure site and see if anyone<br />

has had issues with the company before. If you get an email about an offer and you think it is<br />

trustworthy it is still worth performing an email lookup to check the trustworthiness.<br />

● Keep records of all the transactions you carry out as this can help you to make claims in the<br />

future if you need.<br />

● Don’t keep a lot of private information on your smartphone or any one device, if this device<br />

is stolen it can be a goldmine for hackers or for criminals.<br />

● If a store online is asking for a lot of private information, consider why this might be the case.<br />

All they should need is a name, shipping and billing address and your card details.<br />

What to Do If You Fall into a Fraud Trap?<br />

It isn’t something to hide or be ashamed of if you fall into a trap. Fraudsters are undeniably becoming<br />

more and more sophisticated.<br />

Report the fraudulent activity to your state consumer protection office who might be able to take action,<br />

and consumer protection law is also moderated by the bureau of consumer protection. You might be able<br />

to take legal action.<br />

If you have purchased something on a credit card or PayPal, you might also be able to request a<br />

chargeback, due to not receiving the item. This depends on the type of retail fraud, and some identity<br />

fraud might be less straightforward.<br />

Conclusion<br />

This all comes down to vigilance. Keep a close eye on your bank account and anyone who might receive<br />

your details on a daily basis. It is always worth doing some due diligence on a new website or app you<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 73<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

are downloading or purchasing from, and this can help you to avoid falling into financial traps and having<br />

money, or your details, fraudulently taken from you.<br />

About the Author<br />

Ben Hartwig is a web operations director at InfoTracer. He authors<br />

guides on marketing and entire cybersecurity posture and enjoys<br />

sharing the best practices. You can contact the author via<br />

LinkedIn.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 74<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

All Aboard The COVID-19 Train: Malware Trends Taking<br />

Advantage of The Pandemic<br />

By Bar Block, Threat Intelligence Researcher at Deep Instinct<br />

Since the outbreak of COVID-19, plenty of COVID-19 themed malware attacks have surfaced around the<br />

globe. Attackers take every chance they get to spread their malware, and the pandemic has given them<br />

ripe opportunities.<br />

Based on data from D-Cloud, Deep Instinct’s Threat intelligence and telemetry cloud environment, the<br />

number of attacks has overall risen. This is particularly seen in the number of malicious executables and<br />

Office documents, which are commonly used to deliver the former. We believe this to be linked to an<br />

increase in malware attacks and malicious activity during the pandemic. Our data is consistent with trends<br />

seen elsewhere, which also point to an increase in attacks since the beginning of the pandemic. For<br />

example, the amount of malicious Office documents, which were seen in the first half of <strong>2020</strong>, is greater<br />

by 62% than the amount of the same type of files, which were seen in the first half of 2019. The increase<br />

correlates with waves of COVID-19 phishing attacks, which commonly use this type of file. A comparison<br />

for the same time periods in 2019 and <strong>2020</strong>, shows the number of malicious executables went up by<br />

40%.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 75<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Figure 1: The number of new malware samples per month, since the beginning of 2019. In the graph,<br />

Microsoft Office documents are divided between the older format- OLE and the newer format- OOXML.<br />

The numbers are shown in arbitrary units, where the number of malicious OOXML files in January 2019<br />

is set to 1.<br />

When the first waves of this ongoing pandemic crashed, attackers directed their efforts towards phishing<br />

campaigns and mal-spam attacks, sometimes pretending to originate from legitimate sources, like<br />

the World Health Organization. Others chose to exploit the work-from-home model, in which corporate<br />

networks that were relatively secure, could now be accessed from insecure locations. Likewise, meetings<br />

that were usually done in closed doors were now held using vulnerable virtual communication apps.<br />

Targeting the Good Guys<br />

One would be forgiven for thinking that the organizations which stand on the front line in the fight against<br />

the pandemic would be left alone, too important to be targeted by malware at this difficult time. However,<br />

that has unfortunately not be in the case.<br />

Since the outbreak, health organizations and their employees have been targeted more than usual, with<br />

an increase of more than two fold in targeted cyber-attacks against the World Health Organization,<br />

compared to last year. Spam and phishing campaigns were launched, some specifically targeting top<br />

officials at the WHO via both personal and corporate email addresses. Fake login websites for health<br />

workers have also been created, one even mimicking the World Health Organization’s eternal email<br />

system.<br />

Sure, some threat actors initially stated that they wouldn’t target health organizations during the<br />

pandemic, but that doesn’t mean they kept their word. For example, the group behind the infamous Maze<br />

ransomware released a statement in March <strong>2020</strong> that it would avoid infecting medical facilities and<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 76<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

esearch labs during the pandemic. Yet, just a few days later they released stolen<br />

data from “Hammersmith Medicines Research”, a London based lab that develops vaccines. That wasn’t<br />

the end of it, Maze infected more health facilities, not only interrupting their work, they also threatened to<br />

release patient records online if their ransom wasn’t paid. A threat would have exposed the compromised<br />

clinics to expensive GDPR lawsuits.<br />

Come and Knock on Our Door<br />

When organizations had no choice but to let their employees work out of their fairly secure offices and in<br />

their less than secure homes, suddenly the hacker’s job, just got a lot easier. They no longer had to work<br />

hard to craft malware samples that will pass corporate security solutions, they just needed to make<br />

unsuspecting employees open a malicious email attachment or download their malware from the internet.<br />

An example for an organization which was severely impacted by the shift to the work-from-home model<br />

is Cognizant, a Fortune 500 company. As the company was adjusting to its remote working environment<br />

they were attacked by Maze ransomware. The remediation and reparations costs were enormous,<br />

estimated to be between $50 to $70 million USD.<br />

Moreover, the fact that many people use the same computer for work and personal use, and sometimes<br />

even share these devices with other family members, opens the door for even more malicious samples.<br />

In addition, malware authors that decided to put more effort into the game, started looking for<br />

vulnerabilities to exploit in apps and services that became common during the pandemic, in order to<br />

reach a large crowd. An example of this is Zoom, which after experiencing a burst in popularity, suffered<br />

a string of security issues. One of which was a data breach in April that exposed over 500,000 Zoom<br />

credentials and a vulnerability that allowed arbitrary code execution on vulnerable endpoints.<br />

Fake Android Apps<br />

Many organizations and governments have launched applications that provide users with updated<br />

information about the pandemic. Seizing the opportunity, cyber-criminals used this surge of<br />

applications to launch their own versions, which are less helpful and more harmful. A common type of<br />

app is a “COVID-19 Tracker”, which gives information about infected people’s previous routes and current<br />

locations.<br />

During the pandemic, the Ginp banking trojan launched an Android app pretending to be a tracker that<br />

showed users a (fake) number of infected people in their current area. The software stated that it could<br />

give more details about the infected people for 0.75 Euros. If the users chose to sign-up, they were asked<br />

to provide their credit card information, which of course would be stolen by Ginp, without ever having<br />

charged the card, nor providing the requested information.<br />

Another malware that exploited the tracker theme is CryCryptor. On June 18th <strong>2020</strong>, the Canadian<br />

government announced it would back the development of a nationwide voluntarily tracing app that would<br />

provide details of exposure to Covid-19. Just a few days later, CryCryptor launched a ransomware<br />

pretending to be the app. Links to this fake app could be found in two Coronavirus themed websites,<br />

which the attackers had created. When the malicious software was downloaded, it asked for permission<br />

to access files on the infected device, on being provided, it used the permissions to encrypt targeted files,<br />

such as photos and videos, and left a ransom note in each affected folder.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 77<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Our Crystal Ball<br />

