Cyber Defense eMagazine December 2020 Edition
Cyber Defense eMagazine December Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine December Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Securing the Hybrid Workforce Begins<br />
with Three Crucial Steps<br />
Top 10 Data Breaches of the 21st Century<br />
Responding to Security Incidents with<br />
Behavior Analysis<br />
Data Migration Security<br />
…and much more…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 1<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CONTENTS<br />
Welcome to CDM’s <strong>December</strong> <strong>2020</strong> Issue ----------------------------------------------------------------------------------------- 6<br />
Securing the Hybrid Workforce Begins with Three Crucial Steps ------------------------------------------------- 24<br />
By Rick Vanover, Senior Director of Product Strategy, Veeam<br />
Top 10 Data Breaches of the 21st Century ------------------------------------------------------------------------------ 28<br />
By Nicole Allen, Marketing Executive, SaltDNA.<br />
Why Organizations Need to Reduce Friction to Manage Remote Work Environments -------------------- 33<br />
By Jay Goodman, Strategic Product Marketing Manager, Automox<br />
<strong>Cyber</strong>security: Innovation Needed ----------------------------------------------------------------------------------------- 36<br />
By Laurence Pitt, Global Security Strategy Director, Juniper Networks<br />
The Future of Security Is on The Hardware ------------------------------------------------------------------------------ 39<br />
By Ian Pratt, Global Head of Security, HP<br />
Responding to Security Incidents with Behavior Analysis----------------------------------------------------------- 42<br />
By Jeff Stein, Information Security Architect, Reputation.com<br />
Learning Hardware Security Via Capture-The-Flag Competitions ------------------------------------------------ 45<br />
By Jason M. Fung, Offensive Security Research Manager at Intel<br />
Telegram for Business Communications: Understanding The Risks And Rewards--------------------------- 49<br />
By Otavio Freire, CTO and Co-Founder, SafeGuard <strong>Cyber</strong><br />
How Are Financial Services Firms Addressing the Requirements of Digital Transformation, Security,<br />
And Compliance? ---------------------------------------------------------------------------------------------------------------- 52<br />
By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks<br />
Revealed: How Banking and Finance GRC Leaders Struggle to Address Regulators’ Demands for <strong>Cyber</strong><br />
Evidence with Confidence ---------------------------------------------------------------------------------------------------- 56<br />
By Charaka Goonatilake. CTO at Panaseer<br />
Why the Education Sector Must Address Security in The Rush to Digitise ------------------------------------- 62<br />
By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba<br />
Data Migration Security ------------------------------------------------------------------------------------------------------ 65<br />
By Devin Partida, <strong>Cyber</strong>security Writer, ReHack Magazine<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 2<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Crown Prosecution Service (CPS) Has Recorded 1,627 Data Breaches Over the Entirety of the<br />
2019-20 Financial Year, Up From 1,378 In the Previous Financial Year ----------------------------------------- 68<br />
By Andy Harcup, VOP, Absolute Software<br />
Financial Data Security Risks in The Hands of Online Shops or Intermediary Applications --------------- 71<br />
By Ben Hartwig, Web Operations Executive, InfoTracer<br />
All Aboard The COVID-19 Train: Malware Trends Taking Advantage of The Pandemic ------------------- 75<br />
By Bar Block, Threat Intelligence Researcher at Deep Instinct<br />
The Coming Security Perspectives------------------------------------------------------------------------------------------ 79<br />
By Milica D. Djekic<br />
Amidst Election Noise, <strong>Cyber</strong>criminals See an Opportunity with Retail ---------------------------------------- 81<br />
By Chris Kennedy, CISO & VP of Customer Success, AttackIQ<br />
What’s in Your Wallet? The <strong>Cyber</strong>security Costs of COVID --------------------------------------------------------- 84<br />
By Mark Sangster, Vice President and Industry Security Strategist, eSentire<br />
Making the Journey to the Intelligent SOC ------------------------------------------------------------------------------ 87<br />
By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />
Joint Investigation Reveals Evidence of Malicious Android COVID Contact Tracing Apps----------------- 91<br />
By Peter Ferguson, <strong>Cyber</strong> Threat Intelligence Specialist at EclecticIQ’s Fusion Center<br />
A Hybrid Workplace Means New Threats and More Pressure on IT Leaders ---------------------------------- 94<br />
By Tim Sadler, Cofounder and CEO of Tessia<br />
How We Securely Share Data in A Remote World -------------------------------------------------------------------- 97<br />
By Duncan Greatwood, CEO, Xage Security<br />
To Share, Or Not to Share -------------------------------------------------------------------------------------------------- 100<br />
By Kris Lovejoy, Global Consulting <strong>Cyber</strong>security Leader, EY ------------------------------------------------------------ 100<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 3<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@MILIEFSKY<br />
From the<br />
Publisher…<br />
New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />
Dear Friends,<br />
As we publish this <strong>December</strong> issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine, many of<br />
us will look ahead to the year 2021 with great anticipation. While <strong>2020</strong><br />
has been a challenge for most in the cybersecurity community, many<br />
have weathered the storm and even become stronger as a result.<br />
From my perspective, it’s clear that it’s imperative to get back to basics.<br />
The articles in this month’s <strong>Cyber</strong> <strong>Defense</strong> Magazine, which are provided<br />
from a broad array of contributors, demonstrate that our community is<br />
moving steadily into a new phase, getting down to basics while we<br />
address broader issues as well.<br />
In addition, we’re thrilled to have now opened our 9 th annual Global InfoSec Awards for 2021 as our most<br />
prestigious awards at https://www.cyberdefenseawards.com which will take place during RSA Conference 2021.<br />
I’d like to draw your attention to my current article emphasizing the need for appropriate responses to holidayrelated<br />
scams. Without repeating it in full here, I’ll refer you to the online posting at:<br />
https://www.cyberdefensemagazine.com/halting-hackers-on-the-holidays/<br />
In addition to the important articles in the <strong>December</strong> issue, we are pleased to continue providing the powerful<br />
combination of monthly <strong>eMagazine</strong>s, daily updates, and features on the <strong>Cyber</strong> <strong>Defense</strong> Magazine home page, and<br />
webinars featuring national and international experts on topics of current interest. Finally, don’t forget to grab<br />
some knowledgebase infosec and cybersecurity tidbits from experts at https://www.cyberdefensewebinars.com.<br />
Warmest regards,<br />
Gary S. Miliefsky<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or information about<br />
CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />
@Miliefsky – it helps spread the word about our free resources<br />
even more quickly<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 4<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook formats.<br />
PRESIDENT & CO-FOUNDER<br />
Stevin Miliefsky<br />
stevinv@cyberdefensemagazine.com<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec information.<br />
From the International<br />
Editor-in-Chief…<br />
From the international point of view on cybersecurity matters, we<br />
close out <strong>2020</strong> with both relief and expectation. I’m pleased to<br />
observe that there appear to be deliberate efforts to achieve<br />
international cooperation in our space. That includes mindfully<br />
moving beyond COVID concerns and implementing cybersecurity<br />
measures on a more generalized and cooperative basis.<br />
One aspect will remain consistent: the need for both coordination<br />
and compliance measures in the international arena. The farreaching<br />
threats neither know nor respect national borders. Recent<br />
reports show even the organizations specializing in cybersecurity<br />
services are not immune from hackers.<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />
276 Fifth Avenue, Suite 704, New York, NY 10001<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
From the international perspective, we continue to hope that in our<br />
world of cybersecurity and privacy, there may be room for both<br />
national and global interests.<br />
As always, we encourage cooperation and compatibility among<br />
nations and international organizations on cybersecurity and<br />
privacy matters.<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
International Editor-in-Chief<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
8+ YEARS OF EXCELLENCE!<br />
Providing free information, best practices, tips and<br />
techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />
magazine is your go-to-source for Information Security.<br />
We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
CYBERDEFENSEMEDIAGROUP.COM<br />
MAGAZINE TV RADIO AWARDS<br />
WEBINARS<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 5<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Welcome to CDM’s <strong>December</strong> <strong>2020</strong> Issue<br />
From the U.S. Editor-in-Chief<br />
Just a few months ago, I wrote in this space about the prospects for entering a period of the<br />
“New Normal.” At the time, it appeared (to me, at least) that the prospects were fairly remote;<br />
that is, until we could establish some degree of stability, the concept of “normal” would be<br />
elusive.<br />
As I write this message today, I’m pleased to observe that our contributors and commentary<br />
indicate that the responses of the cybersecurity community are effectively establishing a “New<br />
Normal” for both organizations and infrastructure.<br />
For example, one observation reflects the magnitude of challenges in migrating from “5000<br />
workers in one place to workers in 5000 places.”<br />
Clearly, the process of normalizing won’t return us to the old patterns of cybersecurity. But the<br />
new ones appear to be coming to the fore in an informed and professional manner.<br />
As in past issues, let me suggest reviewing the Table of Contents first, so you can prioritize<br />
reading the articles which most closely pertain to your own cybersecurity concerns. (I make this<br />
suggestion with full confidence that all of the articles have value to all of our readers, just to<br />
differing degrees.)<br />
With that introduction, we are pleased to present the <strong>December</strong> <strong>2020</strong> issue of <strong>Cyber</strong> <strong>Defense</strong><br />
Magazine.<br />
Wishing you all success in your cyber security endeavors,<br />
Yan Ross<br />
US Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & US Editor-in-Chief for<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine. He is an accredited author and educator and<br />
has provided editorial services for award-winning best-selling books on<br />
a variety of topics. He also serves as ICFE's Director of Special Projects,<br />
and the author of the Certified Identity Theft Risk Management Specialist<br />
® XV CITRMS® course. As an accredited educator for over 20 years,<br />
Yan addresses risk management in the areas of identity theft, privacy,<br />
and cyber security for consumers and organizations holding sensitive<br />
personal information. You can reach him via his e-mail address at<br />
yan.ross@cyberdefensemediagroup.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 6<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 7<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 8<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 9<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 10<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 11<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 12<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 13<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 14<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 15<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those<br />
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep<br />
understanding of your web application vulnerabilities, how to prioritize them, and what to do about<br />
them. With this trial you will get:<br />
An evaluation of the security of one of your organization’s websites<br />
Application security guidance from security engineers in WhiteHat’s Threat Research Center<br />
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well<br />
as share findings with internal developers and security management<br />
A customized review and complimentary final executive and technical report<br />
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/<br />
PLEASE NOTE: Trial participation is subject to qualification.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 16<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 17<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 18<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 19<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 20<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 21<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 22<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 23<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Securing the Hybrid Workforce Begins with Three Crucial<br />
Steps<br />
By Rick Vanover, Senior Director of Product Strategy, Veeam<br />
It is clear that remote working is here to stay. According to a survey conducted by Bayt.com, a leading<br />
job site in the Middle East, 90% of professionals in the Middle East and North Africa (MENA) region<br />
expect remote work to increase over the next few years and 74% of professionals prefer jobs that allow<br />
them to work remotely. The shift to a remote workforce has redefined the way organizations structure<br />
their business models. As executives reestablish work policies to accommodate remote employees well<br />
beyond the initially anticipated duration, a new era of work will emerge: the hybrid workforce, one more<br />
largely split between office and remote environments. While this transition brings a wave of opportunity<br />
for organizations and employees, it also opens new doors for bad actors to capitalize on strained IT<br />
departments who have taken on additional responsibility to ensure sensitive data remains secure,<br />
whether on or off the corporate network.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 24<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
While threats to company data range in attack method, ransomware continues to be the most prominent<br />
risk known to organizations worldwide, with a 41% increase in 2019 alone. According a recent study by<br />
Sophos, 49% of the organizations surveyed in UAE mentioned a ransomware attack in the last year. In<br />
July this year, researchers at cybersecurity firm Palo Alto uncovered a strain of ransomware that hit<br />
government-run organizations in the MENA region 1 . It’s important that companies focus on<br />
acknowledging this threat and deploying strategies to prepare, defend and repair incidents, before<br />
adapting to a hybrid workforce model. This process will prevent organizations from falling victim to attacks<br />
where data loss or ransom payment are the only unfortunate options. To win the war on ransomware,<br />
organizations should incorporate a plan for IT organizations that ensures they have the resilience needed<br />
to overcome any attack. Let’s explore three crucial steps for ransomware resilience in more detail.<br />
Focus on education first, avoid reactive approaches to threats later<br />
Education – beginning after threat actors are identified – should be the first step taken on the path towards<br />
resilience. To avoid being caught in a reactive position, should a ransomware incident arise, it’s important<br />
to understand the three main mechanisms for entry: internet-connected RDP or other remote access,<br />
phishing attacks and software vulnerabilities. Once organizations know where the threats lie, they can<br />
tactfully approach training with strategies to refine IT and user security, putting additional preparation<br />
tactics in place. Identifying the top three mechanisms can help IT administration isolate RDP servers with<br />
backup components, integrate tools to assess the threat of phishing attacks to help spot and respond<br />
correctly, and inform users on recurrent updates to critical categories of IT assets, such as operating<br />
systems, applications, databases and device firmware.<br />
Additionally, preparing how to use the ransomware tools in place will help IT organizations familiarize<br />
themselves with different restore scenarios. Whether it be a secure restore process that will abort when<br />
malware is detected or software that can detect ransomware ahead of restoring a system, the ability to<br />
perform different restore scenarios will become invaluable to organizations. When an attack does<br />
happen, they will recognize, understand and have confidence in the process of working towards recovery.<br />
By taking the education aspect of these steps seriously, organizations can decrease the ransomware<br />
risks, costs and pressure of dealing with a ransomware incident unprepared.<br />
Implement backup solutions that maintain business continuity<br />
An important part of ransomware resiliency is the implementation of backup infrastructure to create and<br />
maintain strong business continuity. Organizations need to have a reliable system in place that protects<br />
their servers and keeps them from ever having to pay to get their data back. Consider keeping the backup<br />
server isolated from the internet and limit shared accounts that grant access to all users. Instead, assign<br />
specific tasks within the server that are relevant for users and require two-factor authentication for remote<br />
desktop access. Additionally, backups with an air-gapped, offline or immutable copy of data paired with<br />
the 3-2-1 rule will provide one of the most critical defenses against ransomware, insider threats and<br />
accidental deletion.<br />
1<br />
https://www.cyberscoop.com/ransomware-thanos-middle-east-palo-alto_networks/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Furthermore, detecting a ransomware threat as early as possible gives IT organizations a significant<br />
advantage. This requires tools in place to flag possible threat activity. For endpoint devices displaced<br />
remotely, backup repositories that are set up to identify risks will give IT further insight into an incredible<br />
surface area to analyze for potential threat introduction. If implementations don’t prohibit attacks, another<br />
viable option is encrypting backups wherever possible for an additional layer of protection – threat actors<br />
charging ransom to prevent leaking data do not want to have to decrypt it. When it comes to a<br />
ransomware incident, there isn’t one single way to recover, but there are many options aside from these<br />
that organizations can take. The important thing to remember is that resiliency will be predicated on how<br />
backup solutions are implemented, the behavior of threat and the course of remediation. Take time to<br />
research the options available and ensure that solutions are implemented to protect your company.<br />
Prepare to remediate an incident in advance<br />
Even when there are steps in place that leverage education and implementation techniques to combat<br />
ransomware before an attack hits, organizations should still be prepared to remediate a threat if<br />
introduced. Layers of defense against attacks are invaluable, but organizations need to also map out<br />
specifically what to do when a threat is discovered. Should a ransomware incident happen, organizations<br />
need to have support in place to guide the restore process so that backups aren’t put at risk.<br />
Communication is key, having a list of security, incident response, and identity management contacts in<br />
place if needed – inside the organization or externally – will help ease the process towards remediation.<br />
Next, have a pre-approved chain of decision makers in place. When it comes time to make decisions,<br />
like whether to restore or to fail over company data in an event of an attack, organizations should know<br />
who to turn to for decision authority. If conditions are ready to restore, IT should be familiar with recovery<br />
options based on the ransomware situation. Implement additional checks for safety before putting<br />
systems on the network again – like an antivirus scan before restoration completes – and ensure the right<br />
process is underway. Once the process is complete, implement a sweeping forced change of passwords<br />
to reduce the threat resurfacing.<br />
The threat that ransomware poses to organizations both large and small is real. While no one can predict<br />
when or how an attack will happen, IT organizations that have a strong, multi-layered defense and<br />
strategy in place have a greater chance for recovery. With the right preparation, the steps outlined here<br />
can increase any organization’s resiliency – whether in office, remote or a combination of the two –<br />
against a ransomware incident and avoid data loss, financial loss, business reputation damage or more.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 26<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Rick Vanover (MVP, vExpert, Cisco Champion)<br />
is the director of Technical Product Marketing &<br />
Evangelism for Veeam Software based in<br />
Columbus, Ohio. Rick's IT experience includes<br />
system administration and IT management; with<br />
virtualization being the central theme of his<br />
career recently.<br />
Rick can be reached online at<br />
(rick.vanover@veeam.com) and at our company<br />
website https://www.veeam.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 27<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Top 10 Data Breaches of the 21st Century<br />
This article looks into the biggest data breaches of the 21st century (so far!).<br />
By Nicole Allen, Marketing Executive, SaltDNA.<br />
This article looks into the biggest data breaches of the 21st century (so far!). We thought we’d do it as a<br />
countdown to the top breach by looking primarily at the number of impacted users. Of course there is<br />
more to it than the number of users impacted as there is usually a huge reputational and financial cost<br />
associated with each breach.<br />
In today’s world user data is a highly valuable currency. The most powerful companies in the world are<br />
the digital giants that monopolise data, prompting ongoing conversations about antitrust legislation and<br />
digital privacy.<br />
Companies that contained a breach in less than 30 days have saved more than $1 million compared to<br />
those that took more than 30 days, according to IBM. Not long ago, it would have been big news that a<br />
breach exposed the privacy of a few million individuals. Breaches which affect hundreds of millions or<br />
even billions of people are now way too common.<br />
Have a read through these whoppers and let us know what you think!<br />
10. Yahoo (2013-2014)<br />
Impact: 3 million - 1 billion user accounts<br />
Yahoo announced in September 2016 that in 2014 it had fallen victim to what at that time would be the<br />
biggest data breach in history, whilst in sales talks with Verizon for its core site service. This caused<br />
Yahoo to knock $350 million off their sales price to Verizon. The attackers, which the company believed<br />
were “state-sponsored actors”, comprised names, email addresses, telephone numbers, date of birth,<br />
passwords and encrypted security questions. Following these attacks in <strong>December</strong> 2016, Yahoo<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 28<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
disclosed another breach by a different attacker. This time taking email addresses, names, date of births<br />
and passwords of 1 billion user accounts. As a result of reputational damage, Yahoo changed their name<br />
to ‘Altaba Inc’.<br />
9. Target (2013)<br />
Impact: 40 million consumers<br />
Retailer, Target, reported a data breach in <strong>December</strong> 2013 and stated that the credit and debit card<br />
numbers as well as the full names, addresses, email addresses and telephone numbers of about 40<br />
million consumers were stolen after hackers obtained access to Target's point of sale payment card<br />
