Cyber Defense eMagazine December 2020 Edition

Securing the Hybrid Workforce Begins 

with Three Crucial Steps 

Top 10 Data Breaches of the 21st Century 

Responding to Security Incidents with 

Behavior Analysis 

Data Migration Security 

…and much more… 

Cyber Defense eMagazine – December 2020 Edition 1 

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s December 2020 Issue ----------------------------------------------------------------------------------------- 6 

Securing the Hybrid Workforce Begins with Three Crucial Steps ------------------------------------------------- 24 

By Rick Vanover, Senior Director of Product Strategy, Veeam 

Top 10 Data Breaches of the 21st Century ------------------------------------------------------------------------------ 28 

By Nicole Allen, Marketing Executive, SaltDNA. 

Why Organizations Need to Reduce Friction to Manage Remote Work Environments -------------------- 33 

By Jay Goodman, Strategic Product Marketing Manager, Automox 

Cybersecurity: Innovation Needed ----------------------------------------------------------------------------------------- 36 

By Laurence Pitt, Global Security Strategy Director, Juniper Networks 

The Future of Security Is on The Hardware ------------------------------------------------------------------------------ 39 

By Ian Pratt, Global Head of Security, HP 

Responding to Security Incidents with Behavior Analysis----------------------------------------------------------- 42 

By Jeff Stein, Information Security Architect, Reputation.com 

Learning Hardware Security Via Capture-The-Flag Competitions ------------------------------------------------ 45 

By Jason M. Fung, Offensive Security Research Manager at Intel 

Telegram for Business Communications: Understanding The Risks And Rewards--------------------------- 49 

By Otavio Freire, CTO and Co-Founder, SafeGuard Cyber 

How Are Financial Services Firms Addressing the Requirements of Digital Transformation, Security, 

And Compliance? ---------------------------------------------------------------------------------------------------------------- 52 

By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks 

Revealed: How Banking and Finance GRC Leaders Struggle to Address Regulators’ Demands for Cyber 

Evidence with Confidence ---------------------------------------------------------------------------------------------------- 56 

By Charaka Goonatilake. CTO at Panaseer 

Why the Education Sector Must Address Security in The Rush to Digitise ------------------------------------- 62 

By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba 

Data Migration Security ------------------------------------------------------------------------------------------------------ 65 

By Devin Partida, Cybersecurity Writer, ReHack Magazine 



The Crown Prosecution Service (CPS) Has Recorded 1,627 Data Breaches Over the Entirety of the 

2019-20 Financial Year, Up From 1,378 In the Previous Financial Year ----------------------------------------- 68 

By Andy Harcup, VOP, Absolute Software 

Financial Data Security Risks in The Hands of Online Shops or Intermediary Applications --------------- 71 

By Ben Hartwig, Web Operations Executive, InfoTracer 

All Aboard The COVID-19 Train: Malware Trends Taking Advantage of The Pandemic ------------------- 75 

By Bar Block, Threat Intelligence Researcher at Deep Instinct 

The Coming Security Perspectives------------------------------------------------------------------------------------------ 79 

By Milica D. Djekic 

Amidst Election Noise, Cybercriminals See an Opportunity with Retail ---------------------------------------- 81 

By Chris Kennedy, CISO & VP of Customer Success, AttackIQ 

What’s in Your Wallet? The Cybersecurity Costs of COVID --------------------------------------------------------- 84 

By Mark Sangster, Vice President and Industry Security Strategist, eSentire 

Making the Journey to the Intelligent SOC ------------------------------------------------------------------------------ 87 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Joint Investigation Reveals Evidence of Malicious Android COVID Contact Tracing Apps----------------- 91 

By Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ’s Fusion Center 

A Hybrid Workplace Means New Threats and More Pressure on IT Leaders ---------------------------------- 94 

By Tim Sadler, Cofounder and CEO of Tessia 

How We Securely Share Data in A Remote World -------------------------------------------------------------------- 97 

By Duncan Greatwood, CEO, Xage Security 

To Share, Or Not to Share -------------------------------------------------------------------------------------------------- 100 

By Kris Lovejoy, Global Consulting Cybersecurity Leader, EY ------------------------------------------------------------ 100 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

As we publish this December issue of Cyber Defense Magazine, many of 

us will look ahead to the year 2021 with great anticipation. While 2020 

has been a challenge for most in the cybersecurity community, many 

have weathered the storm and even become stronger as a result. 

From my perspective, it’s clear that it’s imperative to get back to basics. 

The articles in this month’s Cyber Defense Magazine, which are provided 

from a broad array of contributors, demonstrate that our community is 

moving steadily into a new phase, getting down to basics while we 

address broader issues as well. 

In addition, we’re thrilled to have now opened our 9 th annual Global InfoSec Awards for 2021 as our most 

prestigious awards at https://www.cyberdefenseawards.com which will take place during RSA Conference 2021. 

I’d like to draw your attention to my current article emphasizing the need for appropriate responses to holidayrelated 

scams. Without repeating it in full here, I’ll refer you to the online posting at: 

https://www.cyberdefensemagazine.com/halting-hackers-on-the-holidays/ 

In addition to the important articles in the December issue, we are pleased to continue providing the powerful 

combination of monthly eMagazines, daily updates, and features on the Cyber Defense Magazine home page, and 

webinars featuring national and international experts on topics of current interest. Finally, don’t forget to grab 

some knowledgebase infosec and cybersecurity tidbits from experts at https://www.cyberdefensewebinars.com. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

From the international point of view on cybersecurity matters, we 

close out 2020 with both relief and expectation. I’m pleased to 

observe that there appear to be deliberate efforts to achieve 

international cooperation in our space. That includes mindfully 

moving beyond COVID concerns and implementing cybersecurity 

measures on a more generalized and cooperative basis. 

One aspect will remain consistent: the need for both coordination 

and compliance measures in the international arena. The farreaching 

threats neither know nor respect national borders. Recent 

reports show even the organizations specializing in cybersecurity 

services are not immune from hackers. 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2020, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

From the international perspective, we continue to hope that in our 

world of cybersecurity and privacy, there may be room for both 

national and global interests. 

As always, we encourage cooperation and compatibility among 

nations and international organizations on cybersecurity and 

privacy matters. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

8+ YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CYBERDEFENSEMEDIAGROUP.COM 

MAGAZINE TV RADIO AWARDS 

WEBINARS 



Welcome to CDM’s December 2020 Issue 

From the U.S. Editor-in-Chief 

Just a few months ago, I wrote in this space about the prospects for entering a period of the 

“New Normal.” At the time, it appeared (to me, at least) that the prospects were fairly remote; 

that is, until we could establish some degree of stability, the concept of “normal” would be 

elusive. 

As I write this message today, I’m pleased to observe that our contributors and commentary 

indicate that the responses of the cybersecurity community are effectively establishing a “New 

Normal” for both organizations and infrastructure. 

For example, one observation reflects the magnitude of challenges in migrating from “5000 

workers in one place to workers in 5000 places.” 

Clearly, the process of normalizing won’t return us to the old patterns of cybersecurity. But the 

new ones appear to be coming to the fore in an informed and professional manner. 

As in past issues, let me suggest reviewing the Table of Contents first, so you can prioritize 

reading the articles which most closely pertain to your own cybersecurity concerns. (I make this 

suggestion with full confidence that all of the articles have value to all of our readers, just to 

differing degrees.) 

With that introduction, we are pleased to present the December 2020 issue of Cyber Defense 

Magazine. 

Wishing you all success in your cyber security endeavors, 

Yan Ross 

US Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, 

Yan addresses risk management in the areas of identity theft, privacy, 

and cyber security for consumers and organizations holding sensitive 

personal information. You can reach him via his e-mail address at 

yan.ross@cyberdefensemediagroup.com 





















Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those 

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep 

understanding of your web application vulnerabilities, how to prioritize them, and what to do about 

them. With this trial you will get: 

An evaluation of the security of one of your organization’s websites 

Application security guidance from security engineers in WhiteHat’s Threat Research Center 

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well 

as share findings with internal developers and security management 

A customized review and complimentary final executive and technical report 

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/ 

PLEASE NOTE: Trial participation is subject to qualification. 

















Securing the Hybrid Workforce Begins with Three Crucial 

Steps 

By Rick Vanover, Senior Director of Product Strategy, Veeam 

It is clear that remote working is here to stay. According to a survey conducted by Bayt.com, a leading 

job site in the Middle East, 90% of professionals in the Middle East and North Africa (MENA) region 

expect remote work to increase over the next few years and 74% of professionals prefer jobs that allow 

them to work remotely. The shift to a remote workforce has redefined the way organizations structure 

their business models. As executives reestablish work policies to accommodate remote employees well 

beyond the initially anticipated duration, a new era of work will emerge: the hybrid workforce, one more 

largely split between office and remote environments. While this transition brings a wave of opportunity 

for organizations and employees, it also opens new doors for bad actors to capitalize on strained IT 

departments who have taken on additional responsibility to ensure sensitive data remains secure, 

whether on or off the corporate network. 



While threats to company data range in attack method, ransomware continues to be the most prominent 

risk known to organizations worldwide, with a 41% increase in 2019 alone. According a recent study by 

Sophos, 49% of the organizations surveyed in UAE mentioned a ransomware attack in the last year. In 

July this year, researchers at cybersecurity firm Palo Alto uncovered a strain of ransomware that hit 

government-run organizations in the MENA region 1 . It’s important that companies focus on 

acknowledging this threat and deploying strategies to prepare, defend and repair incidents, before 

adapting to a hybrid workforce model. This process will prevent organizations from falling victim to attacks 

where data loss or ransom payment are the only unfortunate options. To win the war on ransomware, 

organizations should incorporate a plan for IT organizations that ensures they have the resilience needed 

to overcome any attack. Let’s explore three crucial steps for ransomware resilience in more detail. 

Focus on education first, avoid reactive approaches to threats later 

Education – beginning after threat actors are identified – should be the first step taken on the path towards 

resilience. To avoid being caught in a reactive position, should a ransomware incident arise, it’s important 

to understand the three main mechanisms for entry: internet-connected RDP or other remote access, 

phishing attacks and software vulnerabilities. Once organizations know where the threats lie, they can 

tactfully approach training with strategies to refine IT and user security, putting additional preparation 

tactics in place. Identifying the top three mechanisms can help IT administration isolate RDP servers with 

backup components, integrate tools to assess the threat of phishing attacks to help spot and respond 

correctly, and inform users on recurrent updates to critical categories of IT assets, such as operating 

systems, applications, databases and device firmware. 

Additionally, preparing how to use the ransomware tools in place will help IT organizations familiarize 

themselves with different restore scenarios. Whether it be a secure restore process that will abort when 

malware is detected or software that can detect ransomware ahead of restoring a system, the ability to 

perform different restore scenarios will become invaluable to organizations. When an attack does 

happen, they will recognize, understand and have confidence in the process of working towards recovery. 

By taking the education aspect of these steps seriously, organizations can decrease the ransomware 

risks, costs and pressure of dealing with a ransomware incident unprepared. 

Implement backup solutions that maintain business continuity 

An important part of ransomware resiliency is the implementation of backup infrastructure to create and 

maintain strong business continuity. Organizations need to have a reliable system in place that protects 

their servers and keeps them from ever having to pay to get their data back. Consider keeping the backup 

server isolated from the internet and limit shared accounts that grant access to all users. Instead, assign 

specific tasks within the server that are relevant for users and require two-factor authentication for remote 

desktop access. Additionally, backups with an air-gapped, offline or immutable copy of data paired with 

the 3-2-1 rule will provide one of the most critical defenses against ransomware, insider threats and 

accidental deletion. 

1 

https://www.cyberscoop.com/ransomware-thanos-middle-east-palo-alto_networks/ 



Furthermore, detecting a ransomware threat as early as possible gives IT organizations a significant 

advantage. This requires tools in place to flag possible threat activity. For endpoint devices displaced 

remotely, backup repositories that are set up to identify risks will give IT further insight into an incredible 

surface area to analyze for potential threat introduction. If implementations don’t prohibit attacks, another 

viable option is encrypting backups wherever possible for an additional layer of protection – threat actors 

charging ransom to prevent leaking data do not want to have to decrypt it. When it comes to a 

ransomware incident, there isn’t one single way to recover, but there are many options aside from these 

that organizations can take. The important thing to remember is that resiliency will be predicated on how 

backup solutions are implemented, the behavior of threat and the course of remediation. Take time to 

research the options available and ensure that solutions are implemented to protect your company. 

Prepare to remediate an incident in advance 

Even when there are steps in place that leverage education and implementation techniques to combat 

ransomware before an attack hits, organizations should still be prepared to remediate a threat if 

introduced. Layers of defense against attacks are invaluable, but organizations need to also map out 

specifically what to do when a threat is discovered. Should a ransomware incident happen, organizations 

need to have support in place to guide the restore process so that backups aren’t put at risk. 

Communication is key, having a list of security, incident response, and identity management contacts in 

place if needed – inside the organization or externally – will help ease the process towards remediation. 

Next, have a pre-approved chain of decision makers in place. When it comes time to make decisions, 

like whether to restore or to fail over company data in an event of an attack, organizations should know 

who to turn to for decision authority. If conditions are ready to restore, IT should be familiar with recovery 

options based on the ransomware situation. Implement additional checks for safety before putting 

systems on the network again – like an antivirus scan before restoration completes – and ensure the right 

process is underway. Once the process is complete, implement a sweeping forced change of passwords 

to reduce the threat resurfacing. 

The threat that ransomware poses to organizations both large and small is real. While no one can predict 

when or how an attack will happen, IT organizations that have a strong, multi-layered defense and 

strategy in place have a greater chance for recovery. With the right preparation, the steps outlined here 

can increase any organization’s resiliency – whether in office, remote or a combination of the two – 

against a ransomware incident and avoid data loss, financial loss, business reputation damage or more. 



About the Author 

Rick Vanover (MVP, vExpert, Cisco Champion) 

is the director of Technical Product Marketing & 

Evangelism for Veeam Software based in 

Columbus, Ohio. Rick's IT experience includes 

system administration and IT management; with 

virtualization being the central theme of his 

career recently. 

Rick can be reached online at 

(rick.vanover@veeam.com) and at our company 

website https://www.veeam.com/ 



Top 10 Data Breaches of the 21st Century 

This article looks into the biggest data breaches of the 21st century (so far!). 

By Nicole Allen, Marketing Executive, SaltDNA. 

This article looks into the biggest data breaches of the 21st century (so far!). We thought we’d do it as a 

countdown to the top breach by looking primarily at the number of impacted users. Of course there is 

more to it than the number of users impacted as there is usually a huge reputational and financial cost 

associated with each breach. 

In today’s world user data is a highly valuable currency. The most powerful companies in the world are 

the digital giants that monopolise data, prompting ongoing conversations about antitrust legislation and 

digital privacy. 

Companies that contained a breach in less than 30 days have saved more than $1 million compared to 

those that took more than 30 days, according to IBM. Not long ago, it would have been big news that a 

breach exposed the privacy of a few million individuals. Breaches which affect hundreds of millions or 

even billions of people are now way too common. 

Have a read through these whoppers and let us know what you think! 

10. Yahoo (2013-2014) 

Impact: 3 million - 1 billion user accounts 

Yahoo announced in September 2016 that in 2014 it had fallen victim to what at that time would be the 

biggest data breach in history, whilst in sales talks with Verizon for its core site service. This caused 

Yahoo to knock $350 million off their sales price to Verizon. The attackers, which the company believed 

were “state-sponsored actors”, comprised names, email addresses, telephone numbers, date of birth, 

passwords and encrypted security questions. Following these attacks in December 2016, Yahoo 



disclosed another breach by a different attacker. This time taking email addresses, names, date of births 

and passwords of 1 billion user accounts. As a result of reputational damage, Yahoo changed their name 

to ‘Altaba Inc’. 

9. Target (2013) 

Impact: 40 million consumers 

Retailer, Target, reported a data breach in December 2013 and stated that the credit and debit card 

numbers as well as the full names, addresses, email addresses and telephone numbers of about 40 

million consumers were stolen after hackers obtained access to Target's point of sale payment card 

readers from a third party HVAC vendor. 

The CIO and CEO of Target both stepped down, and the company projected the breach cost them at 

least $162 million. 

8. Uber (2016) 

Impact: 57 million Uber users and 600,000 drivers’ PII compromised 

Uber became aware that the names, email addresses and mobile phone numbers of 57 million Uber app 

users and driver licence numbers of 600,000 Uber drivers had been stolen by hackers. Uber’s handling 

of the crisis made it particularly noteworthy: they waited for almost a year before officially admitting the 

intrusion and offered $100,000 to criminals to delete the data in such a manner that no verification could 

be made. 

At this time, Uber claimed it was a ‘bug bounty fee’, however soon after this news was released, they 

fired their CSO. The relatively misuse of $100K (mice nuts for Uber) massively understates the impact 

this breach and its poor handling had on the company’s reputation. 

7. Capital One (2019) 

Impact: 106 million bank customers and applicants. 

As one of the largest banks in the US, Capital one experienced a data breach in March 2019 which 

exposed the personal information of nearly 106 million customers and applicants. The breach resulted in 

a hacker gaining access to personal information related to credit card applications from 2005 to early 

2019. The hacker was revealed as Paige Thompson, who used to work as a software engineer for 

Amazon Web Services, the cloud hosting company that Capital One was using. According to the US 

Department of Justice, Thompson broke into the server and gained access to 140,000 social security 

numbers and 80,000 bank account numbers. 

