Cyber Defense eMagazine July 2021 Edition

Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES


You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Colonial Key Business Pipeline, Lessons JBS Cyber Learned Attacks from Shine The

Spotlight SolarWinds on Operational Hack Technology

Vulnerabilities for Wide Range of Business

Sectors Data Loss Prevention in Turbulent Times

Getting A Digital The Journey: Cloud Right A Long - Security and Winding and Road


Why Ensuring Cyber Resilience Has Never Been

Flipping More Critical the Cyber or More Script Challenging Than It Is


…and much more…

…and much more…

Cyber Defense eMagazineJuly 2021 Edition 1

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Welcome to CDM’s July 2021 Issue ------------------------------------------------------------------------------------------------- 7

Colonial Pipeline, JBS Cyber Attacks Shine Spotlight on Operational Technology Vulnerabilities for

Wide Range of Business Sectors ----------------------------------------------------------------------------------------- 33

By Fred Gordy, Director of Cyber Security at Intelligent Buildings --------------------------------------------------- 33

Getting The Cloud Right - Security and Compliance ---------------------------------------------------------------- 36

By Tim Dinsmore, Technical Director, Appurity -------------------------------------------------------------------------------- 36

Flipping the Cyber Script --------------------------------------------------------------------------------------------------- 39

By Mark Sincevich, Federal Director, Illumio ----------------------------------------------------------------------------------- 39

How To Make The Most of Increased Cybersecurity Spend ------------------------------------------------------ 42

By Stu Sjouwerman, CEO, KnowBe4 ---------------------------------------------------------------------------------------------- 42

Common Sense Cybersecurity Steps for Managed Service Providers (MSPs) -------------------------------- 45

By Wes Spencer, CISO at Perch Security – a ConnectWise Solution ----------------------------------------------- 45

Threat Intelligence Should Be Shared Not Shamed ----------------------------------------------------------------- 48

By Nuno Povoa, Eurofins Cybersecurity US ------------------------------------------------------------------------------------- 48

NATO to Consider Military Response to Cyberattacks ------------------------------------------------------------- 51

By Doug Britton, CEO, Haystack Solutions --------------------------------------------------------------------------------------- 51

Know Thy Enemy, Break Their Cyber Kill Chain ---------------------------------------------------------------------- 54

By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies ----------------------------------------- 54

Uncovering the Dark Side of the Colonial Pipeline Attack -------------------------------------------------------- 57

By Alon Nachmany, Director of Customer Success AppViewX ------------------------------------------------------------- 57

How To Protect Power Infrastructure from Ransomware Attacks ---------------------------------------------- 60

By Hervé Tardy, Vice President, Marketing and Strategy for Power Quality, Americas, Eaton ------------------- 60

Ransomware and the Cybersecurity Industry’s Problem of Perception --------------------------------------- 63

By Jack B. Blount, President and CEO, INTRUSION, Inc. --------------------------------------------------------------------- 63

Easyjet Data Breach One-Year On: What Are the Next Steps? -------------------------------------------------- 66

By Aman Johal, Director and Lawyer at Your Lawyers ----------------------------------------------------------------------- 66

Cyber Defense eMagazineJuly 2021 Edition 2

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Ransomware, the Ultimate Cyber Threat to Municipalities ------------------------------------------------------ 69

By Yehudah Sunshine, Head of PR, odix ----------------------------------------------------------------------------------------- 69

Operational Technology (OT) Ransomware - How Did We Get Here? ----------------------------------------- 72

By Lior Frenkel, CEO and Co-Founder, Waterfall Security Solutions ----------------------------------------------------- 72

A Case of Identity: A New Approach To User Authentication Protecting Personal Credentials Remains

The Weakest Link In Data Security -------------------------------------------------------------------------------------- 75

By Benjamin Kiunisala, Head of Customer Engagement, TrustGrid Pty, Ltd ------------------------------------------- 75

A 3-Part Plan for Getting Started with Cybersecurity -------------------------------------------------------------- 79

By Doug Folsom, President of Cybersecurity and Chief Technology Officer, TRIMEDX --------------------------- 79

How to Deal with Online Security --------------------------------------------------------------------------------------- 82

By Gary Alterson, Vice President Security Solutions, Rackspace Technology------------------------------------------ 82

The Risks of The Vulnerable Iot Devices ------------------------------------------------------------------------------- 85

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt --------------------------------------------------------------- 85

Three Steps to Building Email Cyber Resilience ---------------------------------------------------------------------- 89

By Toni Buhrke, Director of Sales Engineering, Mimecast ----------------------------------------------------------------- 89

Guided-Saas NDR: Redefining A Solution So SOC/IR Teams Aren’t Fighting Adversaries Alone,

Distracted and In The Dark ----------------------------------------------------------------------------------------------- 92

By Fayyaz Rajpari, Sr. Director of Product Management, Gigamon ------------------------------------------------------ 92

Hardware Trojan Detection----------------------------------------------------------------------------------------------- 95

By Sylvain Guilley, General Manager and CTO at Secure-IC ---------------------------------------------------------------- 95

StayHackFree – Your Kid’s Sports Team ----------------------------------------------------------------------------- 100

By James Gorman, CISO, Authx --------------------------------------------------------------------------------------------------- 100

Tips for Avoiding Online Scams During COVID-19 ---------------------------------------------------------------- 103

By Cindy Murphy, President, Tetra Defense ------------------------------------------------------------------------- 103

Banking Fraud up 159% as Transactions Hit Pre-Pandemic Volumes --------------------------------------- 108

By Rajiv Pimplaskar, CRO, Veridium -------------------------------------------------------------------------------------------- 108

Why Cyber Risk Is the Top Concern of The Financial Services Industry -------------------------------------- 111

By Paul Schiavone, Global Industry Solutions Director - Financial Institutions at Allianz Global Corporate &

Specialty -------------------------------------------------------------------------------------------------------------------------------- 111

Cyber Defense eMagazineJuly 2021 Edition 3

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

What Educational Institutions Need to Do to Protect Themselves From Cyber Threats? --------------- 115

By Cyril James, Founder and CEO, Secure Triad ------------------------------------------------------------------------------ 115

Business Continuity: Where InfoSec and Disaster Recovery Meet -------------------------------------------- 119

By Adam Berger, VP of Global IT and Cloud Operations, Infrascale ---------------------------------------------------- 119

Biometrics Challenges ---------------------------------------------------------------------------------------------------- 123

By Milica D. Djekic ------------------------------------------------------------------------------------------------------------------- 123

Epic V. Apple Trial - Impact of Big Tech Battles on Consumers' Rights -------------------------------------- 125

By Brad Ree, CTO, The ioXt Alliance --------------------------------------------------------------------------------------------- 125

How The Pandemic Has Changed the Value of Health Data --------------------------------------------------- 128

By Aman Johal, Lawyer and Director of Your Lawyers --------------------------------------------------------------------- 128

Galvanizing the Cyber Workforce in Private Industry ------------------------------------------------------------ 132

By Brandon Rogers | CEO & Principal Consultant | Paradoxical Solutions, LLC ------------------------------------- 132

Play 'Smart' on the Crime Scene --------------------------------------------------------------------------------------- 136

By Milica D. Djekic ------------------------------------------------------------------------------------------------------------------- 136

The Top 10 Cybersecurity Conferences of 2021 -------------------------------------------------------------------- 138

By Nicole Allen, Marketing Executive, SaltDNA. ----------------------------------------------------------------------------- 138

Cyber Defense eMagazineJuly 2021 Edition 4

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


From the


New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com

Dear Friends,

From the 30,000-foot view of the Publisher, the scenery has changed. In the space of only a month, we are seeing

COVID yielding space to CYBER. Put another way, the pandemic vector is transitioning from health space to cyber


There are powerful cybersecurity considerations involved in re-imposing defensive protocols in a concentrated

network environment, as well as making adjustments for those who will remain in a remote work location.

In light of more ransomware developments in all areas of activity, it’s imperative for more and deeper cooperation

among the sectors of government, private and publicly traded companies, nonprofits, and especially small and

medium-size companies. It’s become apparent that there is no such thing as “too small to attack” for ransomware


We continue to monitor closely the discussion of whether ransom payments should be prohibited, restricted,

regulated or otherwise treated by governments. It appears that those organizations doing business with

government entities, especially in the supply chain of critical infrastructure elements, would logically be among

the first to be subjected to such government intervention.

Among the valuable resources we rely on to respond to these threats are the providers of cybersecurity solutions.

Cyber Defense Media Group has now opened nominations for the 2021 Black Unicorns Awards. Details are posted

at: https://cyberdefenseawards.com/black-unicorn-awards-for-2021-fact-sheet/

Wishing you all success in your own cyber endeavors.

Warmest regards,

Gary S. Miliefsky

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about

CDM, please use #CDM and @CyberDefenseMag and

@Miliefsky – it helps spread the word about our free resources

even more quickly

Cyber Defense eMagazineJuly 2021 Edition 5

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.



Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.


Stevin Miliefsky


InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

From the International


For the first time, cybersecurity has been among the most pressing topics

at a meeting of the “Group of 7” countries. The summit took place in mid-

June, and it appears that the participants are taking firm actions to forestall

attacks on the elements of their critical infrastructure.

See, for example: https://www.reuters.com/world/europe/g7-demandaction-russia-cybercrimes-chemical-weapon-use-2021-06-13/

These 7 nations have identified certain sources of cyber attacks and have

demanded that those involved put a stop to them. In particular, the group

issued a communique which said Russia must "hold to account those within

its borders who conduct ransomware attacks, abuse virtual currency to

launder ransoms, and other cybercrimes."


Pierluigi Paganini, CEH



Yan Ross, JD



Marketing Team



Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

SKYPE: cyber.defense


Copyright © 2021, Cyber Defense Magazine, a division of

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)

276 Fifth Avenue, Suite 704, New York, NY 10001

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

In an action closely related to this cybersecurity response, the EU has

recently taken action on a privacy initiative with strong cyber implications.

We continue to see regulatory actions on privacy which also can have

positive effects on cybersecurity defenses.

It’s important to remember, however, that even compliance with laws,

treaties and regulations may not absolve organizations from liability in the

event of a data breach or ransomware attack.

As always, we encourage cooperation and compatibility among nations and

international organizations in responding to these cybersecurity and privacy


To our faithful readers, we thank you,

Pierluigi Paganini

International Editor-in-Chief


Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:



Providing free information, best practices, tips and

techniques on cybersecurity since 2012, Cyber Defense

magazine is your go-to-source for Information Security.

We’re a proud division of Cyber Defense Media Group:






Cyber Defense eMagazineJuly 2021 Edition 6

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Welcome to CDM’s July 2021 Issue

From the U.S. Editor-in-Chief

Reflecting on the topics of our articles this month, this is what we see: an increase in the number and

depth of articles with actionable information for cybersecurity professionals and others interested in the

trends and implications of these developments.

In particular, we are pleased to carry over 30 articles this month on lessons to be learned and actions to

take in response to ransomware attacks, protection of critical infrastructure, and applications of

cybersecurity practices and programs.

We’re pleased to include articles on a full spectrum of recognition of threats, preventive measures,

means of assuring resilience and sustainability, and even the structural aspects of organizations with

responsibility to maintain the confidentiality, accessibility, and integrity of sensitive data.

As editor, I would encourage our readers to become familiar with the 16 areas of critical infrastructure

designated by the Department of Homeland Security, found at www.dhs.gov . Going forward, activities

in these areas will become more and more important in the world of cybersecurity.

We strive to make Cyber Defense Magazine most valuable to our readers by keeping current on emerging

trends and solutions in the world of cybersecurity. To this end, we commend your attention to the

valuable actionable information provided by our expert contributors.

Wishing you all success in your cybersecurity endeavors,

Yan Ross

U.S. Editor-in-Chief

Cyber Defense Magazine

About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of

Cyber Defense Magazine. He is an accredited author and educator and

has provided editorial services for award-winning best-selling books on

a variety of topics. He also serves as ICFE's Director of Special Projects,

and the author of the Certified Identity Theft Risk Management Specialist

® XV CITRMS® course. As an accredited educator for over 20 years,

Yan addresses risk management in the areas of identity theft, privacy,

and cyber security for consumers and organizations holding sensitive

personal information. You can reach him by e-mail at


Cyber Defense eMagazineJuly 2021 Edition 7

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 8

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 9

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 10

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 11

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 12

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 13

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 14

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 15

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 16

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 17

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 18

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 19

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 20

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 21

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 22

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 23

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 24

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 25

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 26

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 27

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 28

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 29

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 30

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 31

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 32

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Colonial Pipeline, JBS Cyber Attacks Shine Spotlight on

Operational Technology Vulnerabilities for Wide Range

of Business Sectors

By Fred Gordy, Director of Cyber Security at Intelligent Buildings

The recent Colonial Pipeline Co. and JBS SA cyber attacks were about more than the temporary crippling

of the gas industry in the southeast United States or a short-term delay in meat production. It lays bare

the vulnerabilities faced by any company that uses operational technology (OT) and information

technology (IT).

OT refers to the hardware and software used to change, monitor, or control physical devices, processes,

and events within a company or organization. Most office workers are more familiar with IT. Having an

issue with your computer? Call IT. Have a suspicious email in your inbox? Report it to IT. The IT

Cyber Defense eMagazineJuly 2021 Edition 33

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

department is responsible for keeping the company’s computer systems safe. OT departments may not

be as commonplace, but the pipeline crisis highlights the need for dedicated OT staff or contracted


For Colonial Pipeline, the bottom line is they didn’t understand how their own IT and OT systems were

connected. It takes both to work the problem. Without a fully vetted incident response plan, companies

are not prepared for system compromises. OT is not exclusive to pipelines, production plants, dams, and

other infrastructure and industrial environments. All commercial buildings, including office complexes,

retail, hospitality, education, healthcare, government, and others have OT systems.

The OT systems in these facilities may include HVAC, elevators, lighting controls, metering, fire safety,

access control, and other technologies, all subject to hacking, misconfiguration, phishing, and

ransomware. Call it intelligent buildings, smart building systems, or whatever you like — building system

cybersecurity matters. Attacks have caused catastrophic operational interruptions in many buildings.

These attacks generally go unreported because they do not involve compromising sensitive personal

information of users or customers, but that does not mean they are unimportant.

The Colonial Pipeline Co. incident made national news because the company’s shutdown led to a fuel

shortage and price increase in the southeast United States that prompted officials to warn folks not to try

using plastic bags to stockpile gasoline. Foreign hackers used basic ransomware technology to take

control of Colonial’s IT systems. To regain control, the company paid the hackers more than $4 million.

Just weeks after this event, JBS SA, the world’s largest meat processing company, experienced a similar

cyberattack, which caused temporary closures of plant operations due to affected servers supporting its

operations in North America and Australia.

These incidents — and the relatively low level of skill needed to carry out the attacks — should have all

company leaders moving to assess vulnerabilities of their buildings’ OT systems, as the gateway to IT

systems. Working with professionals, such as those at Intelligent Buildings, will become even more

important as the federal government prepares to issue cybersecurity regulations for pipelines that will

also impact other industries. Complexity will continue to increase and the effect will be felt at a lower

level, even down to its influence on insurance premiums.

Even if the regulations do not extend beyond pipelines or other critical infrastructure, they will include

sound guidance that applies across sectors. For example, one part of the regulations would require the

periodic review of remote network connections that can be soft spots for hackers to attack. This is

especially pertinent with so many more people working from home during the pandemic and several

companies considering at least a hybrid model that allows at least some work from home days.