True Machiavellians, cyber-criminals focus on what they think will serve their purposes best. For that<br />

reason, we expect new malware campaigns to evolve in line with COVID-19 trends and developments.<br />

As national governments adjust their COVID-19 related regulations to meet the changing spread of the<br />

virus, people have struggled to keep up to date. Attackers may seize on this opportunity to launch malspam<br />

campaigns related to COVID-19 regulations, malicious websites with “updated information” and<br />

perhaps fake apps on “updated regulations”. Another possible approach attackers might take, is to take<br />

advantage of the interest surrounding a future vaccine to send phishing messages with malicious<br />

attachments, pretending to have new information about a promising vaccine to resolve the pandemic.<br />

The up-and-coming school year may also draw the attention of malware authors, especially those who<br />

prefer ransomware as their final payload. Like many organizations, schools and academic institutions<br />

had to adjust to the situation and change the way they operate, with many turning to online classes. This<br />

means that if a ransomware finds its way from a student’s home PC into the school’s network or in a<br />

more targeted attack, it can paralyze the school. Without the possibility of turning to the ‘ol’ pen and<br />

paper’, the infected school district or college may easily cave in and be forced to pay the ransom.<br />

A more permanent change that we will probably see, is the shift to a semi or full work-from-home model<br />

for the corporate workplace. During the pandemic, organizations realized that working from home has<br />

some advantages- many employees reported that they focus better at home, some even logged more<br />

hours, while companies discovered they can save a lot of money on facilities. If many organizations<br />

choose to permanently operate in a full or semi work-from-home model, hackers may well respond to<br />

exploit the situation, by crafting attacks that leverage the widened attack surface of remote working or by<br />

finding more vulnerabilities in software enabling remote working.<br />

Naturally, a company that chooses to operate in a remote working environment needs to take this<br />

increased risk into consideration, on top of other risks it may face. Additionally, companies will need to<br />

equip employees with the right tools, such as end point security solutions and proper security training.<br />

No matter how attackers choose to operate, users need to be more vigilant than ever, always keeping in<br />

mind that significant events, be it the COVID-19 outbreak or the upcoming U.S. elections, always draw<br />

attackers’ attention, and that the next malware infection may just be one click away.<br />

About the Author<br />

Bar Block, Threat Intelligence Researcher at Deep Instinct<br />

Bar Block is a Threat Intelligence Researcher at Deep Instinct. Prior<br />

to joining Deep Instinct in 2019, Bar served for three and a half years<br />

as a cyber security researcher in the Israeli Navy’s cyber unit. She is<br />

a recipient of the Israeli Navy Commander’s award for Outstanding<br />

Military Service.<br />

Bar Block can be reached online at Bar@deepinstinct.com, on<br />

LinkedIn and at our company website https://www.deepinstinct.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 78<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Coming Security Perspectives<br />

By Milica D. Djekic<br />

It appears that a today’s world landscape is under constant and chronical attack of security challenges.<br />

There is no time in a history that was easy and it’s obvious why the modern days are tough as well. At<br />

the surface the situation can seem as well-balanced and manageable, but it takes a lot of effort to<br />

maintain the stuffs being normal at least from the public’s point of view. The security career is hard and<br />

with the plenty of suffering and limits. No defense officer can say he has ever led the comfortable life as<br />

there could be a lot of struggling and difficulties. No matter how the social conditions could seem as<br />

perfect at the first glance the officers marinating such a community know how challenging it is giving<br />

yourself to the society being competitive in any sense. The security is about the risk management and<br />

many of us are aware of so, but as the nowadays situation is so complicated the biggest question to<br />

anyone is if we can produce the new generations of defense leaders who will provide the good response<br />

to the quite uncertain future.<br />

The gravest challenge of today is how to assure the overcrowded places as the cyberspace is. Those<br />

spots are the potential sources of the crime and as it is well-known there is some cyber skill shortage at<br />

the present times. Also, the cyber trace can serve to the investigation to obtain the findings and evidence<br />

about much dangerous security threats. So, definitely we are in need for such a skill and it can take time<br />

to make that sort of professionals. It can seem that our everyday life is so cloudy as we cope with the<br />

pandemic, economic crises, transnational crime and terrorism, so far. It can appear that the defense<br />

career is the good outlet to many good guys even in the most progressive economies. That choice seeks<br />

dedication and patience, so it’s clear why those men and women would select to serve making the living<br />

shield to the rest of their communities. It takes strength; courage and daring to be like so. In addition, it<br />

appears with the new technology we are aware more than ever how deep security can go as well as we<br />

can recognize why some occurrences from the past even happened. The history will give us the hard<br />

lessons and even today we can not say we are safe enough. The new Pandora boxes will get opened<br />

and we will realize we are simply at the beginning of the never ending game between the cat and mouse.<br />

In other words, one chapter will get closed while the new ones will appear as the new questions looking<br />

for their answers to come. That’s how we will make a cycle again and again. The social landscape can<br />

appear as great, but there is a lot of sweating behind so. Either you will give yourself fully or you will be<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 79<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

the temporary poser wasting someone’s time. No excuses; no compromise – just boldness and some<br />

fortune to follow.<br />

Any time in the history was tough and the novel days are not the exemption. Even if you serve in the<br />

physical, cyber or the other security branches your profession is not easy. No matter how beautiful<br />

everything can appear at the first sight there is no society without the crime and anytime has needed the<br />

good guys to respond to those challenges. It always has been hard, but undoubtedly worth that. The<br />

mission of security is to work for the betterment of many and if you deal with such an idea in your mind<br />

you will figure out why giving yourself completely matters.<br />

About the Author<br />

Milica D. Djekic is an Independent Researcher from Subotica,<br />

the Republic of Serbia. She received her engineering<br />

background from the Faculty of Mechanical Engineering,<br />

University of Belgrade. She writes for some domestic and<br />

overseas presses and she is also the author of the book “The<br />

Internet of Things: Concept, Applications and Security” being<br />

published in 2017 with the Lambert Academic Publishing. Milica<br />

is also a speaker with the BrightTALK expert’s channel. She is<br />

the member of an ASIS International since 2017 and contributor<br />

to the Australian <strong>Cyber</strong> Security Magazine since 2018. Milica's<br />

research efforts are recognized with Computer Emergency<br />

Response Team for the European Union (CERT-EU), Censys<br />

Press, BU-CERT UK and EASA European Centre for<br />

<strong>Cyber</strong>security in Aviation (ECCSA). Her fields of interests are<br />

cyber defense, technology and business. Milica is a person with<br />

disability.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 80<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Amidst Election Noise, <strong>Cyber</strong>criminals See an<br />

Opportunity with Retail<br />

By Chris Kennedy, CISO & VP of Customer Success, AttackIQ<br />

More than seven months into the onset of the novel coronavirus, it feels strange to look back on the<br />

things we previously took for granted in our day-to-day lives and accept the new reality— of working from<br />

home to celebrating events online to having a doctor’s appointment via Zoom.<br />