According to Capital One, they fixed the issue immediately and those whose information was affected 

were offered ‘free credit monitoring and identification protection’. Morgan Stanley estimated Capital One 

could face between $100 to $500 million in U.S fines. 

As a result of the well publicised breach, Michael Johnson, former Chief Information Security Officer, was 

demoted from his position within Capital One 4 months after the major data incident. 



6. Equifax (2017) 

Impact: 143 million customers personal information and credit card data of 209,000 customers. 

Equifax, one of the biggest US credit bureaus, confirmed in September, 2017 that a flaw in an application 

on one of their platforms contributed to a data leak that could impact around 40% of the US population. 

The violation was found on July 29 2017, although the organisation suggested it had actually started in 

mid-March. The breach compromised the personal information of 143 million consumers (including social 

security numbers, birth dates, addresses and in some cases driver's licence numbers). It is known that 

209,000 customers had their credit card information leaked. 

Equifax failed for a number of lapses in safety and response. Chief among them was that the vulnerability 

of the application which allowed access to the attackers was unpatched. Inadequate segmentation of the 

system facilitated lateral movement for the attackers i.e. once they were in - it was way too easy for them 

to get access to the other elements of the system. 

5. eBay (2014) 

Impact: 145 million users 

eBay was the victim of a breach of encrypted passwords between February and March 2014. This 

resulted in ebay forcing all of its 145 million users to reset their passwords. To control this cache of user 

info, attackers used a small collection of employee passwords. 

The compromised information contained encrypted passwords and other sensitive records, including 

names, e-mail addresses, addresses, phone numbers and dates of birth. After a month-long investigation 

by eBay, the breach was disclosed in May 2014. What is unique about this incident is that the hacking 

had hardly any effect and their CEO stated they only saw “a small decline in user activity”. 

4. Adobe (2013) 


As security blogger Brian Krebs wrote in early October 2013, Adobe initially announced that hackers had 

stolen approximately 3 million encrypted consumer credit card information, plus login details for an 

undetermined amount of user accounts. Later that month, Adobe raised that estimate for 38 million "active 

users" to include IDs and encrypted passwords. Krebs reported that a file posted just days earlier 

"appears to include more than 150 million Adobe usernames and hashed password combinations". 

An agreement in August 2015 called on Adobe to compensate court costs of $1.1 million and an 

unspecified sum on customers to resolve charges for violation of the Customer Records Act and 

discriminatory market practices. The sum payable to the customers was listed at $1 million in November 

2016. 

3. Marriott International (2014) 


In November 2018, Marriott International revealed that attackers had stolen around 500 million customers 

data. The breach originally occurred on Starwood Hotel brand support systems starting in 2014. When 



Marriott bought Starwood in 2016 the perpetrators stayed in the network and incredibly were not found 

until September 2018. A combination of contact details, passport numbers, Starwood Preferred Guest 

numbers, travel details, and other sensitive information was taken by the attackers. 

It was thought that the credit card numbers and expiration dates of more than 100 million customers were 

stolen, but Marriott was uncertain whether the credit card numbers could be decrypted by the attackers. 

According to a report in the New York Times, the hack was eventually traced to a Chinese security agency 

trying to collect data on US civilians. 

2. Facebook (2019) 

Impact: 540 million users data was exposed to the internet 

Facebook allowed two apps to access it’s users data stored personal information on insecure servers 

without putting security measures in place. It was discovered by Amazon Web Service that a Mexican 

digital publisher, Cultura Colectiva, had uploaded the user's Facebook ID, comments, likes, reactions 

and account names. Facebook and Amazon worked together to remove both sets of data. A further 419 

million phone numbers connected to Facebook profiles were identified digitally through geographies in 

September 2019, including: 133 million records on Facebook located in the USA, 18 million in the UK 

and 50 million records in Vietnam. 

The event placed consumers at risk for spam calls and sim switching threats as a consequence of an 

intruder being able to change a user's password while they have their phone number. These cases react 

quickly to the rising pressure on Facebook by British and US authorities after the Cambridge Analytica 

controversy. 

1. WhatsApp (2019) 

Impact: 1.5 billion users worldwide 

WhatsApp suffered a highly advanced cyber attack on 14 May 2019 that compromised its messaging 

network to deliver ransomware to a multitude of users' mobile devices. The Guardian reported that the 

assault affected 1.5 billion people, and that the breach was a "significant infringement of rights." 

WhatsApp then filed a complaint in the US court in October 2019 attributing the attack to a spyware 

company called NSO group, an Israeli company called Cyber Weapons. The software of the NSO group, 

pegasus, has the potential to capture personal and confidential data from a specific device, such as: 

reading messages, browsing contacts, and accessing cameras and microphones. 

Data breaches are hard to recognise, costly to fix and inflict reputational harm that certain businesses 

can not recover from. However, considering the importance of the data and the inevitability of cyber crime, 

the most that businesses can do to minimise the consequences of an infringement is to adopt a robust 

risk control strategy for identification, mitigation, and contact after a data breach. 

For more information on this article, or to talk to a member of the SaltDNA team, please contact us on 

info@saltdna.com. 



About SaltDNA 

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software 

solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered 

encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for 

Organisations who value their privacy, by giving them complete control and secure communications, to 

protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more 

information visit SaltDNA 


Nicole Allen, Marketing Executive at SaltDNA. Nicole completed 

her university placement year with SaltDNA, as part of her degree 

studying Communication, Advertising and Marketing at University 

of Ulster. Nicole worked alongside her degree part time during her 

final year and recently started full time with the company having 

completed her placement year with SaltDNA in 2018/19. 

Nicole can be reached online at (LINKEDIN, TWITTER or by 

emailing nicole.allen@saltdna.com) and at our company website 

https://saltdna.com/. 



Why Organizations Need to Reduce Friction to Manage 

Remote Work Environments 

The business world has changed and managing your endpoints is more important than ever 

By Jay Goodman, Strategic Product Marketing Manager, Automox 

The business world has changed and many of the resulting adjustments, like remote work, are here to 

stay. Keeping your teams healthy and safe during this period is a top priority, as is making sure their 

remote endpoints are managed and secure. But with these changes come a list of concerns and issues 

that many organizations just are not ready to address, sometimes highlighting legacy support policies 

and even out-of-standard technological needs. 

According to a 2018 survey, 90 percent of IT professionals believe their remote workforce poses a 

security risk, and 36 percent reported that a remote employee was the cause of a security incident. Two 

years later, as we've all been forced into remote work situations, the friction of everyday management of 

the full enterprise has increased, putting a strain on the IT and support staff as well as the users. 



So how can we address common areas of friction in endpoint management as well as ways to identify 

pain points in an environment? 

For starters, we must move beyond the friction that exists in legacy infrastructures. 

The Remote Architecture 

Why do we need heightened awareness during this new normal? Simply put, the legacy remote 

architecture was never designed for these problems and realities. Remote work used to be an 

accommodation, rather than a permanent situation. 

Endpoints within the traditional confines of the office were easily protected between firewalls and 

gateways, and easy to access for IT teams to carry out general maintenance such as software support, 

patch management and enforcing IT policies. When those critical systems move beyond the office walls, 

things get complicated as general visibility is lost. Layers of access control and security are established 

for a reason, but they were not designed for a remote company. 

Embracing a Modern Approach 

Alongside digital transformation comes pressure on IT teams to keep pace with the rapid speed of 

business. However, legacy patching tools are particularly prone to shortcomings for supporting remote 

workers, leading to potentially poor experiences for end users or something even worse, like the 

acceptance of having a vulnerable attack surface. 

Endpoint device management tools are a core part of protecting an increasingly remote workforce. IT 

admins require reliable remote access to endpoints and devices in order to maintain and patch while 

minimizing user disruption. Your IT strategy should be investing in this area to thrive in the new normal. 

Good Cyber Hygiene is a Must 

Cyber hygiene for remote work requires IT staff to have a detailed inventory of their endpoint security, as 

well as full visibility over the patch status of those endpoints. Remote devices need to be secured against 

threats, just like an organization’s equipment that is located within a company office. An unpatched 

endpoint is a cybersecurity risk, no matter where it is located. 

Every one of us has had to adapt to this environment within the past seven months, and while it’s 

presented significant challenges to almost every business, it has also provided an opportunity for 

organizations to recognize the benefits of applying more efficient and secure ways to operate. 

Fortunately, we have new solutions and technologies that can help organizations get a jump start to 

modernize their systems in order to seamlessly go remote and stay protected. Endpoint management 

tools provide a management interface to simplify or automate deployment, patching and configuration 



management of managed devices – which reduces the burden on IT operations – especially during this 

unclear time of remote work. 

The global COVID-19 pandemic will not be the last business-disrupting event to occur, so it’s important 

to start implementing the right tools for the future of work now. Organizations need to react to these 

scenarios in a way that ensures an outcome where they come out stronger and more resilient each time. 

Rather than putting reactionary band aids on problems, make the investments that show you’re planning 

towards the future, and that future is one that seamlessly supports remote and hybrid work models. 


Jay Goodman is the Strategic Product Marketing 

Manager of Automox. He is a product marketing 

expert and intelligence consultant with experience 

working with Fortune 500 companies and startups 

alike. Jay joined Automox in 2019 and is responsible 

for the messaging and intelligence gathering 

functions within the company. Previously, Jay was a 

Product Manager for McAfee and an avid participant 

in the cybersecurity and competitive intelligence 

communities. 

Jay can be reached online at (automox@famapr.com, @AutomoxApp, etc..) and at our company website 

https://www.automox.com/ 



Cybersecurity: Innovation Needed 

Managing Complexity and Consistency, and Giving Users the 

Simplification, Automation and Security They Want. 

By Laurence Pitt, Global Security Strategy Director, Juniper Networks 

Innovation is at the heart of cybersecurity – both because cybersecurity professionals are inherently 

curious by nature and because threat actors are continually innovating and evolving their attack 

approaches and the exploits themselves. Nonetheless, the last several months have demonstrated the 

need for change and new directions of innovation. 

A recent presentation by cybersecurity specialist Robert Hannigan examined the great work from home 

migration and the changes it’s driven. He examined some interesting phenomena, such as how Security 

Operations Centers (SOCs) are experiencing a drop in the number of alerts – but not because volumes 

have reduced. Rather, it is because alerts have moved beyond their purview on the corporate network. 

Today, we’re assuming that many of what would formerly be SOC issues are instead sitting on home Wi- 

Fi. 

Threat actors understand this and are exploiting it actively. Some of the early confusion caused by contact 

tracing applications and COVID packages gave them early and easy entry points for data theft and 

ransomware, as well as phishing schemes that played on emotions with “must click” links purporting to 

offer information on COVID-19 spread and governmental stimulus programs. Instead, these dropped 

malicious payloads. In the most recent shifts, we’re seeing scammers targeting online shoppers looking 

for pre-Black Friday deals, as well as bored home workers seeking free (but illegal) downloads of 

television shows and movies. 

As we move into this mid- and post-pandemic world with remote and in-office work blending, what must 

organizations consider, in order to sustain data and application security and privacy while still considering 

the best user experience? How does remote work change the security stack mix? And what’s still 

missing? 



Experience Must Come First 

These questions take us beyond initial inquiries about connection speeds that, until only recently, 

dominated remote work conversations but are now taking a backseat to blended remote work/in-office 

security. More timely questions include: What do VPNs protect or leave exposed? What needs to happen 

next? 

Experience is an important, if subjective, metric. It helps us frame and prioritize issues around user 

access, usage and interaction with business-critical applications and services, shifting our thinking on 

necessary protections. Our job has not fundamentally changed, but the factors we must recognize and 

compensate for have expanded, just as much as have the “how” and “where” of our daily interactions. 

A good experience makes users more loyal to and comfortable with the applications they depend on. 

Without a good experience, it is all too easy for a competitor to redirect users with a few simple clicks, 

showing the potential of a shinier, more responsive alternative. Think about your smartphone, as an 

example. We all download new applications every week or so, looking for a tool to simplify a task in our 

lives. But if that app doesn’t prove its worth or is cumbersome from the start, a new app quickly replaces 

it and is readily available on the app stores. 

What Users Want: Simplification, Automation and Security 

Talking to users about their experiences helps in sorting through what works and what does not. 

Understanding how they prioritize activities will help you pull this insight into the context of delivering 

services and applications for a modern enterprise. 

1. They want to simplify their environment to deliver a slicker customer experience, which can often be 

achieved simply by maximizing existing investments in technology. 

2. They are leveraging data and analytics for automation of tasks, giving time back to the IT team with a 

focus on innovation rather than management. 

3. They need to secure what they have with effective data usage and automation to ensure consistency 

and reduce false positives. 

Managing Complexity and Consistency 

A frequent theme among customer requests centers around reducing complexity and making more from 

existing investments, while overcoming the daily struggles of too many management interfaces, sites and 

overlapping technologies. The hurdles are not only technical, but also staff-related in ensuring specialists 

are well-trained in their roles. 

How can things be made simpler? Talk to users and consider ways to streamline activities. Automation 

rules could dynamically change traffic behavior or routing to make sure that services are correctly 

prioritized and delivered for users. For more granular but consistent control, multi-tenant options would 

make a good conversation. It provides role-based management at different levels, reducing individual 

workloads yet still maintaining overall control of the environment. 



Remote Possibilities – Funding the Work from Home Migration 

So, what about remote users? For the IT team, this has meant an increased workload. They have moved 

from managing a small number of remote users to dealing with hundreds or thousands of remote users 

acting as ‘micro-branches.’ 

For many users, the experience at home is not an issue, but it certainly is one for organizations whose 

remote workers need access to sensitive data or real-time systems. Those users will be using the same 

Virtual Private Network (VPN) client as everyone else to achieve this and it is no longer suitable. A VPN 

punches a big hole in the side of the network, allowing users access but also leaving gaps at the edge 

for attackers to sneak in. It protects only data in transit, leaving much else exposed. 

Instead, organizations should look at the latest technologies which extend the corporate network into the 

home. It’s past time to give home workers the exact same high levels of reliability they had when working 

exclusively in the office (henceforth to be referred to as “the good old days”), but with the benefits of 

management, security and visibility for the IT team. All are ensuring the best and most secure user 

experience. 

Funding Investments 

Employees quickly embraced working from home as a benefit, with many now saying they would prefer 

to remain fully remote. Others want to sustain partial remote work, even while they are now reentering or 

looking to reenter office environments. 

There is a potential cost saving here, as organizations look to shave real estate costs through hot-desking 

and smaller offices as options instead of allocated per-user spaces. Rather than reincorporating these 

savings into the bottom line, they should be reallocated towards new and innovative ways of improving 

overall user experience across the business. 

Of course, the business will want proof of the return from any new investment and cybersecurity ROI has 

always been a challenging topic. Nonetheless, the result of the sensible investment will be happy and 

loyal users, reliable and innovative services and measurable business and competitive benefits for the 

organization. 


Laurence Pitt is the Global Security Strategy Director of Juniper 

Networks. He is passionate about technology, particularly cyber 

security. His depth and breadth of knowledge of the dynamic security 

landscape is a result of over twenty years’ experience in cyber 

security. He understands the security concerns businesses face 

today and can bring insight to the challenges they will face tomorrow. 

Laurence joined Juniper Networks in 2016 and is our senior security 

specialist in EMEA. Security throughout the network is a key area 

where Juniper Networks can help as business moves to the cloud 

and undertakes the challenge of digital transformation 

Laurence can be reached on Twitter at @LaurencePitt and at 

https://www.juniper.net/us/en/ 



The Future of Security Is on The Hardware 

The Virtualization Revolution Removes Security Onus From Users by Leveraging New Hardware- 

Powered Approach 

By Ian Pratt, Global Head of Security, HP 

Today’s threat landscape is constantly evolving, and the COVID-19 pandemic has created even more 

opportunities for cybercriminals, as the attack surface widens. Thriving darknet marketplaces are making 

it easier than ever to launch timely campaigns, so whenever there is a new opportunity, cybercriminals 

are quick to look for ways to exploit it. This ability to move quickly and innovate means organizations can 

no longer rely on looking for known threats, making it harder than ever to detect threats in real-time and 

putting organizations at risk. This is why it’s vital that we reinvent our approach to security so that 

organizations can stay a step ahead of hackers. But where to start? 

Detection alone is no longer enough 

Modern cybercrime is well-funded and well-resourced, and has become a professional, commoditized 

industry worth more than $680 billion. Cybercriminals are rapidly adopting new models, technologies, 



and techniques, innovating at pace to create new threats to bypass detection-based security and break 

into critical IT systems. Detection is often evaded using polymorphic malware, and occasionally even 

zero-day exploits may be deployed, but many simple approaches are very successful too. For example, 

in October, HP identified a large-scale TrickBot campaign using Microsoft’s ‘Encrypt with Password’ 

feature. This helped malicious documents slip past network security and behavioural detection tools, as 

the malware was only deployed if users entered the password sent in the phishing email. 

Detection-based security tools not only suffer from frequent false negatives, but also generate copious 

noise due to false positives that have to be triaged. In fact, research shows that some SOC teams are 

receiving over 10,000 alerts per day, which they must sift through to find true threats. This can result in 

alert fatigue, meaning threats to the business can be missed. Once hackers have bypassed defences, 

the clock really starts ticking as they will use their initial point of compromise to move laterally to other 

systems, often by obtaining credentials, whereupon they can insert backdoors, exfiltrate data, destroy 

backups, and crypto-lock data. 

Should users really be your last line of defence? 