While the pipeline and plant shutdowns affected thousands and may seem far removed from many

business leaders, building tenants know that convenience, productivity, and health and safety play a vital

role in occupant experience. Additionally, having hackers take control of a building’s elevators or shutting

down a company’s production lines can also have catastrophic impact on a more local level, so one thing

Cyber Defense eMagazineJuly 2021 Edition 34

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

is clear: Cyberattacks will continue and companies large and small need increased focus on cybersecurity

of both IT and OT systems.

About the Author

Fred Gordy is Director of Cyber Security at Intelligent Buildings, a

company focused on Smart Building advisory, assessment, and

managed services at scale for both new projects and existing

portfolios. Intelligent Buildings helps customers manage risk,

enhance occupant well-being, and continually improve performance

by providing unmatched expertise, practical recommendations, and

targeted services. Fred can be reached at


Cyber Defense eMagazineJuly 2021 Edition 35

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Getting The Cloud Right - Security and Compliance

By Tim Dinsmore, Technical Director, Appurity

COVID has been responsible for many things. Perhaps cloud computing doesn’t spring to the top of your

list, but the pandemic has certainly spurred many organisations into adopting a cloud-first strategy.

Indeed, research carried out by Forbes suggested that the majority of businesses surveyed had

accelerated their move to cloud due to the pandemic. The underlying force of course is an overall shift

towards remote working - this is where cloud computing can flex its muscles. But it’s not only remote

working that has fueled cloud adoption - data (and its inherent security / protection) is a prime factor for

organisations to move towards a cloud-first working environment.

With security in mind, cloud service providers (CSPs) offer better security than when an organisation

stores data ‘on-premise’. However, moving to a cloud-centric way of working still provides challenges

when it comes to privacy and security. For example, consider the use and handling of data. Once upon

a time, data management was the sole concern of the business. In recent years however, governments

and other concerned parties have sought to gain control (thus ensuring higher levels of data security) by

introducing legislation - the EU’s GDPR for example. Such levels of legislation ultimately adds new levels

Cyber Defense eMagazineJuly 2021 Edition 36

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

of management complexity for any business that handles and stores data. And it’s not just GDPR that

businesses need to comply with. There are various data management and protection requirements that

exist across a number of industries. And whilst most businesses can outsource their operations to some

degree or other, when it comes to compliance, then the business is left to carry the can. And this can’t

be taken lightly - if your business falls foul of compliance then you face expensive penalties and even

reputational damage.

Visibility is key if your business aspires to a secure and compliant cloud system. Popular, well-known

SaaS solutions come with inbuilt security as standard - however, they also have blind spots. Also, many

SaaS offer features that are only offered at the top end of the price range, inevitably making them too

expensive if you are not at enterprise level. This makes reporting a laborious affair for those tasked with

putting together and auditing data from a variety of sources. Organisations are also seeing a surge in the

use of personal devices along with an increase in BYOD policies. This has brought about the need to

increase the resource assigned to monitoring the escalating use of out-of-scope apps. But adopting

security and data solutions is a process that needs to be tempered against productivity and user

experience - this should not be compromised. Employees and users at every level of the organisation

need access to data regardless of their location or choice of device.

A Cloud Access Security Broker (CASB) solution can optimise visibility across an organisation, by

monitoring all user activity within cloud applications (company-approved and shadow apps) and enforce

both internal policies and external compliance requirements. A CASB solution should additionally be

adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection,

monitoring, and consolidation. Many CASB solutions are designed with compliance in mind. They provide

granular visibility and control over user interaction with cloud applications and broad audit trails of such

user activity. They are perfect for centralised control, management and ease of use.

Taking compliance and data protection seriously requires a proactive approach to data management. By

understanding where potential data breaches exist, they can be eliminated at source. The risk of infected

or malicious files making their way into the cloud, or the threat of identity theft for example, are still

prevalent and must be considered as part of any data protection strategy. Identity theft, perhaps via stolen

passwords, is a leading cause of data breaches. This makes it imperative for businesses to adopt

stronger-than-password protection - an absolute necessity. One-time passcodes (OTPs) are used widely

by businesses as an extra layer of security to password protection, but some are vulnerable to

interception or phishing attempts. It is highly advisable to choose real-time generated OTPs to boost


As businesses of all shapes and sizes increasingly move to the Cloud to manage and store all of their

data and apps, the need for a robust and comprehensive solution for security and compliance in the cloud

should be the foremost consideration. At the end of the day, an informed and planned proactive strategy

affords those in charge all the confidence they need that compliance regulations are being met, rather

than having to respond in a reactive manner with the ensuing chaos that can arise. Cloud-centered

working is officially here to stay so let’s do it efficiently, securely and by the book.

Cyber Defense eMagazineJuly 2021 Edition 37

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Tim Dinsmore is the Technical Director of Appurity, the cross-platform

mobility specialists.


Cyber Defense eMagazineJuly 2021 Edition 38

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Flipping the Cyber Script

Getting Ahead of Attackers with a Zero Trust Architecture

By Mark Sincevich, Federal Director, Illumio

It’s hard to find a recent cybersecurity attack where the company didn’t have an existing firewall with

antivirus protection. Last year alone, the world spent $173 billion on cybersecurity. Yet, cyberattacks are

more detrimental and frequent than ever before. A lack of spending isn’t the issue, the real problem is

not implementing the correct strategy.

As an industry, we’ve been focused on having a strong perimeter without considering what happens if,

or more realistically when, an attack breaches the perimeter. Assuming a breach has occurred is one of

the tenants of a Zero Trust architecture. If agencies don’t up-level defense, and soon, attackers will

always be one, or many, steps ahead.

The Current Security Model Isn’t Working

Federal efforts such as the Department of Homeland Security’s (DHS) Continuous Diagnostics and

Mitigation (CDM) Program have provided a dynamic approach to ensure federal civilian agencies install

‘detect and defend’ antivirus software and have recently upgraded firewall hardware among other

recommendations. However, as evidenced by the recent SolarWinds and Colonial Pipeline attacks, these

measures alone are insufficient.

Cyber Defense eMagazineJuly 2021 Edition 39

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Additionally, both CDM and the DHS EINSTEIN detection system, deployed to catch known malware,

missed the SolarWinds attack and failed to report anything was amiss. Since new attacks move quickly

and often go undetected, deploying assets to 'chase the enemy’ often means the damage is already

done. The traditional detect and defend approach will not prevent attacks from moving around the

network, which is when the real harm continues to occur.

Federal CISO, Chris DeRusha, noted the need for agencies to move in a new direction, “Everyone and

everything is untrustworthy until we prove otherwise.”

Rather than relying on “comply-to-connect” security policies, teams must adhere to a key pillar of Zero

Trust – assume that an initial breach has already occurred and that attackers are already inside of the


Thankfully, We Have a New Model That Does Work…

Here’s the good news: The White House recently released new cybersecurity guidance in an Executive

Order, directing agencies to adopt the principles of Zero Trust security to modernize and bolster the

nation’s cyber defenses. A Zero Trust security model gives federal cyber leaders the ability to make their

networks and agencies more resilient to attacks.

While Zero Trust is not new, many agencies will need to start implementing this security methodology

from the ground up – a good place to start is from the inside out. Start by identifying your most valuable

assets. For most, these live in the data center and cloud. Then, segment these assets from other parts

of the network. The more granular these segments are, the better.

Rather than blindly segmenting the network, agencies should leverage Zero Trust Segmentation, which

establishes allowlists that indicate which apps and workloads can connect. Any connection that is not

explicitly stated is denied by default.

When a ransomware attack tries to move from the initially compromised point to the rest of the network,

Zero Trust Segmentation will stop it in its tracks. In other words, even if malicious actors gain access,

they cannot move to the applications and data that agencies deem most critical because they are blocked

by default. This approach will only allow connections between authorized and legitimate applications and

workloads and will deny everything else.

Maturing the Zero Trust Model

Perimeter security and detection are important parts of the cybersecurity equation, but alone, they’re not

enough to keep us secure. A Zero Trust strategy requires a permanent change in philosophy where

teams trust nothing in their network by default.

Teams should architect their networks from the inside out using Zero Trust Segmentation to increase

visibility and stop the spread of ransomware across systems. As agencies design and implement Zero

Cyber Defense eMagazineJuly 2021 Edition 40

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Trust strategies, they will prevent cyber incidents from becoming disasters. Our data, networks, and our

nation will be safer for it.

About the Author

Mark Sincevich is the Federal Director at Illumio.

Cyber Defense eMagazineJuly 2021 Edition 41

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

How To Make The Most of Increased Cybersecurity


The average organization devotes 21% of its IT budget to cybersecurity.

By Stu Sjouwerman, CEO, KnowBe4

With the threat of malware touching more and more organizations, boards are beginning to devote greater

resources to cybersecurity. The unfortunate truth is that a successful cyberattack can sink a business.

The average remediation cost of a ransomware attack, for example, is $1.85 million, according to a

Sophos report. The cost of non-compliance if sensitive data is exfiltrated can also be considerable, and

the lasting reputational damage is hard to quantify.

Companies that may have been tempted to gamble in the past are now seeing the financial sense in

increasing cybersecurity spend. The average organization devotes 21% of its IT budget to cybersecurity,

according to the Hiscox Cyber Readiness Report; an increase that has been driven by a sustained rise

in the frequency of cyberattacks recently.

Cyber Defense eMagazineJuly 2021 Edition 42

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The growing threat

In the last 12 months, the percentage of organizations experiencing a cyber-attack jumped from 38% to

43%, according to Hiscox data, and 73% of those victims experienced more than one attack. A paltry 9%

reported they were able to defend the attack with no impact on operations. Stronger defenses and better

preparation are required to avoid potential disaster.

Beyond the disruptive impact of ransomware or DDoS attacks, there lurks the even worse threat of a fullblown

data breach. It takes 280 days on average to identify and contain a data breach and costs $3.86

million, according to the Ponemon Institute. It’s far better to spend a fraction of that amount to bolster

your defenses and harden your security posture.

The question is where to spend it to ensure the greatest impact.

Phishing and BEC attacks

We know that malware can usually be traced back to a phishing attack. Threat actors are increasingly

picking their targets and getting smarter about how they approach them. Spear phishing is on the rise

and sophisticated attacks employ stolen credentials to attack laterally. If a message or email appears

legitimate, or worse comes from a colleague’s account that has been hacked, the risk of someone clicking

a link or downloading a file and triggering a malware installation is much greater. The unpleasant truth is

that anyone can be fooled. Employees of all levels can fall victim to phishing scams.

Business Email Compromise (BEC) is also a serious concern, with the FBI reporting $1.8 billion losses

through BEC, which is a staggering 42% of the cybercrime loss total. Much more sophisticated and

targeted at CEOs, CFOs, and other high-ranking executives, BEC can be the result of months of

reconnaissance, with attackers building complex infrastructures and hacking multiple accounts in pursuit

of a big payday.

Spending effectively to boost security

The temptation to sink any budget increase for cybersecurity into a tool or platform that promises to

safeguard your data is understandable, but there’s a better way to strengthen your security. If we accept

that security systems can always be bypassed by persuading people to unwittingly grant access, then

it’s clear that the best way forward is to educate and empower your workforce.

Security awareness training is crucial because by teaching people to spot the common signs of a phishing

attack will develop the muscle memory you want to see.

Establish a baseline before you begin and set targets for improvement with periodic tests, such as mock

phishing campaigns, to determine what progress has been made. Test results and any real-life security

incidents that occur should be leveraged as learning opportunities and used to inform ongoing training.

Make sure that you combine training with stronger security controls and strict procedures. At the shallow

end, you have to provide phish alert buttons to make it easy to report suspicious emails. Reports should

Cyber Defense eMagazineJuly 2021 Edition 43

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

trigger an investigation that includes feedback for the employee who flagged the message.

Responsibilities, processes, and expectations should be clear and easily accessible for everyone.

To tackle more sophisticated spear phishing or BEC attacks, design controls around funds transfers or

sensitive data sharing. By requiring multiple people to sign off on transactions over a certain amount or

insisting on in-person meetings or video calls to confirm the legitimacy of data or funds requests, you can

prevent major losses. Consider the worst-case scenarios and design controls that will block scammers.

Enlisting your employees

Employees are your most valuable resource. They have the deepest understanding of your business and

are invested in helping you strengthen security. Ask for their advice and input to identify the greatest risks

and learn how best to safeguard their areas of responsibility. Having an open dialog for prioritizing the

assets that need securing will send a clear message and encourages people to take risk management

more seriously.

If you educate employees and equip them with the right tools, you can quickly make vast improvements

to your cybersecurity stance. Continuous training and a program of attack simulations that emulates realworld

threats will deliver tangible benefits.

Ultimately, it’s by enlisting employees that you will squeeze the greatest value from any increase in your

cybersecurity spend.

About the Author

Stu Sjouwerman is founder and CEO of KnowBe4, [NASDAQ: KNBE]

developer of security awareness training and simulated phishing

platforms, with over 37,000 customers and more than 25 million users.

KnowBe4 also offers a KCM GRC platform that provides ready-made

templates for quick compliance evaluations and reporting. Centralized

policy distribution and tracking helps users remain compliant, as does

flagging risky users. Sjouwerman was previously co-founder of Sunbelt

Software, the anti-malware software company acquired in 2010. He is the

author of four books, his latest being “Cyberheist: The Biggest Financial

Threat Facing American Businesses.” He can be reached at

ssjouwerman@knowbe4.com or company website


Cyber Defense eMagazineJuly 2021 Edition 44

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Common Sense Cybersecurity Steps for Managed

Service Providers (MSPs)

By Wes Spencer, CISO at Perch Security – a ConnectWise Solution

Covid-19 changed the IT landscape for a lot of MSPs helping customers, suppliers and partners as they

struggled to adopt digital services and technologies to make work-from-home models a reality. This rapid

transformation opened the door for opportunistic cybercriminals to figure out new ways to target MSP

clients, particularly small and medium-size businesses (SMBs).

Case-in-point: nearly 73% of MSPs we surveyed for our Perch Security 2021 MSP Threat Report

confirmed at least one customer had a security incident last year and that nearly 60% of these incidents

were related to ransomware.

Cyber Defense eMagazineJuly 2021 Edition 45

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Why MSPs and their customers are uniquely vulnerable to cybercriminals.

MSPs are increasingly in the line of fire for cybercriminals, as seen during last year’s crisis. MSPs hold

the keys to hundreds of organizations that they manage, making it attractive to go after many at once.

“Buffalo Jump” attacks occur when an MSP is breached and more than one managed organization is

compromised with malware as a result. Ransomware has also moved to the cloud.

Attackers understand MSP tools and know how to exploit the vulnerabilities and tools that MSPs depend

upon. They know that enterprise-grade security solutions are rarely built for use by MSPs, who represent

a large number of companies, each with its own appetite for risk, or lack of understanding of cybersecurity

tools or resource constraints.

Last year marked a rapid digital transformation as more customers shifted to the cloud. This introduced

a slew of potential new vulnerabilities and risks for uneducated and unshielded customers. In fact, 82%

of MSPs told us that the budget reserved for cybersecurity increased in 2020, with 75% of respondents

indicating their spending would increase on average by 12.1% in 2021. Of the three types identified in

our report - front runners, trying to keep up, and lagging behind - MSPs in the last category that don’t

prioritize a security-first approach for a fast-evolving threat landscape take the biggest risk in terms of

time and money loss.

Common sense cybersecurity steps for MSPs

MSPs need to take threats seriously, even if their customers don’t. Here are some common sense

security steps and approaches for MSPs:

• Recognize you’re a valuable target – Most importantly, if you lack the right staff and training,

then get on board with trusted partners and peers that can help you grow your security know-how

and capabilities.