readers from a third party HVAC vendor.<br />
The CIO and CEO of Target both stepped down, and the company projected the breach cost them at<br />
least $162 million.<br />
8. Uber (2016)<br />
Impact: 57 million Uber users and 600,000 drivers’ PII compromised<br />
Uber became aware that the names, email addresses and mobile phone numbers of 57 million Uber app<br />
users and driver licence numbers of 600,000 Uber drivers had been stolen by hackers. Uber’s handling<br />
of the crisis made it particularly noteworthy: they waited for almost a year before officially admitting the<br />
intrusion and offered $100,000 to criminals to delete the data in such a manner that no verification could<br />
be made.<br />
At this time, Uber claimed it was a ‘bug bounty fee’, however soon after this news was released, they<br />
fired their CSO. The relatively misuse of $100K (mice nuts for Uber) massively understates the impact<br />
this breach and its poor handling had on the company’s reputation.<br />
7. Capital One (2019)<br />
Impact: 106 million bank customers and applicants.<br />
As one of the largest banks in the US, Capital one experienced a data breach in March 2019 which<br />
exposed the personal information of nearly 106 million customers and applicants. The breach resulted in<br />
a hacker gaining access to personal information related to credit card applications from 2005 to early<br />
2019. The hacker was revealed as Paige Thompson, who used to work as a software engineer for<br />
Amazon Web Services, the cloud hosting company that Capital One was using. According to the US<br />
Department of Justice, Thompson broke into the server and gained access to 140,000 social security<br />
numbers and 80,000 bank account numbers.<br />
According to Capital One, they fixed the issue immediately and those whose information was affected<br />
were offered ‘free credit monitoring and identification protection’. Morgan Stanley estimated Capital One<br />
could face between $100 to $500 million in U.S fines.<br />
As a result of the well publicised breach, Michael Johnson, former Chief Information Security Officer, was<br />
demoted from his position within Capital One 4 months after the major data incident.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 29<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
6. Equifax (2017)<br />
Impact: 143 million customers personal information and credit card data of 209,000 customers.<br />
Equifax, one of the biggest US credit bureaus, confirmed in September, 2017 that a flaw in an application<br />
on one of their platforms contributed to a data leak that could impact around 40% of the US population.<br />
The violation was found on July 29 2017, although the organisation suggested it had actually started in<br />
mid-March. The breach compromised the personal information of 143 million consumers (including social<br />
security numbers, birth dates, addresses and in some cases driver's licence numbers). It is known that<br />
209,000 customers had their credit card information leaked.<br />
Equifax failed for a number of lapses in safety and response. Chief among them was that the vulnerability<br />
of the application which allowed access to the attackers was unpatched. Inadequate segmentation of the<br />
system facilitated lateral movement for the attackers i.e. once they were in - it was way too easy for them<br />
to get access to the other elements of the system.<br />
5. eBay (2014)<br />
Impact: 145 million users<br />
eBay was the victim of a breach of encrypted passwords between February and March 2014. This<br />
resulted in ebay forcing all of its 145 million users to reset their passwords. To control this cache of user<br />
info, attackers used a small collection of employee passwords.<br />
The compromised information contained encrypted passwords and other sensitive records, including<br />
names, e-mail addresses, addresses, phone numbers and dates of birth. After a month-long investigation<br />
by eBay, the breach was disclosed in May 2014. What is unique about this incident is that the hacking<br />
had hardly any effect and their CEO stated they only saw “a small decline in user activity”.<br />
4. Adobe (2013)<br />
Impact: 153 million users<br />
As security blogger Brian Krebs wrote in early October 2013, Adobe initially announced that hackers had<br />
stolen approximately 3 million encrypted consumer credit card information, plus login details for an<br />
undetermined amount of user accounts. Later that month, Adobe raised that estimate for 38 million "active<br />
users" to include IDs and encrypted passwords. Krebs reported that a file posted just days earlier<br />
"appears to include more than 150 million Adobe usernames and hashed password combinations".<br />
An agreement in August 2015 called on Adobe to compensate court costs of $1.1 million and an<br />
unspecified sum on customers to resolve charges for violation of the Customer Records Act and<br />
discriminatory market practices. The sum payable to the customers was listed at $1 million in November<br />
2016.<br />
3. Marriott International (2014)<br />
Impact: 500 million users<br />
In November 2018, Marriott International revealed that attackers had stolen around 500 million customers<br />
data. The breach originally occurred on Starwood Hotel brand support systems starting in 2014. When<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 30<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Marriott bought Starwood in 2016 the perpetrators stayed in the network and incredibly were not found<br />
until September 2018. A combination of contact details, passport numbers, Starwood Preferred Guest<br />
numbers, travel details, and other sensitive information was taken by the attackers.<br />
It was thought that the credit card numbers and expiration dates of more than 100 million customers were<br />
stolen, but Marriott was uncertain whether the credit card numbers could be decrypted by the attackers.<br />
According to a report in the New York Times, the hack was eventually traced to a Chinese security agency<br />
trying to collect data on US civilians.<br />
2. Facebook (2019)<br />
Impact: 540 million users data was exposed to the internet<br />
Facebook allowed two apps to access it’s users data stored personal information on insecure servers<br />
without putting security measures in place. It was discovered by Amazon Web Service that a Mexican<br />
digital publisher, Cultura Colectiva, had uploaded the user's Facebook ID, comments, likes, reactions<br />
and account names. Facebook and Amazon worked together to remove both sets of data. A further 419<br />
million phone numbers connected to Facebook profiles were identified digitally through geographies in<br />
September 2019, including: 133 million records on Facebook located in the USA, 18 million in the UK<br />
and 50 million records in Vietnam.<br />
The event placed consumers at risk for spam calls and sim switching threats as a consequence of an<br />
intruder being able to change a user's password while they have their phone number. These cases react<br />
quickly to the rising pressure on Facebook by British and US authorities after the Cambridge Analytica<br />
controversy.<br />
1. WhatsApp (2019)<br />
Impact: 1.5 billion users worldwide<br />
WhatsApp suffered a highly advanced cyber attack on 14 May 2019 that compromised its messaging<br />
network to deliver ransomware to a multitude of users' mobile devices. The Guardian reported that the<br />
assault affected 1.5 billion people, and that the breach was a "significant infringement of rights."<br />
WhatsApp then filed a complaint in the US court in October 2019 attributing the attack to a spyware<br />
company called NSO group, an Israeli company called <strong>Cyber</strong> Weapons. The software of the NSO group,<br />
pegasus, has the potential to capture personal and confidential data from a specific device, such as:<br />
reading messages, browsing contacts, and accessing cameras and microphones.<br />
Data breaches are hard to recognise, costly to fix and inflict reputational harm that certain businesses<br />
can not recover from. However, considering the importance of the data and the inevitability of cyber crime,<br />
the most that businesses can do to minimise the consequences of an infringement is to adopt a robust<br />
risk control strategy for identification, mitigation, and contact after a data breach.<br />
For more information on this article, or to talk to a member of the SaltDNA team, please contact us on<br />
info@saltdna.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About SaltDNA<br />
SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software<br />
solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered<br />
encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for<br />
Organisations who value their privacy, by giving them complete control and secure communications, to<br />
protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more<br />
information visit SaltDNA<br />
About the Author<br />
Nicole Allen, Marketing Executive at SaltDNA. Nicole completed<br />
her university placement year with SaltDNA, as part of her degree<br />
studying Communication, Advertising and Marketing at University<br />
of Ulster. Nicole worked alongside her degree part time during her<br />
final year and recently started full time with the company having<br />
completed her placement year with SaltDNA in 2018/19.<br />
Nicole can be reached online at (LINKEDIN, TWITTER or by<br />
emailing nicole.allen@saltdna.com) and at our company website<br />
https://saltdna.com/.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 32<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why Organizations Need to Reduce Friction to Manage<br />
Remote Work Environments<br />
The business world has changed and managing your endpoints is more important than ever<br />
By Jay Goodman, Strategic Product Marketing Manager, Automox<br />
The business world has changed and many of the resulting adjustments, like remote work, are here to<br />
stay. Keeping your teams healthy and safe during this period is a top priority, as is making sure their<br />
remote endpoints are managed and secure. But with these changes come a list of concerns and issues<br />
that many organizations just are not ready to address, sometimes highlighting legacy support policies<br />
and even out-of-standard technological needs.<br />
According to a 2018 survey, 90 percent of IT professionals believe their remote workforce poses a<br />
security risk, and 36 percent reported that a remote employee was the cause of a security incident. Two<br />
years later, as we've all been forced into remote work situations, the friction of everyday management of<br />
the full enterprise has increased, putting a strain on the IT and support staff as well as the users.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 33<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
So how can we address common areas of friction in endpoint management as well as ways to identify<br />
pain points in an environment?<br />
For starters, we must move beyond the friction that exists in legacy infrastructures.<br />
The Remote Architecture<br />
Why do we need heightened awareness during this new normal? Simply put, the legacy remote<br />
architecture was never designed for these problems and realities. Remote work used to be an<br />
accommodation, rather than a permanent situation.<br />
Endpoints within the traditional confines of the office were easily protected between firewalls and<br />
gateways, and easy to access for IT teams to carry out general maintenance such as software support,<br />
patch management and enforcing IT policies. When those critical systems move beyond the office walls,<br />
things get complicated as general visibility is lost. Layers of access control and security are established<br />
for a reason, but they were not designed for a remote company.<br />
Embracing a Modern Approach<br />
Alongside digital transformation comes pressure on IT teams to keep pace with the rapid speed of<br />
business. However, legacy patching tools are particularly prone to shortcomings for supporting remote<br />
workers, leading to potentially poor experiences for end users or something even worse, like the<br />
acceptance of having a vulnerable attack surface.<br />
Endpoint device management tools are a core part of protecting an increasingly remote workforce. IT<br />
admins require reliable remote access to endpoints and devices in order to maintain and patch while<br />
minimizing user disruption. Your IT strategy should be investing in this area to thrive in the new normal.<br />
Good <strong>Cyber</strong> Hygiene is a Must<br />
<strong>Cyber</strong> hygiene for remote work requires IT staff to have a detailed inventory of their endpoint security, as<br />
well as full visibility over the patch status of those endpoints. Remote devices need to be secured against<br />
threats, just like an organization’s equipment that is located within a company office. An unpatched<br />
endpoint is a cybersecurity risk, no matter where it is located.<br />
Every one of us has had to adapt to this environment within the past seven months, and while it’s<br />
presented significant challenges to almost every business, it has also provided an opportunity for<br />
organizations to recognize the benefits of applying more efficient and secure ways to operate.<br />
Fortunately, we have new solutions and technologies that can help organizations get a jump start to<br />
modernize their systems in order to seamlessly go remote and stay protected. Endpoint management<br />
tools provide a management interface to simplify or automate deployment, patching and configuration<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 34<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
management of managed devices – which reduces the burden on IT operations – especially during this<br />
unclear time of remote work.<br />
The global COVID-19 pandemic will not be the last business-disrupting event to occur, so it’s important<br />
to start implementing the right tools for the future of work now. Organizations need to react to these<br />
scenarios in a way that ensures an outcome where they come out stronger and more resilient each time.<br />
Rather than putting reactionary band aids on problems, make the investments that show you’re planning<br />
towards the future, and that future is one that seamlessly supports remote and hybrid work models.<br />
About the Author<br />
Jay Goodman is the Strategic Product Marketing<br />
Manager of Automox. He is a product marketing<br />
expert and intelligence consultant with experience<br />
working with Fortune 500 companies and startups<br />
alike. Jay joined Automox in 2019 and is responsible<br />
for the messaging and intelligence gathering<br />
functions within the company. Previously, Jay was a<br />
Product Manager for McAfee and an avid participant<br />
in the cybersecurity and competitive intelligence<br />
communities.<br />
Jay can be reached online at (automox@famapr.com, @AutomoxApp, etc..) and at our company website<br />
https://www.automox.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 35<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong>security: Innovation Needed<br />
Managing Complexity and Consistency, and Giving Users the<br />
Simplification, Automation and Security They Want.<br />
By Laurence Pitt, Global Security Strategy Director, Juniper Networks<br />
Innovation is at the heart of cybersecurity – both because cybersecurity professionals are inherently<br />
curious by nature and because threat actors are continually innovating and evolving their attack<br />
approaches and the exploits themselves. Nonetheless, the last several months have demonstrated the<br />
need for change and new directions of innovation.<br />
A recent presentation by cybersecurity specialist Robert Hannigan examined the great work from home<br />
migration and the changes it’s driven. He examined some interesting phenomena, such as how Security<br />
Operations Centers (SOCs) are experiencing a drop in the number of alerts – but not because volumes<br />
have reduced. Rather, it is because alerts have moved beyond their purview on the corporate network.<br />
Today, we’re assuming that many of what would formerly be SOC issues are instead sitting on home Wi-<br />
Fi.<br />
Threat actors understand this and are exploiting it actively. Some of the early confusion caused by contact<br />
tracing applications and COVID packages gave them early and easy entry points for data theft and<br />
ransomware, as well as phishing schemes that played on emotions with “must click” links purporting to<br />
offer information on COVID-19 spread and governmental stimulus programs. Instead, these dropped<br />
malicious payloads. In the most recent shifts, we’re seeing scammers targeting online shoppers looking<br />
for pre-Black Friday deals, as well as bored home workers seeking free (but illegal) downloads of<br />
television shows and movies.<br />
As we move into this mid- and post-pandemic world with remote and in-office work blending, what must<br />
organizations consider, in order to sustain data and application security and privacy while still considering<br />
the best user experience? How does remote work change the security stack mix? And what’s still<br />
missing?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Experience Must Come First<br />
These questions take us beyond initial inquiries about connection speeds that, until only recently,<br />
dominated remote work conversations but are now taking a backseat to blended remote work/in-office<br />
security. More timely questions include: What do VPNs protect or leave exposed? What needs to happen<br />
next?<br />
Experience is an important, if subjective, metric. It helps us frame and prioritize issues around user<br />
access, usage and interaction with business-critical applications and services, shifting our thinking on<br />
necessary protections. Our job has not fundamentally changed, but the factors we must recognize and<br />
compensate for have expanded, just as much as have the “how” and “where” of our daily interactions.<br />
A good experience makes users more loyal to and comfortable with the applications they depend on.<br />
Without a good experience, it is all too easy for a competitor to redirect users with a few simple clicks,<br />
showing the potential of a shinier, more responsive alternative. Think about your smartphone, as an<br />
example. We all download new applications every week or so, looking for a tool to simplify a task in our<br />
lives. But if that app doesn’t prove its worth or is cumbersome from the start, a new app quickly replaces<br />
it and is readily available on the app stores.<br />
What Users Want: Simplification, Automation and Security<br />
Talking to users about their experiences helps in sorting through what works and what does not.<br />
Understanding how they prioritize activities will help you pull this insight into the context of delivering<br />
services and applications for a modern enterprise.<br />
1. They want to simplify their environment to deliver a slicker customer experience, which can often be<br />
achieved simply by maximizing existing investments in technology.<br />
2. They are leveraging data and analytics for automation of tasks, giving time back to the IT team with a<br />
focus on innovation rather than management.<br />
3. They need to secure what they have with effective data usage and automation to ensure consistency<br />
and reduce false positives.<br />
Managing Complexity and Consistency<br />
A frequent theme among customer requests centers around reducing complexity and making more from<br />
existing investments, while overcoming the daily struggles of too many management interfaces, sites and<br />
overlapping technologies. The hurdles are not only technical, but also staff-related in ensuring specialists<br />
are well-trained in their roles.<br />
How can things be made simpler? Talk to users and consider ways to streamline activities. Automation<br />
rules could dynamically change traffic behavior or routing to make sure that services are correctly<br />
prioritized and delivered for users. For more granular but consistent control, multi-tenant options would<br />
make a good conversation. It provides role-based management at different levels, reducing individual<br />
workloads yet still maintaining overall control of the environment.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 37<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Remote Possibilities – Funding the Work from Home Migration<br />
So, what about remote users? For the IT team, this has meant an increased workload. They have moved<br />
from managing a small number of remote users to dealing with hundreds or thousands of remote users<br />
acting as ‘micro-branches.’<br />
For many users, the experience at home is not an issue, but it certainly is one for organizations whose<br />
remote workers need access to sensitive data or real-time systems. Those users will be using the same<br />
Virtual Private Network (VPN) client as everyone else to achieve this and it is no longer suitable. A VPN<br />
punches a big hole in the side of the network, allowing users access but also leaving gaps at the edge<br />
for attackers to sneak in. It protects only data in transit, leaving much else exposed.<br />
Instead, organizations should look at the latest technologies which extend the corporate network into the<br />
home. It’s past time to give home workers the exact same high levels of reliability they had when working<br />
exclusively in the office (henceforth to be referred to as “the good old days”), but with the benefits of<br />
management, security and visibility for the IT team. All are ensuring the best and most secure user<br />
experience.<br />
Funding Investments<br />
Employees quickly embraced working from home as a benefit, with many now saying they would prefer<br />
to remain fully remote. Others want to sustain partial remote work, even while they are now reentering or<br />
looking to reenter office environments.<br />
There is a potential cost saving here, as organizations look to shave real estate costs through hot-desking<br />
and smaller offices as options instead of allocated per-user spaces. Rather than reincorporating these<br />
savings into the bottom line, they should be reallocated towards new and innovative ways of improving<br />
overall user experience across the business.<br />
Of course, the business will want proof of the return from any new investment and cybersecurity ROI has<br />
always been a challenging topic. Nonetheless, the result of the sensible investment will be happy and<br />
loyal users, reliable and innovative services and measurable business and competitive benefits for the<br />
organization.<br />
About the Author<br />
Laurence Pitt is the Global Security Strategy Director of Juniper<br />
Networks. He is passionate about technology, particularly cyber<br />
security. His depth and breadth of knowledge of the dynamic security<br />
landscape is a result of over twenty years’ experience in cyber<br />
security. He understands the security concerns businesses face<br />
today and can bring insight to the challenges they will face tomorrow.<br />
Laurence joined Juniper Networks in 2016 and is our senior security<br />
specialist in EMEA. Security throughout the network is a key area<br />
where Juniper Networks can help as business moves to the cloud<br />
and undertakes the challenge of digital transformation<br />
Laurence can be reached on Twitter at @LaurencePitt and at<br />
https://www.juniper.net/us/en/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 38<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Future of Security Is on The Hardware<br />
The Virtualization Revolution Removes Security Onus From Users by Leveraging New Hardware-<br />
Powered Approach<br />
By Ian Pratt, Global Head of Security, HP<br />
Today’s threat landscape is constantly evolving, and the COVID-19 pandemic has created even more<br />
opportunities for cybercriminals, as the attack surface widens. Thriving darknet marketplaces are making<br />
it easier than ever to launch timely campaigns, so whenever there is a new opportunity, cybercriminals<br />
are quick to look for ways to exploit it. This ability to move quickly and innovate means organizations can<br />
no longer rely on looking for known threats, making it harder than ever to detect threats in real-time and<br />
putting organizations at risk. This is why it’s vital that we reinvent our approach to security so that<br />
organizations can stay a step ahead of hackers. But where to start?<br />
Detection alone is no longer enough<br />
Modern cybercrime is well-funded and well-resourced, and has become a professional, commoditized<br />
industry worth more than $680 billion. <strong>Cyber</strong>criminals are rapidly adopting new models, technologies,<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 39<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
and techniques, innovating at pace to create new threats to bypass detection-based security and break<br />