The other challenge that organizations face is that the main target for attacks is most often endpoints, or 

more specifically, the users of those devices. Security tools are meant to protect users – firstly, by 

ensuring that malicious links and files do not make it into their inbox or browser in the first place, and 

secondly, by detecting malicious content when a user clicks on it. However, once again this relies on 

technology’s ability to detect and stop malicious actors in real-time, which as explained above, is 

inevitably prone to frequent failure. 

As a result, users are still finding themselves having to act as a last line of defence against increasingly 

sneaky attackers. 2020 has already seen a 176 percent increase in malicious Microsoft Office files, while 

hackers have also been using the COVID-19 pandemic as a lure to infect users; for example, through 

fake notifications from government agencies or reports on new treatments, tricking them into clicking on 

malicious files or links. User education can only take things so far; eventually, someone will unwittingly 

expose the company to compromise – and more worryingly, most of them will not even know they have 

been compromised at all. 

Security needs to be built from the ground up 

It’s time to reinvent how we approach security, by building it in from the chip up. Key to this is making the 

shift to a protection-first model, one that doesn’t rely on detection but instead uses sound security 

engineering practices – such as fine-grained isolation, the principle of least privilege (PoLP), and 

mandatory access control. This approach is embodied in micro-virtualization, where risky workloads – 

such as opening web links, downloads and attachments – are performed within hardware enforced micro- 

VMs (virtual machines), isolated from the rest of the device or network. This way, it doesn’t matter if a 

document or web page is riddled with malware, because the hacker has nowhere to go, nothing to steal 

and no way to persist. This means users can go back to their day jobs and click with confidence. 

By isolating key attack vectors – such as browsers, email and downloads – organizations are able to 

drastically reduce their attack surface, as all the most common avenues to compromise endpoints 

become dead-ends. Furthermore, when threats are executed within micro-VMs, the full kill-chain of the 

attack is captured into a detailed ‘flight recorder’ trace, providing the security operations centre (SOC) 

team with rich, high fidelity threat intelligence and indicators of compromise (IOCs) that can be used to 

help defend other systems. 



It’s time to do things differently 

Incremental innovation in security is failing to disrupt threat actors. A new, hardware-powered approach 

is needed that stops putting the burden of security on users by isolating threats, ensuring they cannot 

infect PCs or spread through corporate networks. This is just the tip of the iceberg and marks the 

beginning of a virtualization revolution in security, where users no longer fear opening links and 

attachments, and organizations can let their teams focus on their day jobs without worrying about making 

security mistakes. 


Ian Pratt is Global Head of Security for Personal Systems at HP Inc. 

He heads a new security business unit that is building on HP's 

strengths in hardware, systems software, ML, and its ability to deploy 

at massive scale, to create industry-leading endpoint security solutions 

that are deployed on millions of machines and used by some of the 

most security-conscious organizations in the world. 



Responding to Security Incidents with Behavior Analysis 

By Jeff Stein, Information Security Architect, Reputation.com 

When dealing with security incidents, time is critical in an effective response effort. Very often, the amount 

of data and sources which need to be reviewed to make an informed decision on what has occurred, as 

well as the steps to take in response to the situation, can be overwhelming. Utilizing behavior analysis 

with your security incident response process can provide invaluable insight and aid in building a deeper 

understanding into the scope of an incident. 

At a high level, a security incident exercise is a response to attacks, which compromise computer, 

systems or organizational data. Proper analysis of data in a security incident helps to minimize loss of 

information and disruption of services. As outlined by NIST SP 800-61, the NIST guidance related to 

incident response comprises a number of key phases and steps, with each phase in the process leading 

to the next. Depending upon the outcome of your response effort, the process provides the ability to 

reiterate on prior steps as the incident is handled. 

NIST specifies four major phases included in this process. However, once an event is underway, the 

steps begin with the detection of a potential security incident. There are additional phases of the process 

whereas with the detection phase, you are actively engaging with the live incident. These steps include 

the actual response and mitigation of the issue, also known as containment and eradication. 

There are also post-incident phases such as recovery and longer-term remediation of the root cause of 

the incident. The remediation of an event is done to ensure that a similar situation does not arise from 

the same origins where the same attack targets the affected systems again. When looking at behavior 



analysis through the lens of a security incident, the subject matter can be utilized at each phase during 

the incident response. 

In my experience working security incidents, I have used behavior analysis as an enabler to find additional 

data points quickly in order to make informed decisions on how to execute a response appropriately. 

Behavioral analysis is a data-oriented approach to review trends associated with a sub-set of activities 

done by a group such as users or systems proactively. Building a model from the data allows you to infer 

certain characteristics as well as potential future actions of the group under review. While the approach 

has many business functions it also provides benefit when used in information security. Key in leveraging 

behavior analysis with security incidents is to identify important sources of data to your investigation. 

Some sources will be very common such as user, network or machine activity logs, while others will be 

unique to the circumstances related to your event and organization. 

Once you have identified your data, the behavior trends you see will help guide the investigation. One 

pitfall I have found is in issues with the uniformity of the data, where patterns do not obviously arise. To 

overcome this and effectively use behavior analysis, you must ensure you have a large enough sample 

size to produce accurate data. If your size is too small, the range of activity between your standard 

deviations can be very broad, resulting in a lack of patterns as highlighted above. 

I have also found additional use for behavioral analysis in the preparation and post-incident phases of 

the security incident lifecycle referenced in NIST SP 800-61. All of the data sources utilized during the 

incident response can be combined with the characteristics of a fully identified, root cause of the event. 

The outputs then lead to behavioral analysis being used to create dashboards and alerts based upon the 

known information identified during the security event. Behavioral analysis can also go a step further in 

not only alerting on the known information identified during the security event, but also finding new trends 

from previously unknown data. This is done by combining it with the same set of known markers, to root 

out future incidents before they happen. 

In other words, behavioral analysis can help you identify your expected trends in any number of security 

domains and highlight anything, which deviates a certain degree from those behaviors. In my experience, 

leveraging behavioral analysis in this fashion can advance the maturity of your security program by 

establishing a foundation for a threat-hunting program. By combining the behavioral analysis established 

through your incident response with threat intelligence resources, you can be more fully prepared to 

detect advanced attacks against an organization. 

In conclusion, leveraging behavior analysis can significantly improve the overall process and outcome 

related to incident response. The subject can be used to not only help identify issues with a known 

security incident but also help predict events before they occur. By embracing behavioral analysis with 

your security incident response process, you can elevate the maturity of your security program and 

proactively protect the enterprise from unknown threats rather than taking a reactionary stance. 




Jeff Stein, is currently the Information Security Architect at 

Reputation.com, an industry leader in online reputation 

management and a Pluralsight author educating learners on topics 

in information security. His prior experience includes the FinTech 

space and both the United States House of Representatives and 

the United States Senate. In addition to holding numerous security 

and IT certifications, including his CISSP, he received a Master of 

Science in Information Security and Assurance from Western 

Governors University. Jeff can be found online on his blog, 

https://www.securityinobscurity.com and reached at both 

jeff@sioblog.net or on twitter at @secureobscure and at our 

company website https://www.reputation.com and on twitter at 

@Reputation_Com. 



Learning Hardware Security Via Capture-The-Flag 

Competitions 

By Jason M. Fung, Offensive Security Research Manager at Intel 

Software security has been studied by many for decades. As attackers find new ways to break through 

protections, defenders learn and harden their design accordingly. As it becomes increasingly challenging 

to find low hanging fruit in the software layer, attackers naturally move down the stack to look for ways to 

compromise systems in the hardware layer. It is paramount for system designers to gain proficiency in 

securing hardware design and stepping up hardware security assurance efforts. 

The good news is that through initiatives driven by the industry and collaboration with academia, we now 

have more resources available to educate hardware designers about secure design and assurance 

practices. The community-driven Hardware Common Weakness Enumeration (CWE) is an excellent 

example of this kind of industry effort. The latest CWE 4.2 release offers a catalogue of 75 commonly 

overlooked mistakes that undermine the security robustness of a hardware design. Each entry includes 

illustrative examples along with guidance for identifying and mitigating the concerns. This valuable primer 

enables designers to methodically learn from the weakness patterns and address relevant gaps in their 

products. 



People acquire and master skills in different ways. Security education through an industry primer works 

well for some, while others may find it easier to harness critical skills through hands-on, collaborative 

effort. 

Capture the Flag (CTF) competitions have always been an engaging tool to help participants learn, 

practice and share hacking skills with one another. Organizers hide secrets, or “flags,” in a target system 

protected by layers of security controls and challenges, while participants compete to find as many flags 

as fast as they can. While traditional CTFs do cover a broad set of targets and skills, hardware design is 

an area that had long been overlooked. 

Solid Collaboration Between Industry and Academia 

Hack@DAC and Hack@Sec are hardware-specific CTF competitions that offer fun and educational ways 

to learn about security mistakes commonly made by hardware designers as they develop complex 

products like System-on-chips (SoCs). The first of their kind in the industry, these CTFs are the result of 

strong industry and academia partnerships, fostered through a long history of successful collaborations. 

A co-organizer of the hardware CTFs, Professor Ahmad Reza Sadeghi leads the System Security Lab at 

Technische Universität Darmstadt in Germany and has collaborated on security research projects with 

Intel for more than a decade. Most recently, he is playing an influential role as the Director of Intel 

Collaborative Research Institute leading a group of international researchers on resilient autonomous 

systems research. 

Professor Jeyavijayan Rajendran runs the Secure and Trustworthy Hardware Lab at Texas A&M 

University. His long-lasting collaboration with Intel started as early as his summer research visit in 2012, 

and it led to his eventual partnership with Intel in launching the inaugural Hack@DAC CTF at the Design 

Automation Conference (DAC) in 2018. 

With a shared vision and passion to raise security capability for the hardware design community, security 

experts from Intel and these partners from academia collaborate to design a hands-on hacking and 

learning experience that effectively enable participants to gain deeper appreciations for the challenges 

involved in designing security robust hardware. To date, more than 150 teams have participated in these 

hardware CTF events. Participants come from diverse backgrounds and domain expertise; from security 

researchers and university students to hardware designers and EDA tool experts from the industry. Many 

that have taken part are convinced that more work needs to be done as an industry, and some were even 

inspired to take on personal missions to lead research and initiatives to make building secure hardware 

easier. 

How Hardware CTF Competitions Work 

Organizers start by taking a sophisticated open-source SoC and hardening it with various industry-like 

security protections, before carefully introducing a series of security vulnerabilities representing various 

Hardware CWEs for participants to find. There are multiple instances of each weakness type throughout 

the design, across a broad range of difficulty levels, to mimic the realistic challenges faced by SoC 

verification teams and appeal to participants with varying expertise. 



The first stage of these competitions is a warmup in which teams have three months to review the SoC 

design and compete to find as many bugs as they can. Participants submit descriptions of the issue, root 

cause, security impact, valid test case or exploit and proposed mitigation. Judges score based on quality 

and completeness. Judges award bonus points to those that create and use automated tools to speed 

up the process. Teams with the highest scores move on to the second round, a live competition during 

which they use their experiences and any tools or techniques developed in the first stage to analyze the 

same buggy SoC design. This time however, the design includes new security protections and a new set 

of security vulnerabilities, and teams only have 48 hours to hack. 

Key Takeaways 

Academic researchers have historically been focused on a niche set of hardware security problems such 

as supply chain risks, physical attacks and cryptographic primitives. While these efforts remain 

significant, the industry can also benefit from research that helps address mainstream challenges, 

including systemic mitigations of common hardware weaknesses, automated detection techniques, 

secure hardware design patterns, and more. Analyzing a buggy SoC forces participants to uncover and 

learn about a wide range of often-overlooked hardware security issues, including misconfigured security 

settings in embedded firmware, faulty access controls enforced by hardware and more. Throughout the 

process, CTF participants learn about the ways logic- and design-related weaknesses can be carelessly 

introduced by hardware designers, as well as the security impact those vulnerabilities can have if left 

unchecked. 

Hardware CTFs offer environments that mirror the pressure and constraints security assurance teams 

often experience in the real world. It helps participants appreciate the practical challenges that might not 

otherwise be obvious to them. Because there are more vulnerabilities inserted into the design than 

participants can find manually in the allotted time, they understand how powerful automated solutions 

can be when it comes to helping organizations become more proactive and productive in secure hardware 

development. The lack of available commercial and open source automation solutions also prompts 

participants to appreciate the critical gaps faced by practitioners that do the work every day. 

Building a Foundation for Better Hardware Security 

By open-sourcing the SoC framework and bug list to the entire industry, we can extend the value of the 

CTF competitions beyond the events. The publicly available infrastructure allows researchers to test and 

benchmark new hardware security scanning tools, develop and demonstrate the values of novel systemic 

mitigations, experiment with secure design patterns, and continue learning about hardware security 

weaknesses. 

As attackers extend their focus to the hardware layer, improved hardware security practices and 

capabilities are imperative. Building robust, secure hardware requires more focus and stronger 

collaboration among industry and academia stakeholders. Hardware CTF competitions offer a fun and 

educational medium through which participants gain firsthand experience of the challenges hardware 

designers face every day. In addition to building critical security skills, participants are often inspired to 

take part in efforts to help the broader community to produce safe, secure hardware that can enrich the 

lives of every person on earth. 




Jason M. Fung is the Director of Academic Research Engagement 

and Offensive Security Research at Intel. He has over two decades 

of experience in product architecture, penetrating testing, pathfinding 

research, risk management and security assurance 

consultation. 



Telegram for Business Communications: Understanding 

The Risks And Rewards 

By Otavio Freire, CTO and Co-Founder, SafeGuard Cyber 

During a virtual panel discussion at the European Central Bank's Forum on Central Banking in November, 

Federal Reserve Chair Jerome Powell noted the pandemic’s economic effect was to accelerate existing 

trends, including the increasing use of technology and automation. “We’re recovering,” he said, “but to a 

different economy.” Indeed, the adoption of cloud-based apps that maximize flexibility and minimize 

friction in business communication is just such a trend. These apps include obvious SaaS infrastructure 

like Microsoft Teams and Slack, but also some more unexpected apps like Telegram. 

The encrypted cloud-based messaging app has been a favorite of disruptive financial services and 

cryptocurrency firms for its simplicity, speed, built-in encryption, and independence from the Facebook 

ecosystem. These disruptive players have adopted chat apps to increase sales agility and 



esponsiveness to clients. Telegram is a powerful tool, but as with any technology: the same features 

that benefit business also present risks. In our recent Digital Risk Survey, 600 senior IT and security 

professionals cited the use of unsanctioned apps as the biggest security and compliance challenge. Here 

we’ll take a look at the top Telegram risks in turn, so you can make a more informed choice about whether 

the app is right for your enterprise. 

Isn't Encryption Sufficient? 

Telegram is widely considered to be one of the most secure messaging apps in the world. It’s accessible 

from mobile, desktop, and has a number of third-party integrations. However, even encrypted chat apps 

are subject to security and regulatory compliance concerns. Telegram can host large groups (up to 

200,000 users) and large file sizes (up to 1.5 GB), making it a robust platform for both internal 

collaboration and building communities among prospects and clients. However, these same features 

expand the threat surface for the following risks: 

● Spear phishing 

● Malware 

● Cyber espionage 

● Data loss 

● Compliance risk 

While the chats may be encrypted, you still need visibility and controls at the message level to protect 

employees, and enterprise/customer data. The first three risks are related, so it’s worth looking at them 

together. 

Spear-phishing, Malware, and Cyber espionage 

As is the case with WhatsApp, Telegram users remain vulnerable to spear-phishing through links and file 

sharing. In Telegram’s large communities, it’s impossible to know everyone. Communities can easily be 

infiltrated by bad actors who share links or files with malicious payloads. This isn’t hypothetical. To date, 

different varieties of malware have targeted Telegram users to steal crypto wallets and conduct 

surveillance. And, more to the point, without controls, it’s difficult to analyze message content to 

understand if softer spear phishing attacks are underway. You don’t always need a link to hook an 

employee. Sometimes a persuasive offer is enough. 

Data Loss 

When it comes to file sharing in the app, risk teams should know what is being shared. Again, with limits 

at 1.5 GB, a lot of data can be leaked, exfiltrated, or even accidently lost to human error. We have talked 

with organizations that lost valuable customer data in other mobile chat apps due to simple copy/paste 

errors! Similar to a network environment, security, compliance, or legal teams need the ability to apply 

policies that stop data from leaving the organization. 



Compliance Risks 

Given Telegram’s popularity with financial services and digital currency traders, regulatory compliance 

poses a clear business risk. A lack of visibility or controls can lead to unacceptable exposure. Users may 

intentionally or accidentally share customer PII or engage in conversations that violate regulatory 

compliance. And, similarly, without an ability to capture content in its native format or archive, financial 

services using Telegram will remain in a corner when it comes to legal readiness. 

How to Enable Telegram Securely and Compliantly 

All of this is not meant to scare you off Telegram. Being scared of new technology is not a sustainable 

business strategy. Here are some things to consider when looking for ways to secure Telegram: 

● As a cloud-based messaging app, you need security and defense at the cloud level. Cloud-tocloud 

defense can help teams mitigate risks or threats before they can transit to devices or into 

corporate networks. 

● The sheer volume and velocity of communication necessitates machine learning to prioritize risk 

detection. 

● Scalability for multiple languages. Telegram is popular in different regions, and it’s unhelpful if you 

can only identify threats in your native language. 

● Cross-device functionality will ensure that security is applied no matter how your employees are 

using Telegram. More importantly, it won’t get in the way. Obstructive security only gives users a 

motivation to seek unsafe workarounds. 