• Educate customers –Becoming more assertive with customers and bundling security into all

packages will put you in a stronger position.

• Evaluate Budget – Educating leadership on the gaps and risks with a self-assessment is the only

way to get an increased security budget.

• Get Dedicated Staff – Tools alone aren’t enough; you need human capacity to operate and

interact with security solutions, whether with dedicated security personnel or managed security


• Reduce tool sprawl – Find security controls that work well together and with your current ticketing

systems and complement your stack.

• Maximize your spread – When thinking about what to bundle into basic packages, keep in mind

the realities of today’s increasingly converged customer environments, including must-have

SOC/SIEM with additional XDR/MDR/EDR layered tools.

• Tackle passwords and training –Passwords remain a key weak link where security failures are

concerned, so password reuse training, architecting multi-factor authentication and security keys

for single-sign-on are important.

Cyber Defense eMagazineJuly 2021 Edition 46

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The next big thing: addressing remote workforce security gaps

What happens when everyone suddenly starts working from home? Security becomes pushed to the

backburner. With fully remote and hybrid working models set to stay for the long term, MSPs must

urgently review the effectiveness of existing security controls in terms of where employees – and their

customers’ users – now work and determine whether an alternative deployment architecture or controls

are needed to cover the risk.

There are a lot of timely reasons for MSPs to get their cybersecurity ducks in a row, from protecting

customers to insurance firms hardening their attitudes toward cyber policies and new compliance

regulations. Whatever the reason, the time is now.

About the Author

Wes Spencer is the CISO at Perch Security, which was

acquired by ConnectWise in November 2020. He is

responsible for leading external security strategies,

working with external constituencies and media. He also

provides cybersecurity thought leadership to

ConnectWise’s partners, enabling them to build more

mature cybersecurity programs for themselves and their


Wes has been in the technology industry for 22 years,

garnering awards such as Cyber Educator of the Year by

the Cybersecurity Excellence Awards in 2020. Additionally,

Wes is a part of multiple boards, serving on the Advisory

Committee on Cybersecurity at the University of Florida,

the Advisory Board on Cybersecurity Management at

Murray State University, and as Chairman at the

Community Institution Council Advisory Group, FS-ISAC. He has been featured in numerous

publications, including The Wall Street Journal, ProPublica, Dark Reading, and Bleeping Computer.

Wes attended Murray State University, earning both a Bachelor of Science in Cybersecurity and a Master

of Science in Cybersecurity. In 2017, he was named among Murray State’s Alumni of the Year.

Outside of work, Wes runs a YouTube channel with 30,000 subscribers covering cybersecurity and

cryptocurrency. He is happily married and enjoys gaming and exploring the outdoors with his four


Cyber Defense eMagazineJuly 2021 Edition 47

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Threat Intelligence Should Be Shared Not Shamed

By Nuno Povoa, Eurofins Cybersecurity US

When the DarkSide ransomware group shut down the Colonial Pipelines’ gas distribution that stretches

from Texas to New Jersey, something rather remarkable happened: the criminals apologized.

The DarkSide group issued an apology, saying its goal was not in "creating problems for society" but "to

make money." According to Newsweek, the hacker’s statement released on the Darkweb read in part,

"Our goal is to make money, and not to create problems for society. From today we introduce moderation

and check each company that our partners want to encrypt to avoid social consequences in the future."

The world witnessed a cyber-terrorist organization playing a type of PR game to frame their attack as a

‘Robin Hood’-type of good deed.

Cyber Defense eMagazineJuly 2021 Edition 48

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Applying PR tactics is a new page in the hacker playbook to mask the organizational root causes of

cyberattacks. Within these companies being targeted, it’s not a factor of negligence, it’s a lack of a clear

understanding as to what these cybersecurity risks mean and how to translate them into impact. There's

a big gap between the IT side of the house and the operational departments; each side has a separate

administration department that doesn't always share security-related information in a timely manner. In

the Colonial Pipeline’s case, their corporate exposure to the internet was most likely very tight, but

exposure through its refineries—where they probably have their own security rules and procedures—

was weaker and may not have matched up more stringent corporate security policies.

Threat intelligence remains very compartmentalized and there's no central repository to share

information. In many of these cybersecurity instances, investigators have to go to multiple sources, in

multiple departments, to begin pinpointing the root cause of the attack. The highly operationalized

companies who prioritized what is only important to their specific part of the organization prolong the

attack identification process. From the IT department down to the industrial control systems, there needs

to be a better accountability structure in place and support for corporate-wide threat/risk data sharing—

especially in utilities.

Attackers - A Victimless Mindset

Oftentimes, criminals who do these types of attacks are under the impression that it’s a victimless crime

and at one point, the company will get reimbursed by their cyber insurance provider. In the Colonial

Pipeline case, the hackers are hitting the company’s bottom line as well as affecting the price of gas all

along the U.S Eastern seaboard. “We are sorry. We wanted to start a little fire not a big fire” is far from

an already morally dubious ‘Robin Hood’ act. Imagine what would have happened if this was a wellcalculated

attack on purpose, like the 2015 attack on the Ukraine power grid.

To combat criminal hackers there needs to be a real-time, institutional understanding of what the threats

are and a universal repository of data shared among all organizations, similar to how the National Oceanic

and Atmospheric Administration (NOAA) shares all weather-related information to benefit everyone. But

the fact remains that companies don't want to talk about their cybersecurity issues fearing bad PR and

shareholder repercussions. All organizations need to share information on security breaches to create

resiliency that enables quicker and more effective attack responses. To achieve this resiliency and

collective response, companies need to have an overall risk management strategy—not just a bunch of

vendor management tools—to create a reasonable strategy.


We live in a world where virtually everything is connected to the internet and there will always be bad

actors looking for a way in. Companies need to embrace this reality, but a lot of organizations chose to

downplay their chances of being hacked. The minute devices are connected to the internet there is an

Cyber Defense eMagazineJuly 2021 Edition 49

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

access port for hackers - companies must take this seriously and be ready to respond with a well-thoughtout


Aligning with “industry best practices” has been the security mantra and goal of many niche industries,

and while there's clear value in understanding and replicating the security goals within a particular

technology or business vertical, it's crucial that the experience of other industries is not overlooked in the

process. In the event of an attack, victims need to quickly disseminate the information so there is a

universal understanding of the attack and a cooperative solution-share. This stands in stark contrast to

the present-day concern companies have of simply comparing themselves to competitors in order to

establish their security posture—oil, gas, energy, and manufacturing organizations are noticeably trapped

in that mindset.

Companies should not be relying solely on automated security tools for defense. No security tool is

perfect, most security software demands constant tuning, writing another correlation rule, ingesting and

parsing more logs, or configuring alerts based on a new predetermined condition. Adding to the

complexity, many tools now employ machine learning and behavioral analytics, further abstracting the

analysts from what is happening in the background. Risk rises alongside the evolving complexity of the

system, and more than ever organizations need to implement a layered defense containing perimeter

controls, EDR response, risk assessment processes, patch management, and people managing the

security logs. Only with a layered defense for visibility and business resilience, and the universal,

immediate, sharing of intelligence will we be able to remove one of the cyberattacker’s most valuable

tools—corporate shame.

About the Author

As Senior Security Consultant, Nuno Povoa is the lead penetration tester

at Eurofins Cybersecurity US. For over a decade, Nuno has developed

strategic and technical insights to actively improve data and business

resilience for major organizations in the USA, Europe and Asia. His past

and present clients include major Oil & Gas, automotive manufacturing,

broadcasting, and health care organizations.

Cyber Defense eMagazineJuly 2021 Edition 50

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

NATO to Consider Military Response to Cyberattacks

As NATO Nations Face New Realities, The Worldwide Search For Cyber Talent Picks Up.

By Doug Britton, CEO, Haystack Solutions

In yesterday’s Brussels Summit Communiqué - Issued by the Heads of State and Government

participating in the meeting of the North Atlantic Council in Brussels 14 June 2021, NATO alerts

that it will consider on a case-by-case basis treating cyberattacks similar to physical attacks against allies.

The communique indicates NATO may launch a military response against perpetrators.

Under Article 5 of the 1949 NATO treaty, any armed attack on a NATO ally is considered an attack on all

alliance members, who may then defend the ally. At the North Atlantic Council meeting in Brussels

yesterday, the alliance disclosed a Comprehensive Cyber Defence Policy in which Article 5 responses

may be taken following a cyberattack.

The move follows several recent high-profile cyberattacks on commercial/industrial sector providers of

critical infrastructure and services.

Cyber Defense eMagazineJuly 2021 Edition 51

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The Loud Clarion Call:

As a former linguist and HUMINTer in U.S. Army intelligence with U.S. Special Forces Command during

Operation Enduring Freedom and former cyber-intel initiative contributor at Lockheed, this news jumped

out to me on several levels.

First, NATO is acknowledging that Russia, China and other nation-states pose major cybersecurity

threats, both because of direct actions and because of the third-party threat actors operating on their soil,

presumably with tacit permission.

The first half of 2021 has seen both an increase in commercial/industrial critical infrastructure

cyberattacks, and a dramatic escalation of their potential impact - Colonial Pipeline, food processor JBL,

as well as commercial sector corporations such as Fuji being just the latest example.

New findings from researchers with Check Point show that ransomware attacks have increased 93%

year over year. Moreover:

• The number of organizations impacted by ransomware has risen to 1,210 in June 2021 alone,

• Check Point Research sees a 41% increase in attacks since the beginning of 2021, contributing

to the aforementioned 93% increase, and

• Surprisingly, despite the high-profile U.S. entities attacked, Latin America and Europe saw the

largest increase in ransomware attacks since the beginning of 2021, marking a 62% and a 59%

increase, respectively.

Elena Elkina, JD, CIPP/US, CIPP/E, CIPT, and Partner with corporate privacy consultants Aleada, noted

that we live in a world where cyber defense is imperative for companies and countries. “In the light of the

frequency, complexity, and destructive power of the most recent attacks, the only surprise is that it took

NATO up to this point to make public this decision and take assertive action. The time for delicacy is

over, and it is time for NATO to reaffirm its position and request other countries to act respectfully and


Help Wanted in The Hunt for Premium Talent: This communique makes clear that the U.S. and her

allies must change the urgency and economics around finding the undiscovered cyber geniuses whose

innate aptitudes make them among the potential best and brightest, and then train them at a new pace

and price point, and get them into the fight as soon as possible. This is a clarion call for the best talent

on defense, repelling attackers at the cyber borders, and on offense, deploying cyber weapons against


As Garret Grajek, CEO of YouAttest, observed, the open nature of the democratic nations’ networks

forces the West to apply pressure on the points of origin of such attacks. “NATO’s message is a strong

sign to the nations that either harbor or turn a blind-eye to attackers on its soil that these malware

campaigns will be taken very seriously.”

Cyber Defense eMagazineJuly 2021 Edition 52

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The number of open positions in various cyber roles exceeds the number of people that are currently in

the profession today, with some suggesting that there will be another 145% growth required over the next

5 years. Our current methods of identifying talent clearly aren’t able to keep up. The industry is also

suffering from a somewhat polarizing perception of being a bro-network of hackers, at the fuzzy edge of

ethics and laws.

To change the math and attract new entrants, the industry needs new perspectives. The sheer number

of people needed in cyber jobs do not align with the 4+ year timeline of college programs. The economy

requires the ability to add people into the fight with months of training vs. years. One way we get people

ready in months vs. years is to focus on learners that have the highest likelihood of internalizing the

training and putting it to work on cyber battlefields.

Typically, cyber training has a high percentage of washouts that either don’t complete the training or fail

to transition into practice. Advances in cognitive testing around cyber would allow for more efficient

deployment of training resources. Additionally, the same methods can give people with no technical

background or prior experience, perhaps from philosophy or criminal justice, a pathway to becoming

cyber warriors.

NATO’s ability to meet this enemy on the multifaceted battlefield requires that we can find, train, and

equip the cyber warriors. A revolution in talent development can get us there, if we move quickly.

About the Author

Doug Britton is the founding CEO of Haystack Solutions. Doug

drew from his years in military intelligence and years as a cyber

executive to craft a better way to find cyber talent. Haystack

Solutions finds cyber genius using test methods developed for the

US intelligence community and DOD, transferred out of the

University of Maryland. Additionally, Doug is the CTO and a

Director of RunSafe Security. As RunSafe’s CTO, Doug plays an

essential role in showcasing how RunSafe’s technology changes

the economics of cyber defense, and he has been instrumental in

driving the RunSafe technology strategy and roadmap, the

development of its patent portfolio and IP strategy, managing

software development teams, and building a world-class security research team. Prior to RunSafe

Security, Doug founded Kaprica Security which sold its Tachyon business to Samsung. He has also

managed large-scale security research, reverse engineering, and exploit development programs for

Lockheed Martin and SAIC. A trained computer scientist, Doug started his career in the National Center

for Supercomputing Applications at the University of Illinois, before serving as a Russian Linguist and

Interrogator in the US Army. He has also earned an MBA from the University of Maryland and mentors

several entrepreneurs and students launching their business.

Doug can be reached online at @CATA_Haystacks and at our company website


Cyber Defense eMagazineJuly 2021 Edition 53

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Know Thy Enemy, Break Their Cyber Kill Chain

By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies

The Cyber Kill Chain, developed by Lockheed Martin in 2011, appropriates the military’s concept of ‘kill

chain’ relating to structuring an attack into stages – from identifying an adversary’s weak links to exploiting

them. In the same way that the traditional kill chain describes the seven steps in a physical attack –

identification of the target, forced dispatch to the target, decision, order to attack the target, and finally,

target destruction – the Cyber Kill Chain describes the modus operandi of a typical cyber intrusion in

seven phases:

1. External Reconnaissance – Identifying the target’s weaknesses, studying them, and then

selecting which methods of attack can be executed with the highest degree of success. This initial

stage involves the harvesting of organizational details such as mailing lists, social network activity,

information on technology choices, conference details, etc.

2. Weaponization and Packaging – This phase can take many shapes, including web application

exploitation, compound document vulnerabilities delivered in Office, PDF or other document

formats, off-the-shelf or custom malware, or watering hole attacks. Essentially, this is the part

where the attacker packages up the exploit with a backdoor into a deliverable payload.

Cyber Defense eMagazineJuly 2021 Edition 54

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

3. Delivery – Transmission of the payload is either target-initiated (a user browses to a malicious

web presence, leading to an exploit delivering malware, or they open a malicious PDF file) or

attacker-initiated (network service compromise or SQL injection) – whichever digital method and

means of transporting or launching the attack best suits the intended target.

4. Exploitation – Once the payload has been delivered to the user, device or computer, it will work

to compromise the asset, thereby gaining a foothold in the target’s IT environment. How this is

achieved technically hinges on the type of digital attack selected. This can involve an exploit

mechanism, like specialized code that takes advantage of a known software vulnerability to

execute on a victim’s system. Depending on the victim, zero-day exploitation is a possibility as

well, but in most cases, it isn’t necessary for adversaries to go to this expense.

5. Installation – The objective of this step is to establish persistence on the victim system. It typically

involves the installation of malware, such as a bot client or trojan, that will proceed to run

whenever the compromised device powers on or reboots. This is typically designed to gain

persistence at the endpoints where it has access and enables the adversary’s control of the

application without alerting the target’s organization.

6. Command and Control – This stage is simple: Set up and initiate a communication mechanism,

or the “Command and Control (C2) channel” as security experts call it, to exercise authority on

the affected devices and exfiltrate data remotely. The level of complexity in this step can range

from simply transmitting data via normal network services (e.g., HTTP, IRC, and others), to

something much more sophisticated like concealing specially encrypted traffic in tricky,

unexpected network services (in ICMP messages or DNS options, for example). Some of the

more modern threats even use social media mechanisms, like Facebook or Twitter posts, for

command and control. Ultimately, this channel enables the adversary to tell the controlled “asset”

what to do next and what information to gather.