into critical IT systems. Detection is often evaded using polymorphic malware, and occasionally even<br />
zero-day exploits may be deployed, but many simple approaches are very successful too. For example,<br />
in October, HP identified a large-scale TrickBot campaign using Microsoft’s ‘Encrypt with Password’<br />
feature. This helped malicious documents slip past network security and behavioural detection tools, as<br />
the malware was only deployed if users entered the password sent in the phishing email.<br />
Detection-based security tools not only suffer from frequent false negatives, but also generate copious<br />
noise due to false positives that have to be triaged. In fact, research shows that some SOC teams are<br />
receiving over 10,000 alerts per day, which they must sift through to find true threats. This can result in<br />
alert fatigue, meaning threats to the business can be missed. Once hackers have bypassed defences,<br />
the clock really starts ticking as they will use their initial point of compromise to move laterally to other<br />
systems, often by obtaining credentials, whereupon they can insert backdoors, exfiltrate data, destroy<br />
backups, and crypto-lock data.<br />
Should users really be your last line of defence?<br />
The other challenge that organizations face is that the main target for attacks is most often endpoints, or<br />
more specifically, the users of those devices. Security tools are meant to protect users – firstly, by<br />
ensuring that malicious links and files do not make it into their inbox or browser in the first place, and<br />
secondly, by detecting malicious content when a user clicks on it. However, once again this relies on<br />
technology’s ability to detect and stop malicious actors in real-time, which as explained above, is<br />
inevitably prone to frequent failure.<br />
As a result, users are still finding themselves having to act as a last line of defence against increasingly<br />
sneaky attackers. <strong>2020</strong> has already seen a 176 percent increase in malicious Microsoft Office files, while<br />
hackers have also been using the COVID-19 pandemic as a lure to infect users; for example, through<br />
fake notifications from government agencies or reports on new treatments, tricking them into clicking on<br />
malicious files or links. User education can only take things so far; eventually, someone will unwittingly<br />
expose the company to compromise – and more worryingly, most of them will not even know they have<br />
been compromised at all.<br />
Security needs to be built from the ground up<br />
It’s time to reinvent how we approach security, by building it in from the chip up. Key to this is making the<br />
shift to a protection-first model, one that doesn’t rely on detection but instead uses sound security<br />
engineering practices – such as fine-grained isolation, the principle of least privilege (PoLP), and<br />
mandatory access control. This approach is embodied in micro-virtualization, where risky workloads –<br />
such as opening web links, downloads and attachments – are performed within hardware enforced micro-<br />
VMs (virtual machines), isolated from the rest of the device or network. This way, it doesn’t matter if a<br />
document or web page is riddled with malware, because the hacker has nowhere to go, nothing to steal<br />
and no way to persist. This means users can go back to their day jobs and click with confidence.<br />
By isolating key attack vectors – such as browsers, email and downloads – organizations are able to<br />
drastically reduce their attack surface, as all the most common avenues to compromise endpoints<br />
become dead-ends. Furthermore, when threats are executed within micro-VMs, the full kill-chain of the<br />
attack is captured into a detailed ‘flight recorder’ trace, providing the security operations centre (SOC)<br />
team with rich, high fidelity threat intelligence and indicators of compromise (IOCs) that can be used to<br />
help defend other systems.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 40<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
It’s time to do things differently<br />
Incremental innovation in security is failing to disrupt threat actors. A new, hardware-powered approach<br />
is needed that stops putting the burden of security on users by isolating threats, ensuring they cannot<br />
infect PCs or spread through corporate networks. This is just the tip of the iceberg and marks the<br />
beginning of a virtualization revolution in security, where users no longer fear opening links and<br />
attachments, and organizations can let their teams focus on their day jobs without worrying about making<br />
security mistakes.<br />
About the Author<br />
Ian Pratt is Global Head of Security for Personal Systems at HP Inc.<br />
He heads a new security business unit that is building on HP's<br />
strengths in hardware, systems software, ML, and its ability to deploy<br />
at massive scale, to create industry-leading endpoint security solutions<br />
that are deployed on millions of machines and used by some of the<br />
most security-conscious organizations in the world.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 41<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Responding to Security Incidents with Behavior Analysis<br />
By Jeff Stein, Information Security Architect, Reputation.com<br />
When dealing with security incidents, time is critical in an effective response effort. Very often, the amount<br />
of data and sources which need to be reviewed to make an informed decision on what has occurred, as<br />
well as the steps to take in response to the situation, can be overwhelming. Utilizing behavior analysis<br />
with your security incident response process can provide invaluable insight and aid in building a deeper<br />
understanding into the scope of an incident.<br />
At a high level, a security incident exercise is a response to attacks, which compromise computer,<br />
systems or organizational data. Proper analysis of data in a security incident helps to minimize loss of<br />
information and disruption of services. As outlined by NIST SP 800-61, the NIST guidance related to<br />
incident response comprises a number of key phases and steps, with each phase in the process leading<br />
to the next. Depending upon the outcome of your response effort, the process provides the ability to<br />
reiterate on prior steps as the incident is handled.<br />
NIST specifies four major phases included in this process. However, once an event is underway, the<br />
steps begin with the detection of a potential security incident. There are additional phases of the process<br />
whereas with the detection phase, you are actively engaging with the live incident. These steps include<br />
the actual response and mitigation of the issue, also known as containment and eradication.<br />
There are also post-incident phases such as recovery and longer-term remediation of the root cause of<br />
the incident. The remediation of an event is done to ensure that a similar situation does not arise from<br />
the same origins where the same attack targets the affected systems again. When looking at behavior<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 42<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
analysis through the lens of a security incident, the subject matter can be utilized at each phase during<br />
the incident response.<br />
In my experience working security incidents, I have used behavior analysis as an enabler to find additional<br />
data points quickly in order to make informed decisions on how to execute a response appropriately.<br />
Behavioral analysis is a data-oriented approach to review trends associated with a sub-set of activities<br />
done by a group such as users or systems proactively. Building a model from the data allows you to infer<br />
certain characteristics as well as potential future actions of the group under review. While the approach<br />
has many business functions it also provides benefit when used in information security. Key in leveraging<br />
behavior analysis with security incidents is to identify important sources of data to your investigation.<br />
Some sources will be very common such as user, network or machine activity logs, while others will be<br />
unique to the circumstances related to your event and organization.<br />
Once you have identified your data, the behavior trends you see will help guide the investigation. One<br />
pitfall I have found is in issues with the uniformity of the data, where patterns do not obviously arise. To<br />
overcome this and effectively use behavior analysis, you must ensure you have a large enough sample<br />
size to produce accurate data. If your size is too small, the range of activity between your standard<br />
deviations can be very broad, resulting in a lack of patterns as highlighted above.<br />
I have also found additional use for behavioral analysis in the preparation and post-incident phases of<br />
the security incident lifecycle referenced in NIST SP 800-61. All of the data sources utilized during the<br />
incident response can be combined with the characteristics of a fully identified, root cause of the event.<br />
The outputs then lead to behavioral analysis being used to create dashboards and alerts based upon the<br />
known information identified during the security event. Behavioral analysis can also go a step further in<br />
not only alerting on the known information identified during the security event, but also finding new trends<br />
from previously unknown data. This is done by combining it with the same set of known markers, to root<br />
out future incidents before they happen.<br />
In other words, behavioral analysis can help you identify your expected trends in any number of security<br />
domains and highlight anything, which deviates a certain degree from those behaviors. In my experience,<br />
leveraging behavioral analysis in this fashion can advance the maturity of your security program by<br />
establishing a foundation for a threat-hunting program. By combining the behavioral analysis established<br />
through your incident response with threat intelligence resources, you can be more fully prepared to<br />
detect advanced attacks against an organization.<br />
In conclusion, leveraging behavior analysis can significantly improve the overall process and outcome<br />
related to incident response. The subject can be used to not only help identify issues with a known<br />
security incident but also help predict events before they occur. By embracing behavioral analysis with<br />
your security incident response process, you can elevate the maturity of your security program and<br />
proactively protect the enterprise from unknown threats rather than taking a reactionary stance.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Jeff Stein, is currently the Information Security Architect at<br />
Reputation.com, an industry leader in online reputation<br />
management and a Pluralsight author educating learners on topics<br />
in information security. His prior experience includes the FinTech<br />
space and both the United States House of Representatives and<br />
the United States Senate. In addition to holding numerous security<br />
and IT certifications, including his CISSP, he received a Master of<br />
Science in Information Security and Assurance from Western<br />
Governors University. Jeff can be found online on his blog,<br />
https://www.securityinobscurity.com and reached at both<br />
jeff@sioblog.net or on twitter at @secureobscure and at our<br />
company website https://www.reputation.com and on twitter at<br />
@Reputation_Com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Learning Hardware Security Via Capture-The-Flag<br />
Competitions<br />
By Jason M. Fung, Offensive Security Research Manager at Intel<br />
Software security has been studied by many for decades. As attackers find new ways to break through<br />
protections, defenders learn and harden their design accordingly. As it becomes increasingly challenging<br />
to find low hanging fruit in the software layer, attackers naturally move down the stack to look for ways to<br />
compromise systems in the hardware layer. It is paramount for system designers to gain proficiency in<br />
securing hardware design and stepping up hardware security assurance efforts.<br />
The good news is that through initiatives driven by the industry and collaboration with academia, we now<br />
have more resources available to educate hardware designers about secure design and assurance<br />
practices. The community-driven Hardware Common Weakness Enumeration (CWE) is an excellent<br />
example of this kind of industry effort. The latest CWE 4.2 release offers a catalogue of 75 commonly<br />
overlooked mistakes that undermine the security robustness of a hardware design. Each entry includes<br />
illustrative examples along with guidance for identifying and mitigating the concerns. This valuable primer<br />
enables designers to methodically learn from the weakness patterns and address relevant gaps in their<br />
products.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 45<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
People acquire and master skills in different ways. Security education through an industry primer works<br />
well for some, while others may find it easier to harness critical skills through hands-on, collaborative<br />
effort.<br />
Capture the Flag (CTF) competitions have always been an engaging tool to help participants learn,<br />
practice and share hacking skills with one another. Organizers hide secrets, or “flags,” in a target system<br />
protected by layers of security controls and challenges, while participants compete to find as many flags<br />
as fast as they can. While traditional CTFs do cover a broad set of targets and skills, hardware design is<br />
an area that had long been overlooked.<br />
Solid Collaboration Between Industry and Academia<br />
Hack@DAC and Hack@Sec are hardware-specific CTF competitions that offer fun and educational ways<br />
to learn about security mistakes commonly made by hardware designers as they develop complex<br />
products like System-on-chips (SoCs). The first of their kind in the industry, these CTFs are the result of<br />
strong industry and academia partnerships, fostered through a long history of successful collaborations.<br />
A co-organizer of the hardware CTFs, Professor Ahmad Reza Sadeghi leads the System Security Lab at<br />
Technische Universität Darmstadt in Germany and has collaborated on security research projects with<br />
Intel for more than a decade. Most recently, he is playing an influential role as the Director of Intel<br />
Collaborative Research Institute leading a group of international researchers on resilient autonomous<br />
systems research.<br />
Professor Jeyavijayan Rajendran runs the Secure and Trustworthy Hardware Lab at Texas A&M<br />
University. His long-lasting collaboration with Intel started as early as his summer research visit in 2012,<br />
and it led to his eventual partnership with Intel in launching the inaugural Hack@DAC CTF at the Design<br />
Automation Conference (DAC) in 2018.<br />
With a shared vision and passion to raise security capability for the hardware design community, security<br />
experts from Intel and these partners from academia collaborate to design a hands-on hacking and<br />
learning experience that effectively enable participants to gain deeper appreciations for the challenges<br />
involved in designing security robust hardware. To date, more than 150 teams have participated in these<br />
hardware CTF events. Participants come from diverse backgrounds and domain expertise; from security<br />
researchers and university students to hardware designers and EDA tool experts from the industry. Many<br />
that have taken part are convinced that more work needs to be done as an industry, and some were even<br />
inspired to take on personal missions to lead research and initiatives to make building secure hardware<br />
easier.<br />
How Hardware CTF Competitions Work<br />
Organizers start by taking a sophisticated open-source SoC and hardening it with various industry-like<br />
security protections, before carefully introducing a series of security vulnerabilities representing various<br />
Hardware CWEs for participants to find. There are multiple instances of each weakness type throughout<br />
the design, across a broad range of difficulty levels, to mimic the realistic challenges faced by SoC<br />
verification teams and appeal to participants with varying expertise.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 46<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The first stage of these competitions is a warmup in which teams have three months to review the SoC<br />
design and compete to find as many bugs as they can. Participants submit descriptions of the issue, root<br />
cause, security impact, valid test case or exploit and proposed mitigation. Judges score based on quality<br />
and completeness. Judges award bonus points to those that create and use automated tools to speed<br />
up the process. Teams with the highest scores move on to the second round, a live competition during<br />
which they use their experiences and any tools or techniques developed in the first stage to analyze the<br />
same buggy SoC design. This time however, the design includes new security protections and a new set<br />
of security vulnerabilities, and teams only have 48 hours to hack.<br />
Key Takeaways<br />
Academic researchers have historically been focused on a niche set of hardware security problems such<br />
as supply chain risks, physical attacks and cryptographic primitives. While these efforts remain<br />
significant, the industry can also benefit from research that helps address mainstream challenges,<br />
including systemic mitigations of common hardware weaknesses, automated detection techniques,<br />
secure hardware design patterns, and more. Analyzing a buggy SoC forces participants to uncover and<br />
learn about a wide range of often-overlooked hardware security issues, including misconfigured security<br />
settings in embedded firmware, faulty access controls enforced by hardware and more. Throughout the<br />
process, CTF participants learn about the ways logic- and design-related weaknesses can be carelessly<br />
introduced by hardware designers, as well as the security impact those vulnerabilities can have if left<br />
unchecked.<br />
Hardware CTFs offer environments that mirror the pressure and constraints security assurance teams<br />
often experience in the real world. It helps participants appreciate the practical challenges that might not<br />
otherwise be obvious to them. Because there are more vulnerabilities inserted into the design than<br />
participants can find manually in the allotted time, they understand how powerful automated solutions<br />
can be when it comes to helping organizations become more proactive and productive in secure hardware<br />
development. The lack of available commercial and open source automation solutions also prompts<br />
participants to appreciate the critical gaps faced by practitioners that do the work every day.<br />
Building a Foundation for Better Hardware Security<br />
By open-sourcing the SoC framework and bug list to the entire industry, we can extend the value of the<br />
CTF competitions beyond the events. The publicly available infrastructure allows researchers to test and<br />
benchmark new hardware security scanning tools, develop and demonstrate the values of novel systemic<br />
mitigations, experiment with secure design patterns, and continue learning about hardware security<br />
weaknesses.<br />
As attackers extend their focus to the hardware layer, improved hardware security practices and<br />
capabilities are imperative. Building robust, secure hardware requires more focus and stronger<br />
collaboration among industry and academia stakeholders. Hardware CTF competitions offer a fun and<br />
educational medium through which participants gain firsthand experience of the challenges hardware<br />
designers face every day. In addition to building critical security skills, participants are often inspired to<br />
take part in efforts to help the broader community to produce safe, secure hardware that can enrich the<br />
lives of every person on earth.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 47<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Jason M. Fung is the Director of Academic Research Engagement<br />
and Offensive Security Research at Intel. He has over two decades<br />
of experience in product architecture, penetrating testing, pathfinding<br />
research, risk management and security assurance<br />
consultation.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Telegram for Business Communications: Understanding<br />
The Risks And Rewards<br />
By Otavio Freire, CTO and Co-Founder, SafeGuard <strong>Cyber</strong><br />
During a virtual panel discussion at the European Central Bank's Forum on Central Banking in November,<br />
Federal Reserve Chair Jerome Powell noted the pandemic’s economic effect was to accelerate existing<br />
trends, including the increasing use of technology and automation. “We’re recovering,” he said, “but to a<br />
different economy.” Indeed, the adoption of cloud-based apps that maximize flexibility and minimize<br />
friction in business communication is just such a trend. These apps include obvious SaaS infrastructure<br />
like Microsoft Teams and Slack, but also some more unexpected apps like Telegram.<br />
The encrypted cloud-based messaging app has been a favorite of disruptive financial services and<br />
cryptocurrency firms for its simplicity, speed, built-in encryption, and independence from the Facebook<br />
ecosystem. These disruptive players have adopted chat apps to increase sales agility and<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
esponsiveness to clients. Telegram is a powerful tool, but as with any technology: the same features<br />
that benefit business also present risks. In our recent Digital Risk Survey, 600 senior IT and security<br />
professionals cited the use of unsanctioned apps as the biggest security and compliance challenge. Here<br />
we’ll take a look at the top Telegram risks in turn, so you can make a more informed choice about whether<br />
the app is right for your enterprise.<br />
Isn't Encryption Sufficient?<br />
Telegram is widely considered to be one of the most secure messaging apps in the world. It’s accessible<br />
from mobile, desktop, and has a number of third-party integrations. However, even encrypted chat apps<br />
are subject to security and regulatory compliance concerns. Telegram can host large groups (up to<br />
200,000 users) and large file sizes (up to 1.5 GB), making it a robust platform for both internal<br />
collaboration and building communities among prospects and clients. However, these same features<br />
expand the threat surface for the following risks:<br />
● Spear phishing<br />
● Malware<br />
● <strong>Cyber</strong> espionage<br />
● Data loss<br />
● Compliance risk<br />
While the chats may be encrypted, you still need visibility and controls at the message level to protect<br />
employees, and enterprise/customer data. The first three risks are related, so it’s worth looking at them<br />
together.<br />
Spear-phishing, Malware, and <strong>Cyber</strong> espionage<br />
As is the case with WhatsApp, Telegram users remain vulnerable to spear-phishing through links and file<br />
sharing. In Telegram’s large communities, it’s impossible to know everyone. Communities can easily be<br />
infiltrated by bad actors who share links or files with malicious payloads. This isn’t hypothetical. To date,<br />
different varieties of malware have targeted Telegram users to steal crypto wallets and conduct<br />
surveillance. And, more to the point, without controls, it’s difficult to analyze message content to<br />
understand if softer spear phishing attacks are underway. You don’t always need a link to hook an<br />
employee. Sometimes a persuasive offer is enough.<br />
Data Loss<br />
When it comes to file sharing in the app, risk teams should know what is being shared. Again, with limits<br />
at 1.5 GB, a lot of data can be leaked, exfiltrated, or even accidently lost to human error. We have talked<br />
with organizations that lost valuable customer data in other mobile chat apps due to simple copy/paste<br />
errors! Similar to a network environment, security, compliance, or legal teams need the ability to apply<br />
policies that stop data from leaving the organization.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 50<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Compliance Risks<br />
Given Telegram’s popularity with financial services and digital currency traders, regulatory compliance<br />
poses a clear business risk. A lack of visibility or controls can lead to unacceptable exposure. Users may<br />
intentionally or accidentally share customer PII or engage in conversations that violate regulatory<br />
compliance. And, similarly, without an ability to capture content in its native format or archive, financial<br />