Telegram has given a competitive advantage in sales agility to more innovative and disruptive financial 

services firms. In all things information security, the balance is between risk and reward. Understanding 

Telegram’s risks can help security leaders make better decisions about the app’s suitability to their 

business. 


As the President, CTO, and Co-Founder of SafeGuard Cyber, Otavio 

Freire is responsible for the development and continuous innovation 

of SafeGuard Cyber's enterprise platform, which enables global 

enterprise customers to extend cyber protection to social media and 

digital channels. He has rich experience in social media applications, 

Internet commerce, and IT serving the pharmaceutical, financial 

services, high-tech, and government verticals. Mr. Freire has a BS in 

Civil Engineering, an MS in Management Information Systems, and 

an MBA from the University of Virginia Darden School of Business, 

where he currently serves as a visiting executive lecturer. To learn 

more about SafeGuard Cyber, visit www.safeguardcyber.com. 



How Are Financial Services Firms Addressing the 

Requirements of Digital Transformation, Security, And 

Compliance? 

By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks 

The financial services sector is experiencing significant commercial disruption coupled with rapid 

innovation as established institutions strive to become more agile and meet evolving customer demand. 

As a result, financial services organisations are undergoing rapid digital transformation to meet changing 

customer needs and preferences, and to compete with a new generation of digital-native competitors. 

Hybrid cloud environments play a key role in this strategy, allowing greater speed, flexibility, and visibility 

over application delivery than on-premises data centres while also reducing costs. 

But the move to hybrid cloud introduces new challenges as well. So, as financial services organisations 

plot their strategy for transformation, firms must make critical technical decisions about the clouds and 

form factors best suited to host their hybrid environment. They also need to consider how they will secure 

web applications against evolving threats such as ransomware, data theft, and DDoS attacks through 

measures such as DDoS protection and using a Zero Trust model. At the same time, they must also 

maintain regulatory compliance, governance, and auditability across complex, fast-evolving 

infrastructures. 



To understand more about these challenges, we recently conducted a survey with Gatepoint Research 

involving senior decision-makers to gain insight into the current state of financial services technology and 

the future direction for organisations in this sector. Here are some of the key findings: 

Today’s Financial Services Technology Landscape 

Although financial services businesses are making a steady move to the cloud for application delivery, 

on-premises data centres continue to play an important role. 

While adoption of public cloud infrastructure is strong, with almost half of those surveyed hosting 

applications primarily in the cloud, most respondents (58 percent) continue to rely primarily on their 

private on-premises data centre for application delivery. 35 percent of organisations described their 

environment as a hybrid cloud, though with an emphasis on their own private data centre. This shows 

that even as transformation continues, the traditional data centre remains prominent in the technology 

strategy of financial services organisations. 

That said, the balance between on-premises and cloud infrastructure may well shift soon. When 

respondents were asked about their plans for the coming year, 57 percent of decision-makers reported 

that they intend to move more applications to the cloud. 

Ransomware and PII Lead Security Concerns 

Today, financial services organisations face a broad spectrum of security threats, including many being 

targeted at sensitive customer data. The survey highlighted that organisations’ biggest security concerns 

or consequences were ransomware (57 percent); personally identifiable information (PII) data theft (55 

percent); and phishing or fake sites (49 percent). 

While threats to customers and their data are seen as the highest risk, dangers to the company’s brand 

image and reputation were not far behind. 38 percent of leaders cited concerns about hacking and cyber 

defacement, tied with brand damage and loss of confidence. Nearly as many (37 percent) were 

concerned about DDoS attacks, which can undermine a firm’s perception among customers through 

impaired service quality and customer experience. Meanwhile, insider attacks remain an issue, named 

by 28 percent of respondents, if not quite at the same level as most external threats. 

To address the changing security landscape, many organisations have started initiatives around the Zero 

Trust model, in which traditional concepts of secured zones, perimeters, and network segments are 

updated with a new understanding that a threat can come from anywhere or anyone inside or outside the 

organisation. As of June 2020, 41 percent of respondents had already established a timeline for their 

Zero Trust model initiative with 15 percent having projects currently underway. Still, nearly two-thirds 

have no current plans or initiatives around the Zero Trust model. 

Moving to Improve Flexibility, Agility, Scalability and Security 

Technologies and strategies planned for the coming year reflect a key focus on the competitive 

requirements of fast-paced digital markets. The top-two initiatives included moving from hardware 

appliances to more flexible software form factors and deploying hybrid cloud automation, management, 

and analytics to increase operational efficiency. 



With DDoS attacks a prime concern, 29 percent of respondents planned to deploy or replace an existing 

web application firewall (WAF) or DDoS protection solution. Surprisingly, even several years after the 

introduction of modern Perfect Forward Secrecy (PFS) and Elliptical Curve Cryptography (ECC) 

encryption standards for enhanced security, 29 percent of organisations are only now working to upgrade 

their Transport Layer Security (TLS) capabilities to support these technologies. 

Even as cloud adoption continues to be strong, five percent of decision makers intend to repatriate 

applications from private cloud environments to their private data centre. While not a high number, this 

is not entirely insignificant. Given the diversity of form factors, architectures, and deployment methods to 

choose from, it is important to make sure that the approach fits the organisation’s needs before 

proceeding. 

Addressing the Requirements of Hybrid Cloud and Rising Demand 

Moving forward, decision-makers view capabilities related to risk as especially important for their financial 

platforms. When it comes to the most important capabilities for financial platforms running in hybrid cloud 

environments, regulatory compliance, comprehensive application security and redundancy/disaster 

recovery are top must-haves. 

In addition to the importance placed on redundancy/disaster recovery, many respondents (43 percent) 

named centralised management and analytics as important capabilities. Along with elastic scale for 

variable/seasonal demands (25 percent), this shows a recognition of the requirements to provide effective 

service through redundancy, scalability, and a sound infrastructure. 

Compared with risk-related and operational priorities, cost saw considerably less emphasis in the survey. 

While 28 percent of respondents placed importance on automation for operational efficiency and reduced 

costs, just 18 percent prioritised flexible licensing and pricing. 

Desired Benefits from New Technology Investments 

As they plan new technology investments, decision-makers are motivated foremost by risk reduction— 

far outpacing business factors such as revenue, customer experience, and competitive advantage. 

By a large majority, security was the most likely benefit to spur funding for new technology. Operational 

considerations followed, including operational improvements (65 percent) and cost savings (63 percent). 

Regulatory compliance, emphasised earlier in the survey as a priority for a hybrid cloud requirement, was 

not necessarily top-of-mind in the technology funding stage—but still of high importance (57 percent). 

Revenue generation was named as a highly important benefit by only 35 percent, followed by customer 

satisfaction at 32 percent. Even in an industry undergoing rapid digital transformation, just 32 percent of 

decision-makers cited business advantage from new technology as a prime factor—and only 17 percent 

were moved by the ability to accelerate development speed. 

The results of the survey offer a snapshot of an industry in transition, as decision-makers seek to keep 

control over security and compliance and maintain operational consistency, as they look to tap into the 

agility and scalability of the cloud. It is clear that, while security is important for digital transformation 

initiatives, application delivery and managing multi-cloud environments are of equal importance. Above 

all financial services organisations must maintain their good reputation and ensure customer trust. Firms 



must demonstrate that they are protecting customer assets, providing an ultra-reliable service, working 

with trustworthy partners and reducing risk to the business. 


Ehab has more than 13 years’ experience in the IT industry. Prior to A10 

Networks he worked at security firm Symantec as territory manager for 

enterprise where he was instrumental in driving new business acquision. 

He also held a regional channel leadership position at Blue Coat Systems 

(acquired by Symantec) and regional sales manager position at Sophos. 

The early part of his career was spent at Naizak Distribution Services as 

account manager for several key security vendors. 

Ehab can be reached online at (ehalablab@a10networks.com) and at our 

company website www.a10networks.com 



Revealed: How Banking and Finance GRC Leaders 

Struggle to Address Regulators’ Demands for Cyber 

Evidence with Confidence 

By Charaka Goonatilake. CTO at Panaseer 

It’s one thing to keep data secure and assets protected, but another thing entirely to have the evidence 

at hand to prove your security controls coverage and its effectiveness to third parties. 

And when those third parties include financial regulators with the power of life and death over your 

organisation’s trading licence, answering their questions accurately, confidently and in a timely manner 

is everything. 

Keeping on top of regulators’ demands for cyber-related data is perhaps the most business-critical 

function of a bank’s or financial services company’s GRC (governance, risk and compliance) 

department. However, according to intensive research conducted for Panaseer among a cohort of 200 

well-placed GRC leaders at 5,000+ employee finance institutions on both sides of the Atlantic, all is not 

well with how they and their teams address these issues. Within the research findings, described in 

more detail below, a picture emerges of GRC teams grappling with growing volumes and complexities 



of data requests, and with signs that the labour-intensive methods they have traditionally employed for 

dealing with regulator requests are becoming serious causes for concern. 

Searching questions are not simple to answer 

Behind each regulatory request is a simple guiding principle on the part of the regulator: ascertaining 

the organisation’s true security posture in the context of specific legislation. The old adage “the simplest 

things are the most complicated” rings very true here; particularly as IT and business infrastructures at 

these organisations are so vast and interwoven. Also, that the complex and often urgent nature of the 

enquiries means there is seldom an efficient or repeatable way of addressing them through nonautomated 

means. 

Unfortunately, standard GRC tools are not fully automated; they typically rely on significant manual 

input. Furthermore, they do not provide complete insight into the current status of security controls 

coverage, the performance of those controls and – crucially – any gaps between them. 

This lack of consolidated visibility into all assets – devices, applications, user accounts, databases, etc. 

– across the enterprise makes it difficult for GRC teams to pinpoint control coverage gaps and external 

regulatory policy compliance. 

This is highly problematic because answers to regulators’ questions will invariably lie in data scattered 

across the organisation. Much of what GRC teams need to compose their responses to regulatory 

questions will come from data collected by security colleagues (see below), but in any case GRC tools 

are geared up to obtain subjective data collated via qualitative questionnaires that build an 

approximated picture from representative samples rather than reflecting the full, quantifiable reality. 

Incomplete and/or unreliable information prevents any clear assurance of whether the relevant controls 

are deployed and operating on all assets. 

Requests are coming thick and fast 

Financial institutions have plenty of cyber-related regulations to worry about and, for the largest in 

particular, the number grows almost by the month. Data privacy laws, as just one example, are now in 

force in 120 countries. This puts acute pressure on the GRC departments of international institutions, 

for whom local regulations apply regardless of whether their operations in a certain national jurisdiction 

constitute a major or a minor presence. 

We know that these increasingly cyber-related requests, and the difficulty in addressing them 

autonomously with existing GRC toolsets, is creating friction between GRC teams and their cyber 

colleagues. A separate Panaseer study polled a group of 420 CISOs at large financial institutions about 

these knock-on effects and found – on average – GRC teams were requesting metrics from security 

once every 16 days, at a cost of up to 5 days per month being diverted away from front-line cyber 

fighting resources. A total of 29 percent claimed risk teams demand data from them every single day. 



Data accuracy and request volume are the biggest GRC cyber challenges 

In our GRC leaders peer survey, “access to accurate data” and “number of report requests to deal with” 

were cited as the top two security challenges. 

The number one issue is accurate data (or rather, a lack of it), cited as the most significant security 

issue by more than one-third (35 percent) of respondents. This appears to be a bigger problem among 

the smaller institutions surveyed, with 40 percent of those employing between 5,000 and 9,999 people 

placing it first versus 33 percent at those with 10,000+. This disparity could be explained by the sheer 

scale of manually-intensive resources that the largest institutions are able to call upon to collate richer 

data and invest time validating it. In any case, it’s clear that the same difficulties in grappling with 

complexity and sprawl afflict smaller institutions despite having fewer endpoints, applications and 

systems than their larger peers. 

The response “number of report requests to deal with, understanding and clarity of report requests” was 

cited as the greatest security challenge by 29 percent of respondents. 

More GRC leaders should be more confident in data shared with regulators 

The magnitude of these challenges is borne out in the apparent lack of supreme confidence GRC 

leaders have about the quality and timeliness of the data provided to regulators in response to 

requests. It is worth remembering that these are some of the largest and most advanced financial 

institutions in the world, with enormous resources and an acute sensitivity to the needs of maintaining a 

spotless regulatory compliance record that never risks harm to their public reputations or continuity of 

business operations. 

With all that being said, only 39 percent of respondents stated they were “very confident” in the 

accuracy of security data provided to regulators on request. More staggeringly still, a further 7 percent 

admitted they were “neither confident nor unconfident”, which any fair-minded observer would have to 

agree constitutes something of a damning indictment. 

It doesn’t get much better in terms of the confidence levels GRC leaders have for responding to 

regulatory requests quickly enough. Here, far less than half (41 percent) claimed to be “very confident” 

in their ability to fulfil the security-related requests of regulators in a timely manner. 

These are not the responses one would expect of senior risk and compliance professionals presiding 

over slick, well-functioning processes. Another finding compounds this troubling perspective: only 27.5 

percent of respondents said they were “very satisfied” that their organisation’s security reports align to 

regulatory compliance needs like GDPR and CCPA. 



Too manual, meaning too inefficient, prone to errors and lacking context 

The tools that GRC teams commonly use to collate data in response to regulatory requests rely heavily 

on qualitative questionnaires. Some questions will be binary, others significantly more detailed. As 

outlined above, this will be owing to the absence of a vigorous, data-driven (bottom-up) approach to 

establishing the on-the-ground reality of which security controls are in place, what they cover and how 

they are operating. Rather, these questionnaires feed into a process that seeks to establish whether 

certain parameters are in place by garnering attestation from stakeholders and by sampling data. 

There are many limitations to such a manual, questionnaire-driven approach, including: 

- Massively inefficient – The largest institutions may employ 100 people or more to manually 

undertake qualitative compliance checks. Consider for a moment how wasteful that is, and how 

lacking in scalability in the face of yet greater requirements. Most organisations have automated 

some aspects of their processes according to our survey (more details below), with 2.5 percent 

automating none whatsoever. 

- Lacking in context – GRC tools cannot isolate and identify applications associated with 

particular business processes, or the interrelationships between assets and the people who 

interact with them, or – more to the point – the impact that risks posed by these factors may 

have on the business. The disconnected, check-box nature of qualitative assessment makes it 

all but impossible to assess the total, cumulative risk generated by ‘toxic combinations’ of risk 

factors. Our survey found a groundswell of support for improvement in this regard, with 30 

percent agreeing the ability to prioritise risk remediation based on impact to the business is 

“very important” and a further 66 percent as “somewhat important”. 

- Too much subjectivity – Qualitative questionnaires lead to evidence significantly more subjective 

than objective. Sampling also leads to less reliable results than an approach able to take in the 

full picture. Other accuracy issues include the potential for human error, bias or even abuse that 

must be considered when employing a non-automated system. 

- Point in time rather than real time, all the time – The results of such manual processes give only 

a ‘point-in-time’ estimation of compliance posture, which may be sufficient to satisfy the request 

but which will need the same process repeated again and again whenever the same verification 

is sought. 

In our GRC leaders study, 92 percent of senior risk and compliance professionals responded positively 

to the value of harnessing both quantitative and qualitative security controls assurance, reflecting the 

strong appetite for an improved toolset. 

Attitudes to automation are encouraging 

While GRC leaders may be labouring under a broken, inefficient and ‘top-down’ system, there is plenty 

of evidence from our research to suggest they are progressive in their outlook toward more 

streamlined, automated and comprehensive methods of surfacing security metrics. 



One of the reasons for this is expediency, with the tightening effect of increasingly stringent legislative 

requirements making the search for alternative approaches more pressing. Recent examples of this, 

such as the Monetary Authority of Singapore (MAS) Notice 655 on Cyber Hygiene (which calls for 

banks to attest to having endpoint detection and response software deployed and operational on every 

asset, at all times), reflect a heightened level of expectation on the part of regulators that such requests 

should not be considered unreasonable. 

Automating processes would go a considerable distance to solving these challenges, but our survey 

found there is some way left for organisations to go. A total of 93.5 percent of GRC leaders agreed that 

it is important to automate security risk and compliance reporting, but only 26 percent have so far 

achieved it. And while those instances where data collection (49 percent of respondents) and data 

analysis (67 percent) processes are being automated represent good news, until full automation arrives 

there will still remain many of the problems associated with manual processes, such as human error 

and inefficiencies in achieving pace and scale. 

Rethinking the GRC toolset with CCM 

The whole challenge of responding to regulatory requests would be alleviated by GRC tools that can 

harness accurate data in an automated rather than manual way, access the required information 

without dragging overstretched cyber teams into the fray, and easily transform it into the formats 

different regulators demand. 

With a consistent up-to-date view of security controls deployments, the accuracy and timeliness of 

responses will be improved since assessments will be derived from instrumentation instead of 

subjectivity. 

The latest Gartner Hype Cycle for Risk Management details a new technology that promises to deliver 

this capability. Called ‘Continuous Controls Monitoring (CCM)’, Gartner defines it as: “…a set of 

technologies that automates the assessment of operational controls’ effectiveness and the identification 

of exceptions”. 

Purpose-built CCM tools sit on top of existing tooling, ingest data from across security, IT and business 

tools, and can clean, normalise, and de-duplicate data before correlating aggregated data to individual 

assets. They can also integrate with GRC tools to automatically populate them with security controls 

assurance data. 