We have adapted to life under the novel coronavirus by becoming ‘A Very Online People.’ Hostile actors<br />

have been busy looking for ways to exploit us when we’re vulnerable, impressionable, and dependent on<br />

the internet.<br />

Our transition to remote work and increased digitization has opened us to a slew of threats: from phishing<br />

scams to botnets, from ransomware to the spread of disinformation. <strong>Cyber</strong>criminals and nation-states<br />

wasted no time in taking advantage of this pivot. Ransomware attacks are up seven-fold compared to<br />

last year, the Russian government is at it again with this year’s election, and the shift to online classes<br />

and teaching has made schools vulnerable.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 81<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Finally, the election results may not be known for weeks after election day due to the increase in mail-in<br />

voting, the safest but slowest way under the coronavirus to ensure a safe and secure electoral outcome;<br />

for this reason November is likely to be a difficult month in America as the election results are likely to be<br />

contested, with a spike in disinformation and online extremism. It is as tense a period in American history<br />

as anyone can remember.<br />

Timing the perfect storm<br />

With all eyes currently on the election, the next logical target is the retail sector—namely the supply<br />

chain—during the coming holidays. We saw an increase of cyberattacks on retailers during the<br />

holidays previously and we should expect a similar trend this year. Attacks could expose customer<br />

financial information, hold company data hostage through ransomware (with a hefty price tag to boot), or<br />

disrupt business operations. Consumer spending is also tied directly to the health of our economy, and<br />

a hostile nation-state might take the chance to pounce on the United States and disrupt the flow of goods<br />

and services.<br />

Especially when we’re so dependent on the internet. E-commerce sales have spiked by more than 31<br />

percent during the pandemic and now 43 percent of all holiday shopping is expected to be done online.<br />

Ours is a fragile economy built on outsourcing and just-in-time inventory; the market is already vulnerable<br />

as supply chains have been disrupted with manufacturers and retailers struggling to keep goods in stock.<br />

The timing and potential scale of a retail-focused attack makes this into an acute moment.<br />

Planning and preparedness are crucial<br />

We have a short window for effective security planning before the holiday season is fully upon us.<br />

American organizations have had several opportunities in the past to make good cybersecurity<br />

investments; the big, high-profile breaches of the past seven years should have triggered the impetus to<br />

invest. But too often organizations have failed to move fast enough. Let’s make this year different.<br />

What should be done? The first and most important step is to exercise the security you already<br />

have. Verizon’s Data Breach Investigation Report estimates that 82% of enterprise breaches should have<br />

been stopped by existing security controls but weren’t. Why is that? You could buy the best cybersecurity<br />

tools on the market to meet your needs, from firewalls to internal security segmentation capabilities to<br />

endpoint monitoring, but cybersecurity controls fail, and when they do, they fail silently. There is no “check<br />

engine light” that comes on right now. Security controls fail for two reasons – user error or<br />

misconfiguration – and when they fail, the enemy slips past.<br />

The best course between now and the rest of the holiday season is for security teams to exercise their<br />

cyberdefenses against known threats. We have a free tool to help us do so. The Department of Homeland<br />

Security recently released an alert warning the health sector of the risk of escalating tensions and<br />

potential cyberspace operations from China. At the end of the alert, the government agency listed<br />

Chinese tactics under the MITRE ATT&CK framework of known adversary tactics, techniques, and<br />

procedures. The framework organizes known hostile actors and their behavior. Organizations should use<br />

ATT&CK to prepare for known threats and exercise their security controls to defend customer data and<br />

ensure a safe holiday season.<br />

We just had National <strong>Cyber</strong>security Awareness Month in October, which is always a timely reminder for<br />

companies that touch the supply chain to shore up their cyberdefense effectiveness. Consumers need to<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 82<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

e diligent about disinformation, about keeping their personal information secure, and enterprises need<br />

to be on guard.<br />

The past year has left us rattled, and this month is likely to be difficult as politics and foreign influence<br />

operations put downward pressure on the American people—even after the election happens. <strong>December</strong><br />

gives adversaries another opportunity to keep up the pace. It doesn’t need to be that way. Simple steps<br />

we take now can help ensure a safer and more secure end of the year, and a positive transition into 2021.<br />

Preparation is the name of the game.<br />

About the Author<br />

Chris Kennedy is Chief Information Security Officer (CISO) and<br />

VP of Customer Success at AttackIQ where he is responsible for<br />

managing all aspects of customer relations and success, as well<br />

as the company’s internal information security strategy. He<br />

joined the company in January 2019 from Bridgewater Associates<br />

where he was head of security for infrastructure technology and<br />

controls engineering. Kennedy has more than 20 years of<br />

cybersecurity risk and operations practitioner experience and<br />

previously led the development of the U.S. Department of<br />

Treasury’s and the U.S. Marine Corps’ cybersecurity operations<br />

programs. A former Marine Corps Officer and Operation Iraqi<br />

Freedom veteran, Kennedy holds a Master of Science in<br />

Computer Information Systems from Boston University and a<br />

Bachelor of Mechanical Engineering from Vanderbilt University.<br />

Connect with him on LinkedIn.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 83<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

What’s in Your Wallet? The <strong>Cyber</strong>security Costs of COVID<br />

With new business challenges in play, organizations are shifting their cybersecurity spend accordingly<br />

By Mark Sangster, Vice President and Industry Security Strategist, eSentire<br />

If anything has become clear over the past six months, it’s that COVID’s tentacles have crept into almost<br />

every facet of our lives, both personal and professional. Most are in ways we could have (and did) predict,<br />

but there have been a few surprises along the way, such as teaching pods and Zoom fatigue.<br />

The good news is that people are, in general, pretty adaptable. Thousands of years of civilization have<br />

shown that when faced with a problem, a little human ingenuity goes a long way. Some of the world’s<br />

greatest inventions have been born out of necessity, or in some cases, out of an idea that fills a need we<br />

didn’t know we had (smartphones, anyone?). So, as COVID was causing epic changes large and small,<br />

far and wide, cyber criminals were adapting right along with it. In fact, for many ne’er do wells it was a<br />

boon. Suddenly, companies whose IT teams were equipped to protect networks, where perhaps 15<br />

percent to 20 percent of its workforce was remote, were faced with an almost 100-percent remote<br />

workforce overnight.<br />

The move to home didn’t just mean that employees were working from home offices and dining room<br />

tables — it meant employees were now outside the protection of traditional security perimeters, including<br />

firewalls. Devices that had previously been protected by enterprise-grade security technologies were now<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 84<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

at the mercy of consumer-grade internet routers, many of which were left unsecured by home users. For<br />

companies with a focus on the perimeter, this rendered much of their security practice moot.<br />

Without virtual private networks (VPN), two-factor and multi-factor authentication (2FA and MFA,<br />

respectively) controls, the doors to the henhouse were wide open, and foxes were free to stroll in.<br />

Criminals could easily connect to unprotected WiFi networks and install scripts on internet routers to<br />

collect unencrypted data, including corporate assets and credentials, which in turn could be used for<br />

credential stuffing attacks down the road.<br />

Security, stat<br />

Needless to say, many enterprises realized they needed to double down on their security spend, with the<br />

majority spend focused on protecting remote workers’ home operations.<br />

Companies lingering in outmoded, perimeter-based security lacked the ability to protect remote workers,<br />

cloud-based assets, and distributed management systems. No wonder then that they felt the increased<br />

security spend hardest, driven by the adoption of technologies that protect distributed workers and the<br />

assets they access. These organizations were quick to snap up encryption technologies such VPNs and<br />

multi-factor authentication, which provide an additional layer of protection to credential-based systems;<br />

endpoint protection (next-gen AV); and endpoint detection and response. And that’s not cheap.<br />