7. Actions on Targets – In the seventh and final phase, intruders use the “hands on keyboard”

access they’ve gained to carry out any malicious actions necessary to achieve their original goals.

This can involve ransomware installation, keylogging, grabbing password hashes, using the

webcam to spy, collecting any or all of your files and data, and much more.

One criticism of Lockheed’s original Cyber Kill Chain is that it doesn’t adequately address a common

stage of attack known as lateral movement or pivoting. Often, the first device a malicious actor gets

control of isn’t the intended target, so they must take additional measures to gain access to the key

systems or data required to accomplish their mission. To account for this, Lockheed considers its Cyber

Kill Chain to be circular rather than linear.

Ultimately, understanding the Cyber Kill Chain helps those tasked with protecting systems and data

identify the different and varying defenses that need to be in place for effective security. While

cybercriminals are constantly evolving their attack techniques, their approach will always consist of these

fundamental stages. Effective security defenses rely on intimate knowledge of adversaries and their tools

and tactics. And, the closer to the first link of the Cyber Kill Chain an attack can be stopped, the better.

Cyber Defense eMagazineJuly 2021 Edition 55

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cybercriminals have a knack for tracking down the weakest point of entry between them and an attack

on a corporate network, which is often through endpoint devices such as mobile phones, tablets and

laptops, or other wireless and IoT devices. The massive shift to remote work this past year has inhibited

traditional corporate network security because it can’t protect users beyond its perimeter. For this reason,

security strategies for our “new normal” need to strengthen defenses on remote employees’ endpoints at

home. Endpoint protection (EPP) detects and prevents many phases of the Cyber Kill Chain, completely

thwarting most attacks or enabling IT administrators to remediate the most complex and sophisticated

threats in later stages.

While adversaries must advance through each of the seven phases in the Cyber Kill Chain in order to

realize success, IT/security teams just need to shut down a single link to break it. Malicious actors can

often access the most valuable assets of the organization they’re targeting via endpoints in homes where

employees are doing their work remotely. Therefore, stopping malicious actors at the endpoint radically

reduces the likelihood of a successful cyberattack.

About the Author

Corey Nachreiner is the CSO of WatchGuard Technologies. A frontline

cybersecurity expert for nearly two decades, Corey regularly

contributes to security publications and speaks internationally at

leading industry trade shows like RSA. He has written thousands of

security alerts and educational articles and is the primary contributor

to the Secplicity Community, which provides daily videos and content

on the latest security threats, news and best practices. A Certified

Information Systems Security Professional (CISSP), Corey enjoys

"modding" any technical gizmo he can get his hands on and

considers himself a hacker in the old sense of the word.

Corey Nachreiner can be reached at @SecAdept on Twitter, or via https://www.watchguard.com/

Cyber Defense eMagazineJuly 2021 Edition 56

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Uncovering the Dark Side of the Colonial Pipeline Attack

By Alon Nachmany, Director of Customer Success AppViewX

The Colonial Pipeline, which stretches more than 5,500 miles from Houston to New York and provides

the eastern United States with almost half of its diesel, gas, and jet fuel, was shuttered after a ransomware

cyber-attack. The attack was carried out by DarkSide, a cyber-criminal gang that attacks privately-owned

businesses and donates a portion of what they take to charity. DarkSide also sells the ransomware they

develop to other cyber-criminals who can then use it to carry out attacks in exchange for part of the profit.

The impact of the attack hasn’t been catastrophic; there were some spikes in price in some states and

some gas stations did run out of gas. The national average gas price rose by two cents, and the more

significant effects have been a result of people's panic buying fuel and businesses making attempts to

save fuel. But the attack has highlighted just how vulnerable both the pipeline and the American energy

systems are.

The Colonial Pipeline is nearly 60 years old. Over time, expansions and loops have been added to the

pipeline to increase its capacity and make the process more high-tech and automated. Today, the

company uses pumps, thermostats, sensors, and valves to monitor and control the pipeline, and a robot

to inspect the thousands of miles of pipeline and find and report any anomalies. All of these technologies

are connected to a central system that was targeted by DarkSide. Colonial has the pipeline back up and

running and is now working closely with the Energy Department to ensure that something like this does

not happen again.

Cyber Defense eMagazineJuly 2021 Edition 57

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Outdated and Vulnerable OT Systems are Becoming Easy Targets

The major factor that impacted the pipeline’s restart is how quickly Colonial could determine precisely

how much of their infrastructure was affected by the attack. With many Operational Technology (OT)

systems, there is a lack of visibility, meaning it could take a significant amount of time to determine the

severity of an attack. OT systems were designed in the 1970s and have become incredibly outdated over

the last 50 years as technology has become significantly more sophisticated.

So have hackers.

These OT systems were built with one thing in mind -- “Availability.” They simply cannot go down.

Operational Technology is the technology that runs our utilities and critical infrastructure. As listed above,

OT includes, among others, pumps, thermostats, sensors, and valves—devices that cannot afford to be

shut down. And often, communications within these systems are not encrypted. In fact, some might even

use a clear text username and password, if any authentication is required at all. OT systems are simply

not like IT systems which are managed and secured by an IT team who know the system inside and out

and can access any aspect of it in seconds to determine the damage caused. Many IT and cyber teams

aren’t even aware of OT systems and how they are set up, so they aren’t able to easily manage or secure

them, though this is currently changing.

This is a big part of why the entire pipeline was shut down. Due to the lack of visibility and not knowing

what information the hackers had taken, Colonial had no way of knowing what DarkSide could do next.

So, their safest and quickest option was to halt the entire process until they could determine the extent

of the attack. But shutting down also indicates that the company does not have a lot of faith in its OT

security, which is a major red flag and something that needs to be addressed by the industry as a whole.

Biden’s Cybersecurity Executive Order Comes as a Saving Grace

In the days since the Colonial Pipeline cyber-attack, President Biden and other officials have prepared to

issue an executive order requiring federal agencies and their contractors to strengthen their

cybersecurity. The order created a Cybersecurity Incident Review Board similar to the National

Transportation Safety Board, which investigates civil transportation accidents in the air or at sea.

Once the order is put into effect, it will require software vulnerabilities to be reported to the government

so that they can be addressed rather than being swept under the rug. This would hold companies liable,

in a way they aren’t currently. If a company’s software doesn’t comply with regulations or they fail to

report a vulnerability, there are consequences including a possible ban from selling their software to the

government, which can kill their business’s viability.

That being said, many of utilities are private for-profit companies. This means that utility companies, like

other companies, apply the “Cybersecurity Risk Equation.” A simple calculation of the probability of a

cyber event times the cost of that event would be the budget for securing the solution. What this equation

won’t take into account is the cost to the general public. For example, as we saw with the short gas

outages, what if there is no gas? What happens when first responders don’t have fuel?

Cyber Defense eMagazineJuly 2021 Edition 58

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Energy and Utilities – You Have No Choice but to Reinvent Your Security

The Energy and Utility industry is our country’s lifeline providing essential everyday services to people.

Any breakdown in this critical infrastructure can paralyze the entire system and have debilitating impacts

on the consumers and a country’s economy at large. Ironically, the sector has been more lax than

necessary in building a resilient cybersecurity posture.

The increasing convergence of IT and OT systems and the lack of adequate OT security have introduced

many security weak links into the infrastructure, making it an attractive target for cybercriminals. The

Colonial Pipeline attack is a classic case exposing these security gaps and blatantly highlighting the need

to bridge them with a well thought-through, strong, and sustainable security strategy.

Biden’s executive order is a welcome move in that direction. Let us hope that the industry will act soon,

or history won’t be kind.

About the Author

Alon Nachmany is the Director of Customer Success at AppViewX.

He has more than 15 years of cybersecurity experience including

being a former Chief Information Security Officer (CISO). He has

worked with critical infrastructure, specifically with operational

technology, and has consulted for water treatment and power

companies as well as major airports and governments. In May

2019, He was a speaker at the DOE’s Cybersecurity Conference.

He can be reached via Twitter @AppViewX and at our company

website @AppViewX.com

Cyber Defense eMagazineJuly 2021 Edition 59

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

How To Protect Power Infrastructure from Ransomware


Why every point count in the era of increasing intelligence

By Hervé Tardy, Vice President, Marketing and Strategy for Power Quality, Americas,


The continuing emergence of IoT is bringing new meaning to the old saying: “a chain is only as strong as

its weakest link.” Advancements in connected technologies are helping enterprises achieve many

benefits, allowing them to tap into new data insights and streamline efficiency in exciting ways. However,

with this integration comes the responsibility to ensure the entire network remains protected, as more

points of intelligent capabilities create more potential areas for cybersecurity risk.

Cyber attackers are out in full force and more savvy than ever before, businesses need to consider every

possible avenue to keep their organization properly protected, including power infrastructure. In this

article, we’ll cover how to approach the threat of ransomware attacks through power devices and provide

measures to keep cyber criminals at bay.

Cybersecurity in current context

Safeguarding against ransomware strikes has never been more critical. In 2020 alone, the prevalence of

ransomware attacks in the U.S. skyrocketed by 109 percent, according to the 2020 SonicWall Cyber

Threat Report, costing businesses more than $75 billion a year, part of which is attributed to downtime

expenses. Experts attribute the rapid increase of threats to the influx of home-based employees resulting

from the COVID-19 pandemic.

When businesses migrate to a hyper distributed IT environment flexibility will grow but the threat of

growing cyberattacks can’t be ignored. This point was driven home recently when Colonial Pipeline faced

Cyber Defense eMagazineJuly 2021 Edition 60

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

a cyberattack that shut down approximately 5,500 miles of pipeline, causing panic among travelers facing

gas shortages and long lines at gas pumps across the eastern seaboard.

These type of events underscore the importance of safeguarding all network-connected equipment

against cyber threats, which encompasses uninterruptible power systems (UPSs), power distribution and

cooling systems.

A resource guide for power protection

As hackers continually attempt to overcome the cybersecurity mitigations businesses are putting in place,

organizations must ensure that there is no point of access for malicious activity. Having a running

cybersecurity checklist for power management can help IT teams keep their strategy up-to-date and

effective in the face of evolving threats.

• Keep certifications in check: One of the best things IT teams can do to drive the most effective

level of security is to stay on top of cybersecurity certifications being developed by global

standards organizations like Underwriters Laboratories (UL) and the International Electrotechnical

Commission (IEC). These organizations are expanding their processes for certifying products as

secure across the network which includes power backup devices.

There are UPS network management cards available with UL 2900-1 and ISA/IEC 62443

certification that have built-in cybersecurity capabilities and features. Buying products with these

types of safeguards against possible ransomware attacks can transform a UPS into an enterprise

IoT device with cybersecurity protection.

• Use software to manage firmware updates: By pairing backup equipment with power

management software, enterprises have the ability to make timely firmware installation and

updates to stay ahead of emerging cybersecurity threats. As new threats are identified,

businesses can work with their technology service providers to embed necessary patches or


For example, as Ripple20 vulnerabilities were recently identified in the Quadros stack, potentially

billions of connected devices were exposed to this vulnerability. Power management software

allows mass updating to apply patches and remove this exposure, at scale, quickly across the



• Look for ways to expand and improve: Although primarily developed to monitor and manage

UPSs and rack PDUs—as well as gracefully shut downloads during a loss of utility power, even

in virtualized environments—power management solutions may also be used to provide an

inexpensive, highly viable air gap solution. The security measure helps keep secure networks

physically isolated from unsecured ones such as the Internet.

Power management software has the capability to integrate with Windows operating systems and

common virtualization systems, allowing IT teams to automatically discover and monitor common

power infrastructure and IT equipment. Some solutions can also be customized to trigger specific

actions on a customized schedule in alignment with UPSs and/or power distribution units (PDUs).

Cyber Defense eMagazineJuly 2021 Edition 61

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

• Merge physical and digital solutions: Enterprises should also consider physical security as part

of their strategy to keep power management equipment safe. Taking measures to deploy smart

security locks on IT racks can help to ensure that only authorized personnel have access to IT


While ransomware attacks are a mounting threat across every business landscape, they are especially

risky to small- and medium-sized organizations that tend to have smaller security budgets and less

dedicated IT personnel. By deploying simple measures, companies can help safeguard their IT

infrastructure against these expensive and detrimental attacks.

Business continuity planning is a must

Successful enterprises not only utilize the previously discussed mitigations to prevent becoming a victim

of ransomware, but also have a comprehensive business continuity plan in place. The first step is to

make sure that files are regularly backed up. In some cases, this simple process will allow victims to

recover their data at no cost.

It is possible that ransomware attackers will attempt to coerce a company to pay the ransom by

threatening to publicly release sensitive information. For this reason, organizations should always encrypt

their data to prevent attackers from gaining this type of leverage. It is also possible for ransomware

attackers to encrypt or destroy backups. Because of this, it is essential to maintain a copy of backups in

a separate location that is isolated from the network as a last line of defense.

The journey forward

Enterprises will keep looking for new ways to use IoT solutions as the technology landscape advances.

Businesses stand to benefit significantly from this evolution, but cybersecurity must remain top-of-mind

to protect against operational downtime, data loss and negative impact on lifecycle costs and brand

reputation. With a multi-faceted strategy that includes power management in the equation, businesses

can ensure that progress and protection go hand-in-hand.

About the Author

Hervé Tardy is Vice President of Marketing and Strategy for Eaton’s

Power Quality business unit in the Americas region. In this role, Hervé

manages the Americas product roadmap for power solutions, software

and connectivity products to reinforce Eaton’s technology leadership.

You can find more information at Eaton.com.

Cyber Defense eMagazineJuly 2021 Edition 62

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Ransomware and the Cybersecurity Industry’s Problem

of Perception

By Jack B. Blount, President and CEO, INTRUSION, Inc.

In the past year, we’ve seen ransomware attacks spike significantly – not only in frequency but also in

scale. A recent Checkpoint Research report (CPR) noted a 57% increase in organizations affected by

ransomware within the past 6 months.

Attacks by groups such as Babuk, Hafnium, DearCry and most recently Darkside have made big

headlines – impacting large organizations, infrastructure, and public safety. And these attacks don’t just

affect the target companies – the recent attack on Microsoft affected more than 30,000 organizations

using Microsoft Exchange servers. Before that, it was the Sunburst breach that, aside from creating other

calamities, allowed these bad actors to look deep into Microsoft’s software code, browsing to their heart’s

content. Now, the Colonial Pipeline ransomware attack resulted in one of the country’s biggest suppliers

of fuel to the East Coast being shut down for days – the ramifications of which are yet to be seen.

It is scary to think what destructive minds can do once they get unfettered access to the systems that run

the world’s commerce, education, manufacturing, critical infrastructure, defense, and even entire


The most common worms and malware causing this surge are Ryuk and Maze. But there are other

popular ones – Bad Rabbit, Cryptolocker, GoldenEye, Jigsaw, LeChiffre, Locky, NotPetya, Petya, and

WannaCry – to name a few. As these existing malwares, along with an ever-increasing number of

Cyber Defense eMagazineJuly 2021 Edition 63

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

variants, gain momentum from well-funded and well-organized adversaries, we can expect to see a

growing number of headlines of compromised organizations of all sizes.