By using CCM to align security controls with framework standards, GRC teams can track and report 

adherence to best practice standards and regulatory mandates. 



The compelling benefit of CCM is its ability to reflect “what’s really going on” in a fast and non-disruptive 

way, uncovering gaps in security controls deployment coverage wherever they are, and preventing 

even the merest suggestion that the organisation’s risk management is itself ‘risky’. 

That’s something that benefits every aspect of the organisations charged with upholding the best 

practice policies of security and compliance, from GRC leaders and cyber teams all the way up to the 

leadership of the business. 


Charaka has spent the last 5 years engineering and building Hadoopbased 

security analytics applications to detect Cyber threats. He led a 

team on business development for the BAE Systems CyberReveal 

product to over 40 clients in Financial Services, Technology, 

Telecommunications, Energy, Pharmaceuticals and Foreign 

Government based across EMEA, North America and APAC. 

Charaka is the brains behind our big data technology. His team lead the 

way in generating innovative techniques for deriving new security insight 

for our customers. 

First Name can be reached online at @charakag 

and at our company website http://panaseer.com/ 



Why the Education Sector Must Address Security in The 

Rush to Digitise 

By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at 

HPE Aruba 

There has never been a greater need to connect students, classrooms, and buildings. Enrolment of 

students (who are always more tech savvy and more expectant than the year that preceded them) 

continues to rise, and the benefits of technology – better grades and greater staff well-being – are 

necessary if schools are to maintain high levels of performance during the challenging time of digital 

transformation. 

What’s key, however, is that cyber security is taken seriously. Not in a way that restrains a school’s 

ambitions to innovate, but so that technology is controlled and managed with caution to protect the 

students. This will become increasingly important as schools and universities expand deployment of 

digital, collaborative and immersive learning environments across new and modernised buildings and 

campuses. 

Here’s a closer look at some of the advances many schools are making today, and the security measures 

that can, and should, be taking to protect their data and reputation. 



The changing face of education 

There are exciting times ahead for the education industry. Typically, this sector is one of the last to make 

extensive change, but thanks to the ambitions of teachers keen to engage better with students, the 

classroom of yesteryear is starting to transform. In many schools, where once Wi-Fi was limited to a 

handful of classrooms, now any room can be used as an IT suite. New tech such as eLockers are being 

trialled as a way of empowering students and encouraging self-paced learning. And, rather than deter 

the use of personal devices, they are becoming increasingly more embedded in the educational toolset. 

And so by enabling a more digital workplace, staff will be freed up to make faster decisions and engage 

students whose learning styles vary. Already we’re seeing education employees reap the rewards of 

technology. In Aruba’s recent study of more than 1,000 employees, almost three quarters (74%) said 

they could accomplish more throughout the day and had the opportunity to develop new skills (74%). 

However, as the smarter classroom gradually becomes a reality, so the question of security – and how it 

is managed – must be addressed. 

Keeping security in check as progress is made 

Worryingly, just under half (49%) of teachers admit they rarely (if ever) think about cybersecurity, despite 

91% acknowledging its importance. In addition, more than three-quarters (76%) believe there is room for 

improvement in the way connected tech is managed. 

This is a challenge for institutions. Schools, colleges and universities alike share the same priority: 

providing the best possible education to cater to students whose expectations are growing exponentially. 

To connect with them in a meaningful way requires reliable, optimised, and personalised learning 

experiences. But an influx of Internet of Things (IoT) devices and a cohort that aren’t all trained in security 

best practices, puts networks at risk of intrusion. And, more seriously, puts young people at risk of 

communication from people who may wish to abuse, exploit or bully them. 

Tackling this issue requires both accountability and an autonomous approach to security. Ensuring there 

is ownership over IoT security is imperative, and some institutions have appointed “digital champions” 

who review technology and share practices that foster innovation. 

Technology, too, will play its part in managing the cybersecurity risk. Colleges and universities must 

implement new tools that go beyond traditional cybersecurity measures, such as User and Entity 

Behavior Analytics (UEBA), which identify patterns in typical user behaviour and flag any anomalies. 

These kinds of solutions don’t hinder employee creativity, collaboration, or speed as many clunky security 

systems do. Instead, they provide real-time protection and enable quick responses should a network 

breach occur. 

Enthusiastic pupils are a huge opportunity 

It’s important that a focus on security doesn’t take away from the bold ambition demonstrated by the 

education sector. In many ways, this industry in a totally unique position. Every day, it interacts with an 



enthusiastic generation that gets more technologically sophisticated each year. In few other sectors is 

there such a huge cohort of people as adaptable and receptive to new ways of working. 

This is where the opportunity lies for teachers, who can challenge the traditional way of teaching. But in 

order to do so, they cannot be shackled by the fear of cyber risk. Instead, education employees must 

continue to push themselves to investigate what other innovations can be implemented in order to 

enhance student learning. 

There’s no doubt it can feel overwhelming for many to think about how to make improvements while 

dealing with a demanding timetable. However, by investing in automation technology that streamlines 

processes and provides protection, the opportunity of a digital workplace can become a reality. This will 

drive greater efficiencies, freeing up space in the day to innovate and try new things. 

With the right technology in place, and a security strategy that ensures accountability for the management 

of said technology, there is huge potential for educational institutions to become efficient, productive and 

inspiring digital workplaces. The enthusiasm for transformation is already there. With the right security 

strategy, I’ve no doubt the future of education will be bright. 


Technologically savvy, innovative, strategic and a goal-driven IT 

management professional, Jacob has over 20 years of progressive 

success in all phases of Sales & Business Development including Profit 

Accountability, Business Growth, Product Development and Key Account 

Management, propelling unprecedented growth for organizations. 

Associated with Hewlett Packard Middle East, he has been successfully 

handling positions of progressive responsibility. He has been recognized 

to excel in offering Mobility solutions and Software Defined Networking, 

while pushing revenue charts northwards for organizations in a short 

span of time. 

Jacob can be reached online at (Jacob.chacko@hpe.com) and at our 

company website https://www.arubanetworks.com/ 



Data Migration Security 

What to Know 

By Devin Partida, Cybersecurity Writer, ReHack Magazine 

If you're planning a data migration soon, there are some crucial things to do to increase the likelihood of 

keeping it safe. Migrating data means moving it between locations, formats or locations. 

Prioritizing data security is essential for successful outcomes. However, doing that is not as 

straightforward as some people think. These tips will help with that all-important matter. 

1. Confirm the Location of Your Critical Data 

If your data migration includes critical content, do you know where all of it resides? If not, you're in the 

majority. Research indicates that 82% of respondents from organizations did not know where those 

enterprises kept all the critical data. The same study showed that 55% cited data fragmentation across 

multiple databases as slowing their progress. 

That's a data security risk because it could give the false impression that all the most important 

information got safely moved to the new destination. That may not be a valid conclusion to make. Audit 

the data before a migration happens. Doing that helps ensure you find all the necessary records. Tools 

also exist to help find duplicate or obsolete content that you can delete before starting to move the data. 



2. Plan a Phased Migration 

When learning about data migrations, you'll almost certainly come across details about a process called 

Extract, Transform and Load (ETL). It encompasses the three main stages that happen when moving 

information. 

The extract portion involves collecting data and reading it from a database. The transform step then 

converts the extracted data from its previous form to the format required by the new location. Finally, the 

load step writes the data to the target database. 

Keep security in a top-of-mind position by opting for a phased approach. In other words, decide to migrate 

your least-important data first. Focus on the material that has business value but does not include 

sensitive details. 

You should also hold off on migrating any data deemed essential to your company's operations. Doing 

that allows you to vet the security of the data host's systems and avoid major unforeseen problems. 

3. Become Familiar with Applicable Cybersecurity and Encryption Protocols 

A frequently chosen kind of migration occurs when companies shift some of their on-premises information 

to cloud data centers. This decision is often a smart one from a data security standpoint. Cloud platforms 

usually include dedicated encryption and cybersecurity protocols that customers automatically have 

access to through their service packages. 

However, consider how you could beef up cybersecurity and data encryption with additional measures 

applied by your company. Taking that approach is especially wise when the information in question is 

highly sensitive or includes customer details. 

When people get word of data breaches or other security-related matters affecting their details, they 

rapidly lose trust in the involved companies. 

4. Back Up the Data First 

As you map out the schedule for data migration, don't start moving the content before backing up all the 

files. Even if things go relatively smoothly, you could still end up with missing, incomplete or corrupt files. 

Having the data backed up supports data security by letting you restore content when needed. 

Weigh the pros and cons of all the options available to you before choosing one. For example, if you're 

only migrating a small number of files, putting them on a USB drive might be the simplest possibility. A 

mirrored drive or a cloud backup service is likely more appropriate for more extensive migration efforts. 

5. Maintain All Necessary Compliance and Access Requirements 

If your data migration involves keeping some content in on-premises facilities, and moving the rest to the 

cloud, ensure that your security standards are identically tight across those locations. A common way to 

do that is to set up security policies for aspects like access control. Once you lay out the desired security 

environment for the data, check that the cloud host meets or exceeds them. 

Verify that your data security plans include specifics for all applicable laws that dictate how to handle 

customer information, such as the General Data Protection Regulation (GDPR). Other data privacy 



stipulations relate to patient medical data. Your company must continue to abide by the rules before, 

during and after a migration. 

Fortunately, automated tools can make that easier by automatically applying the parameters you set. 

Cutting Data Migration Risks 

Many of today's businesses are extremely dependent on data. The trouble is that the information 

possessed by a company could grow to such a gigantic amount that migrating it becomes too much of a 

hassle or prohibitively costly. 

Moving smaller databases of information still includes risks that could threaten data security. However, 

by following the suggestions here and doing more research to determine which challenges your company 

faces, you can reduce data migration problems. 


Devin Partida is a cybersecurity and technology writer. She is also the 

Editor-in-Chief at ReHack.com. 



The Crown Prosecution Service (CPS) Has Recorded 

1,627 Data Breaches Over the Entirety of the 2019-20 

Financial Year, Up From 1,378 In the Previous Financial 

Year 

By Andy Harcup, VOP, Absolute Software 

The annual CPS report, analysed by Griffin Law, a UK litigation practice, revealed that 59 incidents were 

so severe that they were reported to the Information Commissioner’s Office (ICO) and potentially 

affected up to 1,346 people. 

The CPS is hardly the first agency to struggle with device and data security, but the lack of urgency 

shown by the government over these persistent threats to the UK’s national cyber security is troubling. 

In the light of international concerns surrounding hacking and ransoms, not to mention the missing 

‘papers’ included in this report from the ICO, can we be sure there aren’t more incidents that go 

unreported or undetected? 

The cyberspace lies at the heart of modern society, and impacts our personal lives, our businesses, and 

our essential services. A secure online environment is essential to principal public agencies like the CPS. 

However, some individuals and groups use cyberspace for malicious purposes, exploiting cyberspace to 

conduct illegal operations or launch damaging computer network attacks. More than ever, cyber security 

affects both the public and the private sector and spans a broad range of issues related to personal, 

organizational, and most notably, national security. 



As stated in the annual CPS report, the period from January to March saw by far the largest quantity of 

severe personal data incidents, with 21 data handling incidents leading to loss of ABE and media discs, 

as well as an additional 18 incidents of unauthorised disclosure of case information, impacting a 

whopping 1,233 people in total. 

By comparison, just 11 incidents of unauthorised disclosures of case information affected 56 people in 

the period of October to December 2019, 12 data handling incidents and unauthorised disclosures of 

case information impacted 34 people in January to March, and 23 people were impacted in April to June 

2019 by 15 total personal data incidents. 

In total, 1,463 of the total data breaches recorded over the entire financial year, were due to unauthorised 

disclosure of information, with 78 being considered ‘severe’. A further 143 of the total incidents were due 

to loss of electronic media and paper, and in 22 of these instances, the data was never recovered. Finally, 

the final 21 reported cases were due to loss of devices, including laptops, tablets and mobile phones, 

although only one of these devices was not eventually recovered, and no CPS data was compromised 

as a result. 

The Crown Prosecution Service oversees some of the most sensitive data imaginable, from confidential 

case files to personal details of witnesses and victims in criminal trials. Against this backdrop, these 

figures paint a worrying picture of the organisation’s approach to data and device security, with many 

incidents appearing to put the safety of individuals at risk. The claim that, ‘no CPS data has been 

compromised,’ in my opinion, requires further clarity. 

The data reveals little follow-up action is ever taken and that every faith is placed in the encryption 

software installed on government-issued devices. What we know to be true, based on our data, is that 

critical security controls like encryption are prone to failure. So to assume that data is protected merely 

because a device has encryption installed is a bold assumption. 

Moving forward, the CPS needs to up its game, with a much more rigorous approach to securing personal 

data. Key to this effort is ensuring that every mobile device or laptop is protected and retrievable, so that 

they can be wiped or frozen in the event of loss or theft. Additionally, staff need better training on how to 

reduce data loss incidents, to preserve the integrity and public trust in the CPS brand. 

It’s vital that key government departments and criminal prosecution services take data security seriously. 

It’s not uncommon for a missing file or laptop to fall into the wrong hands, giving hackers and cyber 

criminals access to critical public data. Key to tackling this problem is the implementation of sophisticated 

and robust end-point security, providing IT professionals within the department with full visibility and 

control over their device: meaning they can freeze or access a laptop, file or device, even if it lands in the 

wrong hands. 

In order to ensure a high level of security, organisations should take steps to quickly pinpoint potential 

threats and neutralise any cyber breaches as and when they occur with effective and resilient endpoint 

security. This should equip organisations with the ability to communicate, control and repair remote 

devices beyond corporate networks as well as measure the health of security control apps and 

productivity tools, so that workers can safely stay productive. 




Andy Harcup, VP EMEA of Absolute Software 

Andy Harcup has professional experience in cyber security technology sales 

and consulting that spans over 15 years. He helps clients understand how 

security solutions can support and protect their digital business whilst at the 

same time either saving or increasing revenues. The cyber-criminal 

community along with security technology solutions are constantly evolving, 

and helping customers navigate that ever-changing landscape to help 

secure their business is Andy’s ultimate goal. 



Financial Data Security Risks in The Hands of Online 

Shops or Intermediary Applications 

By Ben Hartwig, Web Operations Executive, InfoTracer 

Online retail fraud continues to rise year on year. Fraudsters are becoming more sophisticated and 

although we can put more and more consumer protection laws in place for protection, there is always a 

risk when providing your personal information online. 

Even if apps and stores that have access to your credit card or other details take measures to keep data 

safe, there is always the chance that hackers can steal data to use, or sell on the dark web. The risks 

are very real, but there is plenty you can do to mitigate these risks. 

Online shopping - The Process and The Risks 

Online shopping has made all of our lives that little bit more simple, and though people are venturing out 

less to buy items in real life, online business is booming. It is as simple as finding what you want and 

entering your card details, but there are still a lot of risks with this. 



Financial fraud can take a number of forms, you may pay for an item and never receive it, receive 

something fake, or even have more money than you authorized taken. Even if you don’t get money taken, 

your details may be stolen and sold on the dark web, or used for identity theft. This can have grave 

impacts further down the line. 

There are scary cybersecurity statistics out there to show how much of an issue this is. The University of 

Maryland study says that hackers attack every 39 seconds, on average 2,244 times a day. 

What to Be Aware of When Shopping Online 

There are many signs you can use to try and establish whether a store is genuine or not. Naturally, if you 

have heard of the store or used it successfully before this is a big benefit. Other signs include: 

● Unsecure connections - https domains and a padlock sign in the browser (not on the website) 

are secure. 

● 

● 

● 

Wi-Fi warnings. Wi-Fi networks may warn you when a site is not trustworthy. 

Unusual domains with extra hyphens or characters. 

Crazy pricing. If it sounds too good to be true, it probably is. 

Other Apps That May Cause Fraud 

There are not just issues when shopping online, using other applications can leave you susceptible to 

fraud. For example, fake applications such as banking or investment apps, gaming apps that charge fees 

and take payments and other types of applications where you fill in personal details. 

Fake applications are becoming a huge problem, too, as so many people get fooled by similar branding 

to trusted apps. 

How to Protect Your Money Online: Basic Rules 

There are a few things you should always do when looking to protect your money online. 

● 

● 

● 

● 

Only download applications you know you can trust, with security certificates. 

Ensure you have antivirus software if you are using a laptop. 

Always have a secure password that you don’t use for each and every site. 

Double check every site or app is trustworthy before entering your details. 



Security Tips for Online Shopping 

Here are some of the top security tips for online shopping: 

● Ensure that you have the most up to date browser, antivirus and operating system as this is 

the only way to ensure you have an option that is familiar with the most recent threats and 

advances in technology used by the hackers. 

● 

Check that the address you are buying from is real, not a fake or scam url. 

● Where you can, buy from a mobile device not a PC, as these are less susceptible to viruses 

that can steal your data. 

● Use a credit card rather than a debit card as these will keep you more protected using 

chargeback schemes, which can help you to get the money back if you fall foul of fraud. 

● As well as having secure passwords and different passwords, keep all of your passwords 

safe with a password manager, this can be done for you within Apple devices’ password keychain. 

● Don’t purchase anything from a cold email. In fact, don’t even click on the links. If you get an 

email claiming to be from a company, google them first to get their secure site and see if anyone 

has had issues with the company before. If you get an email about an offer and you think it is 

trustworthy it is still worth performing an email lookup to check the trustworthiness. 

● Keep records of all the transactions you carry out as this can help you to make claims in the 

future if you need. 

● Don’t keep a lot of private information on your smartphone or any one device, if this device 

is stolen it can be a goldmine for hackers or for criminals. 