services using Telegram will remain in a corner when it comes to legal readiness.<br />
How to Enable Telegram Securely and Compliantly<br />
All of this is not meant to scare you off Telegram. Being scared of new technology is not a sustainable<br />
business strategy. Here are some things to consider when looking for ways to secure Telegram:<br />
● As a cloud-based messaging app, you need security and defense at the cloud level. Cloud-tocloud<br />
defense can help teams mitigate risks or threats before they can transit to devices or into<br />
corporate networks.<br />
● The sheer volume and velocity of communication necessitates machine learning to prioritize risk<br />
detection.<br />
● Scalability for multiple languages. Telegram is popular in different regions, and it’s unhelpful if you<br />
can only identify threats in your native language.<br />
● Cross-device functionality will ensure that security is applied no matter how your employees are<br />
using Telegram. More importantly, it won’t get in the way. Obstructive security only gives users a<br />
motivation to seek unsafe workarounds.<br />
Telegram has given a competitive advantage in sales agility to more innovative and disruptive financial<br />
services firms. In all things information security, the balance is between risk and reward. Understanding<br />
Telegram’s risks can help security leaders make better decisions about the app’s suitability to their<br />
business.<br />
About the Author<br />
As the President, CTO, and Co-Founder of SafeGuard <strong>Cyber</strong>, Otavio<br />
Freire is responsible for the development and continuous innovation<br />
of SafeGuard <strong>Cyber</strong>'s enterprise platform, which enables global<br />
enterprise customers to extend cyber protection to social media and<br />
digital channels. He has rich experience in social media applications,<br />
Internet commerce, and IT serving the pharmaceutical, financial<br />
services, high-tech, and government verticals. Mr. Freire has a BS in<br />
Civil Engineering, an MS in Management Information Systems, and<br />
an MBA from the University of Virginia Darden School of Business,<br />
where he currently serves as a visiting executive lecturer. To learn<br />
more about SafeGuard <strong>Cyber</strong>, visit www.safeguardcyber.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 51<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Are Financial Services Firms Addressing the<br />
Requirements of Digital Transformation, Security, And<br />
Compliance?<br />
By Ehab Halablab, Regional Sales Director – Middle East at A10 Networks<br />
The financial services sector is experiencing significant commercial disruption coupled with rapid<br />
innovation as established institutions strive to become more agile and meet evolving customer demand.<br />
As a result, financial services organisations are undergoing rapid digital transformation to meet changing<br />
customer needs and preferences, and to compete with a new generation of digital-native competitors.<br />
Hybrid cloud environments play a key role in this strategy, allowing greater speed, flexibility, and visibility<br />
over application delivery than on-premises data centres while also reducing costs.<br />
But the move to hybrid cloud introduces new challenges as well. So, as financial services organisations<br />
plot their strategy for transformation, firms must make critical technical decisions about the clouds and<br />
form factors best suited to host their hybrid environment. They also need to consider how they will secure<br />
web applications against evolving threats such as ransomware, data theft, and DDoS attacks through<br />
measures such as DDoS protection and using a Zero Trust model. At the same time, they must also<br />
maintain regulatory compliance, governance, and auditability across complex, fast-evolving<br />
infrastructures.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 52<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
To understand more about these challenges, we recently conducted a survey with Gatepoint Research<br />
involving senior decision-makers to gain insight into the current state of financial services technology and<br />
the future direction for organisations in this sector. Here are some of the key findings:<br />
Today’s Financial Services Technology Landscape<br />
Although financial services businesses are making a steady move to the cloud for application delivery,<br />
on-premises data centres continue to play an important role.<br />
While adoption of public cloud infrastructure is strong, with almost half of those surveyed hosting<br />
applications primarily in the cloud, most respondents (58 percent) continue to rely primarily on their<br />
private on-premises data centre for application delivery. 35 percent of organisations described their<br />
environment as a hybrid cloud, though with an emphasis on their own private data centre. This shows<br />
that even as transformation continues, the traditional data centre remains prominent in the technology<br />
strategy of financial services organisations.<br />
That said, the balance between on-premises and cloud infrastructure may well shift soon. When<br />
respondents were asked about their plans for the coming year, 57 percent of decision-makers reported<br />
that they intend to move more applications to the cloud.<br />
Ransomware and PII Lead Security Concerns<br />
Today, financial services organisations face a broad spectrum of security threats, including many being<br />
targeted at sensitive customer data. The survey highlighted that organisations’ biggest security concerns<br />
or consequences were ransomware (57 percent); personally identifiable information (PII) data theft (55<br />
percent); and phishing or fake sites (49 percent).<br />
While threats to customers and their data are seen as the highest risk, dangers to the company’s brand<br />
image and reputation were not far behind. 38 percent of leaders cited concerns about hacking and cyber<br />
defacement, tied with brand damage and loss of confidence. Nearly as many (37 percent) were<br />
concerned about DDoS attacks, which can undermine a firm’s perception among customers through<br />
impaired service quality and customer experience. Meanwhile, insider attacks remain an issue, named<br />
by 28 percent of respondents, if not quite at the same level as most external threats.<br />
To address the changing security landscape, many organisations have started initiatives around the Zero<br />
Trust model, in which traditional concepts of secured zones, perimeters, and network segments are<br />
updated with a new understanding that a threat can come from anywhere or anyone inside or outside the<br />
organisation. As of June <strong>2020</strong>, 41 percent of respondents had already established a timeline for their<br />
Zero Trust model initiative with 15 percent having projects currently underway. Still, nearly two-thirds<br />
have no current plans or initiatives around the Zero Trust model.<br />
Moving to Improve Flexibility, Agility, Scalability and Security<br />
Technologies and strategies planned for the coming year reflect a key focus on the competitive<br />
requirements of fast-paced digital markets. The top-two initiatives included moving from hardware<br />
appliances to more flexible software form factors and deploying hybrid cloud automation, management,<br />
and analytics to increase operational efficiency.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 53<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
With DDoS attacks a prime concern, 29 percent of respondents planned to deploy or replace an existing<br />
web application firewall (WAF) or DDoS protection solution. Surprisingly, even several years after the<br />
introduction of modern Perfect Forward Secrecy (PFS) and Elliptical Curve Cryptography (ECC)<br />
encryption standards for enhanced security, 29 percent of organisations are only now working to upgrade<br />
their Transport Layer Security (TLS) capabilities to support these technologies.<br />
Even as cloud adoption continues to be strong, five percent of decision makers intend to repatriate<br />
applications from private cloud environments to their private data centre. While not a high number, this<br />
is not entirely insignificant. Given the diversity of form factors, architectures, and deployment methods to<br />
choose from, it is important to make sure that the approach fits the organisation’s needs before<br />
proceeding.<br />
Addressing the Requirements of Hybrid Cloud and Rising Demand<br />
Moving forward, decision-makers view capabilities related to risk as especially important for their financial<br />
platforms. When it comes to the most important capabilities for financial platforms running in hybrid cloud<br />
environments, regulatory compliance, comprehensive application security and redundancy/disaster<br />
recovery are top must-haves.<br />
In addition to the importance placed on redundancy/disaster recovery, many respondents (43 percent)<br />
named centralised management and analytics as important capabilities. Along with elastic scale for<br />
variable/seasonal demands (25 percent), this shows a recognition of the requirements to provide effective<br />
service through redundancy, scalability, and a sound infrastructure.<br />
Compared with risk-related and operational priorities, cost saw considerably less emphasis in the survey.<br />
While 28 percent of respondents placed importance on automation for operational efficiency and reduced<br />
costs, just 18 percent prioritised flexible licensing and pricing.<br />
Desired Benefits from New Technology Investments<br />
As they plan new technology investments, decision-makers are motivated foremost by risk reduction—<br />
far outpacing business factors such as revenue, customer experience, and competitive advantage.<br />
By a large majority, security was the most likely benefit to spur funding for new technology. Operational<br />
considerations followed, including operational improvements (65 percent) and cost savings (63 percent).<br />
Regulatory compliance, emphasised earlier in the survey as a priority for a hybrid cloud requirement, was<br />
not necessarily top-of-mind in the technology funding stage—but still of high importance (57 percent).<br />
Revenue generation was named as a highly important benefit by only 35 percent, followed by customer<br />
satisfaction at 32 percent. Even in an industry undergoing rapid digital transformation, just 32 percent of<br />
decision-makers cited business advantage from new technology as a prime factor—and only 17 percent<br />
were moved by the ability to accelerate development speed.<br />
The results of the survey offer a snapshot of an industry in transition, as decision-makers seek to keep<br />
control over security and compliance and maintain operational consistency, as they look to tap into the<br />
agility and scalability of the cloud. It is clear that, while security is important for digital transformation<br />
initiatives, application delivery and managing multi-cloud environments are of equal importance. Above<br />
all financial services organisations must maintain their good reputation and ensure customer trust. Firms<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 54<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
must demonstrate that they are protecting customer assets, providing an ultra-reliable service, working<br />
with trustworthy partners and reducing risk to the business.<br />
About the Author<br />
Ehab has more than 13 years’ experience in the IT industry. Prior to A10<br />
Networks he worked at security firm Symantec as territory manager for<br />
enterprise where he was instrumental in driving new business acquision.<br />
He also held a regional channel leadership position at Blue Coat Systems<br />
(acquired by Symantec) and regional sales manager position at Sophos.<br />
The early part of his career was spent at Naizak Distribution Services as<br />
account manager for several key security vendors.<br />
Ehab can be reached online at (ehalablab@a10networks.com) and at our<br />
company website www.a10networks.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 55<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Revealed: How Banking and Finance GRC Leaders<br />
Struggle to Address Regulators’ Demands for <strong>Cyber</strong><br />
Evidence with Confidence<br />
By Charaka Goonatilake. CTO at Panaseer<br />
It’s one thing to keep data secure and assets protected, but another thing entirely to have the evidence<br />
at hand to prove your security controls coverage and its effectiveness to third parties.<br />
And when those third parties include financial regulators with the power of life and death over your<br />
organisation’s trading licence, answering their questions accurately, confidently and in a timely manner<br />
is everything.<br />
Keeping on top of regulators’ demands for cyber-related data is perhaps the most business-critical<br />
function of a bank’s or financial services company’s GRC (governance, risk and compliance)<br />
department. However, according to intensive research conducted for Panaseer among a cohort of 200<br />
well-placed GRC leaders at 5,000+ employee finance institutions on both sides of the Atlantic, all is not<br />
well with how they and their teams address these issues. Within the research findings, described in<br />
more detail below, a picture emerges of GRC teams grappling with growing volumes and complexities<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 56<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
of data requests, and with signs that the labour-intensive methods they have traditionally employed for<br />
dealing with regulator requests are becoming serious causes for concern.<br />
Searching questions are not simple to answer<br />
Behind each regulatory request is a simple guiding principle on the part of the regulator: ascertaining<br />
the organisation’s true security posture in the context of specific legislation. The old adage “the simplest<br />
things are the most complicated” rings very true here; particularly as IT and business infrastructures at<br />
these organisations are so vast and interwoven. Also, that the complex and often urgent nature of the<br />
enquiries means there is seldom an efficient or repeatable way of addressing them through nonautomated<br />
means.<br />
Unfortunately, standard GRC tools are not fully automated; they typically rely on significant manual<br />
input. Furthermore, they do not provide complete insight into the current status of security controls<br />
coverage, the performance of those controls and – crucially – any gaps between them.<br />
This lack of consolidated visibility into all assets – devices, applications, user accounts, databases, etc.<br />
– across the enterprise makes it difficult for GRC teams to pinpoint control coverage gaps and external<br />
regulatory policy compliance.<br />
This is highly problematic because answers to regulators’ questions will invariably lie in data scattered<br />
across the organisation. Much of what GRC teams need to compose their responses to regulatory<br />
questions will come from data collected by security colleagues (see below), but in any case GRC tools<br />
are geared up to obtain subjective data collated via qualitative questionnaires that build an<br />
approximated picture from representative samples rather than reflecting the full, quantifiable reality.<br />
Incomplete and/or unreliable information prevents any clear assurance of whether the relevant controls<br />
are deployed and operating on all assets.<br />
Requests are coming thick and fast<br />
Financial institutions have plenty of cyber-related regulations to worry about and, for the largest in<br />
particular, the number grows almost by the month. Data privacy laws, as just one example, are now in<br />
force in 120 countries. This puts acute pressure on the GRC departments of international institutions,<br />
for whom local regulations apply regardless of whether their operations in a certain national jurisdiction<br />
constitute a major or a minor presence.<br />
We know that these increasingly cyber-related requests, and the difficulty in addressing them<br />
autonomously with existing GRC toolsets, is creating friction between GRC teams and their cyber<br />
colleagues. A separate Panaseer study polled a group of 420 CISOs at large financial institutions about<br />
these knock-on effects and found – on average – GRC teams were requesting metrics from security<br />
once every 16 days, at a cost of up to 5 days per month being diverted away from front-line cyber<br />
fighting resources. A total of 29 percent claimed risk teams demand data from them every single day.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 57<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Data accuracy and request volume are the biggest GRC cyber challenges<br />
In our GRC leaders peer survey, “access to accurate data” and “number of report requests to deal with”<br />
were cited as the top two security challenges.<br />
The number one issue is accurate data (or rather, a lack of it), cited as the most significant security<br />
issue by more than one-third (35 percent) of respondents. This appears to be a bigger problem among<br />
the smaller institutions surveyed, with 40 percent of those employing between 5,000 and 9,999 people<br />
placing it first versus 33 percent at those with 10,000+. This disparity could be explained by the sheer<br />
scale of manually-intensive resources that the largest institutions are able to call upon to collate richer<br />
data and invest time validating it. In any case, it’s clear that the same difficulties in grappling with<br />
complexity and sprawl afflict smaller institutions despite having fewer endpoints, applications and<br />
systems than their larger peers.<br />
The response “number of report requests to deal with, understanding and clarity of report requests” was<br />
cited as the greatest security challenge by 29 percent of respondents.<br />
More GRC leaders should be more confident in data shared with regulators<br />
The magnitude of these challenges is borne out in the apparent lack of supreme confidence GRC<br />
leaders have about the quality and timeliness of the data provided to regulators in response to<br />
requests. It is worth remembering that these are some of the largest and most advanced financial<br />
institutions in the world, with enormous resources and an acute sensitivity to the needs of maintaining a<br />
spotless regulatory compliance record that never risks harm to their public reputations or continuity of<br />
business operations.<br />
With all that being said, only 39 percent of respondents stated they were “very confident” in the<br />
accuracy of security data provided to regulators on request. More staggeringly still, a further 7 percent<br />
admitted they were “neither confident nor unconfident”, which any fair-minded observer would have to<br />
agree constitutes something of a damning indictment.<br />
It doesn’t get much better in terms of the confidence levels GRC leaders have for responding to<br />
regulatory requests quickly enough. Here, far less than half (41 percent) claimed to be “very confident”<br />
in their ability to fulfil the security-related requests of regulators in a timely manner.<br />
These are not the responses one would expect of senior risk and compliance professionals presiding<br />
over slick, well-functioning processes. Another finding compounds this troubling perspective: only 27.5<br />
percent of respondents said they were “very satisfied” that their organisation’s security reports align to<br />
regulatory compliance needs like GDPR and CCPA.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 58<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Too manual, meaning too inefficient, prone to errors and lacking context<br />
The tools that GRC teams commonly use to collate data in response to regulatory requests rely heavily<br />
on qualitative questionnaires. Some questions will be binary, others significantly more detailed. As<br />
outlined above, this will be owing to the absence of a vigorous, data-driven (bottom-up) approach to<br />
establishing the on-the-ground reality of which security controls are in place, what they cover and how<br />
they are operating. Rather, these questionnaires feed into a process that seeks to establish whether<br />
certain parameters are in place by garnering attestation from stakeholders and by sampling data.<br />
There are many limitations to such a manual, questionnaire-driven approach, including:<br />
- Massively inefficient – The largest institutions may employ 100 people or more to manually<br />
undertake qualitative compliance checks. Consider for a moment how wasteful that is, and how<br />
lacking in scalability in the face of yet greater requirements. Most organisations have automated<br />
some aspects of their processes according to our survey (more details below), with 2.5 percent<br />
automating none whatsoever.<br />
- Lacking in context – GRC tools cannot isolate and identify applications associated with<br />
particular business processes, or the interrelationships between assets and the people who<br />
interact with them, or – more to the point – the impact that risks posed by these factors may<br />
have on the business. The disconnected, check-box nature of qualitative assessment makes it<br />
all but impossible to assess the total, cumulative risk generated by ‘toxic combinations’ of risk<br />
factors. Our survey found a groundswell of support for improvement in this regard, with 30<br />
percent agreeing the ability to prioritise risk remediation based on impact to the business is<br />
“very important” and a further 66 percent as “somewhat important”.<br />
- Too much subjectivity – Qualitative questionnaires lead to evidence significantly more subjective<br />
than objective. Sampling also leads to less reliable results than an approach able to take in the<br />
full picture. Other accuracy issues include the potential for human error, bias or even abuse that<br />
must be considered when employing a non-automated system.<br />
- Point in time rather than real time, all the time – The results of such manual processes give only<br />
a ‘point-in-time’ estimation of compliance posture, which may be sufficient to satisfy the request<br />
but which will need the same process repeated again and again whenever the same verification<br />
is sought.<br />
In our GRC leaders study, 92 percent of senior risk and compliance professionals responded positively<br />
to the value of harnessing both quantitative and qualitative security controls assurance, reflecting the<br />
strong appetite for an improved toolset.<br />
Attitudes to automation are encouraging<br />
While GRC leaders may be labouring under a broken, inefficient and ‘top-down’ system, there is plenty<br />
of evidence from our research to suggest they are progressive in their outlook toward more<br />
streamlined, automated and comprehensive methods of surfacing security metrics.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 59<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
One of the reasons for this is expediency, with the tightening effect of increasingly stringent legislative<br />
requirements making the search for alternative approaches more pressing. Recent examples of this,<br />
such as the Monetary Authority of Singapore (MAS) Notice 655 on <strong>Cyber</strong> Hygiene (which calls for<br />
banks to attest to having endpoint detection and response software deployed and operational on every<br />
asset, at all times), reflect a heightened level of expectation on the part of regulators that such requests<br />
should not be considered unreasonable.<br />
Automating processes would go a considerable distance to solving these challenges, but our survey<br />
found there is some way left for organisations to go. A total of 93.5 percent of GRC leaders agreed that<br />
it is important to automate security risk and compliance reporting, but only 26 percent have so far<br />
achieved it. And while those instances where data collection (49 percent of respondents) and data<br />
analysis (67 percent) processes are being automated represent good news, until full automation arrives<br />
there will still remain many of the problems associated with manual processes, such as human error<br />
and inefficiencies in achieving pace and scale.<br />
Rethinking the GRC toolset with CCM<br />
The whole challenge of responding to regulatory requests would be alleviated by GRC tools that can<br />
harness accurate data in an automated rather than manual way, access the required information<br />
without dragging overstretched cyber teams into the fray, and easily transform it into the formats<br />
different regulators demand.<br />
With a consistent up-to-date view of security controls deployments, the accuracy and timeliness of<br />
responses will be improved since assessments will be derived from instrumentation instead of<br />
subjectivity.<br />
The latest Gartner Hype Cycle for Risk Management details a new technology that promises to deliver<br />
this capability. Called ‘Continuous Controls Monitoring (CCM)’, Gartner defines it as: “…a set of<br />