WannaCry makes a comeback

It's no surprise that WannaCry is also rearing its ugly head. Back in 2017, the WannaCry outbreak

infected as many as 200,000 computers within 72 hours. Using the EternalBlue exploit in Windows SMB

(server message block protocol) the malware could infect new victims on its own, spreading exponentially

over the internet. WannaCry is still infecting Windows servers for one simple reason: they are unpatched.

It's astonishing, really, that it’s been four years since Microsoft released the fixes for WannaCry, yet there

are still unpatched servers that exist today. Common segments targeted by WannaCry are

government/military, manufacturing, banking, and healthcare. According to CPR, the United States is the

primary target recipient, garnering 49% of all exploit attempts. Auditing of server software is needed

immediately to identify unpatched servers, with special attention to those that haven’t been powered up

in a long time.

Looking at Cybersecurity from a New Angle

The reason these ransomware attacks continue to be successful is that the solutions we use to prevent

cyberattacks haven’t changed much. We continue to focus on signatures and an outside-in approach,

giving organizations a false sense of security. The reality is that the cybercriminals keep finding new ways

to breach our outer layers of protection. Once they are in a network, they can live there for months,

searching for an organization’s most valuable data or assets. Because most solutions don’t monitor

outgoing traffic, these criminals are able to steal an organization’s data and figuratively walk right out the

door with it, with little to no monitoring.

It’s time we start looking at cybersecurity with a new perspective, and focus on solutions that monitor

both incoming and outgoing traffic. Hackers first accessed SolarWinds on September 4, 2019, and the

hackers got away with their code long before the malware was discovered. It had been living in that

network for about nine months before it was detected – it had gotten past firewalls and other solutions

meant to keep it out.

No matter the type, malware needs a connection in order to carry out its task of stealing data. Without

being able to “call home” or connect to an outside server, it cannot deploy malicious code.

Monitoring and immediately killing these connections is the only way to successfully prevent these

damaging ransomware attacks that leave organizations in the impossible position to decide whether to

pay up, or lose their valuable data, information and assets.

Cyber Defense eMagazineJuly 2021 Edition 64

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Jack Blount is President and CEO of INTRUSION, Inc., a leading

provider of entity identification, high speed data mining, cybercrime

and advanced persistent threat detection products.

Blount has an extensive career in technology as a visionary in the

personal computer, local area networking, ERP, mobile computing,

big data, cybersecurity, and AI fields. Most recently, he was the

founder of a strategic consultancy for enterprise, startup and federal

government organizations. Prior to that, he served as CIO of the

United States Department of Agriculture where he was responsible

for designing a new, 10-layer cyber security architecture, protecting

more than 100,000 employees and billions of dollars.

His experience also includes roles at IBM and Novell, where he served as SVP of Business Development

and helped expand its business from $50M to $2B in just six years. Blount has served as the CTO, COO,

and CEO of eight technology, turnaround companies, and has served on twelve technology company

Boards of Directors.

Blount graduated from Southern Methodist University with a degree in Mathematics and did his graduate

MBA studies while working at IBM.

Jack can be reached online at our company website https://www.intrusion.com/

Cyber Defense eMagazineJuly 2021 Edition 65

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Easyjet Data Breach One-Year On: What Are the Next


By Aman Johal, Director and Lawyer at Your Lawyers

The EasyJet 2020 data breach

On Wednesday 19 th May, we passed the one-year anniversary of the EasyJet 2020 data breach hitting

the headlines, one of the largest data breaches in UK history.

Resulting from a “highly sophisticated” attack, the personal details of around nine million EasyJet

customers were exposed to hackers. While the airline was quick to claim that there was no evidence that

any personal information had been misused, it did admit that, as well as email addresses and travel

details, the hackers had stolen the credit card details of approximately 2,208 customers.

The stolen credit card data are understood to have included the three-digit security code – known as the

CVV number – on the back of cards.

In a statement following the hack, EasyJet said it had gone public to warn the nine million customers

whose personal details had been exposed. However, it did not provide any further details about the nature

of the attack or the suspected motives. Instead, the airline’s own investigation suggested that hackers

were targeting the company’s intellectual property, rather than hunting for information that could be used

to commit crimes like identity theft.

Cyber Defense eMagazineJuly 2021 Edition 66

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The airline industry’s poor record on cybersecurity

The airline industry does not have a great track record concerning cybersecurity. In 2018, it was

discovered that the personal details of almost half a million British Airways customers had been harvested

by hackers over two separate attacks. Users of the airline’s website and app had their data copied to

criminals who had exploited a weakness in the payment processing systems. The personal information

exposed included full names, debit and credit card numbers, addresses, email addresses, and CVV


The Information Commissioner’s Office originally announced an intention to fine British Airways £183

million for the breach. However, this was dramatically reduced to just £20 million in October 2020.

You would hope that the British Airways data breach debacle was a warning to the airline industry.

Unfortunately, it appears that such warnings have fallen on deaf ears. On May 23 rd , Air India said that

the personal data of about 4.5 million passengers had been compromised following an incident at SITA,

the Indian flag carrier airline’s data processor.

The stolen information included passengers’ names, credit card details, dates of birth, contact

information, passport information, ticket information, and frequent flyer data.

While Air India claimed it did not hold CVV/CVC data, it did encourage passengers to change passwords

“wherever applicable to ensure the safety of their personal data”.

The potential compensation payouts for EasyJet

In this sense, the type of data stolen in the Air India hack is similar to the EasyJet breach in 2020, so we

can use past breaches – such as the British Airways hack – to estimate the likely compensation pay-out

for victims of EasyJet’s data breach.

For the British Airways data breach, we believe that the average compensation awards could be in the

region of £6,000 for each claimant, meaning that the airline could face a potential compensation bill of

up to £2.4 billion. Based on current case law, which is the foundation on which the Judge will assess the

British Airways case, together with data from our own settled claims, we can estimate that average

settlements for data protection and privacy breach cases are in the region of £6,500 for damages, with

common amounts ranging from around £500 to £15,000.

Any victims of the EasyJet data breach should keep these compensation figures in mind and remember

that data breaches are often caused by businesses not adhering to best practice when implementing

cybersecurity measures. The process of claiming compensation is often far simpler than first imagined

and, as illustrated by our updated compensation estimates, there can be significant financial rewards for

claimants seeking the compensation they are owed.

Cyber Defense eMagazineJuly 2021 Edition 67

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Aman founded consumer action law firm Your Lawyers in 2006,

and over the last decade he has grown Your Lawyers into a

highly profitable litigation firm.

Your Lawyers is a firm which is determined to fight on behalf of

Claimants and to pursue cases until the best possible outcomes

are reached. They have been appointed Steering Committee

positions by the High Court of Justice against big corporations like British Airways - the first GDPR GLO

- as well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action

ever seen in England and Wales.

Aman has also has successfully recovered millions of pounds for a number of complex personal injury

and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in

the PIP Breast Implant scandal. Aman has also been at the forefront of the new and developing area of

law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic

data leak and the Ticketmaster breach.

Cyber Defense eMagazineJuly 2021 Edition 68

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Ransomware, the Ultimate Cyber Threat to


With 45% of ransomware attacks targeting municipalities, something must shift the needle.

By Yehudah Sunshine, Head of PR, odix

Municipalities face the risk of persistent cyber-attacks in every direction. From embedded malware in file

attachments, malicious code uploaded via removable media, and the endless risk of viruses and dubious

data uploaded via self-service/ file transfer portals, municipalities, and local governments are increasingly

in the crosshairs of hackers, state-sponsored cyber campaigns, and opportunist looking to cash out at

the expense of local coffers.

Much like in the physical battlefield, the only way the manage the risks and prioritize threats is through

triage. In the case of municipalities that means focusing on ransomware and its devastating effects to

secure data and vital resources needed to keep communities operating.

Why are municipalities so vulnerable to attack?

Municipalities have become a beacon to cybercriminals due to their role as a storehouse to vast swaths

of private data which are more often than not poorly protected by out-of-date security protocols littered

with excessive systems admins and countless security gaps. The data, ranging from tax information and

Cyber Defense eMagazineJuly 2021 Edition 69

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

voting records to social security numbers, and everything in between, if compromised can result in

extensive financial liability to the municipality and far greater loss to the individuals.

Further exacerbating the situation, municipalities by law are required to be transparent and provide their

constituency with vast data points on any number of vital services or projects they may implement. While

the public may appreciate this consideration, hackers have capitalized on this obligation to exploit the

public infrastructure for personal gains.

“Because local governments maintain sensitive personally identifiable information, they have a fiduciary

duty to safeguard that information. As large-scale data breaches continue to make headlines, local

governments must make cybersecurity a priority.”

Between the financial obligations and the massive and publicly embarrassing cyber-attacks which have

plagued cities for the past 5 years, many prominent voices are demanded broader municipal cyber

accountability and a cohesive strategy to mitigating cyber risk.

Why do 45% of ransomware attacks target municipalities?

Municipalities have become a major focal point of hackers because they often fail to implement effective

data protection policies. From rarely backing up data, not implementing multifactor authentication, failing

to provide consistent cybersecurity education for their employees to not deploying innovative endpoint

and cloud security solutions, municipalities' significant and easily exploited weak points make them

particularly susceptible to attack.

Complicating matters “Small and medium-sized cities [often] do not have the resources or funds they

need to invest in IT security. Cities also struggle to keep pace with technology. For example, refresh

cycles may not be timely because of the required continuity of their services for its citizens, or new IPbased

delivery activities are implemented on aging computer systems. Additionally, municipalities deal

with fractured organizational structure and public-sector bureaucracy, which lead to slower

deployment of security measures.”

As a direct culmination of a lack of effective IT governance and a proven history of paying ransoms,

attackers continue to target municipalities for massive financial gains.

How to mitigate the risks?

Municipalities must tactfully balance the needs for prevention, deterrence, identification, and discovery

of the attack itself, with an effective strategy for the response, crisis management, damage control, and

eventually a protocol to return to regular operations. The complexity of this task demands a

comprehensive understanding of the interplay of malicious players and the expanding attack surface to

win the battle of critical infrastructure cybersecurity.

It is critical that municipalities prioritize cyber threats, allocate much-needed funds to implement important

technical solutions, and instill a holistic cybersecurity culture from the top down through the support of

key leaders and ongoing employee education to build cyber resilience the application of industry best

security practices.

Cyber Defense eMagazineJuly 2021 Edition 70

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Yehudah Sunshine, Head of PR, odix. Bringing together his

diverse professional cyber know-how, intellectual fascination with

history and culture, and eclectic academic background focusing on

diplomacy and the cultures of Central Asia, Yehudah Sunshine

keenly blends his deep understanding of the global tech ecosystem

with a nuanced worldview of the underlying socio-economic and

political forces which drive policy and impact innovation in the

cyber sectors. Yehudah's current work focuses on how to create

and enhance marketing strategies and cyber-driven thought

leadership for odix, an Israel-based cybersecurity start-up.

Sunshine has written and researched extensively within

cybersecurity, the service sectors, international criminal accountability, Israel's economy, Israeli

diplomatic inroads, Israeli innovation and technology, and Chinese economic policy. Yehudah can be

reached online at (Yehudah@odi-x.com & https://www.linkedin.com/in/yehudah-sunshine/) and at our

company website http://www.odi-x.com

Cyber Defense eMagazineJuly 2021 Edition 71

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Operational Technology (OT) Ransomware - How Did We

Get Here?

By Lior Frenkel, CEO and Co-Founder, Waterfall Security Solutions

In the last 18 months, ransomware was responsible for all disclosed shutdowns of OT networks,

manufacturing plants and other physical operations. High profile victims include the Colonial Pipeline,

JBS meat packing plants, a Honda factory and X-FAB's semiconductor plants. What's going on here?


To an extent, this problem reflects long-standing trends in industry and in computing. For decades, both

business operations and more recently physical operations, have been automating steadily, deploying

ever more computer networks and ever more software. All this comes “built in” with hidden defects,

software vulnerabilities and the potential for mis-configuration and mis-operation. The result is a steadily

increasing population of targets for ransomware.

Looking deeper, networking is the lifeblood of modern automation. The problem is that all cyber-sabotage

attacks have the ability to move between computers and within networks, and all network connections

can convey such attacks. With a constantly increasing pool of connected targets, that we see steadily

more cyber attacks shutting down physical operations makes perfect sense.

Cyber Defense eMagazineJuly 2021 Edition 72

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

A second reason for the increase in ransomware is, bluntly, cryptocurrency. In the early days of

ransomware, criminals depended on credit card payments, bank transfers, or even cash. However, credit

card vendors were not keen to cooperate in criminal ventures, bank transfers were easily traceable, and

cash required physical access. Reliable, untraceable, and anonymized payment processing was a

problem. Today, pretty much all ransomware actors receive payment in cryptocurrencies, as they are

much less susceptible to influence by legitimate authorities than are other payment mechanisms. Entire

underground economies have emerged to launder such funds. With reasonably reliable ways of being

paid, the profits for ransomware criminal groups are increasing sharply.

A third reason for the increase in ransomware with OT consequences is the widespread use of

sophisticated attack tools and techniques. In the last decade, nation-state-grade attack tools have leaked

into the public domain. The most prominent such incident was the Shadow Brokers releasing materials

they stole from the “Equation Group,” a group widely believed to be a branch of the US National Security

Agency (NSA). There was a day when many organizations would ask “Yes, these nation-state attacks

are powerful, but we're just not that important - why would anyone spend an attack that powerful on us?”

Today the answer is clear - criminal groups are using the tools and techniques of nation-states. These

groups target anyone with money. Do you have money?

OT Consequences

The most serious OT consequences attributed to ransomware in the last 18 months have been production

shutdowns, with the biggest in US history being the recent Colonial Pipeline shutdown. Details of exactly

how the ransomware triggered these shutdowns vary - some ransomware, such as SNAKE/EKANS

variants, target and penetrate OT systems specifically. Other ransomware targets IT networks and

impairs IT systems that are vital to physical operations. Still other attacks target IT networks, but

enterprises shut down their physical operations as precautionary measures. In all cases, the result is the

same, with the same damage.

Enterprises with physical operations are valuable ransomware targets, whether or not OT networks are

specifically targeted by the criminals. This is because OT networks are soft targets. A great deal of

production equipment is very sensitive - recertifying an OT network for safe and reliable operation after

a significant software upgrade can be extremely expensive and can take days, weeks and sometimes

even longer. Most organizations are not willing to incur this expense at all frequently, resulting in large

numbers of old versions of operating system and applications running in those networks. An attack that

gets loose in one of these networks can do a great deal of damage very quickly.

Couple this with the fact that physical operations represent huge investments in infrastructure, raw

materials, and lost opportunities during shutdowns, and it is no surprise that many industrial operations

are willing to pay large ransoms in hopes of materially reducing the duration and severity of shutdowns.

In recent events, Colonial Pipeline has admitted to paying $4.4 million dollars in ransom, though part of

that ransom was later recovered by authorities. The JBS organization is reported to have paid $11 million.

Cyber Defense eMagazineJuly 2021 Edition 73

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

OT Cyber Solutions

To try and reduce OT consequences due to ransomware attacks, enterprises need OT-specific security

monitoring solutions, coupled with IT security monitoring systems, good backups regimes, and practiced

incident response teams. We should not, however, confuse these measures with each other. In terms of

the NIST Framework, we prevent downtime with protective security measures, while we reduce the

duration of downtime with detective, responsive and recovery measures. The top goal of any OT security

program is to prevent production downtime due to ransomware.

OT-specific protective measures include securely designed network segmentation, use of unidirectional

security gateways, secure scheduled updates, and very secure remote access systems. Making physical

operations networks impervious to ransomware both reduces production risks and reduces the urgency

of any ransomware payment. When IT networks are compromised by ransomware, robust OT security

measures give us the time we need to recover those IT systems from backups without paying the

criminals. Robust OT security allows production to continue throughout the IT outage - gasoline is still in

the pipeline, and finished goods are still coming out of the manufacturing plants.