And for a few unlucky ones, even greater spending came about as a result of a data breach or operational<br />

disruption born from COVID-camouflaged attacks in the form of ransoms, clean-up costs, penalties, and<br />

the like.<br />

The genie is out<br />

You can’t put the genie back in the bottle. Many companies are continuing with remote, or at least hybrid,<br />

operations, and now that the risk is understood, it would be negligent to revert to old security methods.<br />

After the attacks on 9/11, New York based businesses changed their security and business continuity<br />

practices to include back-up systems and work centers outside their main offices. For banks in lower<br />

Manhattan, this meant backing up data and services in New Jersey. In 2012, Hurricane Sandy struck the<br />

eastern seaboard and not only flooded lower Manhattan, but disabled back-up centers located across<br />

the Hudson river. The previous influence in business continuity fell short when faced with a new type of<br />

natural threat.<br />

With COVID-19, companies more broadly understand that they had made a similar miscalculation,<br />

thinking that protecting the network perimeter would secure their business. Organizations must now<br />

protect remote worker’s devices (endpoint protection), and the means by which they connect to business<br />

systems and assets (VPN and MFA). When the next forcing factor emerges (hopefully no time soon), it<br />

will again reshape the way we approach cybersecurity fundamentals With luck, thousands of years from<br />

now, our descendants will marvel not only at how we successfully navigated a global pandemic, but how<br />

by applying human ingenuity, we emerged stronger and with a few new tools under our collective belts.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 85<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Mark Sangster, Vice President and Industry Security<br />

Strategist, eSentire<br />

As a member of the LegalSec Council with the International<br />

Legal Technology Association (ILTA), Mark Sangster is a<br />

cybersecurity evangelist who has spent significant time<br />

researching and speaking to peripheral factors influencing<br />

the way that legal firms integrate cybersecurity into their dayto-day<br />

operations. In addition to his passion for<br />

cybersecurity, Mark's 20-year sales and marketing career<br />

was established with industry giants like Intel Corporation,<br />

BlackBerry, and Cisco Systems.<br />

Mark's experience unites a strong technical aptitude and an<br />

intuitive understanding of regulatory agencies. During his<br />

time at BlackBerry, Mark worked on the first secure devices for government agencies. Since then, he has<br />

continued to build mutually beneficial relationships with regulatory agencies in key sectors.<br />

Mark holds a Bachelor’s degree in Psychology from the University of Western Ontario and a Business<br />

Diploma from Humber College. He is the author of the upcoming book “No Safe Harbor.”<br />

Mark can be reached online at @mbsangster and at our company website http://www.esentire.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 86<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Making the Journey to the Intelligent SOC<br />

AI, Machine Learning and Open-XDR Make it Easier<br />

By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />

Most enterprises and service providers are building security operations centers (SOCs) where a team of<br />

analysts evaluates and remediates cyberattacks. Traditionally, these SOCs use a dozen or more standalone<br />

security tools, each of which focuses on endpoints, the network, servers, users, applications or<br />

other parts of the attack surface. This system results in hundreds or thousands of false positive attack<br />

alerts, causing analyst “alert fatigue,” and forces analysts to manually correlate information from the<br />

siloed tools to determine whether complex attacks are real or false. This activity can make it a matter of<br />

weeks or months to respond to complex attacks.<br />

Ideally, users would like a single security dashboard that accurately identifies complex attacks and<br />

automatically correlates inputs from multiple security tools to reduce false positives and reduce the time<br />

it takes to spot and remedy attacks. Today, some security software vendors are leveraging artificial<br />

intelligence (AI) and machine learning to find and correlate detections from across the entire attack<br />

surface and present them in an easily-digestible manner. Let’s look at how these technologies improve<br />

SOC operations.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 87<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A Day in the Life of a Security Analyst<br />

In a large SOC, there are typically three levels of analysts:<br />

• Level 1 analysts are triage specialists who monitor and evaluate incoming alerts and identify<br />

suspicious activity that merits attention, prioritization and investigation.<br />

• Level 2 analysts are incident responders, performing initial analysis and investigation into alerts,<br />

assessing the scope of the attack and identifying and researching indicators of compromise<br />

(IOCs) for blocking or mitigated identified threats.<br />

• Level 3 analysts are threat hunters, conducting malware analysis and network forensics and<br />

working proactively to recognize attackers and advanced persistent threat activities while working<br />

with key stakeholders to implement remediation plans.<br />

How AI and Machine Learning Change the Picture<br />

Here’s how AI and machine learning in an intelligent SOC change the dynamics. For Level 1 analysts,<br />

an intelligent SOC can automate almost all activities related to monitoring and evaluating incoming<br />

events. Level 1 monitoring and identification of incoming threats are generated through basic automation<br />

and the event correlation of ingested logs. Machine learning and AI can provide a SOC Level 1 Analyst<br />

with the identification of more data-driven events with more accuracy, allowing for precise categorization<br />

of specific threats for a more rapid response.<br />

At Level 2, AI and machine learning can provide the analyst with an immediate assessment of the scope<br />

of the attack and sometimes can recommend initial steps for remediation. At Level 3, these technologies<br />

can reduce over-all remediation dwell time as machine learning and AI can immediately identify and<br />

correlate detections and forensics data to identify malicious activity and implement protection measures.<br />

With all teams looking at detections through a single dashboard, companies can use an intelligent SOC<br />

to eliminate manual event correlation and significantly speed the time to attack identification. AI can spot<br />

attacks and recommend steps to remediate them, and machine learning can make the intelligent SOC<br />

smarter over time because it learns and remembers attack scenarios so it can spot them more quickly<br />

the next time.<br />

The Journey to the Intelligent SOC<br />

So how can companies update their SOCs to intelligent SOCs? There are two scenarios.<br />

In Scenario 1, the company buys intelligent SOC software from a vendor with a closed platform. These<br />

eXtended Detection and Response (XDR) platforms aggregate security tools obtained through internal<br />

development and acquisition, and implementing the platform means abandoning the existing security<br />

solutions your company is already using. This method causes disruption, impacts the company’s bottom<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 88<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

line (because it is abandoning tools that are already paid for), and locks in the company’s fortunes to that<br />

single vendor.<br />

In Scenario 2, the company buys intelligent SOC software from a vendor with an open platform. These<br />

Open XDR platforms deploy non-disruptively, capture inputs from your existing security tools, and add<br />

their own capabilities to enhance detection, correlate events, and present them all in a single dashboard.<br />

This method saves money, reduces training time and disruption, and allows the company to choose bestof-breed<br />

tools for its security infrastructure.<br />

There are sharp contrasts between these two scenarios, and each should be considered carefully as<br />

your company makes the journey.<br />

Intelligent SOC Advantages<br />

Level 1 SOC analyst can see the results of ML/AI firsthand when organizations perform external pen<br />

testing and red team adversary simulation to validate that the SOC is correctly optimized for monitoring<br />

and identifying alerts. Although there has been some discussion as to whether ML/AI will start to replace<br />

human SOC analyst, industry experts agree that these deep learning tools can complement and improve<br />

your current SOC Level 2 staff's ability to perform analysis and investigation to detect advance threats.<br />

In a Crowd Research Partners survey conducted last year, more than 55 percent of the respondents cited<br />

their inability to detect advanced threats as the biggest challenge for SOCs.<br />