● If a store online is asking for a lot of private information, consider why this might be the case. 

All they should need is a name, shipping and billing address and your card details. 

What to Do If You Fall into a Fraud Trap? 

It isn’t something to hide or be ashamed of if you fall into a trap. Fraudsters are undeniably becoming 

more and more sophisticated. 

Report the fraudulent activity to your state consumer protection office who might be able to take action, 

and consumer protection law is also moderated by the bureau of consumer protection. You might be able 

to take legal action. 

If you have purchased something on a credit card or PayPal, you might also be able to request a 

chargeback, due to not receiving the item. This depends on the type of retail fraud, and some identity 

fraud might be less straightforward. 

Conclusion 

This all comes down to vigilance. Keep a close eye on your bank account and anyone who might receive 

your details on a daily basis. It is always worth doing some due diligence on a new website or app you 



are downloading or purchasing from, and this can help you to avoid falling into financial traps and having 

money, or your details, fraudulently taken from you. 


Ben Hartwig is a web operations director at InfoTracer. He authors 

guides on marketing and entire cybersecurity posture and enjoys 

sharing the best practices. You can contact the author via 

LinkedIn. 



All Aboard The COVID-19 Train: Malware Trends Taking 

Advantage of The Pandemic 

By Bar Block, Threat Intelligence Researcher at Deep Instinct 

Since the outbreak of COVID-19, plenty of COVID-19 themed malware attacks have surfaced around the 

globe. Attackers take every chance they get to spread their malware, and the pandemic has given them 

ripe opportunities. 

Based on data from D-Cloud, Deep Instinct’s Threat intelligence and telemetry cloud environment, the 

number of attacks has overall risen. This is particularly seen in the number of malicious executables and 

Office documents, which are commonly used to deliver the former. We believe this to be linked to an 

increase in malware attacks and malicious activity during the pandemic. Our data is consistent with trends 

seen elsewhere, which also point to an increase in attacks since the beginning of the pandemic. For 

example, the amount of malicious Office documents, which were seen in the first half of 2020, is greater 

by 62% than the amount of the same type of files, which were seen in the first half of 2019. The increase 

correlates with waves of COVID-19 phishing attacks, which commonly use this type of file. A comparison 

for the same time periods in 2019 and 2020, shows the number of malicious executables went up by 

40%. 



Figure 1: The number of new malware samples per month, since the beginning of 2019. In the graph, 

Microsoft Office documents are divided between the older format- OLE and the newer format- OOXML. 

The numbers are shown in arbitrary units, where the number of malicious OOXML files in January 2019 

is set to 1. 

When the first waves of this ongoing pandemic crashed, attackers directed their efforts towards phishing 

campaigns and mal-spam attacks, sometimes pretending to originate from legitimate sources, like 

the World Health Organization. Others chose to exploit the work-from-home model, in which corporate 

networks that were relatively secure, could now be accessed from insecure locations. Likewise, meetings 

that were usually done in closed doors were now held using vulnerable virtual communication apps. 

Targeting the Good Guys 

One would be forgiven for thinking that the organizations which stand on the front line in the fight against 

the pandemic would be left alone, too important to be targeted by malware at this difficult time. However, 

that has unfortunately not be in the case. 

Since the outbreak, health organizations and their employees have been targeted more than usual, with 

an increase of more than two fold in targeted cyber-attacks against the World Health Organization, 

compared to last year. Spam and phishing campaigns were launched, some specifically targeting top 

officials at the WHO via both personal and corporate email addresses. Fake login websites for health 

workers have also been created, one even mimicking the World Health Organization’s eternal email 

system. 

Sure, some threat actors initially stated that they wouldn’t target health organizations during the 

pandemic, but that doesn’t mean they kept their word. For example, the group behind the infamous Maze 

ransomware released a statement in March 2020 that it would avoid infecting medical facilities and 



esearch labs during the pandemic. Yet, just a few days later they released stolen 

data from “Hammersmith Medicines Research”, a London based lab that develops vaccines. That wasn’t 

the end of it, Maze infected more health facilities, not only interrupting their work, they also threatened to 

release patient records online if their ransom wasn’t paid. A threat would have exposed the compromised 

clinics to expensive GDPR lawsuits. 

Come and Knock on Our Door 

When organizations had no choice but to let their employees work out of their fairly secure offices and in 

their less than secure homes, suddenly the hacker’s job, just got a lot easier. They no longer had to work 

hard to craft malware samples that will pass corporate security solutions, they just needed to make 

unsuspecting employees open a malicious email attachment or download their malware from the internet. 

An example for an organization which was severely impacted by the shift to the work-from-home model 

is Cognizant, a Fortune 500 company. As the company was adjusting to its remote working environment 

they were attacked by Maze ransomware. The remediation and reparations costs were enormous, 

estimated to be between $50 to $70 million USD. 

Moreover, the fact that many people use the same computer for work and personal use, and sometimes 

even share these devices with other family members, opens the door for even more malicious samples. 

In addition, malware authors that decided to put more effort into the game, started looking for 

vulnerabilities to exploit in apps and services that became common during the pandemic, in order to 

reach a large crowd. An example of this is Zoom, which after experiencing a burst in popularity, suffered 

a string of security issues. One of which was a data breach in April that exposed over 500,000 Zoom 

credentials and a vulnerability that allowed arbitrary code execution on vulnerable endpoints. 

Fake Android Apps 

Many organizations and governments have launched applications that provide users with updated 

information about the pandemic. Seizing the opportunity, cyber-criminals used this surge of 

applications to launch their own versions, which are less helpful and more harmful. A common type of 

app is a “COVID-19 Tracker”, which gives information about infected people’s previous routes and current 

locations. 

During the pandemic, the Ginp banking trojan launched an Android app pretending to be a tracker that 

showed users a (fake) number of infected people in their current area. The software stated that it could 

give more details about the infected people for 0.75 Euros. If the users chose to sign-up, they were asked 

to provide their credit card information, which of course would be stolen by Ginp, without ever having 

charged the card, nor providing the requested information. 

Another malware that exploited the tracker theme is CryCryptor. On June 18th 2020, the Canadian 

government announced it would back the development of a nationwide voluntarily tracing app that would 

provide details of exposure to Covid-19. Just a few days later, CryCryptor launched a ransomware 

pretending to be the app. Links to this fake app could be found in two Coronavirus themed websites, 

which the attackers had created. When the malicious software was downloaded, it asked for permission 

to access files on the infected device, on being provided, it used the permissions to encrypt targeted files, 

such as photos and videos, and left a ransom note in each affected folder. 



Our Crystal Ball 

True Machiavellians, cyber-criminals focus on what they think will serve their purposes best. For that 

reason, we expect new malware campaigns to evolve in line with COVID-19 trends and developments. 

As national governments adjust their COVID-19 related regulations to meet the changing spread of the 

virus, people have struggled to keep up to date. Attackers may seize on this opportunity to launch malspam 

campaigns related to COVID-19 regulations, malicious websites with “updated information” and 

perhaps fake apps on “updated regulations”. Another possible approach attackers might take, is to take 

advantage of the interest surrounding a future vaccine to send phishing messages with malicious 

attachments, pretending to have new information about a promising vaccine to resolve the pandemic. 

The up-and-coming school year may also draw the attention of malware authors, especially those who 

prefer ransomware as their final payload. Like many organizations, schools and academic institutions 

had to adjust to the situation and change the way they operate, with many turning to online classes. This 

means that if a ransomware finds its way from a student’s home PC into the school’s network or in a 

more targeted attack, it can paralyze the school. Without the possibility of turning to the ‘ol’ pen and 

paper’, the infected school district or college may easily cave in and be forced to pay the ransom. 

A more permanent change that we will probably see, is the shift to a semi or full work-from-home model 

for the corporate workplace. During the pandemic, organizations realized that working from home has 

some advantages- many employees reported that they focus better at home, some even logged more 

hours, while companies discovered they can save a lot of money on facilities. If many organizations 

choose to permanently operate in a full or semi work-from-home model, hackers may well respond to 

exploit the situation, by crafting attacks that leverage the widened attack surface of remote working or by 

finding more vulnerabilities in software enabling remote working. 

Naturally, a company that chooses to operate in a remote working environment needs to take this 

increased risk into consideration, on top of other risks it may face. Additionally, companies will need to 

equip employees with the right tools, such as end point security solutions and proper security training. 

No matter how attackers choose to operate, users need to be more vigilant than ever, always keeping in 

mind that significant events, be it the COVID-19 outbreak or the upcoming U.S. elections, always draw 

attackers’ attention, and that the next malware infection may just be one click away. 


Bar Block, Threat Intelligence Researcher at Deep Instinct 

Bar Block is a Threat Intelligence Researcher at Deep Instinct. Prior 

to joining Deep Instinct in 2019, Bar served for three and a half years 

as a cyber security researcher in the Israeli Navy’s cyber unit. She is 

a recipient of the Israeli Navy Commander’s award for Outstanding 

Military Service. 

Bar Block can be reached online at Bar@deepinstinct.com, on 

LinkedIn and at our company website https://www.deepinstinct.com 



The Coming Security Perspectives 

By Milica D. Djekic 

It appears that a today’s world landscape is under constant and chronical attack of security challenges. 

There is no time in a history that was easy and it’s obvious why the modern days are tough as well. At 

the surface the situation can seem as well-balanced and manageable, but it takes a lot of effort to 

maintain the stuffs being normal at least from the public’s point of view. The security career is hard and 

with the plenty of suffering and limits. No defense officer can say he has ever led the comfortable life as 

there could be a lot of struggling and difficulties. No matter how the social conditions could seem as 

perfect at the first glance the officers marinating such a community know how challenging it is giving 

yourself to the society being competitive in any sense. The security is about the risk management and 

many of us are aware of so, but as the nowadays situation is so complicated the biggest question to 

anyone is if we can produce the new generations of defense leaders who will provide the good response 

to the quite uncertain future. 

The gravest challenge of today is how to assure the overcrowded places as the cyberspace is. Those 

spots are the potential sources of the crime and as it is well-known there is some cyber skill shortage at 

the present times. Also, the cyber trace can serve to the investigation to obtain the findings and evidence 

about much dangerous security threats. So, definitely we are in need for such a skill and it can take time 

to make that sort of professionals. It can seem that our everyday life is so cloudy as we cope with the 

pandemic, economic crises, transnational crime and terrorism, so far. It can appear that the defense 

career is the good outlet to many good guys even in the most progressive economies. That choice seeks 

dedication and patience, so it’s clear why those men and women would select to serve making the living 

shield to the rest of their communities. It takes strength; courage and daring to be like so. In addition, it 

appears with the new technology we are aware more than ever how deep security can go as well as we 

can recognize why some occurrences from the past even happened. The history will give us the hard 

lessons and even today we can not say we are safe enough. The new Pandora boxes will get opened 

and we will realize we are simply at the beginning of the never ending game between the cat and mouse. 

In other words, one chapter will get closed while the new ones will appear as the new questions looking 

for their answers to come. That’s how we will make a cycle again and again. The social landscape can 

appear as great, but there is a lot of sweating behind so. Either you will give yourself fully or you will be 

Cyber Defense eMagazine – November 2020 Edition 79 


the temporary poser wasting someone’s time. No excuses; no compromise – just boldness and some 

fortune to follow. 

Any time in the history was tough and the novel days are not the exemption. Even if you serve in the 

physical, cyber or the other security branches your profession is not easy. No matter how beautiful 

everything can appear at the first sight there is no society without the crime and anytime has needed the 

good guys to respond to those challenges. It always has been hard, but undoubtedly worth that. The 

mission of security is to work for the betterment of many and if you deal with such an idea in your mind 

you will figure out why giving yourself completely matters. 


Milica D. Djekic is an Independent Researcher from Subotica, 

the Republic of Serbia. She received her engineering 

background from the Faculty of Mechanical Engineering, 

University of Belgrade. She writes for some domestic and 

overseas presses and she is also the author of the book “The 

Internet of Things: Concept, Applications and Security” being 

published in 2017 with the Lambert Academic Publishing. Milica 

is also a speaker with the BrightTALK expert’s channel. She is 

the member of an ASIS International since 2017 and contributor 

to the Australian Cyber Security Magazine since 2018. Milica's 

research efforts are recognized with Computer Emergency 

Response Team for the European Union (CERT-EU), Censys 

Press, BU-CERT UK and EASA European Centre for 

Cybersecurity in Aviation (ECCSA). Her fields of interests are 

cyber defense, technology and business. Milica is a person with 

disability. 



Amidst Election Noise, Cybercriminals See an 

Opportunity with Retail 

By Chris Kennedy, CISO & VP of Customer Success, AttackIQ 

More than seven months into the onset of the novel coronavirus, it feels strange to look back on the 

things we previously took for granted in our day-to-day lives and accept the new reality— of working from 

home to celebrating events online to having a doctor’s appointment via Zoom. 

We have adapted to life under the novel coronavirus by becoming ‘A Very Online People.’ Hostile actors 

have been busy looking for ways to exploit us when we’re vulnerable, impressionable, and dependent on 

the internet. 

Our transition to remote work and increased digitization has opened us to a slew of threats: from phishing 

scams to botnets, from ransomware to the spread of disinformation. Cybercriminals and nation-states 

wasted no time in taking advantage of this pivot. Ransomware attacks are up seven-fold compared to 

last year, the Russian government is at it again with this year’s election, and the shift to online classes 

and teaching has made schools vulnerable. 



Finally, the election results may not be known for weeks after election day due to the increase in mail-in 

voting, the safest but slowest way under the coronavirus to ensure a safe and secure electoral outcome; 

for this reason November is likely to be a difficult month in America as the election results are likely to be 

contested, with a spike in disinformation and online extremism. It is as tense a period in American history 

as anyone can remember. 

Timing the perfect storm 

With all eyes currently on the election, the next logical target is the retail sector—namely the supply 

chain—during the coming holidays. We saw an increase of cyberattacks on retailers during the 

holidays previously and we should expect a similar trend this year. Attacks could expose customer 

financial information, hold company data hostage through ransomware (with a hefty price tag to boot), or 

disrupt business operations. Consumer spending is also tied directly to the health of our economy, and 

a hostile nation-state might take the chance to pounce on the United States and disrupt the flow of goods 

and services. 

Especially when we’re so dependent on the internet. E-commerce sales have spiked by more than 31 

percent during the pandemic and now 43 percent of all holiday shopping is expected to be done online. 

Ours is a fragile economy built on outsourcing and just-in-time inventory; the market is already vulnerable 

as supply chains have been disrupted with manufacturers and retailers struggling to keep goods in stock. 

The timing and potential scale of a retail-focused attack makes this into an acute moment. 

Planning and preparedness are crucial 

We have a short window for effective security planning before the holiday season is fully upon us. 

American organizations have had several opportunities in the past to make good cybersecurity 

investments; the big, high-profile breaches of the past seven years should have triggered the impetus to 

invest. But too often organizations have failed to move fast enough. Let’s make this year different. 

What should be done? The first and most important step is to exercise the security you already 

have. Verizon’s Data Breach Investigation Report estimates that 82% of enterprise breaches should have 

been stopped by existing security controls but weren’t. Why is that? You could buy the best cybersecurity 

tools on the market to meet your needs, from firewalls to internal security segmentation capabilities to 

endpoint monitoring, but cybersecurity controls fail, and when they do, they fail silently. There is no “check 

engine light” that comes on right now. Security controls fail for two reasons – user error or 

misconfiguration – and when they fail, the enemy slips past. 

The best course between now and the rest of the holiday season is for security teams to exercise their 

cyberdefenses against known threats. We have a free tool to help us do so. The Department of Homeland 

Security recently released an alert warning the health sector of the risk of escalating tensions and 

potential cyberspace operations from China. At the end of the alert, the government agency listed 

Chinese tactics under the MITRE ATT&CK framework of known adversary tactics, techniques, and 

procedures. The framework organizes known hostile actors and their behavior. Organizations should use 

ATT&CK to prepare for known threats and exercise their security controls to defend customer data and 

ensure a safe holiday season. 

We just had National Cybersecurity Awareness Month in October, which is always a timely reminder for 

companies that touch the supply chain to shore up their cyberdefense effectiveness. Consumers need to 



e diligent about disinformation, about keeping their personal information secure, and enterprises need 

to be on guard. 

The past year has left us rattled, and this month is likely to be difficult as politics and foreign influence 

operations put downward pressure on the American people—even after the election happens. December 

gives adversaries another opportunity to keep up the pace. It doesn’t need to be that way. Simple steps 

we take now can help ensure a safer and more secure end of the year, and a positive transition into 2021. 

Preparation is the name of the game. 


Chris Kennedy is Chief Information Security Officer (CISO) and 

VP of Customer Success at AttackIQ where he is responsible for 

managing all aspects of customer relations and success, as well 

as the company’s internal information security strategy. He 

joined the company in January 2019 from Bridgewater Associates 

where he was head of security for infrastructure technology and 

controls engineering. Kennedy has more than 20 years of 

cybersecurity risk and operations practitioner experience and 

previously led the development of the U.S. Department of 

Treasury’s and the U.S. Marine Corps’ cybersecurity operations 

programs. A former Marine Corps Officer and Operation Iraqi 

Freedom veteran, Kennedy holds a Master of Science in 

Computer Information Systems from Boston University and a 

Bachelor of Mechanical Engineering from Vanderbilt University. 

Connect with him on LinkedIn. 