What do we do?

Do not believe criminals who claim, like Darkside did with the Colonial Pipeline, that OT consequences

are not their intent. So long as enterprises with physical operations are more likely than average to pay

ransoms, criminals will continue to target those enterprises. Only when we stop paying the criminals for

targeting businesses with industrial operations will the criminals find other targets.

About the Author

Lior Frenkel, CEO & Co-Founder of Waterfall Security

Solutions. With more than 20 years of hardware and software

research and development experience, Mr. Frenkel leads

Waterfall Security with extensive business and management

expertise. As part of his thought leadership and contribution

for the industry, Lior serves as member of management at

Israeli High-Tech Association (HTA), of the Manufacturers’

Association of Israel and Chairman of the Cyber Forum of

HTA. Lior can be reached at @WaterfallSecure and at our

company website www.waterfall-security.com.

Cyber Defense eMagazineJuly 2021 Edition 74

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

A Case of Identity: A New Approach To User

Authentication Protecting Personal Credentials Remains

The Weakest Link In Data Security.

By Benjamin Kiunisala, Head of Customer Engagement, TrustGrid Pty, Ltd

Protecting identity and personal credentials remain the weak link in data security. As infosec managers

strengthen the wall around enterprise assets and apply new strategies to protect cloud data, individual

users still fall prey to phishing attacks and have their credentials stolen, putting enterprise data at risk.

Identity theft continues to be the primary source of data breaches, and with the new movement toward

work-from-home following the COVID-19 pandemic, it has become more important than ever to secure

individual identity and prevent data from being compromised due to human error. It’s time to rethink user


The number of cyberattacks designed to steal personal identity continues to skyrocket. According to the

U.S. Federal Trade Commission, the number of identity theft cases doubled from 2019 to 2020, with a

spike immediately following the coronavirus lockdown. The new work-from-home business culture makes

Cyber Defense eMagazineJuly 2021 Edition 75

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

identity theft even more attractive since employee credentials can unlock enterprise access as well as

enabling identity theft. As a result, employers are seeing a rise in problems related to stolen credentials.

With the coming of the COVID-19 pandemic, organizations found themselves scrambling to extend

security to work-from-home employees. To promote business continuity and still maintain systems

security, companies realized they had to secure employees’ home networks, laptops, and mobile devices.

At the same time, more than half of workers reported having to find a workaround to security measures

to do their jobs.

The old security strategies are inadequate to support the new remote workforce. What is needed is a

new approach that makes personal security and identity authentication easy, foolproof, and costeffective.

A digital trust ecosystem could be the golden ticket to security. But, organizations must first

learn from the pandemic and adapt to the challenges it presents.

Security Lessons Learned from the Pandemic

Among the emerging trends from the pandemic is the new work-from-home culture. According to Gartner,

82% of corporate leaders plan to make some form of remote work-from-home policy permanent. What

started as a scramble to support a new remote workforce is now an enduring part of the enterprise

landscape. While maintaining firewalls and malware protection is still essential, infosec managers also

must give more attention to securing home offices and validating remote worker credentials.

Authenticating individual employees is an ongoing challenge for the enterprise. While reports of malware

attacks are down, phishing attacks are on the rise with companies reporting an average of 1,185 attacks

per month, with most attacks seeking to acquire user credentials. No matter how resilient a company’s

security measures are, user behavior continues to be a wild card. Any employee can be fooled by a

phishing attack and inadvertently hand their keys to corporate access to a cybercriminal.

Personal identity continues to be the weak link in security. By acquiring the right personal information,

cybercriminals gain unauthorized access to business assets, personal finances, medical records, and

more, or they can use stolen credentials to open fraudulent accounts. Since individual user authentication

is the weak point in security, there must be a better approach to secure identity.

The ideal solution is to create a unique, foolproof personal identifier that stays with the individual. Such

an identifier must be able to authenticate identity without revealing personal information that can be used

for identity theft, such as a social security number or even a mother’s maiden name. Managing these

individual credentials also must create little or no work for infosec while still giving them the means to

control access to enterprise assets.

Cyber Defense eMagazineJuly 2021 Edition 76

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Implementing a digital trust ecosystem based on distributed ledger technology like that used in blockchain

offers the ideal approach.

Creating a Digital Trust Ecosystem

Distributed ledger technology has created new possibilities for managing digital identity. Unlike a

traditional database, distributed ledgers record transactional or record details in multiple locations at the

same time, with each node verifying every item to create a consensus. For identity management, using

distributed ledger allows you to authenticate identity or credentials without exposing the credentials

themselves. The only thing that is revealed is that the distributed ledger system has verified the

information to prove identity.

Using distributed ledger technology, you can create a digital trust ecosystem as a SaaS platform. This

approach can be used by a single organization, such as a company, or it can be established as a

confidential consortium where multiple entities use the same digital identity verification system.

While the underlying technology of a digital trust ecosystem is somewhat complex, the practical approach

is simple:

1. It starts with a trusted attribute authority that validates identity information. It could be a

government agency such as the Department of Motor Vehicles, or it could be a private company.

2. Users who want to participate need to onboard the consortium. That way they stay in control of

who has access to their identity data.

3. During the onboarding process, their identity is verified. The attribute authority validates

individuals using whatever information is necessary, such as a social security number, birth certificate,

or login credentials, and that data is protected using a distributed ledger. The individual is then given a

unique authenticator, such as a QR code.

4. Any organization can opt into the same consortium to authenticate user identity. Since none of

the credentials themselves are exposed, there is no risk of identity theft, and there is no longer any need

to share passwords or login credentials.

The benefit of this approach is the unique identifier follows the user, so the same code can be used for

multiple applications. Anyone who wants to use the system simply downloads a QR reader for their

smartphone. There is no added work for IT or infosec to secure enterprise users, and the same identity

can be extended to partners, suppliers, and other parties without having to set up new credentials each


Cyber Defense eMagazineJuly 2021 Edition 77

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The future of enterprise security needs to focus more on secure identity authentication and less on

protecting assets with passwords and biometrics. By adopting distributed ledger technology,

authentication credentials can be made secure while giving users a digital identity card that is impossible

to counterfeit and can potentially be used everywhere. The potential applications for a digital identity card

go well beyond employee verifications. It can be used for professional certifications, travel authorization,

even for vaccine passports. You can protect personal medical data in the same way you protect

passwords and personal identifiers. The technology is already being used in New South Wales to issue

digital drivers’ licenses and professional trade licenses.

By having security reside with the individual rather than using passwords or access keys, you place the

user in control of authentication while providing infosec managers with the means to authenticate

employees without adding security overhead. That’s a secure and scalable approach for everyone.

About the Author

Benjamin Kiunisala is Head of Customer Engagement at TrustGrid Pty,

Ltd. TrustGrid enables governments and organizations to create

secure digital ecosystems anywhere in the world with sovereign control

of data and maximized citizen privacy. TrustGrid orchestrates multiple

state-of-the-art technologies into a single platform, combining

innovative cryptography, data privacy, confidential computing and

distributed ledger technology into a highly customizable digital

ecosystem platform. Benjamin can be reached online at

benjamink@trustgrid.com and at our company website


Cyber Defense eMagazineJuly 2021 Edition 78

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

A 3-Part Plan for Getting Started with Cybersecurity

By Doug Folsom, President of Cybersecurity and Chief Technology Officer, TRIMEDX

Imagine a hospital has just added a host of MRI scanners and infusion pumps to its network.

Responsibility for the security of the devices is murky: Are clinical engineers the primary caretakers, or do

information technology teams monitor those devices? It’s often unclear, and in the confusion, devices are

left vulnerable. The situation is a cybercriminal’s dream, and it happens more often than expected.

Years ago, the lines on device management were clear: Clinical engineering (CE) monitored medical

equipment while IT managed the network and the corresponding data. However, the increase in the sheer

number of devices connected to the internet has blurred these lines and made it easier for devices to fall

through the cracks.

Not only that, but additional “gray zone” connected devices are often overlooked. If a refrigerator is used

to store COVID-19 vaccines, is it considered a medical device? Such questions have not all been

answered, leaving holes in cybersecurity efforts that criminals are taking advantage of.

Thankfully, having a robust cybersecurity plan can help hospitals prevent threats by assigning ownership

to connected devices, effectively eliminating much of the vulnerability for cybercrime.

Cyber Defense eMagazineJuly 2021 Edition 79

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cybersecurity is not optional

Let’s be clear: Hospital cybercrime is not going away anytime soon. With nearly 70% of medical devices

expected to be network-connected by 2025, hospitals will be more vulnerable than ever, creating a need

for awareness of what they own and who's responsible for it.

While not the prime entry point for a cyberattack, connected devices are an opening for cybercriminals

to exploit. Criminals have recognized the ability to “kidnap” devices, shut down critical hospital operations

and demand a ransom. A recent joint advisory by the Cybersecurity and Infrastructure Security Agency,

the Department of Health and Human Services and the FBI says there’s “credible information of an

increased imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Not only are hospital cyberattacks dangerous for patients, but they’re costly. According to research by

Comparitech, last year alone over 91 US healthcare organizations suffered some type of ransomware

attack, with an estimated cost of nearly $21 billion. The resulting administrative effects of an attack —

canceled appointments, lost records and potential lawsuits — can prove damaging both financially and


Step 1: The framework

The first step toward establishing medical device cybersecurity is to develop an overall idea of what

effective cybersecurity efforts look like. The NIST Cybersecurity Framework Core defines five basic

activities to get there:

Identify: Analyze existing inventory to establish an accurate baseline to work with. Determine whether

security policies and procedures are aligned across CE and IT responsibilities.

Protect: Ensure that physical and remote access to CE assets are protected. Develop a formal

management process for any clinical assets that lasts throughout installation, maintenance, transfers and


Detect: Monitor personnel activity to detect potential cybersecurity threats. Continuously improve

detection processes through monitoring and adjustment.

Respond: Establish a response plan in case of an incident. Implement established criteria for any

incident reports.

Recover: Plan recovery training and testing for CE and IT teams in response to an incident. Consider

hospital reputation in recovery plan development.

The first and most important step toward effective cybersecurity efforts is to ensure that CE and IT teams

are aligned on ownership of devices with a roadmap for shared responsibility.

Step 2: The action plan

After you’ve walked through the framework to develop a sense of where you’re currently at, the next step

is to implement a plan of action. Be sure to empower your core CE team with reliable inventory assets

before it joins the cybersecurity effort. Having a comprehensive assessment of inventory allows both

teams to better identify risks and cross-reference vulnerabilities.

Once teams have been assigned responsibilities, move to other functions to ensure device security.

Prioritize data collection and vulnerability tracking and research, as well as OEM management and

relationships. Monitor patches and address them efficiently. Having an idea of current and potential

device vulnerabilities can best help CE and IT teams spot problems before they become threats.

Cyber Defense eMagazineJuly 2021 Edition 80

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

As threats continue to evolve, it’s important that cybersecurity action plans evolve with them.

Implementing all of these pieces together enables CE and IT teams to reduce, detect and counter threats

before they have a chance to do lasting damage.

Step 3: The execution

With a tailored action plan in place, you’re finally ready to set everything moving. Don’t treat medical

devices like normal workplace devices — they aren’t. A laptop in the office is not the same as a monitor

in the hospital.

OEMs are great resources for helping to address vulnerabilities because they know the devices better

than anyone. Ensure that all patches and remediations are validated by the manufacturer before

implementing them. If unsure of installation procedures, request instructions and updated manuals. The

best way to start is by identifying clinical equipment with critical vulnerabilities for which there are already

OEM-validated patches to install. Be sure to record those efforts in the computerized maintenance

management system (CMMS) inventory.

Consider integrating a network-based medical device monitoring solution as well. These tools help in

streamlining and expanding connected device inventory, and they enable collaboration and transparency

between CE and IT teams.

It’s easy to be shaken by the potential of a cybersecurity threat, especially given what attacks can do to

hospital systems. Luckily, there are solutions available for administrators who are ready to implement

them. By using a framework to get started, a plan of action and effective execution, hospitals have the

ability to help their teams protect against the damage that cyberattacks can cause.

About the Author

Doug Folsom is president of cybersecurity and chief technology

officer for TRIMEDX, an industry-leading, independent clinical

asset management company delivering comprehensive clinical

engineering services, clinical asset informatics and medical device

cybersecurity. Doug has nearly 30 years of information technology

leadership experience. Previously, he held positions at Kohl’s

Department Stores, Sterling Commerce and The Spiegel Group.

He earned his master’s degree in business from Ohio University

and a bachelor’s degree in electrical engineering technology from

DeVry Institute of Technology.

Cyber Defense eMagazineJuly 2021 Edition 81

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

How to Deal with Online Security

Security Considerations for the Post-COVID, Cloud-First World

By Gary Alterson, Vice President Security Solutions, Rackspace Technology

Organizations have always had to think about protection. Locks on the storefront may have done the job

back in the day, but as interactions become more digital, organizations face an increasingly elaborate

threat landscape. The constant cycle of change, reaction and evolution is like an arms race between

defenders and adversaries.

A decade ago, we were talking about firewalls and how to protect networks. Today, the focus is on how

to protect companies as they move to cloud native environments, tinker with low-code/no-code

development and exploit data with AI and machine learning. The new technology landscape means

preparing for new cybersecurity realities. As organizations forge into adopting cloud native environments,

there are four areas that require significant focus.

Cyber Defense eMagazineJuly 2021 Edition 82

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

1. Endpoint and user protection

Despite having the best intentions, the biggest security vulnerability in any organization is your

own people. Even with cybersecurity training, employees make mistakes and it only takes one

mistake to create a catastrophe.

Train your people to be a little bit more paranoid. Users should be on high alert for suspicious

emails, social engineering attempts and other low-tech intrusion tactics. Establishing visibility via

sophisticated endpoint security monitoring and management tools adds an extra layer of

protection to detect and respond to intrusions. Basic endpoint security diligence can no longer be

achieved via basic anti-virus.

2. Zero Trust

As you provide access to your systems, it’s critical that you ensure that the person on the endpoint

and the endpoint itself are trustworthy. Even after authenticated into the network, users should

only be able to access what they need to complete their job — so that access to the most sensitive

data is limited. That's the basis of Zero Trust security: don’t extend full trust to anyone or anything.

Multi-factor authentication helps to further confirm an authorized device is used by an authorized

individual. With so many workers using BYOD and working off of the corporate network,

authentication should also validate the trustworthiness of the device itself by, for example, testing

for patching or up-to-date security software.

To limit the impact of a potential incident, be sure to implement layers — like segmentation,

intrusion prevention and host-based protection — to help provide defense-in-depth security. With

overlapping layers, if one fails, there’s another layer of protection.

3. System hygiene

Many of the security breaches we hear about in the news could have easily been avoided. Why?

Because they hadn’t installed the latest security patches. The result is usually weeks of cleanup,

significant financial impact and the possibility of significant business disruption.

Hygiene is just as important in your cloud environment. Unlike physical systems, cloud hygiene

embraces automation. Instead of patching, you'd bring up new images and take down old images

and VMs, but it's the same basic hygiene principles. As you start using serverless and functions

to build applications, make sure that you're taking care of basic security hygiene within your code.

Cyber Defense eMagazineJuly 2021 Edition 83

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

4. Security automation

Security threats can happen in seconds, so AI and machine learning are becoming indispensable

in quickly identifying and acting on anomalies. Behavioral analytics monitors the behaviors of

objects in the cloud, network devices or users to see potential threats. Having that computerbased

eye lets you detect and respond to incidents before they turn into attacks.