ML/AI security tools can deliver substantial improvements in threat hunting, detection and forensics<br />

analysis for your Level 3 SOC analyst. This can translate into reduced dwell time, mean time to detect<br />

(MTTD) and mean time to remediate (MTTR). AI and machine learning will provide for a highly automated<br />

and efficient SOC that will empower analysts and eliminate complexity.<br />

The Promise of an Intelligent SOC<br />

To understand the promise of an intelligent SOC, let’s look at what it brings to the role of analysts at each<br />

level. For Level 1 analysts, it provides rapid detection capabilities across multiple endpoint and network<br />

monitoring tools and components from a central location and single dashboard. This helps eliminate alert<br />

fatigue from false positives and makes it easier to quickly spot complex attacks. Some users report that<br />

thanks to an intelligent SOC, detection times for complex attacks have been reduced to minutes from<br />

days or weeks. Automated orchestration provides Level 1 SOC analyst with rapid detection capabilities<br />

across multiple endpoint and network monitoring tools, all from a central location and single dashboard.<br />

Automated security orchestration will improve the efficiency of SOC processes and the identification of<br />

malicious activity, allowing for Level 1 SOC analysts to forward potential security incidents that merit<br />

attention to Level 2 staff more quickly.<br />

Level 2 analysts get the ability to remediate security challenges quickly and accurately. The intelligent<br />

SOC platform’s AI and machine learning capabilities deliver highly accurate detections and suggestions<br />

for how to remediate them. Automated orchestration enriches Level 2 SOC analyst with additional data,<br />

rapid remediation capabilities, leveraging multiple protection tools and components from a central<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 89<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

location and single dashboard. These automated platforms will help scope events into true incidents for<br />

human responders<br />

Automated orchestration provides Level 3 SOC analysts with rapid evidence collection of simultaneous<br />

processes across multiple tools from a centralized location and a single dashboard. Most importantly,<br />

automation and orchestration can provide a more rapid response capability across multiple security<br />

components and tools whether they are on-prem or located in the cloud.<br />

Intelligent SOCs bring dramatic improvements in a company’s ability to protect itself from ongoing attacks<br />

by consolidating and analyzing information from across all security tools, correlating detections found by<br />

multiple sources, and presenting attack information and remediation options in a single dashboard. For<br />

the sake of overall security protection, the journey to an intelligent SOC is one well worth taking.<br />

About the Author<br />

Albert Zhichun Li is the Chief Scientist at Stellar <strong>Cyber</strong>. is a worldrenowned<br />

expert in cyber security, machine learning (ML), systems,<br />

networking and IoT. He is one of the few scientists known to heavily<br />

apply ML to security detection/investigation. Albert has 20 years of<br />

experience in security, and has been applying machine learning to<br />

security for 15 years. Previously, he was the head of NEC Labs’<br />

computer security department, where he initiated, architected and<br />

commercialized NEC’s own AI-driven security platform. He has filed<br />

48 US patents and has published nearly 50 seminal research papers.<br />

Dr. Li has a Ph.D. in system and network security from Northwestern<br />

University and a B.Sc. from Tsinghua University.<br />

Albert can be reached online at zli@stellarcyber.ai and at our company website http://stellarcyber.ai<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 90<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Joint Investigation Reveals Evidence of Malicious<br />

Android COVID Contact Tracing Apps<br />

By Peter Ferguson, <strong>Cyber</strong> Threat Intelligence Specialist at EclecticIQ’s Fusion Center<br />

The devastation of the COVID-19 pandemic has caused public-health and economic issues to countries<br />

around the globe, and the complications of which are far from over. In accordance to scientific guidance,<br />

many nations have launched contact tracing applications to monitor, identify, alert and reduce the spread<br />

of infections.<br />

However, the shift towards tracing apps has not always been smooth in the eyes of both the media and<br />

the public, with various concerns about the privacy of these tools. Considering such an app is an<br />

unprecedented phenomenon in a world that’s perhaps more connected than ever, it is easy to understand<br />

how some may see an Orwellian twist to the story, despite the arguable necessity for tracking in order to<br />

keep members of the public safe. In fact, a US survey by YouGov from April <strong>2020</strong> indicated that 43% of<br />

Americans believe that such an app would be an invasion of privacy and just one third said they would<br />

install the app.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 91<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

However, despite these concerns, as the pandemic continues and economic activity starts to resume,<br />

more and more countries have been looking into providing their own COVID-19 contact tracing<br />

applications. With this, it is likely that we’ll see threat actors exploit the window of opportunity of a new<br />

product being launched to the public in order to distribute malicious Android packages that pose as<br />

legitimate contact tracing applications while delivering banking trojans, spyware, and ransomware.<br />

A recent joint investigation between EclecticIQ and the ThreatFabric research team has been produced<br />

into a report on this matter, with the findings suggesting that threat actors will almost certainly continue<br />

to use commodity and open source-based malware disguised as legitimate contact tracing applications<br />

for financial gain.<br />

The low barrier to entry provided by these tools and the continued rollout of contact tracing applications<br />

by nations, presents continued financial opportunity for cybercriminals into the near future. Worryingly,<br />

we have observed evidence of malicious actors displaying their willingness to exploit the current<br />

pandemic by targeting legitimate contact tracing applications consistently in recent months. The samples<br />

analysed by our research team had an earliest estimated build time of April 12 th , <strong>2020</strong> with the latest<br />

being June 23 rd , <strong>2020</strong>.<br />

Third party tooling used to provide C2 anonymisation<br />

As part of our investigation, we have found examples of threat actors using third party tooling to provide<br />

anonymisation to their command and control (C2) infrastructure. In our research, we found India to have<br />

been particularly targeted with malicious applications, with eight malicious applications that used<br />

Portmap.io, a commercially available port forwarding service, and Ngrok, a secure tunnelling service.<br />

Malicious Android packages distributed through phishing links<br />

The examples of malicious contact tracing apps we analysed were primarily distributed through phishing<br />

links designed to trick users into downloading a malicious Android package. One of the samples we<br />

analysed, first identified by the MalwareHunterTeam, was disguised as an official contact tracing app for<br />

India and was an example of this phishing practice.<br />

Furthermore, it would seem that the distribution of malicious Android packages disguised as legitimate<br />

contact tracing apps is consistent across the regions. As an example, ESET found that the official<br />

Canadian contact tracing app was targeted with ransomware, with users being lured into downloading<br />

the CryCryptor ransomware via two phishing links.<br />

Investigation findings are consistent with previous open source reporting<br />

Our report found that the use of commodity and open-source based malware is consistent with previous<br />

open source findings: Researchers at Symantec found that legitimate SM_Covid19 apps were<br />

repackaged by cybercriminals and injected with Metasploit, hence giving the identified samples Trojan<br />

capabilities. A further three samples were found to be disguised as the contact tracing app for India.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 92<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

As part of our investigation, we also analysed a publicly available malicious sample, disguised as the<br />

legitimate app for Singapore, which we found to be linked to the commodity Android Banking Trojan,<br />