What’s in Your Wallet? The Cybersecurity Costs of COVID 

With new business challenges in play, organizations are shifting their cybersecurity spend accordingly 

By Mark Sangster, Vice President and Industry Security Strategist, eSentire 

If anything has become clear over the past six months, it’s that COVID’s tentacles have crept into almost 

every facet of our lives, both personal and professional. Most are in ways we could have (and did) predict, 

but there have been a few surprises along the way, such as teaching pods and Zoom fatigue. 

The good news is that people are, in general, pretty adaptable. Thousands of years of civilization have 

shown that when faced with a problem, a little human ingenuity goes a long way. Some of the world’s 

greatest inventions have been born out of necessity, or in some cases, out of an idea that fills a need we 

didn’t know we had (smartphones, anyone?). So, as COVID was causing epic changes large and small, 

far and wide, cyber criminals were adapting right along with it. In fact, for many ne’er do wells it was a 

boon. Suddenly, companies whose IT teams were equipped to protect networks, where perhaps 15 

percent to 20 percent of its workforce was remote, were faced with an almost 100-percent remote 

workforce overnight. 

The move to home didn’t just mean that employees were working from home offices and dining room 

tables — it meant employees were now outside the protection of traditional security perimeters, including 

firewalls. Devices that had previously been protected by enterprise-grade security technologies were now 



at the mercy of consumer-grade internet routers, many of which were left unsecured by home users. For 

companies with a focus on the perimeter, this rendered much of their security practice moot. 

Without virtual private networks (VPN), two-factor and multi-factor authentication (2FA and MFA, 

respectively) controls, the doors to the henhouse were wide open, and foxes were free to stroll in. 

Criminals could easily connect to unprotected WiFi networks and install scripts on internet routers to 

collect unencrypted data, including corporate assets and credentials, which in turn could be used for 

credential stuffing attacks down the road. 

Security, stat 

Needless to say, many enterprises realized they needed to double down on their security spend, with the 

majority spend focused on protecting remote workers’ home operations. 

Companies lingering in outmoded, perimeter-based security lacked the ability to protect remote workers, 

cloud-based assets, and distributed management systems. No wonder then that they felt the increased 

security spend hardest, driven by the adoption of technologies that protect distributed workers and the 

assets they access. These organizations were quick to snap up encryption technologies such VPNs and 

multi-factor authentication, which provide an additional layer of protection to credential-based systems; 

endpoint protection (next-gen AV); and endpoint detection and response. And that’s not cheap. 

And for a few unlucky ones, even greater spending came about as a result of a data breach or operational 

disruption born from COVID-camouflaged attacks in the form of ransoms, clean-up costs, penalties, and 

the like. 

The genie is out 

You can’t put the genie back in the bottle. Many companies are continuing with remote, or at least hybrid, 

operations, and now that the risk is understood, it would be negligent to revert to old security methods. 

After the attacks on 9/11, New York based businesses changed their security and business continuity 

practices to include back-up systems and work centers outside their main offices. For banks in lower 

Manhattan, this meant backing up data and services in New Jersey. In 2012, Hurricane Sandy struck the 

eastern seaboard and not only flooded lower Manhattan, but disabled back-up centers located across 

the Hudson river. The previous influence in business continuity fell short when faced with a new type of 

natural threat. 

With COVID-19, companies more broadly understand that they had made a similar miscalculation, 

thinking that protecting the network perimeter would secure their business. Organizations must now 

protect remote worker’s devices (endpoint protection), and the means by which they connect to business 

systems and assets (VPN and MFA). When the next forcing factor emerges (hopefully no time soon), it 

will again reshape the way we approach cybersecurity fundamentals With luck, thousands of years from 

now, our descendants will marvel not only at how we successfully navigated a global pandemic, but how 

by applying human ingenuity, we emerged stronger and with a few new tools under our collective belts. 




Mark Sangster, Vice President and Industry Security 

Strategist, eSentire 

As a member of the LegalSec Council with the International 

Legal Technology Association (ILTA), Mark Sangster is a 

cybersecurity evangelist who has spent significant time 

researching and speaking to peripheral factors influencing 

the way that legal firms integrate cybersecurity into their dayto-day 

operations. In addition to his passion for 

cybersecurity, Mark's 20-year sales and marketing career 

was established with industry giants like Intel Corporation, 

BlackBerry, and Cisco Systems. 

Mark's experience unites a strong technical aptitude and an 

intuitive understanding of regulatory agencies. During his 

time at BlackBerry, Mark worked on the first secure devices for government agencies. Since then, he has 

continued to build mutually beneficial relationships with regulatory agencies in key sectors. 

Mark holds a Bachelor’s degree in Psychology from the University of Western Ontario and a Business 

Diploma from Humber College. He is the author of the upcoming book “No Safe Harbor.” 

Mark can be reached online at @mbsangster and at our company website http://www.esentire.com 



Making the Journey to the Intelligent SOC 

AI, Machine Learning and Open-XDR Make it Easier 

By Albert Zhichun Li, Chief Scientist, Stellar Cyber 

Most enterprises and service providers are building security operations centers (SOCs) where a team of 

analysts evaluates and remediates cyberattacks. Traditionally, these SOCs use a dozen or more standalone 

security tools, each of which focuses on endpoints, the network, servers, users, applications or 

other parts of the attack surface. This system results in hundreds or thousands of false positive attack 

alerts, causing analyst “alert fatigue,” and forces analysts to manually correlate information from the 

siloed tools to determine whether complex attacks are real or false. This activity can make it a matter of 

weeks or months to respond to complex attacks. 

Ideally, users would like a single security dashboard that accurately identifies complex attacks and 

automatically correlates inputs from multiple security tools to reduce false positives and reduce the time 

it takes to spot and remedy attacks. Today, some security software vendors are leveraging artificial 

intelligence (AI) and machine learning to find and correlate detections from across the entire attack 

surface and present them in an easily-digestible manner. Let’s look at how these technologies improve 

SOC operations. 



A Day in the Life of a Security Analyst 

In a large SOC, there are typically three levels of analysts: 

• Level 1 analysts are triage specialists who monitor and evaluate incoming alerts and identify 

suspicious activity that merits attention, prioritization and investigation. 

• Level 2 analysts are incident responders, performing initial analysis and investigation into alerts, 

assessing the scope of the attack and identifying and researching indicators of compromise 

(IOCs) for blocking or mitigated identified threats. 

• Level 3 analysts are threat hunters, conducting malware analysis and network forensics and 

working proactively to recognize attackers and advanced persistent threat activities while working 

with key stakeholders to implement remediation plans. 

How AI and Machine Learning Change the Picture 

Here’s how AI and machine learning in an intelligent SOC change the dynamics. For Level 1 analysts, 

an intelligent SOC can automate almost all activities related to monitoring and evaluating incoming 

events. Level 1 monitoring and identification of incoming threats are generated through basic automation 

and the event correlation of ingested logs. Machine learning and AI can provide a SOC Level 1 Analyst 

with the identification of more data-driven events with more accuracy, allowing for precise categorization 

of specific threats for a more rapid response. 

At Level 2, AI and machine learning can provide the analyst with an immediate assessment of the scope 

of the attack and sometimes can recommend initial steps for remediation. At Level 3, these technologies 

can reduce over-all remediation dwell time as machine learning and AI can immediately identify and 

correlate detections and forensics data to identify malicious activity and implement protection measures. 

With all teams looking at detections through a single dashboard, companies can use an intelligent SOC 

to eliminate manual event correlation and significantly speed the time to attack identification. AI can spot 

attacks and recommend steps to remediate them, and machine learning can make the intelligent SOC 

smarter over time because it learns and remembers attack scenarios so it can spot them more quickly 

the next time. 

The Journey to the Intelligent SOC 

So how can companies update their SOCs to intelligent SOCs? There are two scenarios. 

In Scenario 1, the company buys intelligent SOC software from a vendor with a closed platform. These 

eXtended Detection and Response (XDR) platforms aggregate security tools obtained through internal 

development and acquisition, and implementing the platform means abandoning the existing security 

solutions your company is already using. This method causes disruption, impacts the company’s bottom 



line (because it is abandoning tools that are already paid for), and locks in the company’s fortunes to that 

single vendor. 

In Scenario 2, the company buys intelligent SOC software from a vendor with an open platform. These 

Open XDR platforms deploy non-disruptively, capture inputs from your existing security tools, and add 

their own capabilities to enhance detection, correlate events, and present them all in a single dashboard. 

This method saves money, reduces training time and disruption, and allows the company to choose bestof-breed 

tools for its security infrastructure. 

There are sharp contrasts between these two scenarios, and each should be considered carefully as 

your company makes the journey. 

Intelligent SOC Advantages 

Level 1 SOC analyst can see the results of ML/AI firsthand when organizations perform external pen 

testing and red team adversary simulation to validate that the SOC is correctly optimized for monitoring 

and identifying alerts. Although there has been some discussion as to whether ML/AI will start to replace 

human SOC analyst, industry experts agree that these deep learning tools can complement and improve 

your current SOC Level 2 staff's ability to perform analysis and investigation to detect advance threats. 

In a Crowd Research Partners survey conducted last year, more than 55 percent of the respondents cited 

their inability to detect advanced threats as the biggest challenge for SOCs. 

ML/AI security tools can deliver substantial improvements in threat hunting, detection and forensics 

analysis for your Level 3 SOC analyst. This can translate into reduced dwell time, mean time to detect 

(MTTD) and mean time to remediate (MTTR). AI and machine learning will provide for a highly automated 

and efficient SOC that will empower analysts and eliminate complexity. 

The Promise of an Intelligent SOC 

To understand the promise of an intelligent SOC, let’s look at what it brings to the role of analysts at each 

level. For Level 1 analysts, it provides rapid detection capabilities across multiple endpoint and network 

monitoring tools and components from a central location and single dashboard. This helps eliminate alert 

fatigue from false positives and makes it easier to quickly spot complex attacks. Some users report that 

thanks to an intelligent SOC, detection times for complex attacks have been reduced to minutes from 

days or weeks. Automated orchestration provides Level 1 SOC analyst with rapid detection capabilities 

across multiple endpoint and network monitoring tools, all from a central location and single dashboard. 

Automated security orchestration will improve the efficiency of SOC processes and the identification of 

malicious activity, allowing for Level 1 SOC analysts to forward potential security incidents that merit 

attention to Level 2 staff more quickly. 

Level 2 analysts get the ability to remediate security challenges quickly and accurately. The intelligent 

SOC platform’s AI and machine learning capabilities deliver highly accurate detections and suggestions 

for how to remediate them. Automated orchestration enriches Level 2 SOC analyst with additional data, 

rapid remediation capabilities, leveraging multiple protection tools and components from a central 



location and single dashboard. These automated platforms will help scope events into true incidents for 

human responders 

Automated orchestration provides Level 3 SOC analysts with rapid evidence collection of simultaneous 

processes across multiple tools from a centralized location and a single dashboard. Most importantly, 

automation and orchestration can provide a more rapid response capability across multiple security 

components and tools whether they are on-prem or located in the cloud. 

Intelligent SOCs bring dramatic improvements in a company’s ability to protect itself from ongoing attacks 

by consolidating and analyzing information from across all security tools, correlating detections found by 

multiple sources, and presenting attack information and remediation options in a single dashboard. For 

the sake of overall security protection, the journey to an intelligent SOC is one well worth taking. 


Albert Zhichun Li is the Chief Scientist at Stellar Cyber. is a worldrenowned 

expert in cyber security, machine learning (ML), systems, 

networking and IoT. He is one of the few scientists known to heavily 

apply ML to security detection/investigation. Albert has 20 years of 

experience in security, and has been applying machine learning to 

security for 15 years. Previously, he was the head of NEC Labs’ 

computer security department, where he initiated, architected and 

commercialized NEC’s own AI-driven security platform. He has filed 

48 US patents and has published nearly 50 seminal research papers. 

Dr. Li has a Ph.D. in system and network security from Northwestern 

University and a B.Sc. from Tsinghua University. 

Albert can be reached online at zli@stellarcyber.ai and at our company website http://stellarcyber.ai 



Joint Investigation Reveals Evidence of Malicious 

Android COVID Contact Tracing Apps 

By Peter Ferguson, Cyber Threat Intelligence Specialist at EclecticIQ’s Fusion Center 

The devastation of the COVID-19 pandemic has caused public-health and economic issues to countries 

around the globe, and the complications of which are far from over. In accordance to scientific guidance, 

many nations have launched contact tracing applications to monitor, identify, alert and reduce the spread 

of infections. 

However, the shift towards tracing apps has not always been smooth in the eyes of both the media and 

the public, with various concerns about the privacy of these tools. Considering such an app is an 

unprecedented phenomenon in a world that’s perhaps more connected than ever, it is easy to understand 

how some may see an Orwellian twist to the story, despite the arguable necessity for tracking in order to 

keep members of the public safe. In fact, a US survey by YouGov from April 2020 indicated that 43% of 

Americans believe that such an app would be an invasion of privacy and just one third said they would 

install the app. 



However, despite these concerns, as the pandemic continues and economic activity starts to resume, 

more and more countries have been looking into providing their own COVID-19 contact tracing 

applications. With this, it is likely that we’ll see threat actors exploit the window of opportunity of a new 

product being launched to the public in order to distribute malicious Android packages that pose as 

legitimate contact tracing applications while delivering banking trojans, spyware, and ransomware. 

A recent joint investigation between EclecticIQ and the ThreatFabric research team has been produced 

into a report on this matter, with the findings suggesting that threat actors will almost certainly continue 

to use commodity and open source-based malware disguised as legitimate contact tracing applications 

for financial gain. 

The low barrier to entry provided by these tools and the continued rollout of contact tracing applications 

by nations, presents continued financial opportunity for cybercriminals into the near future. Worryingly, 

we have observed evidence of malicious actors displaying their willingness to exploit the current 

pandemic by targeting legitimate contact tracing applications consistently in recent months. The samples 

analysed by our research team had an earliest estimated build time of April 12 th , 2020 with the latest 

being June 23 rd , 2020. 

Third party tooling used to provide C2 anonymisation 

As part of our investigation, we have found examples of threat actors using third party tooling to provide 

anonymisation to their command and control (C2) infrastructure. In our research, we found India to have 

been particularly targeted with malicious applications, with eight malicious applications that used 

Portmap.io, a commercially available port forwarding service, and Ngrok, a secure tunnelling service. 

Malicious Android packages distributed through phishing links 

The examples of malicious contact tracing apps we analysed were primarily distributed through phishing 

links designed to trick users into downloading a malicious Android package. One of the samples we 

analysed, first identified by the MalwareHunterTeam, was disguised as an official contact tracing app for 

India and was an example of this phishing practice. 

Furthermore, it would seem that the distribution of malicious Android packages disguised as legitimate 

contact tracing apps is consistent across the regions. As an example, ESET found that the official 

Canadian contact tracing app was targeted with ransomware, with users being lured into downloading 

the CryCryptor ransomware via two phishing links. 

Investigation findings are consistent with previous open source reporting 

Our report found that the use of commodity and open-source based malware is consistent with previous 

open source findings: Researchers at Symantec found that legitimate SM_Covid19 apps were 

repackaged by cybercriminals and injected with Metasploit, hence giving the identified samples Trojan 

capabilities. A further three samples were found to be disguised as the contact tracing app for India. 



As part of our investigation, we also analysed a publicly available malicious sample, disguised as the 

legitimate app for Singapore, which we found to be linked to the commodity Android Banking Trojan, 

Alien. 

Malicious Android packages distributed for financial gain 

From our analysis, we have assessed with high confidence that the majority of these malicious attacks 

on contact tracing apps are financially motivated. One of the indicators of this is the use of openly 

available tools, which require no financial input from the cybercriminals beyond the time needed to 

configure and deploy them. 

Good advice to users would be to never download contact tracing Android applications from links sent to 

them or from third party stores. If you’re interested in downloading your nation’s contact tracing 

application, we’d recommend the use of an official health body website or the Google Play Store. Social 

engineering remains an incredibly efficient tactic to manipulate users into downloading and installing a 

wide variety of malicious applications on mobile devices. As the crisis deepens, it has become 

increasingly important for users to remain cautious about the sources they download their software from 

and take due precautions when opening links that have been shared with them – spear phishing, the 

practice of luring victims to click on links or enter data via fraudulent emails that use a personalised 

approach can be incredibly deceiving even to the trained eye. 


Peter Ferguson is a Cyber Threat Intelligence Specialist at 

Amsterdam-based cybersecurity company EclecticIQ. He has a 

demonstrated history of working in the security industry, specialising 

in modelling threats to industry standard models (Kill Chain, MITRE, 

STIX). 

Peter can be reached online via LinkedIn and at our company website: 

https://www.eclecticiq.com/ 



A Hybrid Workplace Means New Threats and More 

Pressure on IT Leaders 

By Tim Sadler, Cofounder and CEO of Tessian 

Events this year have changed the way we think about work indefinitely. In fact, new research from 

Tessian shows that only 11% of employees want to work exclusively in the office post-pandemic. 

Businesses must now consider whether the remote work shift brought on by COVID-19 should become 

permanent. But, then again, remote work isn't accessible or preferable for every employee. Business 

leaders, therefore, have important decisions to make around how employees will work in the future, be it 

remotely, in an office or a hybrid of the two. 

Whatever the decision, cybersecurity will be a huge factor. IT teams must fortify workplace processes 

with an added layer of security to protect both data and individuals no matter where an employee is 

working. They will face more pressure from the top as cybersecurity and business continuity are 

prioritized. 