technologies that automates the assessment of operational controls’ effectiveness and the identification<br />
of exceptions”.<br />
Purpose-built CCM tools sit on top of existing tooling, ingest data from across security, IT and business<br />
tools, and can clean, normalise, and de-duplicate data before correlating aggregated data to individual<br />
assets. They can also integrate with GRC tools to automatically populate them with security controls<br />
assurance data.<br />
By using CCM to align security controls with framework standards, GRC teams can track and report<br />
adherence to best practice standards and regulatory mandates.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 60<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The compelling benefit of CCM is its ability to reflect “what’s really going on” in a fast and non-disruptive<br />
way, uncovering gaps in security controls deployment coverage wherever they are, and preventing<br />
even the merest suggestion that the organisation’s risk management is itself ‘risky’.<br />
That’s something that benefits every aspect of the organisations charged with upholding the best<br />
practice policies of security and compliance, from GRC leaders and cyber teams all the way up to the<br />
leadership of the business.<br />
About the Author<br />
Charaka has spent the last 5 years engineering and building Hadoopbased<br />
security analytics applications to detect <strong>Cyber</strong> threats. He led a<br />
team on business development for the BAE Systems <strong>Cyber</strong>Reveal<br />
product to over 40 clients in Financial Services, Technology,<br />
Telecommunications, Energy, Pharmaceuticals and Foreign<br />
Government based across EMEA, North America and APAC.<br />
Charaka is the brains behind our big data technology. His team lead the<br />
way in generating innovative techniques for deriving new security insight<br />
for our customers.<br />
First Name can be reached online at @charakag<br />
and at our company website http://panaseer.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 61<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why the Education Sector Must Address Security in The<br />
Rush to Digitise<br />
By Jacob Chacko Regional Business Head – Middle East, Saudi & South Africa (MESA) at<br />
HPE Aruba<br />
There has never been a greater need to connect students, classrooms, and buildings. Enrolment of<br />
students (who are always more tech savvy and more expectant than the year that preceded them)<br />
continues to rise, and the benefits of technology – better grades and greater staff well-being – are<br />
necessary if schools are to maintain high levels of performance during the challenging time of digital<br />
transformation.<br />
What’s key, however, is that cyber security is taken seriously. Not in a way that restrains a school’s<br />
ambitions to innovate, but so that technology is controlled and managed with caution to protect the<br />
students. This will become increasingly important as schools and universities expand deployment of<br />
digital, collaborative and immersive learning environments across new and modernised buildings and<br />
campuses.<br />
Here’s a closer look at some of the advances many schools are making today, and the security measures<br />
that can, and should, be taking to protect their data and reputation.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 62<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The changing face of education<br />
There are exciting times ahead for the education industry. Typically, this sector is one of the last to make<br />
extensive change, but thanks to the ambitions of teachers keen to engage better with students, the<br />
classroom of yesteryear is starting to transform. In many schools, where once Wi-Fi was limited to a<br />
handful of classrooms, now any room can be used as an IT suite. New tech such as eLockers are being<br />
trialled as a way of empowering students and encouraging self-paced learning. And, rather than deter<br />
the use of personal devices, they are becoming increasingly more embedded in the educational toolset.<br />
And so by enabling a more digital workplace, staff will be freed up to make faster decisions and engage<br />
students whose learning styles vary. Already we’re seeing education employees reap the rewards of<br />
technology. In Aruba’s recent study of more than 1,000 employees, almost three quarters (74%) said<br />
they could accomplish more throughout the day and had the opportunity to develop new skills (74%).<br />
However, as the smarter classroom gradually becomes a reality, so the question of security – and how it<br />
is managed – must be addressed.<br />
Keeping security in check as progress is made<br />
Worryingly, just under half (49%) of teachers admit they rarely (if ever) think about cybersecurity, despite<br />
91% acknowledging its importance. In addition, more than three-quarters (76%) believe there is room for<br />
improvement in the way connected tech is managed.<br />
This is a challenge for institutions. Schools, colleges and universities alike share the same priority:<br />
providing the best possible education to cater to students whose expectations are growing exponentially.<br />
To connect with them in a meaningful way requires reliable, optimised, and personalised learning<br />
experiences. But an influx of Internet of Things (IoT) devices and a cohort that aren’t all trained in security<br />
best practices, puts networks at risk of intrusion. And, more seriously, puts young people at risk of<br />
communication from people who may wish to abuse, exploit or bully them.<br />
Tackling this issue requires both accountability and an autonomous approach to security. Ensuring there<br />
is ownership over IoT security is imperative, and some institutions have appointed “digital champions”<br />
who review technology and share practices that foster innovation.<br />
Technology, too, will play its part in managing the cybersecurity risk. Colleges and universities must<br />
implement new tools that go beyond traditional cybersecurity measures, such as User and Entity<br />
Behavior Analytics (UEBA), which identify patterns in typical user behaviour and flag any anomalies.<br />
These kinds of solutions don’t hinder employee creativity, collaboration, or speed as many clunky security<br />
systems do. Instead, they provide real-time protection and enable quick responses should a network<br />
breach occur.<br />
Enthusiastic pupils are a huge opportunity<br />
It’s important that a focus on security doesn’t take away from the bold ambition demonstrated by the<br />
education sector. In many ways, this industry in a totally unique position. Every day, it interacts with an<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 63<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
enthusiastic generation that gets more technologically sophisticated each year. In few other sectors is<br />
there such a huge cohort of people as adaptable and receptive to new ways of working.<br />
This is where the opportunity lies for teachers, who can challenge the traditional way of teaching. But in<br />
order to do so, they cannot be shackled by the fear of cyber risk. Instead, education employees must<br />
continue to push themselves to investigate what other innovations can be implemented in order to<br />
enhance student learning.<br />
There’s no doubt it can feel overwhelming for many to think about how to make improvements while<br />
dealing with a demanding timetable. However, by investing in automation technology that streamlines<br />
processes and provides protection, the opportunity of a digital workplace can become a reality. This will<br />
drive greater efficiencies, freeing up space in the day to innovate and try new things.<br />
With the right technology in place, and a security strategy that ensures accountability for the management<br />
of said technology, there is huge potential for educational institutions to become efficient, productive and<br />
inspiring digital workplaces. The enthusiasm for transformation is already there. With the right security<br />
strategy, I’ve no doubt the future of education will be bright.<br />
About the Author<br />
Technologically savvy, innovative, strategic and a goal-driven IT<br />
management professional, Jacob has over 20 years of progressive<br />
success in all phases of Sales & Business Development including Profit<br />
Accountability, Business Growth, Product Development and Key Account<br />
Management, propelling unprecedented growth for organizations.<br />
Associated with Hewlett Packard Middle East, he has been successfully<br />
handling positions of progressive responsibility. He has been recognized<br />
to excel in offering Mobility solutions and Software Defined Networking,<br />
while pushing revenue charts northwards for organizations in a short<br />
span of time.<br />
Jacob can be reached online at (Jacob.chacko@hpe.com) and at our<br />
company website https://www.arubanetworks.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 64<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Data Migration Security<br />
What to Know<br />
By Devin Partida, <strong>Cyber</strong>security Writer, ReHack Magazine<br />
If you're planning a data migration soon, there are some crucial things to do to increase the likelihood of<br />
keeping it safe. Migrating data means moving it between locations, formats or locations.<br />
Prioritizing data security is essential for successful outcomes. However, doing that is not as<br />
straightforward as some people think. These tips will help with that all-important matter.<br />
1. Confirm the Location of Your Critical Data<br />
If your data migration includes critical content, do you know where all of it resides? If not, you're in the<br />
majority. Research indicates that 82% of respondents from organizations did not know where those<br />
enterprises kept all the critical data. The same study showed that 55% cited data fragmentation across<br />
multiple databases as slowing their progress.<br />
That's a data security risk because it could give the false impression that all the most important<br />
information got safely moved to the new destination. That may not be a valid conclusion to make. Audit<br />
the data before a migration happens. Doing that helps ensure you find all the necessary records. Tools<br />
also exist to help find duplicate or obsolete content that you can delete before starting to move the data.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 65<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
2. Plan a Phased Migration<br />
When learning about data migrations, you'll almost certainly come across details about a process called<br />
Extract, Transform and Load (ETL). It encompasses the three main stages that happen when moving<br />
information.<br />
The extract portion involves collecting data and reading it from a database. The transform step then<br />
converts the extracted data from its previous form to the format required by the new location. Finally, the<br />
load step writes the data to the target database.<br />
Keep security in a top-of-mind position by opting for a phased approach. In other words, decide to migrate<br />
your least-important data first. Focus on the material that has business value but does not include<br />
sensitive details.<br />
You should also hold off on migrating any data deemed essential to your company's operations. Doing<br />
that allows you to vet the security of the data host's systems and avoid major unforeseen problems.<br />
3. Become Familiar with Applicable <strong>Cyber</strong>security and Encryption Protocols<br />
A frequently chosen kind of migration occurs when companies shift some of their on-premises information<br />
to cloud data centers. This decision is often a smart one from a data security standpoint. Cloud platforms<br />
usually include dedicated encryption and cybersecurity protocols that customers automatically have<br />
access to through their service packages.<br />
However, consider how you could beef up cybersecurity and data encryption with additional measures<br />
applied by your company. Taking that approach is especially wise when the information in question is<br />
highly sensitive or includes customer details.<br />
When people get word of data breaches or other security-related matters affecting their details, they<br />
rapidly lose trust in the involved companies.<br />
4. Back Up the Data First<br />
As you map out the schedule for data migration, don't start moving the content before backing up all the<br />
files. Even if things go relatively smoothly, you could still end up with missing, incomplete or corrupt files.<br />
Having the data backed up supports data security by letting you restore content when needed.<br />
Weigh the pros and cons of all the options available to you before choosing one. For example, if you're<br />
only migrating a small number of files, putting them on a USB drive might be the simplest possibility. A<br />
mirrored drive or a cloud backup service is likely more appropriate for more extensive migration efforts.<br />
5. Maintain All Necessary Compliance and Access Requirements<br />
If your data migration involves keeping some content in on-premises facilities, and moving the rest to the<br />
cloud, ensure that your security standards are identically tight across those locations. A common way to<br />
do that is to set up security policies for aspects like access control. Once you lay out the desired security<br />
environment for the data, check that the cloud host meets or exceeds them.<br />
Verify that your data security plans include specifics for all applicable laws that dictate how to handle<br />
customer information, such as the General Data Protection Regulation (GDPR). Other data privacy<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
stipulations relate to patient medical data. Your company must continue to abide by the rules before,<br />
during and after a migration.<br />
Fortunately, automated tools can make that easier by automatically applying the parameters you set.<br />
Cutting Data Migration Risks<br />
Many of today's businesses are extremely dependent on data. The trouble is that the information<br />
possessed by a company could grow to such a gigantic amount that migrating it becomes too much of a<br />
hassle or prohibitively costly.<br />
Moving smaller databases of information still includes risks that could threaten data security. However,<br />
by following the suggestions here and doing more research to determine which challenges your company<br />
faces, you can reduce data migration problems.<br />
About the Author<br />
Devin Partida is a cybersecurity and technology writer. She is also the<br />
Editor-in-Chief at ReHack.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 67<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Crown Prosecution Service (CPS) Has Recorded<br />
1,627 Data Breaches Over the Entirety of the 2019-20<br />
Financial Year, Up From 1,378 In the Previous Financial<br />
Year<br />
By Andy Harcup, VOP, Absolute Software<br />
The annual CPS report, analysed by Griffin Law, a UK litigation practice, revealed that 59 incidents were<br />
so severe that they were reported to the Information Commissioner’s Office (ICO) and potentially<br />
affected up to 1,346 people.<br />
The CPS is hardly the first agency to struggle with device and data security, but the lack of urgency<br />
shown by the government over these persistent threats to the UK’s national cyber security is troubling.<br />
In the light of international concerns surrounding hacking and ransoms, not to mention the missing<br />
‘papers’ included in this report from the ICO, can we be sure there aren’t more incidents that go<br />
unreported or undetected?<br />
The cyberspace lies at the heart of modern society, and impacts our personal lives, our businesses, and<br />
our essential services. A secure online environment is essential to principal public agencies like the CPS.<br />
However, some individuals and groups use cyberspace for malicious purposes, exploiting cyberspace to<br />
conduct illegal operations or launch damaging computer network attacks. More than ever, cyber security<br />
affects both the public and the private sector and spans a broad range of issues related to personal,<br />
organizational, and most notably, national security.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 68<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As stated in the annual CPS report, the period from January to March saw by far the largest quantity of<br />
severe personal data incidents, with 21 data handling incidents leading to loss of ABE and media discs,<br />
as well as an additional 18 incidents of unauthorised disclosure of case information, impacting a<br />
whopping 1,233 people in total.<br />
By comparison, just 11 incidents of unauthorised disclosures of case information affected 56 people in<br />
the period of October to <strong>December</strong> 2019, 12 data handling incidents and unauthorised disclosures of<br />
case information impacted 34 people in January to March, and 23 people were impacted in April to June<br />
2019 by 15 total personal data incidents.<br />
In total, 1,463 of the total data breaches recorded over the entire financial year, were due to unauthorised<br />
disclosure of information, with 78 being considered ‘severe’. A further 143 of the total incidents were due<br />
to loss of electronic media and paper, and in 22 of these instances, the data was never recovered. Finally,<br />
the final 21 reported cases were due to loss of devices, including laptops, tablets and mobile phones,<br />
although only one of these devices was not eventually recovered, and no CPS data was compromised<br />
as a result.<br />
The Crown Prosecution Service oversees some of the most sensitive data imaginable, from confidential<br />
case files to personal details of witnesses and victims in criminal trials. Against this backdrop, these<br />
figures paint a worrying picture of the organisation’s approach to data and device security, with many<br />
incidents appearing to put the safety of individuals at risk. The claim that, ‘no CPS data has been<br />
compromised,’ in my opinion, requires further clarity.<br />
The data reveals little follow-up action is ever taken and that every faith is placed in the encryption<br />
software installed on government-issued devices. What we know to be true, based on our data, is that<br />
critical security controls like encryption are prone to failure. So to assume that data is protected merely<br />
because a device has encryption installed is a bold assumption.<br />
Moving forward, the CPS needs to up its game, with a much more rigorous approach to securing personal<br />
data. Key to this effort is ensuring that every mobile device or laptop is protected and retrievable, so that<br />
they can be wiped or frozen in the event of loss or theft. Additionally, staff need better training on how to<br />
reduce data loss incidents, to preserve the integrity and public trust in the CPS brand.<br />
It’s vital that key government departments and criminal prosecution services take data security seriously.<br />
It’s not uncommon for a missing file or laptop to fall into the wrong hands, giving hackers and cyber<br />
criminals access to critical public data. Key to tackling this problem is the implementation of sophisticated<br />
and robust end-point security, providing IT professionals within the department with full visibility and<br />
control over their device: meaning they can freeze or access a laptop, file or device, even if it lands in the<br />
wrong hands.<br />
In order to ensure a high level of security, organisations should take steps to quickly pinpoint potential<br />
threats and neutralise any cyber breaches as and when they occur with effective and resilient endpoint<br />
security. This should equip organisations with the ability to communicate, control and repair remote<br />
devices beyond corporate networks as well as measure the health of security control apps and<br />
productivity tools, so that workers can safely stay productive.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Andy Harcup, VP EMEA of Absolute Software<br />
Andy Harcup has professional experience in cyber security technology sales<br />
and consulting that spans over 15 years. He helps clients understand how<br />
security solutions can support and protect their digital business whilst at the<br />
same time either saving or increasing revenues. The cyber-criminal<br />
community along with security technology solutions are constantly evolving,<br />
and helping customers navigate that ever-changing landscape to help<br />
secure their business is Andy’s ultimate goal.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 70<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Financial Data Security Risks in The Hands of Online<br />
Shops or Intermediary Applications<br />
By Ben Hartwig, Web Operations Executive, InfoTracer<br />
Online retail fraud continues to rise year on year. Fraudsters are becoming more sophisticated and<br />
although we can put more and more consumer protection laws in place for protection, there is always a<br />
risk when providing your personal information online.<br />
Even if apps and stores that have access to your credit card or other details take measures to keep data<br />
safe, there is always the chance that hackers can steal data to use, or sell on the dark web. The risks<br />
are very real, but there is plenty you can do to mitigate these risks.<br />
Online shopping - The Process and The Risks<br />
Online shopping has made all of our lives that little bit more simple, and though people are venturing out<br />
less to buy items in real life, online business is booming. It is as simple as finding what you want and<br />
entering your card details, but there are still a lot of risks with this.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 71<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Financial fraud can take a number of forms, you may pay for an item and never receive it, receive<br />
something fake, or even have more money than you authorized taken. Even if you don’t get money taken,<br />
your details may be stolen and sold on the dark web, or used for identity theft. This can have grave<br />
impacts further down the line.<br />
There are scary cybersecurity statistics out there to show how much of an issue this is. The University of<br />
Maryland study says that hackers attack every 39 seconds, on average 2,244 times a day.<br />
What to Be Aware of When Shopping Online<br />
There are many signs you can use to try and establish whether a store is genuine or not. Naturally, if you<br />
have heard of the store or used it successfully before this is a big benefit. Other signs include:<br />
● Unsecure connections - https domains and a padlock sign in the browser (not on the website)<br />
are secure.<br />
●<br />
●<br />
●<br />
Wi-Fi warnings. Wi-Fi networks may warn you when a site is not trustworthy.<br />
Unusual domains with extra hyphens or characters.<br />
Crazy pricing. If it sounds too good to be true, it probably is.<br />
Other Apps That May Cause Fraud<br />
There are not just issues when shopping online, using other applications can leave you susceptible to<br />
fraud. For example, fake applications such as banking or investment apps, gaming apps that charge fees<br />
and take payments and other types of applications where you fill in personal details.<br />
Fake applications are becoming a huge problem, too, as so many people get fooled by similar branding<br />
to trusted apps.<br />
How to Protect Your Money Online: Basic Rules<br />
There are a few things you should always do when looking to protect your money online.<br />
●<br />
●<br />
●<br />
●<br />
Only download applications you know you can trust, with security certificates.<br />
Ensure you have antivirus software if you are using a laptop.<br />
Always have a secure password that you don’t use for each and every site.<br />
Double check every site or app is trustworthy before entering your details.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 72<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Security Tips for Online Shopping<br />
Here are some of the top security tips for online shopping:<br />
● Ensure that you have the most up to date browser, antivirus and operating system as this is<br />
the only way to ensure you have an option that is familiar with the most recent threats and<br />
advances in technology used by the hackers.<br />
●<br />
Check that the address you are buying from is real, not a fake or scam url.<br />
● Where you can, buy from a mobile device not a PC, as these are less susceptible to viruses<br />
that can steal your data.<br />
● Use a credit card rather than a debit card as these will keep you more protected using<br />
chargeback schemes, which can help you to get the money back if you fall foul of fraud.<br />
● As well as having secure passwords and different passwords, keep all of your passwords<br />
safe with a password manager, this can be done for you within Apple devices’ password keychain.<br />