Alien.<br />

Malicious Android packages distributed for financial gain<br />

From our analysis, we have assessed with high confidence that the majority of these malicious attacks<br />

on contact tracing apps are financially motivated. One of the indicators of this is the use of openly<br />

available tools, which require no financial input from the cybercriminals beyond the time needed to<br />

configure and deploy them.<br />

Good advice to users would be to never download contact tracing Android applications from links sent to<br />

them or from third party stores. If you’re interested in downloading your nation’s contact tracing<br />

application, we’d recommend the use of an official health body website or the Google Play Store. Social<br />

engineering remains an incredibly efficient tactic to manipulate users into downloading and installing a<br />

wide variety of malicious applications on mobile devices. As the crisis deepens, it has become<br />

increasingly important for users to remain cautious about the sources they download their software from<br />

and take due precautions when opening links that have been shared with them – spear phishing, the<br />

practice of luring victims to click on links or enter data via fraudulent emails that use a personalised<br />

approach can be incredibly deceiving even to the trained eye.<br />

About the Author<br />

Peter Ferguson is a <strong>Cyber</strong> Threat Intelligence Specialist at<br />

Amsterdam-based cybersecurity company EclecticIQ. He has a<br />

demonstrated history of working in the security industry, specialising<br />

in modelling threats to industry standard models (Kill Chain, MITRE,<br />

STIX).<br />

Peter can be reached online via LinkedIn and at our company website:<br />

https://www.eclecticiq.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 93<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A Hybrid Workplace Means New Threats and More<br />

Pressure on IT Leaders<br />

By Tim Sadler, Cofounder and CEO of Tessian<br />

Events this year have changed the way we think about work indefinitely. In fact, new research from<br />

Tessian shows that only 11% of employees want to work exclusively in the office post-pandemic.<br />

Businesses must now consider whether the remote work shift brought on by COVID-19 should become<br />

permanent. But, then again, remote work isn't accessible or preferable for every employee. Business<br />

leaders, therefore, have important decisions to make around how employees will work in the future, be it<br />

remotely, in an office or a hybrid of the two.<br />

Whatever the decision, cybersecurity will be a huge factor. IT teams must fortify workplace processes<br />

with an added layer of security to protect both data and individuals no matter where an employee is<br />

working. They will face more pressure from the top as cybersecurity and business continuity are<br />

prioritized.<br />

Business leaders need to understand the new challenges IT leaders are facing, how security threats<br />

change as people work from anywhere, and how to prepare for a future hybrid working structure.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 94<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why IT Leaders Are Concerned About Hybrid Work<br />

Three-quarters of IT decision makers believe the future of work will be either remote or hybrid, according<br />

to Tessian’s report.<br />

But they do have concerns around these new ways of working, specifically around employee wellbeing.<br />

Throughout the pandemic, research has shown the negative impact remote work has had on people’s<br />

levels of stress, leading to more incidents of burnout. As well as having detrimental consequences to<br />

people’s wellbeing, increased levels of stress could also be putting companies at risk, as people tend to<br />

make more cybersecurity mistakes at work. IT leaders are also concerned that remote employees’ unsafe<br />

data practices could lead to more data breaches and security incidents.<br />

It’s no wonder, then, that more than one-third (34%) of IT leaders are worried about their teams’ time and<br />

resources being stretched too thin. Eighty-five percent also believe their teams will be under more<br />

pressure with a permanent remote work structure. To explain, let’s look at two specific security concerns<br />

that are made more complex when some, or all, employees work outside of the office:<br />

● Phishing: Half of the security incidents or data breaches that companies experienced between<br />

March and July <strong>2020</strong> were the result of phishing attacks - making it the top attack vector during<br />

this time. In fact, nearly two-thirds of US and UK employees (65%) said they received a phishing<br />

email during the remote work period. The problem is that employees are more susceptible to<br />

phishing attacks while working remotely, namely because hackers are taking advantage of the<br />

situation and it’s also harder to verify a colleague’s request when they aren’t in the same room as<br />

you. In addition, factors like distraction could cause people to miss cues and potentially click on<br />

malicious links.<br />

● Insider threats: Data exfiltration from inside the company is also a security risk that becomes more<br />

complex with a remote or hybrid environment, even when not done maliciously. An employee<br />

could, for example, be sending documents to personal email accounts to print from their home<br />

devices. When this data leaves corporate networks and devices, though, it becomes more<br />

vulnerable to a breach and puts the company at risk of non-compliance.<br />

Protect IT Teams’ Time by Focusing Security and Awareness Efforts<br />

Mitigating these risks without over-burdening IT teams won’t be easy but it can be achieved by focusing<br />

on two important areas: email protection and better cybersecurity training.<br />

Employees are more reliant on email than ever while working remotely; Tessian saw a 129% increase in<br />

email traffic from March to April <strong>2020</strong>, compared with January to February. As people use email more<br />

and more to send data to customers and colleagues, and as hackers exploit the channels employees rely<br />

on most, educating people on threats like phishing attacks or accidental data loss - simply caused by<br />

someone sending an email the wrong person - is critical to company security.<br />

This training, however, needs to resonate. It can’t be seen as a tick-box exercise or another thing for<br />

people to add to their to-do lists, because employees just won’t engage with it. In fact, despite half of IT<br />

departments implementing more security training for their remote workers during the pandemic, nearly 1<br />

in 5 employees said they didn’t take part.<br />

This could be because the training gets in the way of people doing their jobs, but also because it often<br />

lacks the real-world context employees need to develop positive security behavior. Real-time educational<br />

alerts provide that context. Employees can understand, in-the-moment, why the message they received<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 95<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

is a threat as well as the techniques hackers are using to trick or manipulate them - all learnings that they<br />

can apply to future incidents.<br />

A human-first approach to cybersecurity has never been more important. As employees log onto<br />

corporate networks from anywhere in the world, the most important security perimeter companies must<br />

protect are its team members.<br />

Employees have access to large amounts of sensitive information and are handling more of that data<br />

over email than ever. But it’s unreasonable to expect employees to keep data and systems secure 100%<br />

of time - mistakes happen and many people aren’t cybersecurity experts. By focusing on a few highimpact<br />

areas, IT teams can protect employees and their business, without feeling overwhelmed by the<br />

task ahead.<br />

About the Author<br />

Tim is the Chief Executive Officer and co-founder of human layer<br />

security company Tessian. After a career in investment banking, Tim<br />

and his co-founders started Tessian in 2013, creating a cybersecurity<br />

solution that uses machine learning to protect people from risks on<br />

email like data exfiltration, accidental data loss and phishing. Tim has<br />

since built the company to over 160 employees in offices in San<br />

Francisco and London, and raised over $60m from leading venture<br />

capital funds. Tim was listed on the Forbes 30 Under 30 list in<br />

technology.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 96<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How We Securely Share Data in A Remote World<br />

By Duncan Greatwood, CEO, Xage Security<br />

<strong>Cyber</strong>security solutions are often thought of as a single-issue solution: protecting companies from<br />

dangerous or costly hacks, or detecting hacks after they’ve already happened, when it may be too late.<br />