Instead of waiting for someone to manually respond to an alert, automated tools can be set to

detect atypical behavior, determine whether it's malicious and respond to it based on your

predetermined parameters. Automation enables the system to see when activity looks odd and

flag it or automatically block access altogether.

Security hasn’t changed, but the tools and threats have evolved. Focusing on these four areas, in addition

to manning security basics, is the foundation of a modern cybersecurity strategy.

About the Author

Gary Alterson is VP of Security Solutions at Rackspace. In this role

he acts as GM for Rackspace’s security solutions focused on

supporting digital transformations and cloud acceleration.

Previously, Gary led Customer Experience and Services Product

Management at Cisco Systems where he built professional,

managed, and support services addressing cloud security and

advanced threats. At Cisco and at Neohapsis, a nationally

recognized cybersecurity boutique consultancy, Gary and his teams

were instrumental in transforming enterprise and government

security programs to effectively address shifting business models,

emerging technologies, and the evolving threat environment.

As a previous CISO and security architect, Gary has over 20 years

experience on the front lines of security, protecting and responding

to threats across multiple industries. Gary is often sought out to speak

on secure digitization, cloud, and emerging technology security frameworks as well as enterprise security.

Cyber Defense eMagazineJuly 2021 Edition 84

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The Risks of The Vulnerable Iot Devices

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt

Internet of Things (IoT) is a trending topic that has been made headlines from the last decade and causing

enormous constraints for home users and companies from the security point of view. The damage caused

by vulnerabilities in IoT devices is tremendous and allows cybercriminals to get access and take control

of them remotely in attacks that can be exploited to gain access to the internal networks.

In addition, these kinds of vulnerabilities provide cybercriminals with a baseline to bypass firewalls, gain

access to private networks and also steal sensitive and critical information as it travels across connected

device environments. In this sense, the risk associated with these compromised devices also allows

cyberattacks to spread to other networked systems, proliferating internally, maintaining persistence for

large months and even years because of the detection and monitorization of anomalous activity on these

devices is still a big challenge.

The Big Picture

The number, and type of vulnerabilities are from lack of device management to critical flaws on hardware

or software. In a recent article, it’s possible to learn about a vulnerability tracked as CVE-2021-31251 –

a vulnerability on the telnet protocol – that can be explored to get a remote privileged session, which can

be abused to take control of the device and used as an initial entry point to access the internal networks.

Cyber Defense eMagazineJuly 2021 Edition 85

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

There is no perfect formula to resolve this problem, as part of IoT devices are vulnerable to a wide range

of flaws due to the limited computational abilities and hardware limitations. Device vulnerabilities allow

cybercriminals to use them as a foothold for their attacks, which reinforces the importance of security

from the design phase. Some of those vulnerabilities can be enumerated as presented below.

Lack of a Secure Update Mechanism

“Lack of ability to securely update the device. This includes lack of firmware validation on the device, lack

of secure delivery (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of

security changes due to updates.”

From this point, it’s necessary to consider how these updates will take place and how to make them more

secure. For example, when designing a device like a smartwatch or a sensor, it’s necessary to consider

building an update mechanism for timely updates.

Lack of Device Management

“Lack of security support on devices deployed in production, including asset management, update

management, secure decommissioning, systems monitoring, and response capabilities.”

One of IoT’s most significant safety risks and challenges is managing all of our devices and closing the

perimeter. In order to fight that, the scanning and profiling of devices allow IT security teams to have

visibility of their networked IoT devices, their risks, behavior, and so on.

Cyber Defense eMagazineJuly 2021 Edition 86

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Insecure Data Transfer and Storage

“Lack of encryption or access control of sensitive data anywhere within the ecosystem, including at rest,

in transit, or during processing.”

The network and communication layers play a central role in all IoT applications and implementations,

facilitating sharing information between different layers and generating value through real-time interaction

between IoT devices. The usage of a certificate authority that certifies the complete validation of the

certified party’s identity shall issue each digital certificate and is seen as a good candidate to mitigate this

problem. On the other side, data tokenization can protect sensitive encrypted data that only authorized

devices can decode.

Weak, Guessable, or Default Passwords

“Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in

firmware or client software that grants unauthorized access to deployed systems.”

A common and pervasive vulnerability in IoT systems today stems from weak or unchanged default

passwords. Poor management of device credentials places IoT devices at greater risk of becoming

targets of a brute force attack.

Insecure Network Services

“Unnecessary or unsafe network services that run on the devices, particularly those that are exposed to

the internet, jeopardize the availability of confidentiality, integrity / authenticity of information, and open

the risk of unauthorized remote control of IoT devices.”

IoT devices are today integrated into the network infrastructure and can transmit, retrieve, and interpret

data from linked smart devices, such as smoke alarms, proximity sensors, or optical devices. The

system’s communication mechanisms will vary but may include network protocols ranging from BLE and

ZigBee to WiFi, cellular data, and Ethernet. System administrators must scan and close unneeded open

ports and services which exchange information on their networks as a security measure.

Insufficient Privacy Protection

“User’s personal information stored on the device or in the ecosystem that is used insecurely, improperly,

or without permission.”

When individuals request personal data deletion, the provider must ensure that all third parties delete the


Insecure Settings by Default

“Devices or systems shipped with insecure default settings or lack the ability to make the system more

secure by restricting operators from modifying configurations.”

Cyber Defense eMagazineJuly 2021 Edition 87

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Device onboard occurs when a new device is added to the restricted IoT ecosystem. Eavesdropping may

take place during the onboard step of a new device where the hacker can intercept secret keys that are

used to establish communications within a constrained network.

Final Thoughts

The potential for unpredictable cascading effects of vulnerabilities and poor security in the IoT greatly

affects the overall security of the Internet. Ensuring that these devices are secure is the shared

responsibility of its stakeholders. For example, manufacturers need to address known vulnerabilities in

succeeding products, release patches for existing ones, and report the end of support for older products.

As a general security measure, it’s strongly recommended to protect network access to devices with

appropriate mechanisms, and in some cases, isolate them to make difficult their exploration and doing it

a time-consuming task from the cybercriminals’ point of view.

At last but not least, let’s take IoT security seriously because this field has been used massively by

cybercriminals to compromise organizations and their networks turning this into a big and real threat in


About the Author

Pedro Tavares is a cybersecurity professional and a

founding member of CSIRT.UBI and Editor-in-Chief of


In recent years he has invested in the field of information

security, exploring and analyzing a wide range of topics,

malware, ethical hacking (OSCP-certified), cybersecurity,

IoT and security in computer networks. He is also a

Freelance Writer.

Segurança Informática blog: www.seguranca-informatica.pt





Contact me: ptavares@seguranca-informatica.pt

Cyber Defense eMagazineJuly 2021 Edition 88

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Three Steps to Building Email Cyber Resilience

By Toni Buhrke, Director of Sales Engineering, Mimecast

In yet another “nobody saw this one coming” moment, the HAFNIUM MS Exchange hack sent a warning

shot to global enterprises to better protect fragile corporate email systems. The hack exploited four

software vulnerabilities in Exchange on-premises services, allowing a state-sponsored threat actor to

gain access to corporate email networks. While Microsoft issued patching, the breach quickly escalated

from affecting a handful of companies to compromising more than 250,000 organizations worldwide.

This breach demonstrated the fragility of corporate email systems, which have never been under more

pressure than in today’s pandemic-driven “digital workplace.” According to Statista, in 2020

approximately 306 billion e-mails were sent and received every day worldwide. For enterprises, any

disruption of this vital communications infrastructure from outages of malicious traffic can be immensely


While organizations should continue to mitigate their security risks by immediately installing the latest

patches, they should take their security a step further by implementing an email resilience strategy that

addresses three key areas of weakness: data risk mitigation, recoverability and continuity.

Cyber Defense eMagazineJuly 2021 Edition 89

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Data Housekeeping

Today’s organizations simply hold on to too much data. There are good intentions behind this − ranging

from compliance regulations to e-discovery. But having all this data sitting in employee email accounts

holds significant risk. The more data (especially transactional data) a company holds, the greater a target

it becomes for hackers. Think about how much of this data could be exposed by the HAFNIUM attack,

and the problem becomes clear. When sensitive customer data, confidential company information,

personal data, etc., are left out in the open in common Exchange environments, it’s up for grabs for

hackers to possibly exploit.

The solution is to make sure your organization is regularly moving data out of production, a sort of

“housekeeping.” If email data is regularly and securely archived, it is removed from the production email

environment and becomes much more difficult for hackers to access. It can always be retrieved if needed

– but there’s no reason to leave it out in the open, all the time, where the threat actors can potentially get


Ensure Emails are Easily Recovered

In many organizations, employee email inboxes are like full-fledged file systems holding organizational

history, records, transactions and projects to help employees make intelligent business decisions. It’s

inevitable an organization will lose some of this data, whether from human error, system outages,

cyberattacks, natural disasters or other events.

Restoring lost emails when one of these events occurs is critical to limiting data loss, mitigating business

damage and minimizing interruptions to productivity. IT and security teams should look for data recovery

solutions that are tailored to their email solution. A good data recovery solution will automatically sync

and archive not only email, but also contacts, calendars and personal folders, and be able to provide fast

and streamlined mail recovery after a disaster.

Have an Email Continuity Plan

Continuity is the last and most critical step in building a comprehensive email resilience strategy.

Companies need to have a backup system in place in case their primary email solution goes down. This

enables email to continue flowing while issues with the primary system are resolved.

Even IT departments with the best intentions can’t always install patches immediately and typically will

wait until a maintenance window to do so. This is why an email continuity solution is essential. It provides

flexibility, so IT teams can patch, investigate and respond to disruptions while keeping the flow of email

going with a contingency solution. This ensures a company’s email system doesn’t go offline, which in

turn keeps the digital workplace functioning full steam, even in the event of a production-system outage.

Cyber Defense eMagazineJuly 2021 Edition 90

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Plan Ahead and Avoid Disaster

The HAFNIUM attack makes it clear that enterprise IT teams need to create a comprehensive email cyber

resilience strategy. This is even more important today, with threat actors trying to take advantage of the

unsettled remote-work environment – Mimecast’s “Year of Social Distancing” report revealed a 48%

increase in threat volume from March 2020 – February 2021 over the previous year, and “The State of

Email Security” report states that 70% of organizations believe their business will be harmed by email

attacks in 2021.

This research confirms that with the new digital workplace, immediate technical mitigation work should

be a priority if organizations want to limit their risk to malicious attacks. Taking the three steps to email

resilience is a fast and efficient way to protect not only against the next HAFNIUM, but also all of the

smaller issues that inevitably arise during the course of business.

About the Author

Toni Buhrke is a Director of Sales Engineering at Mimecast with

more than 20 years of experience in the cybersecurity industry.

Together, Toni and her team are responsible for designing

customized email security solutions for Named and Enterprise

customers in the Eastern region of the U.S. Prior to joining

Mimecast, she was a Global Director of Systems Engineering at

Forescout Technologies. During her 12-year tenure there she led

various systems engineering teams focused on helping commercial

and public sector organizations and channel partners architect and

deploy security solutions to protect complex networking

environments. Throughout her career, Toni’s focus has always been

on bridging the gap between technology and her customers. She has

a Master of Business Administration (MBA) and is a Certified Information Systems Security Professional

(CISSP). Toni is also very active in Women in Technology initiatives throughout the industry. Learn more

about Toni on LinkedIn, and learn more about Mimecast at https://www.mimecast.com/.

Cyber Defense eMagazineJuly 2021 Edition 91

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Guided-Saas NDR: Redefining A Solution So SOC/IR

Teams Aren’t Fighting Adversaries Alone, Distracted and

In The Dark

By Fayyaz Rajpari, Sr. Director of Product Management, Gigamon

The time has come for SaaS-based security offerings to evolve. While the concepts of SaaS date back

to 1961 as MIT introduced the use of terminals connected to mainframes, the SaaS concept we know

today is largely attributed to Salesforce’s launch in 1999. Starting in the late 2000s cyber-security vendors

started to offer email and web security gateway solutions through a SaaS delivery model, removing the

complexities of on-premises hardware and software deployment and maintenance while providing a

uniform security policy across the enterprise. Cloud-native architectures, continuous

development/deployment and the ability to apply elastic computing to cloud-based analytics have

propelled innovation to cyber-security products that can’t be achieved by on-premises solutions.

Now, ten-plus years later, SaaS-based security offerings need to be re-imagined. By examining the

Network Detection and Response (NDR) market we can see SaaS-based security must evolve. SOC/IR

teams are rapidly adopting NDRs because of the visibility gaps left by SIEMs and EDRs to identify the

presence of adversaries in their network.

Cyber Defense eMagazineJuly 2021 Edition 92

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

NDR technology is built on three principal tenets to provide SOC/IR teams:

Visibility to and metadata retention of corporate network traffic across cloud and core networks;

Advanced detection techniques designed to identify presence of adversaries inside the

organization; and

Capabilities to triage, threat hunt, and investigate activity to understand the adversaries’ activities

and formulate comprehensive response plans.

These fall into the category of three steps forward, but NDR technology can force SOC/IR teams to take

three steps back if we don’t redefine how SaaS-NDR solutions are delivered.

Guided-SaaS Step 1: No longer… In The Dark

Sixty-nine percent of IT and security practitioners cite network visibility as the top reason for SOC

ineffectiveness. As packets are tamper-proof (unlike EDR logs), NDRs provide network context to

confidently triage, hunt, and investigate threats effectively. But NDRs don’t magically provide

comprehensive visibility. While traditional SaaS-based NDR vendors might work to ensure optimal

visibility at the time of deployment, the responsibility falls on the customer’s security teams to make sure

the NDR sensors are functioning properly and that the right mirrored traffic is getting to the NDR as

networks dynamically change. That’s easier said than done in today’s complex hybrid-world and it doesn’t

take long before blind spots popup and the SOC/IR team are left in the dark. A Guided-SaaS NDR

delivery model recognizes the importance of including expert lead routine visibility and health checks,

where the vendor’s specialists assist to optimize visibility and ensure the NDR sensors are healthy.

Guided-SaaS Step 2: No longer… Distracted.

Perhaps the most alarming statistic is that 84% of IT and security practitioners also reported that the

“Minimization of false positives” as the most important SOC activity. While NDRs provide anomaly-based

machine learning detection techniques, they come at a very expensive cost. Most NDRs require an initial

4 weeks of laborious efforts by security analysts to ‘train’ the technology on what is benign and malicious

with the end goal of at best ‘reducing’ false positives if done properly. Oh, and then security analysts

have to come back and routinely retrain the solution. In other words, the NDR vendor is putting the burden

on the customer, distracting them from their focus of identifying and responding to adversaries. That is

a crime.

Cloud-native NDRs afford us a different approach. With machine learning, behavioral analysis, and threat

intel-based detection engines working in the vendor’s cloud, Guided-SaaS NDR vendors can perform the

QA and training of their detection engines for their customers, producing high true-positive findings and

removing tedious distractions from the SOC/IR team.

Guided-SaaS Step 3: No longer… Alone.

It’s no secret to anyone with experience in day-to-day SOC activities that the job is intense with 70% of

SOC analysts reporting burnout due to the high-pressure environment. Not only is it a race to respond

before adversaries carry out their mission, but it's daunting to face the challenge without external

support… effectively going it alone. It is here where redefining SaaS can provide a unique benefit to

customers. One of the adjacent advances linked to SaaS offerings is software vendors embracing

Cyber Defense eMagazineJuly 2021 Edition 93

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Customer Success, the mechanism of engaging with customers to understand their needs and drive

value from the solution.