● Don’t purchase anything from a cold email. In fact, don’t even click on the links. If you get an<br />
email claiming to be from a company, google them first to get their secure site and see if anyone<br />
has had issues with the company before. If you get an email about an offer and you think it is<br />
trustworthy it is still worth performing an email lookup to check the trustworthiness.<br />
● Keep records of all the transactions you carry out as this can help you to make claims in the<br />
future if you need.<br />
● Don’t keep a lot of private information on your smartphone or any one device, if this device<br />
is stolen it can be a goldmine for hackers or for criminals.<br />
● If a store online is asking for a lot of private information, consider why this might be the case.<br />
All they should need is a name, shipping and billing address and your card details.<br />
What to Do If You Fall into a Fraud Trap?<br />
It isn’t something to hide or be ashamed of if you fall into a trap. Fraudsters are undeniably becoming<br />
more and more sophisticated.<br />
Report the fraudulent activity to your state consumer protection office who might be able to take action,<br />
and consumer protection law is also moderated by the bureau of consumer protection. You might be able<br />
to take legal action.<br />
If you have purchased something on a credit card or PayPal, you might also be able to request a<br />
chargeback, due to not receiving the item. This depends on the type of retail fraud, and some identity<br />
fraud might be less straightforward.<br />
Conclusion<br />
This all comes down to vigilance. Keep a close eye on your bank account and anyone who might receive<br />
your details on a daily basis. It is always worth doing some due diligence on a new website or app you<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 73<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
are downloading or purchasing from, and this can help you to avoid falling into financial traps and having<br />
money, or your details, fraudulently taken from you.<br />
About the Author<br />
Ben Hartwig is a web operations director at InfoTracer. He authors<br />
guides on marketing and entire cybersecurity posture and enjoys<br />
sharing the best practices. You can contact the author via<br />
LinkedIn.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 74<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
All Aboard The COVID-19 Train: Malware Trends Taking<br />
Advantage of The Pandemic<br />
By Bar Block, Threat Intelligence Researcher at Deep Instinct<br />
Since the outbreak of COVID-19, plenty of COVID-19 themed malware attacks have surfaced around the<br />
globe. Attackers take every chance they get to spread their malware, and the pandemic has given them<br />
ripe opportunities.<br />
Based on data from D-Cloud, Deep Instinct’s Threat intelligence and telemetry cloud environment, the<br />
number of attacks has overall risen. This is particularly seen in the number of malicious executables and<br />
Office documents, which are commonly used to deliver the former. We believe this to be linked to an<br />
increase in malware attacks and malicious activity during the pandemic. Our data is consistent with trends<br />
seen elsewhere, which also point to an increase in attacks since the beginning of the pandemic. For<br />
example, the amount of malicious Office documents, which were seen in the first half of <strong>2020</strong>, is greater<br />
by 62% than the amount of the same type of files, which were seen in the first half of 2019. The increase<br />
correlates with waves of COVID-19 phishing attacks, which commonly use this type of file. A comparison<br />
for the same time periods in 2019 and <strong>2020</strong>, shows the number of malicious executables went up by<br />
40%.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 75<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Figure 1: The number of new malware samples per month, since the beginning of 2019. In the graph,<br />
Microsoft Office documents are divided between the older format- OLE and the newer format- OOXML.<br />
The numbers are shown in arbitrary units, where the number of malicious OOXML files in January 2019<br />
is set to 1.<br />
When the first waves of this ongoing pandemic crashed, attackers directed their efforts towards phishing<br />
campaigns and mal-spam attacks, sometimes pretending to originate from legitimate sources, like<br />
the World Health Organization. Others chose to exploit the work-from-home model, in which corporate<br />
networks that were relatively secure, could now be accessed from insecure locations. Likewise, meetings<br />
that were usually done in closed doors were now held using vulnerable virtual communication apps.<br />
Targeting the Good Guys<br />
One would be forgiven for thinking that the organizations which stand on the front line in the fight against<br />
the pandemic would be left alone, too important to be targeted by malware at this difficult time. However,<br />
that has unfortunately not be in the case.<br />
Since the outbreak, health organizations and their employees have been targeted more than usual, with<br />
an increase of more than two fold in targeted cyber-attacks against the World Health Organization,<br />
compared to last year. Spam and phishing campaigns were launched, some specifically targeting top<br />
officials at the WHO via both personal and corporate email addresses. Fake login websites for health<br />
workers have also been created, one even mimicking the World Health Organization’s eternal email<br />
system.<br />
Sure, some threat actors initially stated that they wouldn’t target health organizations during the<br />
pandemic, but that doesn’t mean they kept their word. For example, the group behind the infamous Maze<br />
ransomware released a statement in March <strong>2020</strong> that it would avoid infecting medical facilities and<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 76<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
esearch labs during the pandemic. Yet, just a few days later they released stolen<br />
data from “Hammersmith Medicines Research”, a London based lab that develops vaccines. That wasn’t<br />
the end of it, Maze infected more health facilities, not only interrupting their work, they also threatened to<br />
release patient records online if their ransom wasn’t paid. A threat would have exposed the compromised<br />
clinics to expensive GDPR lawsuits.<br />
Come and Knock on Our Door<br />
When organizations had no choice but to let their employees work out of their fairly secure offices and in<br />
their less than secure homes, suddenly the hacker’s job, just got a lot easier. They no longer had to work<br />
hard to craft malware samples that will pass corporate security solutions, they just needed to make<br />
unsuspecting employees open a malicious email attachment or download their malware from the internet.<br />
An example for an organization which was severely impacted by the shift to the work-from-home model<br />
is Cognizant, a Fortune 500 company. As the company was adjusting to its remote working environment<br />
they were attacked by Maze ransomware. The remediation and reparations costs were enormous,<br />
estimated to be between $50 to $70 million USD.<br />
Moreover, the fact that many people use the same computer for work and personal use, and sometimes<br />
even share these devices with other family members, opens the door for even more malicious samples.<br />
In addition, malware authors that decided to put more effort into the game, started looking for<br />
vulnerabilities to exploit in apps and services that became common during the pandemic, in order to<br />
reach a large crowd. An example of this is Zoom, which after experiencing a burst in popularity, suffered<br />
a string of security issues. One of which was a data breach in April that exposed over 500,000 Zoom<br />
credentials and a vulnerability that allowed arbitrary code execution on vulnerable endpoints.<br />
Fake Android Apps<br />
Many organizations and governments have launched applications that provide users with updated<br />
information about the pandemic. Seizing the opportunity, cyber-criminals used this surge of<br />
applications to launch their own versions, which are less helpful and more harmful. A common type of<br />
app is a “COVID-19 Tracker”, which gives information about infected people’s previous routes and current<br />
locations.<br />
During the pandemic, the Ginp banking trojan launched an Android app pretending to be a tracker that<br />
showed users a (fake) number of infected people in their current area. The software stated that it could<br />
give more details about the infected people for 0.75 Euros. If the users chose to sign-up, they were asked<br />
to provide their credit card information, which of course would be stolen by Ginp, without ever having<br />
charged the card, nor providing the requested information.<br />
Another malware that exploited the tracker theme is CryCryptor. On June 18th <strong>2020</strong>, the Canadian<br />
government announced it would back the development of a nationwide voluntarily tracing app that would<br />
provide details of exposure to Covid-19. Just a few days later, CryCryptor launched a ransomware<br />
pretending to be the app. Links to this fake app could be found in two Coronavirus themed websites,<br />
which the attackers had created. When the malicious software was downloaded, it asked for permission<br />
to access files on the infected device, on being provided, it used the permissions to encrypt targeted files,<br />
such as photos and videos, and left a ransom note in each affected folder.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 77<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Our Crystal Ball<br />
True Machiavellians, cyber-criminals focus on what they think will serve their purposes best. For that<br />
reason, we expect new malware campaigns to evolve in line with COVID-19 trends and developments.<br />
As national governments adjust their COVID-19 related regulations to meet the changing spread of the<br />
virus, people have struggled to keep up to date. Attackers may seize on this opportunity to launch malspam<br />
campaigns related to COVID-19 regulations, malicious websites with “updated information” and<br />
perhaps fake apps on “updated regulations”. Another possible approach attackers might take, is to take<br />
advantage of the interest surrounding a future vaccine to send phishing messages with malicious<br />
attachments, pretending to have new information about a promising vaccine to resolve the pandemic.<br />
The up-and-coming school year may also draw the attention of malware authors, especially those who<br />
prefer ransomware as their final payload. Like many organizations, schools and academic institutions<br />
had to adjust to the situation and change the way they operate, with many turning to online classes. This<br />
means that if a ransomware finds its way from a student’s home PC into the school’s network or in a<br />
more targeted attack, it can paralyze the school. Without the possibility of turning to the ‘ol’ pen and<br />
paper’, the infected school district or college may easily cave in and be forced to pay the ransom.<br />
A more permanent change that we will probably see, is the shift to a semi or full work-from-home model<br />
for the corporate workplace. During the pandemic, organizations realized that working from home has<br />
some advantages- many employees reported that they focus better at home, some even logged more<br />
hours, while companies discovered they can save a lot of money on facilities. If many organizations<br />
choose to permanently operate in a full or semi work-from-home model, hackers may well respond to<br />
exploit the situation, by crafting attacks that leverage the widened attack surface of remote working or by<br />
finding more vulnerabilities in software enabling remote working.<br />
Naturally, a company that chooses to operate in a remote working environment needs to take this<br />
increased risk into consideration, on top of other risks it may face. Additionally, companies will need to<br />
equip employees with the right tools, such as end point security solutions and proper security training.<br />
No matter how attackers choose to operate, users need to be more vigilant than ever, always keeping in<br />
mind that significant events, be it the COVID-19 outbreak or the upcoming U.S. elections, always draw<br />
attackers’ attention, and that the next malware infection may just be one click away.<br />
About the Author<br />
Bar Block, Threat Intelligence Researcher at Deep Instinct<br />
Bar Block is a Threat Intelligence Researcher at Deep Instinct. Prior<br />
to joining Deep Instinct in 2019, Bar served for three and a half years<br />
as a cyber security researcher in the Israeli Navy’s cyber unit. She is<br />
a recipient of the Israeli Navy Commander’s award for Outstanding<br />
Military Service.<br />
Bar Block can be reached online at Bar@deepinstinct.com, on<br />
LinkedIn and at our company website https://www.deepinstinct.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>December</strong> <strong>2020</strong> <strong>Edition</strong> 78<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Coming Security Perspectives<br />
By Milica D. Djekic<br />
It appears that a today’s world landscape is under constant and chronical attack of security challenges.<br />
There is no time in a history that was easy and it’s obvious why the modern days are tough as well. At<br />
the surface the situation can seem as well-balanced and manageable, but it takes a lot of effort to<br />
maintain the stuffs being normal at least from the public’s point of view. The security career is hard and<br />
with the plenty of suffering and limits. No defense officer can say he has ever led the comfortable life as<br />
there could be a lot of struggling and difficulties. No matter how the social conditions could seem as<br />
perfect at the first glance the officers marinating such a community know how challenging it is giving<br />
yourself to the society being competitive in any sense. The security is about the risk management and<br />
many of us are aware of so, but as the nowadays situation is so complicated the biggest question to<br />
anyone is if we can produce the new generations of defense leaders who will provide the good response<br />
to the quite uncertain future.<br />
The gravest challenge of today is how to assure the overcrowded places as the cyberspace is. Those<br />
spots are the potential sources of the crime and as it is well-known there is some cyber skill shortage at<br />
the present times. Also, the cyber trace can serve to the investigation to obtain the findings and evidence<br />
about much dangerous security threats. So, definitely we are in need for such a skill and it can take time<br />
to make that sort of professionals. It can seem that our everyday life is so cloudy as we cope with the<br />
pandemic, economic crises, transnational crime and terrorism, so far. It can appear that the defense<br />
career is the good outlet to many good guys even in the most progressive economies. That choice seeks<br />
dedication and patience, so it’s clear why those men and women would select to serve making the living<br />
shield to the rest of their communities. It takes strength; courage and daring to be like so. In addition, it<br />
appears with the new technology we are aware more than ever how deep security can go as well as we<br />
can recognize why some occurrences from the past even happened. The history will give us the hard<br />
lessons and even today we can not say we are safe enough. The new Pandora boxes will get opened<br />
and we will realize we are simply at the beginning of the never ending game between the cat and mouse.<br />
In other words, one chapter will get closed while the new ones will appear as the new questions looking<br />
for their answers to come. That’s how we will make a cycle again and again. The social landscape can<br />
appear as great, but there is a lot of sweating behind so. Either you will give yourself fully or you will be<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 79<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
the temporary poser wasting someone’s time. No excuses; no compromise – just boldness and some<br />
fortune to follow.<br />
Any time in the history was tough and the novel days are not the exemption. Even if you serve in the<br />
physical, cyber or the other security branches your profession is not easy. No matter how beautiful<br />
everything can appear at the first sight there is no society without the crime and anytime has needed the<br />
good guys to respond to those challenges. It always has been hard, but undoubtedly worth that. The<br />
mission of security is to work for the betterment of many and if you deal with such an idea in your mind<br />
you will figure out why giving yourself completely matters.<br />
About the Author<br />
Milica D. Djekic is an Independent Researcher from Subotica,<br />
the Republic of Serbia. She received her engineering<br />
background from the Faculty of Mechanical Engineering,<br />
University of Belgrade. She writes for some domestic and<br />
overseas presses and she is also the author of the book “The<br />
Internet of Things: Concept, Applications and Security” being<br />
published in 2017 with the Lambert Academic Publishing. Milica<br />
is also a speaker with the BrightTALK expert’s channel. She is<br />
the member of an ASIS International since 2017 and contributor<br />
to the Australian <strong>Cyber</strong> Security Magazine since 2018. Milica's<br />
research efforts are recognized with Computer Emergency<br />
Response Team for the European Union (CERT-EU), Censys<br />
Press, BU-CERT UK and EASA European Centre for<br />
<strong>Cyber</strong>security in Aviation (ECCSA). Her fields of interests are<br />
cyber defense, technology and business. Milica is a person with<br />
disability.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 80<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Amidst Election Noise, <strong>Cyber</strong>criminals See an<br />
Opportunity with Retail<br />
By Chris Kennedy, CISO & VP of Customer Success, AttackIQ<br />
More than seven months into the onset of the novel coronavirus, it feels strange to look back on the<br />
things we previously took for granted in our day-to-day lives and accept the new reality— of working from<br />
home to celebrating events online to having a doctor’s appointment via Zoom.<br />
We have adapted to life under the novel coronavirus by becoming ‘A Very Online People.’ Hostile actors<br />
have been busy looking for ways to exploit us when we’re vulnerable, impressionable, and dependent on<br />
the internet.<br />
Our transition to remote work and increased digitization has opened us to a slew of threats: from phishing<br />
scams to botnets, from ransomware to the spread of disinformation. <strong>Cyber</strong>criminals and nation-states<br />
wasted no time in taking advantage of this pivot. Ransomware attacks are up seven-fold compared to<br />
last year, the Russian government is at it again with this year’s election, and the shift to online classes<br />
and teaching has made schools vulnerable.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 81<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Finally, the election results may not be known for weeks after election day due to the increase in mail-in<br />
voting, the safest but slowest way under the coronavirus to ensure a safe and secure electoral outcome;<br />
for this reason November is likely to be a difficult month in America as the election results are likely to be<br />
contested, with a spike in disinformation and online extremism. It is as tense a period in American history<br />
as anyone can remember.<br />
Timing the perfect storm<br />
With all eyes currently on the election, the next logical target is the retail sector—namely the supply<br />
chain—during the coming holidays. We saw an increase of cyberattacks on retailers during the<br />
holidays previously and we should expect a similar trend this year. Attacks could expose customer<br />
financial information, hold company data hostage through ransomware (with a hefty price tag to boot), or<br />
disrupt business operations. Consumer spending is also tied directly to the health of our economy, and<br />
a hostile nation-state might take the chance to pounce on the United States and disrupt the flow of goods<br />
and services.<br />
Especially when we’re so dependent on the internet. E-commerce sales have spiked by more than 31<br />
percent during the pandemic and now 43 percent of all holiday shopping is expected to be done online.<br />
Ours is a fragile economy built on outsourcing and just-in-time inventory; the market is already vulnerable<br />
as supply chains have been disrupted with manufacturers and retailers struggling to keep goods in stock.<br />
The timing and potential scale of a retail-focused attack makes this into an acute moment.<br />
Planning and preparedness are crucial<br />
We have a short window for effective security planning before the holiday season is fully upon us.<br />
American organizations have had several opportunities in the past to make good cybersecurity<br />
investments; the big, high-profile breaches of the past seven years should have triggered the impetus to<br />
invest. But too often organizations have failed to move fast enough. Let’s make this year different.<br />
What should be done? The first and most important step is to exercise the security you already<br />
have. Verizon’s Data Breach Investigation Report estimates that 82% of enterprise breaches should have<br />
been stopped by existing security controls but weren’t. Why is that? You could buy the best cybersecurity<br />
tools on the market to meet your needs, from firewalls to internal security segmentation capabilities to<br />
endpoint monitoring, but cybersecurity controls fail, and when they do, they fail silently. There is no “check<br />
engine light” that comes on right now. Security controls fail for two reasons – user error or<br />
misconfiguration – and when they fail, the enemy slips past.<br />
The best course between now and the rest of the holiday season is for security teams to exercise their<br />
cyberdefenses against known threats. We have a free tool to help us do so. The Department of Homeland<br />
Security recently released an alert warning the health sector of the risk of escalating tensions and<br />
potential cyberspace operations from China. At the end of the alert, the government agency listed<br />
Chinese tactics under the MITRE ATT&CK framework of known adversary tactics, techniques, and<br />
procedures. The framework organizes known hostile actors and their behavior. Organizations should use<br />
ATT&CK to prepare for known threats and exercise their security controls to defend customer data and<br />
ensure a safe holiday season.<br />
We just had National <strong>Cyber</strong>security Awareness Month in October, which is always a timely reminder for<br />
companies that touch the supply chain to shore up their cyberdefense effectiveness. Consumers need to<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 82<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
e diligent about disinformation, about keeping their personal information secure, and enterprises need<br />
to be on guard.<br />
The past year has left us rattled, and this month is likely to be difficult as politics and foreign influence<br />
operations put downward pressure on the American people—even after the election happens. <strong>December</strong><br />
gives adversaries another opportunity to keep up the pace. It doesn’t need to be that way. Simple steps<br />
we take now can help ensure a safer and more secure end of the year, and a positive transition into 2021.<br />
Preparation is the name of the game.<br />
About the Author<br />
Chris Kennedy is Chief Information Security Officer (CISO) and<br />
VP of Customer Success at AttackIQ where he is responsible for<br />
managing all aspects of customer relations and success, as well<br />
as the company’s internal information security strategy. He<br />
joined the company in January 2019 from Bridgewater Associates<br />
where he was head of security for infrastructure technology and<br />
controls engineering. Kennedy has more than 20 years of<br />
cybersecurity risk and operations practitioner experience and<br />
previously led the development of the U.S. Department of<br />
Treasury’s and the U.S. Marine Corps’ cybersecurity operations<br />
programs. A former Marine Corps Officer and Operation Iraqi<br />
Freedom veteran, Kennedy holds a Master of Science in<br />
Computer Information Systems from Boston University and a<br />
Bachelor of Mechanical Engineering from Vanderbilt University.<br />
Connect with him on LinkedIn.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 83<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What’s in Your Wallet? The <strong>Cyber</strong>security Costs of COVID<br />
With new business challenges in play, organizations are shifting their cybersecurity spend accordingly<br />