But in an era when our essential industries are continuing to digitize, organizations need to approach<br />

cybersecurity as a foundational element of innovation. Security must evolve to enable efficient data<br />

sharing, across company, location and network zone boundaries.<br />

As we shift into an era of increased remote work, cyber risk is changing. Companies are becoming more<br />

and more co-dependent, working together to make entire industries better -- think of the logistics<br />

companies powering retailers, sharing data from suppliers to customers to improve operational<br />

timeliness. Collaboration is essential, and remote work has accelerated the need for flexible digital<br />

collaboration.<br />

Companies rely on secure third-party communication and cross-organization collaboration to develop<br />

new, more impactful and efficient ways of working.<br />

Keep Private Information In, Safely Share Data Out<br />

Companies must be able to secure access – letting individuals have access to only what they need, for<br />

the time that they need it – with extremely granular control. As opposed to relying solely on broadlydefined<br />

trust zones, like traditional security solutions, a zero-trust cybersecurity approach is essential for<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 97<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

today’s IT and OT environments. A zero-trust approach means that access is never assumed or granted<br />

purely on the basis of zone access. Instead, the policy is to constantly and consistently ensure that an<br />

individual employee or a single device has the correct authorizations before they are granted access to<br />

a system.<br />

It is enforcing security at the edge, particularly for industrial operations, that enables organizations to<br />

protect individual devices where they are, with remote oversight. As a result, threats can be blocked at<br />

their source, protecting the entire, often critical, operation––rather than allowing one hack to decimate an<br />

entire connected system and cause widespread damage.<br />

While zero-trust is essential for access, it’s also an important aspect of securing traversal or data<br />

throughout systems – whether within a company’s own systems, or sharing with important partners and<br />

customers. In this way, the same approach necessary to keep devices and data safe within a system can<br />

also be used to facilitate secure data transfer, improving operations, efficiency and collaboration with<br />

partners, suppliers and customers.<br />

Data is the Driver<br />

Data is the key driver in business today. Without secure data sharing, operators risk missing out on crucial<br />

and timely learnings from combining partner data––such as seismic information that can help ensure the<br />

safety of oil & gas rig operators, or grid stability data for utilities operators. Without the right mechanisms<br />

in place, it’s extremely time consuming and costly to combine, process, and share data, meaning you<br />

can’t get real time data or live learnings, and thus lose the ability to make important changes that can<br />

improve operations in real time.<br />

Being able to securely share data is a huge step towards more efficient remote operations. But in order<br />

to do so, we need to ensure that all data maintains authenticity, integrity, and privacy. The best way to<br />

achieve this trifecta is by taking a zero-trust approach to in-field protection, so that data integrity can be<br />

checked and proofed at all stages of data transfer. Data should be secured down to a granular level,<br />

noting and immutably logging important factors like location and time of generation. This approach allows<br />

the data’s producer to define who can subsequently access the data, and enables the data’s consumer<br />

to verify the data’s integrity in their application.<br />

Decentralized Security in Space<br />

At Xage, we were recently awarded a grant by the US Space Force (USSF), to prepare end-to-end access<br />

and data protection for USSF assets. For an organization itself designed to protect US interests and<br />

assets in space, holistic security is paramount.<br />

This work emphasizes the importance of decentralized security enforcement for decentralized<br />

systems: limiting single points of access, securing devices at the edge, and detecting attempted hacks<br />

that could have devastating impact if they gained traction or access to other devices.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 98<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Further, the Space Force requires a solution that provides universal protection. Like many other<br />

organizations, the Space Force relies on devices of various generations, from various suppliers, in<br />

various locations, of varying levels of security. Accordingly, organizations like the USSF need solutions<br />

that work for all assets – whether space-based or on the ground, enforcing granular access and data<br />

control in real time – to enable the creation of “systems of systems” each of which can act autonomously<br />

and in concert as needed.<br />

Remote Work Is Here to Stay<br />

Essential systems were already digitizing pre-pandemic, but with the shift to remote work, as well as the<br />

digital and innovation pressure brought on by broader COVID-19 economic changes, we will continue to<br />

see increased cyber risk in essential industries. As we determine how to best move forward with securing<br />

them, we need to focus on solutions that truly match the systems they’re designed to protect: adaptable,<br />

universal and designed for the high-volume data sharing required for operational innovation.<br />

About the Author<br />

Duncan Greatwood is Xage Security's Chief<br />

Executive Officer. Most recently, he was an<br />

executive at Apple, helping to lead a number of<br />

Apple's search-technology projects and products.<br />

Prior to Apple, Duncan was CEO of Topsy Labs, the<br />

leader in social media search and analytics acquired<br />

by Apple in 2013. Prior to Topsy, he was founder and<br />

CEO of PostPath Inc., the email, collaboration and<br />

security company acquired by Cisco in 2008.<br />

Previously, Duncan held Vice President roles in<br />

Marketing, Corporate Development and Sales at<br />

Virata/GlobespanVirata/Conexant, as well as earlier<br />

engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales,<br />

marketing, operations, technology, and human experience to the task of driving growth at Xage. Duncan<br />

holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from<br />

London Business School. Duncan can be reached online via www.xage.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 99<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

To Share, Or Not to Share<br />

As consumers’ views on personal data evolve, it’s time to re-think data privacy<br />

By Kris Lovejoy, Global Consulting <strong>Cyber</strong>security Leader, EY<br />

Today organizations are standing at the crossroads when it comes to data privacy. In one direction, a<br />

series of high-profile data breaches and scandals in recent years has eroded consumers’ trust in<br />

organizations and led to them becoming ever more vigilant about their privacy. This consumer vigilance,<br />

combined with a regulatory drive to tighten the rules around the handling of personal information, has led<br />

to organizations becoming increasingly risk-averse about monetizing their customers’ data.<br />

In the other direction, however, the outbreak of the COVID-19 pandemic has revealed a willingness<br />

among consumers to share their personal data, if doing so is in the public benefit or if it brings them<br />

advantages such as discounts or tailored services. This suggests that many organizations could monetize<br />

their data more effectively than they are doing at present, provided they approach it in a way that aligns<br />

with both their own purpose and consumers’ expectations.<br />

In light of these mixed messages, what is the right direction to take regarding consumers’ data privacy?<br />

The EY Global Consumer Privacy Survey <strong>2020</strong> suggests that organizations need to take a balanced<br />

approach to data privacy, which recognizes consumers’ vigilance regarding their data, as well as their<br />

willingness to share it in certain circumstances.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 100<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A trend in consumer vigilance<br />

As it turns out, in the current environment of breaches and the pandemic, consumers are much more<br />

aware of the personal data they are sharing now. In fact, more than half (54%) of the consumers who<br />

responded to our survey said they are more aware now of the personal data they’re sharing than before<br />

the pandemic. It is not just the health crisis that has driven awareness. Other developments, such as<br />

how some media platforms may be linked to exerting influence over current events and legislative<br />

change, including the European Union’s General Data Protection Regulation and the California<br />

Consumer Privacy Act are also sharpening the focus on awareness. We also found that, generally<br />

speaking, younger generations are much more aware of their privacy rights, and the implications of<br />

sharing data, compared with older generations. For example, in the past six months, 45% of Millennials<br />

and 49% of Gen Z have always or often shared COVID-19 health data with an organization, compared<br />

with just 21% of Baby Boomers.<br />

In fact, trust in how data is being collected and shared has been a concern for some time, and the survey<br />

revealed that this trend is set to continue. Significantly, the majority (56%) of consumers said that their<br />

trust in an organization’s ability to collect, store and use their data would be damaged if the organization<br />

shared that data without their overt consent. Almost half (48%) said they would lose trust in an<br />

organization if it suffered a data breach or a cyber-attack, while 43% would become mistrustful if an<br />

organization asked for data unnecessarily.<br />

Data monetization is another topic of concern that emerged from the results, and the findings offer some<br />

invaluable insights into how organizations can build sufficient trust with consumers to be able to monetize<br />

their data effectively. Significantly, the most important considerations for consumers when sharing<br />

personal data with an organization are secure collection and storage (63%), followed by control over what<br />

data is being shared (57%), and trust in the organization itself (51%). And an organization’s ability to<br />

counter data breaches and cyber-attacks ranks second as the factor most likely to boost consumer<br />

confidence.<br />

Meanwhile, consumers are actively educating themselves in the area of data privacy. The findings<br />

indicate that in the six months prior to the survey, 45% of consumers had taken the time to understand<br />

how a company uses their data, 36% had willingly shared health data related to their COVID-19 status,<br />

and the same proportion had chosen not to provide personal data or asked an organization to remove<br />

their data due to reputational concerns around its usage. As a result, organizations that expect to<br />

monetize the data they collect – whether that’s by collecting internal data to improve operations, or by<br />

deploying better-targeted campaigns or discounts for current and prospective customers to generate<br />

more revenue – should be mindful that consumers are paying much closer attention.<br />