Business leaders need to understand the new challenges IT leaders are facing, how security threats 

change as people work from anywhere, and how to prepare for a future hybrid working structure. 



Why IT Leaders Are Concerned About Hybrid Work 

Three-quarters of IT decision makers believe the future of work will be either remote or hybrid, according 

to Tessian’s report. 

But they do have concerns around these new ways of working, specifically around employee wellbeing. 

Throughout the pandemic, research has shown the negative impact remote work has had on people’s 

levels of stress, leading to more incidents of burnout. As well as having detrimental consequences to 

people’s wellbeing, increased levels of stress could also be putting companies at risk, as people tend to 

make more cybersecurity mistakes at work. IT leaders are also concerned that remote employees’ unsafe 

data practices could lead to more data breaches and security incidents. 

It’s no wonder, then, that more than one-third (34%) of IT leaders are worried about their teams’ time and 

resources being stretched too thin. Eighty-five percent also believe their teams will be under more 

pressure with a permanent remote work structure. To explain, let’s look at two specific security concerns 

that are made more complex when some, or all, employees work outside of the office: 

● Phishing: Half of the security incidents or data breaches that companies experienced between 

March and July 2020 were the result of phishing attacks - making it the top attack vector during 

this time. In fact, nearly two-thirds of US and UK employees (65%) said they received a phishing 

email during the remote work period. The problem is that employees are more susceptible to 

phishing attacks while working remotely, namely because hackers are taking advantage of the 

situation and it’s also harder to verify a colleague’s request when they aren’t in the same room as 

you. In addition, factors like distraction could cause people to miss cues and potentially click on 

malicious links. 

● Insider threats: Data exfiltration from inside the company is also a security risk that becomes more 

complex with a remote or hybrid environment, even when not done maliciously. An employee 

could, for example, be sending documents to personal email accounts to print from their home 

devices. When this data leaves corporate networks and devices, though, it becomes more 

vulnerable to a breach and puts the company at risk of non-compliance. 

Protect IT Teams’ Time by Focusing Security and Awareness Efforts 

Mitigating these risks without over-burdening IT teams won’t be easy but it can be achieved by focusing 

on two important areas: email protection and better cybersecurity training. 

Employees are more reliant on email than ever while working remotely; Tessian saw a 129% increase in 

email traffic from March to April 2020, compared with January to February. As people use email more 

and more to send data to customers and colleagues, and as hackers exploit the channels employees rely 

on most, educating people on threats like phishing attacks or accidental data loss - simply caused by 

someone sending an email the wrong person - is critical to company security. 

This training, however, needs to resonate. It can’t be seen as a tick-box exercise or another thing for 

people to add to their to-do lists, because employees just won’t engage with it. In fact, despite half of IT 

departments implementing more security training for their remote workers during the pandemic, nearly 1 

in 5 employees said they didn’t take part. 

This could be because the training gets in the way of people doing their jobs, but also because it often 

lacks the real-world context employees need to develop positive security behavior. Real-time educational 

alerts provide that context. Employees can understand, in-the-moment, why the message they received 



is a threat as well as the techniques hackers are using to trick or manipulate them - all learnings that they 

can apply to future incidents. 

A human-first approach to cybersecurity has never been more important. As employees log onto 

corporate networks from anywhere in the world, the most important security perimeter companies must 

protect are its team members. 

Employees have access to large amounts of sensitive information and are handling more of that data 

over email than ever. But it’s unreasonable to expect employees to keep data and systems secure 100% 

of time - mistakes happen and many people aren’t cybersecurity experts. By focusing on a few highimpact 

areas, IT teams can protect employees and their business, without feeling overwhelmed by the 

task ahead. 


Tim is the Chief Executive Officer and co-founder of human layer 

security company Tessian. After a career in investment banking, Tim 

and his co-founders started Tessian in 2013, creating a cybersecurity 

solution that uses machine learning to protect people from risks on 

email like data exfiltration, accidental data loss and phishing. Tim has 

since built the company to over 160 employees in offices in San 

Francisco and London, and raised over $60m from leading venture 

capital funds. Tim was listed on the Forbes 30 Under 30 list in 

technology. 



How We Securely Share Data in A Remote World 

By Duncan Greatwood, CEO, Xage Security 

Cybersecurity solutions are often thought of as a single-issue solution: protecting companies from 

dangerous or costly hacks, or detecting hacks after they’ve already happened, when it may be too late. 

But in an era when our essential industries are continuing to digitize, organizations need to approach 

cybersecurity as a foundational element of innovation. Security must evolve to enable efficient data 

sharing, across company, location and network zone boundaries. 

As we shift into an era of increased remote work, cyber risk is changing. Companies are becoming more 

and more co-dependent, working together to make entire industries better -- think of the logistics 

companies powering retailers, sharing data from suppliers to customers to improve operational 

timeliness. Collaboration is essential, and remote work has accelerated the need for flexible digital 

collaboration. 

Companies rely on secure third-party communication and cross-organization collaboration to develop 

new, more impactful and efficient ways of working. 

Keep Private Information In, Safely Share Data Out 

Companies must be able to secure access – letting individuals have access to only what they need, for 

the time that they need it – with extremely granular control. As opposed to relying solely on broadlydefined 

trust zones, like traditional security solutions, a zero-trust cybersecurity approach is essential for 



today’s IT and OT environments. A zero-trust approach means that access is never assumed or granted 

purely on the basis of zone access. Instead, the policy is to constantly and consistently ensure that an 

individual employee or a single device has the correct authorizations before they are granted access to 

a system. 

It is enforcing security at the edge, particularly for industrial operations, that enables organizations to 

protect individual devices where they are, with remote oversight. As a result, threats can be blocked at 

their source, protecting the entire, often critical, operation––rather than allowing one hack to decimate an 

entire connected system and cause widespread damage. 

While zero-trust is essential for access, it’s also an important aspect of securing traversal or data 

throughout systems – whether within a company’s own systems, or sharing with important partners and 

customers. In this way, the same approach necessary to keep devices and data safe within a system can 

also be used to facilitate secure data transfer, improving operations, efficiency and collaboration with 

partners, suppliers and customers. 

Data is the Driver 

Data is the key driver in business today. Without secure data sharing, operators risk missing out on crucial 

and timely learnings from combining partner data––such as seismic information that can help ensure the 

safety of oil & gas rig operators, or grid stability data for utilities operators. Without the right mechanisms 

in place, it’s extremely time consuming and costly to combine, process, and share data, meaning you 

can’t get real time data or live learnings, and thus lose the ability to make important changes that can 

improve operations in real time. 

Being able to securely share data is a huge step towards more efficient remote operations. But in order 

to do so, we need to ensure that all data maintains authenticity, integrity, and privacy. The best way to 

achieve this trifecta is by taking a zero-trust approach to in-field protection, so that data integrity can be 

checked and proofed at all stages of data transfer. Data should be secured down to a granular level, 

noting and immutably logging important factors like location and time of generation. This approach allows 

the data’s producer to define who can subsequently access the data, and enables the data’s consumer 

to verify the data’s integrity in their application. 

Decentralized Security in Space 

At Xage, we were recently awarded a grant by the US Space Force (USSF), to prepare end-to-end access 

and data protection for USSF assets. For an organization itself designed to protect US interests and 

assets in space, holistic security is paramount. 

This work emphasizes the importance of decentralized security enforcement for decentralized 

systems: limiting single points of access, securing devices at the edge, and detecting attempted hacks 

that could have devastating impact if they gained traction or access to other devices. 



Further, the Space Force requires a solution that provides universal protection. Like many other 

organizations, the Space Force relies on devices of various generations, from various suppliers, in 

various locations, of varying levels of security. Accordingly, organizations like the USSF need solutions 

that work for all assets – whether space-based or on the ground, enforcing granular access and data 

control in real time – to enable the creation of “systems of systems” each of which can act autonomously 

and in concert as needed. 

Remote Work Is Here to Stay 

Essential systems were already digitizing pre-pandemic, but with the shift to remote work, as well as the 

digital and innovation pressure brought on by broader COVID-19 economic changes, we will continue to 

see increased cyber risk in essential industries. As we determine how to best move forward with securing 

them, we need to focus on solutions that truly match the systems they’re designed to protect: adaptable, 

universal and designed for the high-volume data sharing required for operational innovation. 


Duncan Greatwood is Xage Security's Chief 

Executive Officer. Most recently, he was an 

executive at Apple, helping to lead a number of 

Apple's search-technology projects and products. 

Prior to Apple, Duncan was CEO of Topsy Labs, the 

leader in social media search and analytics acquired 

by Apple in 2013. Prior to Topsy, he was founder and 

CEO of PostPath Inc., the email, collaboration and 

security company acquired by Cisco in 2008. 

Previously, Duncan held Vice President roles in 

Marketing, Corporate Development and Sales at 

Virata/GlobespanVirata/Conexant, as well as earlier 

engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales, 

marketing, operations, technology, and human experience to the task of driving growth at Xage. Duncan 

holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from 

London Business School. Duncan can be reached online via www.xage.com. 



To Share, Or Not to Share 

As consumers’ views on personal data evolve, it’s time to re-think data privacy 

By Kris Lovejoy, Global Consulting Cybersecurity Leader, EY 

Today organizations are standing at the crossroads when it comes to data privacy. In one direction, a 

series of high-profile data breaches and scandals in recent years has eroded consumers’ trust in 

organizations and led to them becoming ever more vigilant about their privacy. This consumer vigilance, 

combined with a regulatory drive to tighten the rules around the handling of personal information, has led 

to organizations becoming increasingly risk-averse about monetizing their customers’ data. 

In the other direction, however, the outbreak of the COVID-19 pandemic has revealed a willingness 

among consumers to share their personal data, if doing so is in the public benefit or if it brings them 

advantages such as discounts or tailored services. This suggests that many organizations could monetize 

their data more effectively than they are doing at present, provided they approach it in a way that aligns 

with both their own purpose and consumers’ expectations. 

In light of these mixed messages, what is the right direction to take regarding consumers’ data privacy? 

The EY Global Consumer Privacy Survey 2020 suggests that organizations need to take a balanced 

approach to data privacy, which recognizes consumers’ vigilance regarding their data, as well as their 

willingness to share it in certain circumstances. 



A trend in consumer vigilance 

As it turns out, in the current environment of breaches and the pandemic, consumers are much more 

aware of the personal data they are sharing now. In fact, more than half (54%) of the consumers who 

responded to our survey said they are more aware now of the personal data they’re sharing than before 

the pandemic. It is not just the health crisis that has driven awareness. Other developments, such as 

how some media platforms may be linked to exerting influence over current events and legislative 

change, including the European Union’s General Data Protection Regulation and the California 

Consumer Privacy Act are also sharpening the focus on awareness. We also found that, generally 

speaking, younger generations are much more aware of their privacy rights, and the implications of 

sharing data, compared with older generations. For example, in the past six months, 45% of Millennials 

and 49% of Gen Z have always or often shared COVID-19 health data with an organization, compared 

with just 21% of Baby Boomers. 

In fact, trust in how data is being collected and shared has been a concern for some time, and the survey 

revealed that this trend is set to continue. Significantly, the majority (56%) of consumers said that their 

trust in an organization’s ability to collect, store and use their data would be damaged if the organization 

shared that data without their overt consent. Almost half (48%) said they would lose trust in an 

organization if it suffered a data breach or a cyber-attack, while 43% would become mistrustful if an 

organization asked for data unnecessarily. 

Data monetization is another topic of concern that emerged from the results, and the findings offer some 

invaluable insights into how organizations can build sufficient trust with consumers to be able to monetize 

their data effectively. Significantly, the most important considerations for consumers when sharing 

personal data with an organization are secure collection and storage (63%), followed by control over what 

data is being shared (57%), and trust in the organization itself (51%). And an organization’s ability to 

counter data breaches and cyber-attacks ranks second as the factor most likely to boost consumer 

confidence. 

Meanwhile, consumers are actively educating themselves in the area of data privacy. The findings 

indicate that in the six months prior to the survey, 45% of consumers had taken the time to understand 

how a company uses their data, 36% had willingly shared health data related to their COVID-19 status, 

and the same proportion had chosen not to provide personal data or asked an organization to remove 

their data due to reputational concerns around its usage. As a result, organizations that expect to 

monetize the data they collect – whether that’s by collecting internal data to improve operations, or by 

deploying better-targeted campaigns or discounts for current and prospective customers to generate 

more revenue – should be mindful that consumers are paying much closer attention. 

Altruism, but with limits 

While the research shows that consumers are more mindful regarding who is using their data, and how 

it is being used, it also uncovered a trend toward altruistic data sharing. Indeed, more and more 

consumers are seeking out brands that use their data to help others — as long as they are adequately 

protected and remain in control of what they share. 

Half of the consumers surveyed said the pandemic has made them more willing to part with their personal 

data, especially if they know it is contributing to the research effort and/or community wellness. This 



creates a real opportunity for brands with a deep sense of purpose to build trust with consumers, which, 

in turn, will allow them to responsibly tap the potential of consumer data. 

This tendency to share data for altruistic purposes is particularly pronounced among younger consumers. 

More than a quarter (26%) of Millennials and 22% of Generation Z respondents said that helping to 

maintain or improve the life of someone they do not know is one of the three most important 

considerations when agreeing to share data with an organization. Also, almost two-thirds (61%) of 

consumer respondents in Asia-Pacific said they are more willing to share their personal data if it 

contributes to the COVID-19 research effort and/or community wellness. 

The survey further highlights that context is crucial for consumers when it comes to sharing data. Around 

two-thirds (65%) of respondents said they would share medical information with a medical institution to 

improve their healthcare experience, and 54% would share demographic data with a retailer in exchange 

for discounts. Yet only 39% would share their online search history with a large technology company in 

return for more personalization. 

Getting the balance right 

It is clear from the research that while consumers are sensitive about how their data is handled, they can 

be persuaded to share more of it with trusted organizations that use data in meaningful, purposeful and 

responsible ways. Organizations can build trust by clearly communicating to their customers what they 

are doing around data protection. They can also give consumers greater control over the data that 

specifically relates to them. If trust isn’t built – or if it is breached – organizations risk losing their customers 

to competitors. 

Once trust has been established, organizations can start to explore how they can monetize consumers’ 

data in ways that will create value for them and help to further build trust. They should consider what 

kinds of data their customers might be willing to share, and under what conditions. 

Proceed with caution 

Depending on who you ask, perspectives and priorities on privacy certainly differ. For example, in 

collaboration with the International Association of Privacy Professionals, EY professionals interviewed 

privacy practitioners and privacy leaders from around the world. 2 Practitioners implementing privacy on 

the ground across business sectors focused on the most immediate challenges relating to privacy. They 

highlighted employee privacy protections and virtualization challenges as the top priorities as they 

prepared for work-from-home and return-to-work transitions. For policymakers, regulators and 

academics, the focus is more around bigger-picture societal concerns, citing the increase and 

normalization of surveillance by governments and commercial actors as their top priority. 

Consumers, understandably, have their own priorities and require a customized approach. In the past, 

many organizations have understandably been extremely cautious around consumer data privacy, but 

this has come at a cost – both the financial cost associated with cyber protection and the commercial 

cost associated with missed revenue opportunities. With CIOs now under pressure to do more with less 

amid frozen budgets and changing consumer expectations around data, the time has come to reassess 

this super-cautious approach. 



As we stand at the crossroads – balancing the perspectives of consumers, requirements of regulators 

and needs of the business related to data privacy and protection – businesses need to re-evaluate their 

overall privacy program and approach. Perhaps the new reality offers a unique opportunity to enable 

strong security to create trust, allowing customers to share more data and derive more value. 

If this pandemic has taught us anything, insights that could make a big difference to consumers may well 

be hiding behind masses of untapped data. While this may be deemed a heretical statement for a 

cybersecurity practitioner to make, perhaps we should be re-considering our role and the programs we 

implement to protect data and privacy, with a new bias toward promoting and expediting – not limiting – 

a trusted value exchange. 

The views reflected in this article are the views of the author and do not necessarily reflect the views of 

the global EY organization or its member firms. 

1 

Privacy in the wake of COVID-19 


Kris Lovejoy is EY Global Consulting Cybersecurity Leader. Worldrenowned 

in cybersecurity, risk, compliance and governance, she was 

a keynote speaker at this year’s CERIAS Security Symposium and 

was named by Consulting magazine as a Women Leader in 

Technology. She has been quoted in publications that include Forbes, 

Fortune, USA Today, Federal News Network and Risk Management. 

Before joining EY, Kris was CEO of an AI-driven network security 

company and the general manager of a multinational information 

technology company’s security services division, charged with building 

end-to-end cybersecurity programs for clients worldwide. Kris can be 

reached online at https://www.linkedin.com/in/klovejoy/ and at 

EY.com. 

















Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS 

“Amazing Keynote” 

“Best Speaker on the Hacking Stage” 

“Most Entertaining and Engaging” 

Gary has been keynoting cyber security events throughout the year. He’s also been a 

moderator, a panelist and has numerous upcoming events throughout the year. 

If you are looking for a cybersecurity expert who can make the difference from a nice event to 

a stellar conference, look no further email marketing@cyberdefensemagazine.com 



You asked, and it’s finally here…we’ve launched CyberDefense.TV 

At least a dozen exceptional interviews rolling out each month starting this summer… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 12/02/2020 



TRILLIONS ARE AT STAKE 

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES 

Released: 

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH 

In Development: 





8+ Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazine.com up and running as an array of live mirror 

sites. 

Millions of monthly readers and new platforms coming…

Cyber Defense eMagazine December 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?