By Mark Sangster, Vice President and Industry Security Strategist, eSentire<br />
If anything has become clear over the past six months, it’s that COVID’s tentacles have crept into almost<br />
every facet of our lives, both personal and professional. Most are in ways we could have (and did) predict,<br />
but there have been a few surprises along the way, such as teaching pods and Zoom fatigue.<br />
The good news is that people are, in general, pretty adaptable. Thousands of years of civilization have<br />
shown that when faced with a problem, a little human ingenuity goes a long way. Some of the world’s<br />
greatest inventions have been born out of necessity, or in some cases, out of an idea that fills a need we<br />
didn’t know we had (smartphones, anyone?). So, as COVID was causing epic changes large and small,<br />
far and wide, cyber criminals were adapting right along with it. In fact, for many ne’er do wells it was a<br />
boon. Suddenly, companies whose IT teams were equipped to protect networks, where perhaps 15<br />
percent to 20 percent of its workforce was remote, were faced with an almost 100-percent remote<br />
workforce overnight.<br />
The move to home didn’t just mean that employees were working from home offices and dining room<br />
tables — it meant employees were now outside the protection of traditional security perimeters, including<br />
firewalls. Devices that had previously been protected by enterprise-grade security technologies were now<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 84<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
at the mercy of consumer-grade internet routers, many of which were left unsecured by home users. For<br />
companies with a focus on the perimeter, this rendered much of their security practice moot.<br />
Without virtual private networks (VPN), two-factor and multi-factor authentication (2FA and MFA,<br />
respectively) controls, the doors to the henhouse were wide open, and foxes were free to stroll in.<br />
Criminals could easily connect to unprotected WiFi networks and install scripts on internet routers to<br />
collect unencrypted data, including corporate assets and credentials, which in turn could be used for<br />
credential stuffing attacks down the road.<br />
Security, stat<br />
Needless to say, many enterprises realized they needed to double down on their security spend, with the<br />
majority spend focused on protecting remote workers’ home operations.<br />
Companies lingering in outmoded, perimeter-based security lacked the ability to protect remote workers,<br />
cloud-based assets, and distributed management systems. No wonder then that they felt the increased<br />
security spend hardest, driven by the adoption of technologies that protect distributed workers and the<br />
assets they access. These organizations were quick to snap up encryption technologies such VPNs and<br />
multi-factor authentication, which provide an additional layer of protection to credential-based systems;<br />
endpoint protection (next-gen AV); and endpoint detection and response. And that’s not cheap.<br />
And for a few unlucky ones, even greater spending came about as a result of a data breach or operational<br />
disruption born from COVID-camouflaged attacks in the form of ransoms, clean-up costs, penalties, and<br />
the like.<br />
The genie is out<br />
You can’t put the genie back in the bottle. Many companies are continuing with remote, or at least hybrid,<br />
operations, and now that the risk is understood, it would be negligent to revert to old security methods.<br />
After the attacks on 9/11, New York based businesses changed their security and business continuity<br />
practices to include back-up systems and work centers outside their main offices. For banks in lower<br />
Manhattan, this meant backing up data and services in New Jersey. In 2012, Hurricane Sandy struck the<br />
eastern seaboard and not only flooded lower Manhattan, but disabled back-up centers located across<br />
the Hudson river. The previous influence in business continuity fell short when faced with a new type of<br />
natural threat.<br />
With COVID-19, companies more broadly understand that they had made a similar miscalculation,<br />
thinking that protecting the network perimeter would secure their business. Organizations must now<br />
protect remote worker’s devices (endpoint protection), and the means by which they connect to business<br />
systems and assets (VPN and MFA). When the next forcing factor emerges (hopefully no time soon), it<br />
will again reshape the way we approach cybersecurity fundamentals With luck, thousands of years from<br />
now, our descendants will marvel not only at how we successfully navigated a global pandemic, but how<br />
by applying human ingenuity, we emerged stronger and with a few new tools under our collective belts.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 85<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Mark Sangster, Vice President and Industry Security<br />
Strategist, eSentire<br />
As a member of the LegalSec Council with the International<br />
Legal Technology Association (ILTA), Mark Sangster is a<br />
cybersecurity evangelist who has spent significant time<br />
researching and speaking to peripheral factors influencing<br />
the way that legal firms integrate cybersecurity into their dayto-day<br />
operations. In addition to his passion for<br />
cybersecurity, Mark's 20-year sales and marketing career<br />
was established with industry giants like Intel Corporation,<br />
BlackBerry, and Cisco Systems.<br />
Mark's experience unites a strong technical aptitude and an<br />
intuitive understanding of regulatory agencies. During his<br />
time at BlackBerry, Mark worked on the first secure devices for government agencies. Since then, he has<br />
continued to build mutually beneficial relationships with regulatory agencies in key sectors.<br />
Mark holds a Bachelor’s degree in Psychology from the University of Western Ontario and a Business<br />
Diploma from Humber College. He is the author of the upcoming book “No Safe Harbor.”<br />
Mark can be reached online at @mbsangster and at our company website http://www.esentire.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 86<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Making the Journey to the Intelligent SOC<br />
AI, Machine Learning and Open-XDR Make it Easier<br />
By Albert Zhichun Li, Chief Scientist, Stellar <strong>Cyber</strong><br />
Most enterprises and service providers are building security operations centers (SOCs) where a team of<br />
analysts evaluates and remediates cyberattacks. Traditionally, these SOCs use a dozen or more standalone<br />
security tools, each of which focuses on endpoints, the network, servers, users, applications or<br />
other parts of the attack surface. This system results in hundreds or thousands of false positive attack<br />
alerts, causing analyst “alert fatigue,” and forces analysts to manually correlate information from the<br />
siloed tools to determine whether complex attacks are real or false. This activity can make it a matter of<br />
weeks or months to respond to complex attacks.<br />
Ideally, users would like a single security dashboard that accurately identifies complex attacks and<br />
automatically correlates inputs from multiple security tools to reduce false positives and reduce the time<br />
it takes to spot and remedy attacks. Today, some security software vendors are leveraging artificial<br />
intelligence (AI) and machine learning to find and correlate detections from across the entire attack<br />
surface and present them in an easily-digestible manner. Let’s look at how these technologies improve<br />
SOC operations.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 87<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A Day in the Life of a Security Analyst<br />
In a large SOC, there are typically three levels of analysts:<br />
• Level 1 analysts are triage specialists who monitor and evaluate incoming alerts and identify<br />
suspicious activity that merits attention, prioritization and investigation.<br />
• Level 2 analysts are incident responders, performing initial analysis and investigation into alerts,<br />
assessing the scope of the attack and identifying and researching indicators of compromise<br />
(IOCs) for blocking or mitigated identified threats.<br />
• Level 3 analysts are threat hunters, conducting malware analysis and network forensics and<br />
working proactively to recognize attackers and advanced persistent threat activities while working<br />
with key stakeholders to implement remediation plans.<br />
How AI and Machine Learning Change the Picture<br />
Here’s how AI and machine learning in an intelligent SOC change the dynamics. For Level 1 analysts,<br />
an intelligent SOC can automate almost all activities related to monitoring and evaluating incoming<br />
events. Level 1 monitoring and identification of incoming threats are generated through basic automation<br />
and the event correlation of ingested logs. Machine learning and AI can provide a SOC Level 1 Analyst<br />
with the identification of more data-driven events with more accuracy, allowing for precise categorization<br />
of specific threats for a more rapid response.<br />
At Level 2, AI and machine learning can provide the analyst with an immediate assessment of the scope<br />
of the attack and sometimes can recommend initial steps for remediation. At Level 3, these technologies<br />
can reduce over-all remediation dwell time as machine learning and AI can immediately identify and<br />
correlate detections and forensics data to identify malicious activity and implement protection measures.<br />
With all teams looking at detections through a single dashboard, companies can use an intelligent SOC<br />
to eliminate manual event correlation and significantly speed the time to attack identification. AI can spot<br />
attacks and recommend steps to remediate them, and machine learning can make the intelligent SOC<br />
smarter over time because it learns and remembers attack scenarios so it can spot them more quickly<br />
the next time.<br />
The Journey to the Intelligent SOC<br />
So how can companies update their SOCs to intelligent SOCs? There are two scenarios.<br />
In Scenario 1, the company buys intelligent SOC software from a vendor with a closed platform. These<br />
eXtended Detection and Response (XDR) platforms aggregate security tools obtained through internal<br />
development and acquisition, and implementing the platform means abandoning the existing security<br />
solutions your company is already using. This method causes disruption, impacts the company’s bottom<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 88<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
line (because it is abandoning tools that are already paid for), and locks in the company’s fortunes to that<br />
single vendor.<br />
In Scenario 2, the company buys intelligent SOC software from a vendor with an open platform. These<br />
Open XDR platforms deploy non-disruptively, capture inputs from your existing security tools, and add<br />
their own capabilities to enhance detection, correlate events, and present them all in a single dashboard.<br />
This method saves money, reduces training time and disruption, and allows the company to choose bestof-breed<br />
tools for its security infrastructure.<br />
There are sharp contrasts between these two scenarios, and each should be considered carefully as<br />
your company makes the journey.<br />
Intelligent SOC Advantages<br />
Level 1 SOC analyst can see the results of ML/AI firsthand when organizations perform external pen<br />
testing and red team adversary simulation to validate that the SOC is correctly optimized for monitoring<br />
and identifying alerts. Although there has been some discussion as to whether ML/AI will start to replace<br />
human SOC analyst, industry experts agree that these deep learning tools can complement and improve<br />
your current SOC Level 2 staff's ability to perform analysis and investigation to detect advance threats.<br />
In a Crowd Research Partners survey conducted last year, more than 55 percent of the respondents cited<br />
their inability to detect advanced threats as the biggest challenge for SOCs.<br />
ML/AI security tools can deliver substantial improvements in threat hunting, detection and forensics<br />
analysis for your Level 3 SOC analyst. This can translate into reduced dwell time, mean time to detect<br />
(MTTD) and mean time to remediate (MTTR). AI and machine learning will provide for a highly automated<br />
and efficient SOC that will empower analysts and eliminate complexity.<br />
The Promise of an Intelligent SOC<br />
To understand the promise of an intelligent SOC, let’s look at what it brings to the role of analysts at each<br />
level. For Level 1 analysts, it provides rapid detection capabilities across multiple endpoint and network<br />
monitoring tools and components from a central location and single dashboard. This helps eliminate alert<br />
fatigue from false positives and makes it easier to quickly spot complex attacks. Some users report that<br />
thanks to an intelligent SOC, detection times for complex attacks have been reduced to minutes from<br />
days or weeks. Automated orchestration provides Level 1 SOC analyst with rapid detection capabilities<br />
across multiple endpoint and network monitoring tools, all from a central location and single dashboard.<br />
Automated security orchestration will improve the efficiency of SOC processes and the identification of<br />
malicious activity, allowing for Level 1 SOC analysts to forward potential security incidents that merit<br />
attention to Level 2 staff more quickly.<br />
Level 2 analysts get the ability to remediate security challenges quickly and accurately. The intelligent<br />
SOC platform’s AI and machine learning capabilities deliver highly accurate detections and suggestions<br />
for how to remediate them. Automated orchestration enriches Level 2 SOC analyst with additional data,<br />
rapid remediation capabilities, leveraging multiple protection tools and components from a central<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 89<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
location and single dashboard. These automated platforms will help scope events into true incidents for<br />
human responders<br />
Automated orchestration provides Level 3 SOC analysts with rapid evidence collection of simultaneous<br />
processes across multiple tools from a centralized location and a single dashboard. Most importantly,<br />
automation and orchestration can provide a more rapid response capability across multiple security<br />
components and tools whether they are on-prem or located in the cloud.<br />
Intelligent SOCs bring dramatic improvements in a company’s ability to protect itself from ongoing attacks<br />
by consolidating and analyzing information from across all security tools, correlating detections found by<br />
multiple sources, and presenting attack information and remediation options in a single dashboard. For<br />
the sake of overall security protection, the journey to an intelligent SOC is one well worth taking.<br />
About the Author<br />
Albert Zhichun Li is the Chief Scientist at Stellar <strong>Cyber</strong>. is a worldrenowned<br />
expert in cyber security, machine learning (ML), systems,<br />
networking and IoT. He is one of the few scientists known to heavily<br />
apply ML to security detection/investigation. Albert has 20 years of<br />
experience in security, and has been applying machine learning to<br />
security for 15 years. Previously, he was the head of NEC Labs’<br />
computer security department, where he initiated, architected and<br />
commercialized NEC’s own AI-driven security platform. He has filed<br />
48 US patents and has published nearly 50 seminal research papers.<br />
Dr. Li has a Ph.D. in system and network security from Northwestern<br />
University and a B.Sc. from Tsinghua University.<br />
Albert can be reached online at zli@stellarcyber.ai and at our company website http://stellarcyber.ai<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Joint Investigation Reveals Evidence of Malicious<br />
Android COVID Contact Tracing Apps<br />
By Peter Ferguson, <strong>Cyber</strong> Threat Intelligence Specialist at EclecticIQ’s Fusion Center<br />
The devastation of the COVID-19 pandemic has caused public-health and economic issues to countries<br />
around the globe, and the complications of which are far from over. In accordance to scientific guidance,<br />
many nations have launched contact tracing applications to monitor, identify, alert and reduce the spread<br />
of infections.<br />
However, the shift towards tracing apps has not always been smooth in the eyes of both the media and<br />
the public, with various concerns about the privacy of these tools. Considering such an app is an<br />
unprecedented phenomenon in a world that’s perhaps more connected than ever, it is easy to understand<br />
how some may see an Orwellian twist to the story, despite the arguable necessity for tracking in order to<br />
keep members of the public safe. In fact, a US survey by YouGov from April <strong>2020</strong> indicated that 43% of<br />
Americans believe that such an app would be an invasion of privacy and just one third said they would<br />
install the app.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 91<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
However, despite these concerns, as the pandemic continues and economic activity starts to resume,<br />
more and more countries have been looking into providing their own COVID-19 contact tracing<br />
applications. With this, it is likely that we’ll see threat actors exploit the window of opportunity of a new<br />
product being launched to the public in order to distribute malicious Android packages that pose as<br />
legitimate contact tracing applications while delivering banking trojans, spyware, and ransomware.<br />
A recent joint investigation between EclecticIQ and the ThreatFabric research team has been produced<br />
into a report on this matter, with the findings suggesting that threat actors will almost certainly continue<br />
to use commodity and open source-based malware disguised as legitimate contact tracing applications<br />
for financial gain.<br />
The low barrier to entry provided by these tools and the continued rollout of contact tracing applications<br />
by nations, presents continued financial opportunity for cybercriminals into the near future. Worryingly,<br />
we have observed evidence of malicious actors displaying their willingness to exploit the current<br />
pandemic by targeting legitimate contact tracing applications consistently in recent months. The samples<br />
analysed by our research team had an earliest estimated build time of April 12 th , <strong>2020</strong> with the latest<br />
being June 23 rd , <strong>2020</strong>.<br />
Third party tooling used to provide C2 anonymisation<br />
As part of our investigation, we have found examples of threat actors using third party tooling to provide<br />
anonymisation to their command and control (C2) infrastructure. In our research, we found India to have<br />
been particularly targeted with malicious applications, with eight malicious applications that used<br />
Portmap.io, a commercially available port forwarding service, and Ngrok, a secure tunnelling service.<br />
Malicious Android packages distributed through phishing links<br />
The examples of malicious contact tracing apps we analysed were primarily distributed through phishing<br />
links designed to trick users into downloading a malicious Android package. One of the samples we<br />
analysed, first identified by the MalwareHunterTeam, was disguised as an official contact tracing app for<br />
India and was an example of this phishing practice.<br />
Furthermore, it would seem that the distribution of malicious Android packages disguised as legitimate<br />
contact tracing apps is consistent across the regions. As an example, ESET found that the official<br />
Canadian contact tracing app was targeted with ransomware, with users being lured into downloading<br />
the CryCryptor ransomware via two phishing links.<br />
Investigation findings are consistent with previous open source reporting<br />
Our report found that the use of commodity and open-source based malware is consistent with previous<br />
open source findings: Researchers at Symantec found that legitimate SM_Covid19 apps were<br />
repackaged by cybercriminals and injected with Metasploit, hence giving the identified samples Trojan<br />
capabilities. A further three samples were found to be disguised as the contact tracing app for India.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 92<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As part of our investigation, we also analysed a publicly available malicious sample, disguised as the<br />
legitimate app for Singapore, which we found to be linked to the commodity Android Banking Trojan,<br />
Alien.<br />
Malicious Android packages distributed for financial gain<br />
From our analysis, we have assessed with high confidence that the majority of these malicious attacks<br />
on contact tracing apps are financially motivated. One of the indicators of this is the use of openly<br />
available tools, which require no financial input from the cybercriminals beyond the time needed to<br />
configure and deploy them.<br />
Good advice to users would be to never download contact tracing Android applications from links sent to<br />
them or from third party stores. If you’re interested in downloading your nation’s contact tracing<br />
application, we’d recommend the use of an official health body website or the Google Play Store. Social<br />
engineering remains an incredibly efficient tactic to manipulate users into downloading and installing a<br />
wide variety of malicious applications on mobile devices. As the crisis deepens, it has become<br />
increasingly important for users to remain cautious about the sources they download their software from<br />
and take due precautions when opening links that have been shared with them – spear phishing, the<br />
practice of luring victims to click on links or enter data via fraudulent emails that use a personalised<br />
approach can be incredibly deceiving even to the trained eye.<br />
About the Author<br />
Peter Ferguson is a <strong>Cyber</strong> Threat Intelligence Specialist at<br />
Amsterdam-based cybersecurity company EclecticIQ. He has a<br />
demonstrated history of working in the security industry, specialising<br />
in modelling threats to industry standard models (Kill Chain, MITRE,<br />
STIX).<br />
Peter can be reached online via LinkedIn and at our company website:<br />
https://www.eclecticiq.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A Hybrid Workplace Means New Threats and More<br />
Pressure on IT Leaders<br />
By Tim Sadler, Cofounder and CEO of Tessian<br />
Events this year have changed the way we think about work indefinitely. In fact, new research from<br />
Tessian shows that only 11% of employees want to work exclusively in the office post-pandemic.<br />
Businesses must now consider whether the remote work shift brought on by COVID-19 should become<br />
permanent. But, then again, remote work isn't accessible or preferable for every employee. Business<br />
leaders, therefore, have important decisions to make around how employees will work in the future, be it<br />
remotely, in an office or a hybrid of the two.<br />
Whatever the decision, cybersecurity will be a huge factor. IT teams must fortify workplace processes<br />
with an added layer of security to protect both data and individuals no matter where an employee is<br />
working. They will face more pressure from the top as cybersecurity and business continuity are<br />
prioritized.<br />
Business leaders need to understand the new challenges IT leaders are facing, how security threats<br />
change as people work from anywhere, and how to prepare for a future hybrid working structure.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 94<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why IT Leaders Are Concerned About Hybrid Work<br />
Three-quarters of IT decision makers believe the future of work will be either remote or hybrid, according<br />
to Tessian’s report.<br />
But they do have concerns around these new ways of working, specifically around employee wellbeing.<br />
Throughout the pandemic, research has shown the negative impact remote work has had on people’s<br />
levels of stress, leading to more incidents of burnout. As well as having detrimental consequences to<br />
people’s wellbeing, increased levels of stress could also be putting companies at risk, as people tend to<br />
make more cybersecurity mistakes at work. IT leaders are also concerned that remote employees’ unsafe<br />
data practices could lead to more data breaches and security incidents.<br />
It’s no wonder, then, that more than one-third (34%) of IT leaders are worried about their teams’ time and<br />
resources being stretched too thin. Eighty-five percent also believe their teams will be under more<br />