Altruism, but with limits<br />

While the research shows that consumers are more mindful regarding who is using their data, and how<br />

it is being used, it also uncovered a trend toward altruistic data sharing. Indeed, more and more<br />

consumers are seeking out brands that use their data to help others — as long as they are adequately<br />

protected and remain in control of what they share.<br />

Half of the consumers surveyed said the pandemic has made them more willing to part with their personal<br />

data, especially if they know it is contributing to the research effort and/or community wellness. This<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 101<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

creates a real opportunity for brands with a deep sense of purpose to build trust with consumers, which,<br />

in turn, will allow them to responsibly tap the potential of consumer data.<br />

This tendency to share data for altruistic purposes is particularly pronounced among younger consumers.<br />

More than a quarter (26%) of Millennials and 22% of Generation Z respondents said that helping to<br />

maintain or improve the life of someone they do not know is one of the three most important<br />

considerations when agreeing to share data with an organization. Also, almost two-thirds (61%) of<br />

consumer respondents in Asia-Pacific said they are more willing to share their personal data if it<br />

contributes to the COVID-19 research effort and/or community wellness.<br />

The survey further highlights that context is crucial for consumers when it comes to sharing data. Around<br />

two-thirds (65%) of respondents said they would share medical information with a medical institution to<br />

improve their healthcare experience, and 54% would share demographic data with a retailer in exchange<br />

for discounts. Yet only 39% would share their online search history with a large technology company in<br />

return for more personalization.<br />

Getting the balance right<br />

It is clear from the research that while consumers are sensitive about how their data is handled, they can<br />

be persuaded to share more of it with trusted organizations that use data in meaningful, purposeful and<br />

responsible ways. Organizations can build trust by clearly communicating to their customers what they<br />

are doing around data protection. They can also give consumers greater control over the data that<br />

specifically relates to them. If trust isn’t built – or if it is breached – organizations risk losing their customers<br />

to competitors.<br />

Once trust has been established, organizations can start to explore how they can monetize consumers’<br />

data in ways that will create value for them and help to further build trust. They should consider what<br />

kinds of data their customers might be willing to share, and under what conditions.<br />

Proceed with caution<br />

Depending on who you ask, perspectives and priorities on privacy certainly differ. For example, in<br />

collaboration with the International Association of Privacy Professionals, EY professionals interviewed<br />

privacy practitioners and privacy leaders from around the world. 2 Practitioners implementing privacy on<br />

the ground across business sectors focused on the most immediate challenges relating to privacy. They<br />

highlighted employee privacy protections and virtualization challenges as the top priorities as they<br />

prepared for work-from-home and return-to-work transitions. For policymakers, regulators and<br />

academics, the focus is more around bigger-picture societal concerns, citing the increase and<br />

normalization of surveillance by governments and commercial actors as their top priority.<br />

Consumers, understandably, have their own priorities and require a customized approach. In the past,<br />

many organizations have understandably been extremely cautious around consumer data privacy, but<br />

this has come at a cost – both the financial cost associated with cyber protection and the commercial<br />

cost associated with missed revenue opportunities. With CIOs now under pressure to do more with less<br />

amid frozen budgets and changing consumer expectations around data, the time has come to reassess<br />

this super-cautious approach.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 102<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

As we stand at the crossroads – balancing the perspectives of consumers, requirements of regulators<br />

and needs of the business related to data privacy and protection – businesses need to re-evaluate their<br />

overall privacy program and approach. Perhaps the new reality offers a unique opportunity to enable<br />

strong security to create trust, allowing customers to share more data and derive more value.<br />

If this pandemic has taught us anything, insights that could make a big difference to consumers may well<br />

be hiding behind masses of untapped data. While this may be deemed a heretical statement for a<br />

cybersecurity practitioner to make, perhaps we should be re-considering our role and the programs we<br />

implement to protect data and privacy, with a new bias toward promoting and expediting – not limiting –<br />

a trusted value exchange.<br />

The views reflected in this article are the views of the author and do not necessarily reflect the views of<br />

the global EY organization or its member firms.<br />

1<br />

Privacy in the wake of COVID-19<br />

About the Author<br />

Kris Lovejoy is EY Global Consulting <strong>Cyber</strong>security Leader. Worldrenowned<br />

in cybersecurity, risk, compliance and governance, she was<br />

a keynote speaker at this year’s CERIAS Security Symposium and<br />

was named by Consulting magazine as a Women Leader in<br />

Technology. She has been quoted in publications that include Forbes,<br />

Fortune, USA Today, Federal News Network and Risk Management.<br />

Before joining EY, Kris was CEO of an AI-driven network security<br />

company and the general manager of a multinational information<br />

technology company’s security services division, charged with building<br />

end-to-end cybersecurity programs for clients worldwide. Kris can be<br />

reached online at https://www.linkedin.com/in/klovejoy/ and at<br />

EY.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 103<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 104<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 105<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 106<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 107<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 108<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 109<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 110<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS<br />

“Amazing Keynote”<br />

“Best Speaker on the Hacking Stage”<br />

“Most Entertaining and Engaging”<br />

Gary has been keynoting cyber security events throughout the year. He’s also been a<br />

moderator, a panelist and has numerous upcoming events throughout the year.<br />

If you are looking for a cybersecurity expert who can make the difference from a nice event to<br />

a stellar conference, look no further email marketing@cyberdefensemagazine.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 111<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

You asked, and it’s finally here…we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />

At least a dozen exceptional interviews rolling out each month starting this summer…<br />

Market leaders, innovators, CEO hot seat interviews and much more.<br />

A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 112<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.



This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />

ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />

to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />

newsletters along with this month’s newsletter.<br />

By signing up, you’ll always be in the loop with CDM.<br />

Copyright (C) <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />

<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />

<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />

All rights reserved worldwide. Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />

recording, taping or by any information storage retrieval system without the written permission of the publisher<br />

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />

marketing@cyberdefensemagazine.com<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

276 Fifth Avenue, Suite 704, New York, NY 1000<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />

marketing@cyberdefensemagazine.com<br />

www.cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 12/02/<strong>2020</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 113<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.



Released:<br />

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />

In Development:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 114<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 115<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

8+ Years in The Making…<br />

Thank You to our Loyal Subscribers!<br />

We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />

What You Think. It's mobile and tablet friendly and superfast. We hope you<br />

like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />

scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />

around the Globe, Faster and More Secure DNS<br />

and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an array of live mirror<br />

sites.<br />

Millions of monthly readers and new platforms coming…<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 116<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 117<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 118<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 119<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 120<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 121<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 122<br />

Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!