pressure with a permanent remote work structure. To explain, let’s look at two specific security concerns<br />
that are made more complex when some, or all, employees work outside of the office:<br />
● Phishing: Half of the security incidents or data breaches that companies experienced between<br />
March and July <strong>2020</strong> were the result of phishing attacks - making it the top attack vector during<br />
this time. In fact, nearly two-thirds of US and UK employees (65%) said they received a phishing<br />
email during the remote work period. The problem is that employees are more susceptible to<br />
phishing attacks while working remotely, namely because hackers are taking advantage of the<br />
situation and it’s also harder to verify a colleague’s request when they aren’t in the same room as<br />
you. In addition, factors like distraction could cause people to miss cues and potentially click on<br />
malicious links.<br />
● Insider threats: Data exfiltration from inside the company is also a security risk that becomes more<br />
complex with a remote or hybrid environment, even when not done maliciously. An employee<br />
could, for example, be sending documents to personal email accounts to print from their home<br />
devices. When this data leaves corporate networks and devices, though, it becomes more<br />
vulnerable to a breach and puts the company at risk of non-compliance.<br />
Protect IT Teams’ Time by Focusing Security and Awareness Efforts<br />
Mitigating these risks without over-burdening IT teams won’t be easy but it can be achieved by focusing<br />
on two important areas: email protection and better cybersecurity training.<br />
Employees are more reliant on email than ever while working remotely; Tessian saw a 129% increase in<br />
email traffic from March to April <strong>2020</strong>, compared with January to February. As people use email more<br />
and more to send data to customers and colleagues, and as hackers exploit the channels employees rely<br />
on most, educating people on threats like phishing attacks or accidental data loss - simply caused by<br />
someone sending an email the wrong person - is critical to company security.<br />
This training, however, needs to resonate. It can’t be seen as a tick-box exercise or another thing for<br />
people to add to their to-do lists, because employees just won’t engage with it. In fact, despite half of IT<br />
departments implementing more security training for their remote workers during the pandemic, nearly 1<br />
in 5 employees said they didn’t take part.<br />
This could be because the training gets in the way of people doing their jobs, but also because it often<br />
lacks the real-world context employees need to develop positive security behavior. Real-time educational<br />
alerts provide that context. Employees can understand, in-the-moment, why the message they received<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 95<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
is a threat as well as the techniques hackers are using to trick or manipulate them - all learnings that they<br />
can apply to future incidents.<br />
A human-first approach to cybersecurity has never been more important. As employees log onto<br />
corporate networks from anywhere in the world, the most important security perimeter companies must<br />
protect are its team members.<br />
Employees have access to large amounts of sensitive information and are handling more of that data<br />
over email than ever. But it’s unreasonable to expect employees to keep data and systems secure 100%<br />
of time - mistakes happen and many people aren’t cybersecurity experts. By focusing on a few highimpact<br />
areas, IT teams can protect employees and their business, without feeling overwhelmed by the<br />
task ahead.<br />
About the Author<br />
Tim is the Chief Executive Officer and co-founder of human layer<br />
security company Tessian. After a career in investment banking, Tim<br />
and his co-founders started Tessian in 2013, creating a cybersecurity<br />
solution that uses machine learning to protect people from risks on<br />
email like data exfiltration, accidental data loss and phishing. Tim has<br />
since built the company to over 160 employees in offices in San<br />
Francisco and London, and raised over $60m from leading venture<br />
capital funds. Tim was listed on the Forbes 30 Under 30 list in<br />
technology.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 96<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How We Securely Share Data in A Remote World<br />
By Duncan Greatwood, CEO, Xage Security<br />
<strong>Cyber</strong>security solutions are often thought of as a single-issue solution: protecting companies from<br />
dangerous or costly hacks, or detecting hacks after they’ve already happened, when it may be too late.<br />
But in an era when our essential industries are continuing to digitize, organizations need to approach<br />
cybersecurity as a foundational element of innovation. Security must evolve to enable efficient data<br />
sharing, across company, location and network zone boundaries.<br />
As we shift into an era of increased remote work, cyber risk is changing. Companies are becoming more<br />
and more co-dependent, working together to make entire industries better -- think of the logistics<br />
companies powering retailers, sharing data from suppliers to customers to improve operational<br />
timeliness. Collaboration is essential, and remote work has accelerated the need for flexible digital<br />
collaboration.<br />
Companies rely on secure third-party communication and cross-organization collaboration to develop<br />
new, more impactful and efficient ways of working.<br />
Keep Private Information In, Safely Share Data Out<br />
Companies must be able to secure access – letting individuals have access to only what they need, for<br />
the time that they need it – with extremely granular control. As opposed to relying solely on broadlydefined<br />
trust zones, like traditional security solutions, a zero-trust cybersecurity approach is essential for<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 97<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
today’s IT and OT environments. A zero-trust approach means that access is never assumed or granted<br />
purely on the basis of zone access. Instead, the policy is to constantly and consistently ensure that an<br />
individual employee or a single device has the correct authorizations before they are granted access to<br />
a system.<br />
It is enforcing security at the edge, particularly for industrial operations, that enables organizations to<br />
protect individual devices where they are, with remote oversight. As a result, threats can be blocked at<br />
their source, protecting the entire, often critical, operation––rather than allowing one hack to decimate an<br />
entire connected system and cause widespread damage.<br />
While zero-trust is essential for access, it’s also an important aspect of securing traversal or data<br />
throughout systems – whether within a company’s own systems, or sharing with important partners and<br />
customers. In this way, the same approach necessary to keep devices and data safe within a system can<br />
also be used to facilitate secure data transfer, improving operations, efficiency and collaboration with<br />
partners, suppliers and customers.<br />
Data is the Driver<br />
Data is the key driver in business today. Without secure data sharing, operators risk missing out on crucial<br />
and timely learnings from combining partner data––such as seismic information that can help ensure the<br />
safety of oil & gas rig operators, or grid stability data for utilities operators. Without the right mechanisms<br />
in place, it’s extremely time consuming and costly to combine, process, and share data, meaning you<br />
can’t get real time data or live learnings, and thus lose the ability to make important changes that can<br />
improve operations in real time.<br />
Being able to securely share data is a huge step towards more efficient remote operations. But in order<br />
to do so, we need to ensure that all data maintains authenticity, integrity, and privacy. The best way to<br />
achieve this trifecta is by taking a zero-trust approach to in-field protection, so that data integrity can be<br />
checked and proofed at all stages of data transfer. Data should be secured down to a granular level,<br />
noting and immutably logging important factors like location and time of generation. This approach allows<br />
the data’s producer to define who can subsequently access the data, and enables the data’s consumer<br />
to verify the data’s integrity in their application.<br />
Decentralized Security in Space<br />
At Xage, we were recently awarded a grant by the US Space Force (USSF), to prepare end-to-end access<br />
and data protection for USSF assets. For an organization itself designed to protect US interests and<br />
assets in space, holistic security is paramount.<br />
This work emphasizes the importance of decentralized security enforcement for decentralized<br />
systems: limiting single points of access, securing devices at the edge, and detecting attempted hacks<br />
that could have devastating impact if they gained traction or access to other devices.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 98<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Further, the Space Force requires a solution that provides universal protection. Like many other<br />
organizations, the Space Force relies on devices of various generations, from various suppliers, in<br />
various locations, of varying levels of security. Accordingly, organizations like the USSF need solutions<br />
that work for all assets – whether space-based or on the ground, enforcing granular access and data<br />
control in real time – to enable the creation of “systems of systems” each of which can act autonomously<br />
and in concert as needed.<br />
Remote Work Is Here to Stay<br />
Essential systems were already digitizing pre-pandemic, but with the shift to remote work, as well as the<br />
digital and innovation pressure brought on by broader COVID-19 economic changes, we will continue to<br />
see increased cyber risk in essential industries. As we determine how to best move forward with securing<br />
them, we need to focus on solutions that truly match the systems they’re designed to protect: adaptable,<br />
universal and designed for the high-volume data sharing required for operational innovation.<br />
About the Author<br />
Duncan Greatwood is Xage Security's Chief<br />
Executive Officer. Most recently, he was an<br />
executive at Apple, helping to lead a number of<br />
Apple's search-technology projects and products.<br />
Prior to Apple, Duncan was CEO of Topsy Labs, the<br />
leader in social media search and analytics acquired<br />
by Apple in 2013. Prior to Topsy, he was founder and<br />
CEO of PostPath Inc., the email, collaboration and<br />
security company acquired by Cisco in 2008.<br />
Previously, Duncan held Vice President roles in<br />
Marketing, Corporate Development and Sales at<br />
Virata/GlobespanVirata/Conexant, as well as earlier<br />
engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales,<br />
marketing, operations, technology, and human experience to the task of driving growth at Xage. Duncan<br />
holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from<br />
London Business School. Duncan can be reached online via www.xage.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 99<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
To Share, Or Not to Share<br />
As consumers’ views on personal data evolve, it’s time to re-think data privacy<br />
By Kris Lovejoy, Global Consulting <strong>Cyber</strong>security Leader, EY<br />
Today organizations are standing at the crossroads when it comes to data privacy. In one direction, a<br />
series of high-profile data breaches and scandals in recent years has eroded consumers’ trust in<br />
organizations and led to them becoming ever more vigilant about their privacy. This consumer vigilance,<br />
combined with a regulatory drive to tighten the rules around the handling of personal information, has led<br />
to organizations becoming increasingly risk-averse about monetizing their customers’ data.<br />
In the other direction, however, the outbreak of the COVID-19 pandemic has revealed a willingness<br />
among consumers to share their personal data, if doing so is in the public benefit or if it brings them<br />
advantages such as discounts or tailored services. This suggests that many organizations could monetize<br />
their data more effectively than they are doing at present, provided they approach it in a way that aligns<br />
with both their own purpose and consumers’ expectations.<br />
In light of these mixed messages, what is the right direction to take regarding consumers’ data privacy?<br />
The EY Global Consumer Privacy Survey <strong>2020</strong> suggests that organizations need to take a balanced<br />
approach to data privacy, which recognizes consumers’ vigilance regarding their data, as well as their<br />
willingness to share it in certain circumstances.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 100<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A trend in consumer vigilance<br />
As it turns out, in the current environment of breaches and the pandemic, consumers are much more<br />
aware of the personal data they are sharing now. In fact, more than half (54%) of the consumers who<br />
responded to our survey said they are more aware now of the personal data they’re sharing than before<br />
the pandemic. It is not just the health crisis that has driven awareness. Other developments, such as<br />
how some media platforms may be linked to exerting influence over current events and legislative<br />
change, including the European Union’s General Data Protection Regulation and the California<br />
Consumer Privacy Act are also sharpening the focus on awareness. We also found that, generally<br />
speaking, younger generations are much more aware of their privacy rights, and the implications of<br />
sharing data, compared with older generations. For example, in the past six months, 45% of Millennials<br />
and 49% of Gen Z have always or often shared COVID-19 health data with an organization, compared<br />
with just 21% of Baby Boomers.<br />
In fact, trust in how data is being collected and shared has been a concern for some time, and the survey<br />
revealed that this trend is set to continue. Significantly, the majority (56%) of consumers said that their<br />
trust in an organization’s ability to collect, store and use their data would be damaged if the organization<br />
shared that data without their overt consent. Almost half (48%) said they would lose trust in an<br />
organization if it suffered a data breach or a cyber-attack, while 43% would become mistrustful if an<br />
organization asked for data unnecessarily.<br />
Data monetization is another topic of concern that emerged from the results, and the findings offer some<br />
invaluable insights into how organizations can build sufficient trust with consumers to be able to monetize<br />
their data effectively. Significantly, the most important considerations for consumers when sharing<br />
personal data with an organization are secure collection and storage (63%), followed by control over what<br />
data is being shared (57%), and trust in the organization itself (51%). And an organization’s ability to<br />
counter data breaches and cyber-attacks ranks second as the factor most likely to boost consumer<br />
confidence.<br />
Meanwhile, consumers are actively educating themselves in the area of data privacy. The findings<br />
indicate that in the six months prior to the survey, 45% of consumers had taken the time to understand<br />
how a company uses their data, 36% had willingly shared health data related to their COVID-19 status,<br />
and the same proportion had chosen not to provide personal data or asked an organization to remove<br />
their data due to reputational concerns around its usage. As a result, organizations that expect to<br />
monetize the data they collect – whether that’s by collecting internal data to improve operations, or by<br />
deploying better-targeted campaigns or discounts for current and prospective customers to generate<br />
more revenue – should be mindful that consumers are paying much closer attention.<br />
Altruism, but with limits<br />
While the research shows that consumers are more mindful regarding who is using their data, and how<br />
it is being used, it also uncovered a trend toward altruistic data sharing. Indeed, more and more<br />
consumers are seeking out brands that use their data to help others — as long as they are adequately<br />
protected and remain in control of what they share.<br />
Half of the consumers surveyed said the pandemic has made them more willing to part with their personal<br />
data, especially if they know it is contributing to the research effort and/or community wellness. This<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 101<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
creates a real opportunity for brands with a deep sense of purpose to build trust with consumers, which,<br />
in turn, will allow them to responsibly tap the potential of consumer data.<br />
This tendency to share data for altruistic purposes is particularly pronounced among younger consumers.<br />
More than a quarter (26%) of Millennials and 22% of Generation Z respondents said that helping to<br />
maintain or improve the life of someone they do not know is one of the three most important<br />
considerations when agreeing to share data with an organization. Also, almost two-thirds (61%) of<br />
consumer respondents in Asia-Pacific said they are more willing to share their personal data if it<br />
contributes to the COVID-19 research effort and/or community wellness.<br />
The survey further highlights that context is crucial for consumers when it comes to sharing data. Around<br />
two-thirds (65%) of respondents said they would share medical information with a medical institution to<br />
improve their healthcare experience, and 54% would share demographic data with a retailer in exchange<br />
for discounts. Yet only 39% would share their online search history with a large technology company in<br />
return for more personalization.<br />
Getting the balance right<br />
It is clear from the research that while consumers are sensitive about how their data is handled, they can<br />
be persuaded to share more of it with trusted organizations that use data in meaningful, purposeful and<br />
responsible ways. Organizations can build trust by clearly communicating to their customers what they<br />
are doing around data protection. They can also give consumers greater control over the data that<br />
specifically relates to them. If trust isn’t built – or if it is breached – organizations risk losing their customers<br />
to competitors.<br />
Once trust has been established, organizations can start to explore how they can monetize consumers’<br />
data in ways that will create value for them and help to further build trust. They should consider what<br />
kinds of data their customers might be willing to share, and under what conditions.<br />
Proceed with caution<br />
Depending on who you ask, perspectives and priorities on privacy certainly differ. For example, in<br />
collaboration with the International Association of Privacy Professionals, EY professionals interviewed<br />
privacy practitioners and privacy leaders from around the world. 2 Practitioners implementing privacy on<br />
the ground across business sectors focused on the most immediate challenges relating to privacy. They<br />
highlighted employee privacy protections and virtualization challenges as the top priorities as they<br />
prepared for work-from-home and return-to-work transitions. For policymakers, regulators and<br />
academics, the focus is more around bigger-picture societal concerns, citing the increase and<br />
normalization of surveillance by governments and commercial actors as their top priority.<br />
Consumers, understandably, have their own priorities and require a customized approach. In the past,<br />
many organizations have understandably been extremely cautious around consumer data privacy, but<br />
this has come at a cost – both the financial cost associated with cyber protection and the commercial<br />
cost associated with missed revenue opportunities. With CIOs now under pressure to do more with less<br />
amid frozen budgets and changing consumer expectations around data, the time has come to reassess<br />
this super-cautious approach.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
As we stand at the crossroads – balancing the perspectives of consumers, requirements of regulators<br />
and needs of the business related to data privacy and protection – businesses need to re-evaluate their<br />
overall privacy program and approach. Perhaps the new reality offers a unique opportunity to enable<br />
strong security to create trust, allowing customers to share more data and derive more value.<br />
If this pandemic has taught us anything, insights that could make a big difference to consumers may well<br />
be hiding behind masses of untapped data. While this may be deemed a heretical statement for a<br />
cybersecurity practitioner to make, perhaps we should be re-considering our role and the programs we<br />
implement to protect data and privacy, with a new bias toward promoting and expediting – not limiting –<br />
a trusted value exchange.<br />
The views reflected in this article are the views of the author and do not necessarily reflect the views of<br />
the global EY organization or its member firms.<br />
1<br />
Privacy in the wake of COVID-19<br />
About the Author<br />
Kris Lovejoy is EY Global Consulting <strong>Cyber</strong>security Leader. Worldrenowned<br />
in cybersecurity, risk, compliance and governance, she was<br />
a keynote speaker at this year’s CERIAS Security Symposium and<br />
was named by Consulting magazine as a Women Leader in<br />
Technology. She has been quoted in publications that include Forbes,<br />
Fortune, USA Today, Federal News Network and Risk Management.<br />
Before joining EY, Kris was CEO of an AI-driven network security<br />
company and the general manager of a multinational information<br />
technology company’s security services division, charged with building<br />
end-to-end cybersecurity programs for clients worldwide. Kris can be<br />
reached online at https://www.linkedin.com/in/klovejoy/ and at<br />
EY.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 105<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 108<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 109<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS<br />
“Amazing Keynote”<br />
“Best Speaker on the Hacking Stage”<br />
“Most Entertaining and Engaging”<br />
Gary has been keynoting cyber security events throughout the year. He’s also been a<br />
moderator, a panelist and has numerous upcoming events throughout the year.<br />
If you are looking for a cybersecurity expert who can make the difference from a nice event to<br />
a stellar conference, look no further email marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 111<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
You asked, and it’s finally here…we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />
At least a dozen exceptional interviews rolling out each month starting this summer…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 112<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL<br />
ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE.<br />
This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any information storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 12/02/<strong>2020</strong><br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 113<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
TRILLIONS ARE AT STAKE<br />
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES<br />
Released:<br />
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />
In Development:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 114<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 115<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
8+ Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />
What You Think. It's mobile and tablet friendly and superfast. We hope you<br />
like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS<br />
and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an array of live mirror<br />
sites.<br />
Millions of monthly readers and new platforms coming…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 116<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 117<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 118<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 119<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 120<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 121<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – November <strong>2020</strong> <strong>Edition</strong> 122<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.