Guided-SaaS NDR takes this concept to the next level. Guided-SaaS staffs their customer success teams

with field-tested security analysts and incident responders who understand the pressures their customers

face sitting in the defender’s hot-seat. This empathy allows for better initial and ongoing enablement on

the product, increasing product proficiency and value. As trusted advisors, these Guided-SaaS security

experts also can pass along best practices for triage, hunting and investigations, resulting in stronger

skills for the customer’s security teams.

Perhaps the most valuable and unique benefit is that when a customer is actively investigating an

incident, they have access to experienced Guided-SaaS analysts and responders to ask for guidance

and knowledge of the threat and how best to triage and investigate. During these high-pressure incidents,

having access to expertise and thus gaining confidence you are taking the right steps to respond

alleviates pressure and allows for faster and more comprehensive response actions.

A Call for Vendors to Do Better

Simply put, vendors must have empathy for the challenges facing SOC/IR teams and transition from

delivering products that place a burden on the customer to delivering a comprehensive offering that frees

security professionals to remain focused, ensure optimum visibility, and have access to expertise in the

dismantling of adversaries. The Guided-SaaS model redefines and evolves how vendors should deliver

security solutions to ensure technological advances such as enabling extensive visibility, machine

learning adversary detection, and speedy triage, hunting, and investigation result is three steps forward

without taking three steps back.

About the Author

Fayyaz Rajpari is the Sr. Director of Product Management of

ThreatINSIGHT Guided-SaaS NDR at Gigamon, where he leads

the firm’s security products. Fayyaz’s expertise includes serving

as a lead incident responder for a large insurance provider

before transitioning to bringing his expertise to driving products

for FireEye, Mandiant, and Recorded Future.

Fayyaz can be reached online at fayyaz.rajpari@gigamon.com

or at http://www.gigamon.com

Cyber Defense eMagazineJuly 2021 Edition 94

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Hardware Trojan Detection

By Sylvain Guilley, General Manager and CTO at Secure-IC

Hardware Trojan attacks have become more concerning in recent years due to a series of serious events

in the electronics industry supply chain around the world because of them, such as data theft and

backdoor insertions. These attacks are based on the concealment and subsequent exploitation of

malicious hardware in integrated circuits and thus have been nicknamed “Trojan Horses”. These

malicious attacks can have several purposes such as sabotaging the infrastructures used by the circuits

or eavesdropping on confidential communications.

The ability to detect and deal with Trojan Horses has become vital for organizations charged with

protecting key infrastructure, government and assets. On a business level, today’s applications can be

critical and security is paramount in many industries such as automotive or avionics; it is important to

screen and check unreliable chips.

A Trojan Horse is often defined as malware disguised as legitimate software. Nowadays, we are talking

about Hardware Trojan Horses that have proven to be very dangerous and have the ability to maliciously

modify integrated chips.

Classification of Trojans and the means to detect them

There are many types of Trojans, and they can be inserted pretty much everywhere in the microchip.

This is what makes them so difficult to locate, as one could well be located in the chip’s processor while

another crouches in the chip’s power supply.

The stealthiest Hardware Trojans are virtually undetectable because they do not appear in the bill of

materials (BoM). They are implanted in the chip itself and therefore must be investigated at the silicon-

Cyber Defense eMagazineJuly 2021 Edition 95

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

level to be detected. This creates a “needle in a haystack” situation when trying to flush a purported

Trojan out.

Trojans can also be implanted at different phases, from the specification phase to the assembly and

packaging phase. They may also have different purposes once they are integrated. Some Trojans will

want to change the functionality of a chip, while others will prefer to degrade performance or completely

deny the service offered by the chip; still others may leak information.

A Hardware Trojan Horse has different types of activation mechanisms which makes them hard to detect

red handed.

Hardware Trojan detection can almost be considered a type of reverse engineering for ”evidence of

infection” purposes. While evaluating the system, the evaluator would look for abnormal behavior that

might harm the functioning of the circuit. In order to be able to detect Hardware Trojans, one must have

the appropriate skills and tools.

To this end, two initial techniques have been put forward:

• Deploying destructive reverse engineering schemes. The main drawback of this technique is that

it can be very expensive and cannot guarantee the absence of Trojans in untested devices.

• Using a VLSI testing scheme. The main drawback for this is that it is not very effective as the

trigger condition is rarely satisfied, all the more for sequential Trojans as they need a sequence

of vectors to be triggered.

Based on these two techniques and their drawbacks, a number of other solutions have been


The reactive way of dealing with Hardware Trojans

One of the ways to find and deal with a Hardware Trojan is to first be aware of its presence in the system

and then take action accordingly.

Analog Detection

There are many methods that can be used in a reactive way, such as reactive analog detection. Analog

detection aims to detect abnormal behavior of the system in the pre- and post-silicon stages. This method

can be static meaning detecting visible malicious components that are hidden on a printed circuit board

(PCB), or in cable packaging but it can be very limited if the Trojan is hidden inside the system; this is

where a dynamic method can be leveraged by observing the electromagnetic activity of the system. The

dynamic method aims to detect unexpected electromagnetic activity and compare it with a golden method

(a trusted asset with no Trojan).

Hardware Assertions

Another method consists in hardware assertions. Some Hardware Trojans are actually a combination of

hardware and software vulnerabilities that, when combined, allow the system to be exploited. The

hardware assertion method entails identifying some high-level and critical behavioral invariants and

checking them while the circuit is running. With many Hardware Trojans, the attacker will attempt to

modify the behavior or violate the property of the target circuit. Therefore, there is a necessity to check

Cyber Defense eMagazineJuly 2021 Edition 96

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

the properties (user mode, memory access conditions, rules, instructions) of the asset with a hardware

module. A single change in these properties betrays the hardware Trojan.


Sensors can be used to prevent an attacker from performing active attacks where he attempts to disturb

the normal behavior of the system. When the hardware Trojan is triggered, the system begins to behave

abnormally, the power supply may decrease drastically and the clock system may be damaged in order

to stress the system to the point where it cannot perform sensitive operations properly. Sensors are then

triggered when noticing such events.

A variety of methods exists to find and deal with Hardware Trojans. While these methods have been

proven to be effective in detecting hardware Trojans when they are known to be present in the system,

the need to be able to proactively search and deal with Trojans has rapidly arisen.

The proactive way of dealing with Hardware Trojans

While there is a reactive way of finding Hardware Trojan in a system, there is a constant need for

additional trust. This is why new methods have begun to develop in the security sphere, a way of having

in-depth protection in a more proactive approach.

Indeed, since most hardware Trojans detection occur when malicious hardware in the system are already

known, these new proactive methods are particularly effective in preventing Hardware Trojans in a

proactive way. This means that the system is equipped with tools that can help it fend off incoming


Machine Learning

One of these successful proactive methods is clearly Machine Learning. Indeed, the use of computer

systems that are able to learn and adapt without following explicit instructions will be key in the future for

many topics, including hardware Trojan detection and protection. As each Trojan is different, it may be

difficult to define a method applicable for each case. Machine learning can generate diverse complex

models and make decisions based on those models. In addition, machine learning is also key in

understanding hardware Trojans, as they are relatively new and machine learning will help aggregate

data to help us better understand them. There are two ways to implement Machine Learning: the first is

supervised learning, where evaluators inject known samples of Hardware Trojan into the system and

determine how to detect them properly and machine learning enriches its database with those samples;

the second way is unsupervised learning, where the characteristics of the Trojan are not known and

machine learning has to detect it on its own by evaluating the parameters and the system’s behavior.

The latter will help detect new types of Trojans as it is less limited than the former.

While it is a reactive approach to have a hardware Trojan monitoring hardware IP in a chip for active

detection of malicious processes on the chip during its runtime, it is often achieved with a higher cost of

Chip out from

JTAG testing

Begin HT

detection process

EM signature

capture of target


ML or statistical

analysis for


Detection output



Next step

Cyber Defense eMagazineJuly 2021 Edition 97

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

inspection and additional computation which may not be desirable by many. Therefore, a proactive

measure may be to include the Hardware Trojan analysis in the device testing flow. An example is shown

in the following figure:

Fig. Testing flow for Hardware Trojans for a chip lot

Cyber Escort Unit

Another method is to protect the CPU directly by mitigating vulnerabilities and attacks on code execution

or integrity induced by software code bugs, malicious activity or sought-after performances neglecting

security. These types of attacks have the particularity of engaging both software and hardware placing

the protection layer in the hardware layer that protects both. By following the program execution step by

step, we are able to detect any unexpected behavior of the CPU, it is not dedicated to a specific attack

or Trojan type, so irrespective how the Trojan is triggered, by either Hardware or Software means, and

whatever its payload, any alteration in code execution or code integrity can be detected.

The Encoded Circuit Method

The “encoded circuit” method is based on the observation that all integrated circuits are composed of two

distinct parts: the combinational and sequential part. The sequential part includes the data and control

registers which are easier to recognize on the IC layout because of their size. It is easier for an attacker

to connect the Trojan to the sequential part; therefore, this method aims at encoding and masking all

sequential registers with a Linear Boolean Code.


As hardware Trojans continue to be developed for nefarious purposes, it is our duty to protect devices

from these new threats. While proactive methods are emphasized, it is important to note that reactive

methods are still viable and should not be disregarded. With so many types of Trojans and so many ways

to attack systems, companies should use all the tools at their disposal to fight potential threats to their


If you would like to include Hardware Trojan protections in your security plan to protect your systems

from potential attacks, you can ask for our help.

Cyber Defense eMagazineJuly 2021 Edition 98

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

My Name is Sylvain Guilley. I am General Manager & CTO at Secure-

IC, French company offering cybersecurity solutions for embedded


I am also professor at TELECOM-Paris, research associate at École

Normale Supérieure (ENS, Paris), and adjunct professor at the

Chinese Academy of Sciences (CAS, Beijing).

My research interests are trusted computing, cyber-physical security,

secure prototyping in FPGA & ASIC, and formal/mathematical


I am lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions),

ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography).

Associate editor of the Springer Journal of Cryptography Engineering (JCEN), I have co-authored 250+

research papers & filed 40+ invention patents.

Sylvain Guilley can be reached at contact@secure-ic.com and at our company website www.secureic.com

Cyber Defense eMagazineJuly 2021 Edition 99

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

StayHackFree – Your Kid’s Sports Team

Your Kids Sports team is better managed than your Cyber Team.

By James Gorman, CISO, Authx

Your Kid's Hockey team has better management than your Cyber Security team. Really, I am not kidding.

How do I know? Let's start with - your kid's team has a coach, a plan, a practice schedule, and goals.

Can you honestly say that about your Cyber Security team?

Your kid's hockey team has a coach - who has some level of competency - in USA Hockey - they have

to be at a certain level; for most, it is a level 3 that makes sure you have a base knowledge and

understanding of the rule. In most organizations, there is not a specific person designated to be the

"coach" of the incident response team, or is there a clearly defined person that will quarterback the

incident response team? Is your lead technologist also the Incident Response Manager? Is that the right

mix of responsibilities? There is nothing worse in the thick of an incident than not knowing who is in

charge or who has the authority to make the difficult calls. Also, most of the kids I used to coach had

Cyber Defense eMagazineJuly 2021 Edition 100

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

outside coaches - to help them improve the basics. So you need to have designated roles and

responsibilities, an experienced coach, and outside trainers to reach the management level of your kid's

hockey team. Outside and ongoing training and a culture of learning are critical to growing Cyberteams.

How is your team stacking up so far?

Your kid's hockey team has a game plan - or a playbook. They know where they are supposed to line

up and what the objective depending on the game circumstance. If there is no formal plan, as is the case

in most organizations or worse - on a shelf, file server, or website, no one has looked at it since. A

contractor wrote it for an audit that happened so long ago; the person or consultant who wrote it is on

their 3rd job since the audit ended. Without a plan, when the time comes to respond, there is chaos.

People with no direction lead to wasted valuable time and not minimizing or eliminating the impact of an

incident and it’s cost to your business. A viable plan is critical to the timely execution of your cyber


All kid's teams have a practice schedule. If your kid's team said - nope, no practices, just games, you

would expect to lose every time to teams that practice. Your Cyberteam needs to have a regularly

scheduled practice. At a minimum, you need to exercise the incident plan with a "tabletop" simulation at

least once a month. The boilerplate template you used for your Incident Management Plan likely calls

for an annual test of the plan. In today's rapidly changing IT environment, you should exercise the plan

and update it with lessons learned every month. The Cyber Hackers are out there, and every day they

are knocking at your doors. What happens at the outset of an ongoing attack will mitigate the lasting

effects. If you stumble or fumble initially, you beg for lasting consequences and maybe even front-page

news. Just ask the teams at some of the recent highly publicized hacks.

All kid's teams have goals. When I was coaching kids' teams, I would have three goals for a game.

Usually, situational goals had to do with scoring first or not taking any penalties, winning 51%+ of faceoffs,

with the over-arching aspiration being the main "goal" - having fun. For your Cyberteam, your overarching

goal should be to StayHackFree - remember, it is not a goal - it is an aspiration. Each month you should

have or situational goals for your team. For example, one month could be improving the amount of

Endpoint Protection deployed. Another week it could be who can find the error in the incident response

plan. Consistently looking for ways to strengthen your threat posture or reduce your organization's attack

surface is the point of the situational goals. It would be best to have situational and over-arching goals,

but goals need to be tangible, measurable, and specific.

So, to sum up. Use the model of your kid's sports teams to improve your cyber defense posture vastly.

There is no reason not to have a point person or coach lead your incident response team. You must

have a plan and know where to start before an incident happens. Frequent practice sessions and tabletop

exercises with lessons learned are a must. Setting situational goals to improve your defense posture is

critical to being prepared for all comers. Get a coach, get a plan, practice the plan, and have goals to


Cyber Defense eMagazineJuly 2021 Edition 101

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

James Gorman CISO, Authx ,James is a solutions-driven,

results-focused technologist and entrepreneur with experience

securing, designing, building, deploying and maintaining largescale,

mission-critical applications and networks. Over the last

15 years he has lead teams through multiple NIST, ISO, PCI,

and HITRUST compliance audits. As a consultant, he has helped

multiple companies formulate their strategy for compliance and

infrastructure scalability. His previous leadership roles include

CISO, VP of Network Operations & Engineering, CTO, VP of

Operations, Founder & Principal Consultant, Vice President and

CEO at companies such as GE, Epoch Internet, NETtel, Cable

and Wireless, SecureNet, and Transaction Network Services.

James can be reached online at (james@authx.com, https://www.linkedin.com/in/jamesgorman/ ) and

at our company website https://authx.com

Cyber Defense eMagazineJuly 2021 Edition 102

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Tips for Avoiding Online Scams During COVID-19

Follow these best practices and stay vigilant to significantly reduce risk for your organization

By Cindy Murphy, President, Tetra Defense

Organizations have made significant changes in light of COVID-19, oftentimes favoring health and safety

over profit. Cab services urge people to stay home. Restaurants offer no-contact deliveries. Perfume

companies have shifted to making hand sanitizer, and vehicle manufacturers are now making ventilators.

While many businesses are working hard to fight the hardships COVID-19 has brought about, other

malicious organizations are working to do just the opposite.

Since the pandemic took hold of America, there has been a substantial increase in the number of

cyberattack attempts. Phishing emails are virtually all COVID-19-themed, social engineering involves

concepts of sickness and health, and ransomware operations are attacking some of the organizations

that we rely on most: essential businesses. While these scams are nothing new, the way they are

presented, deployed, and the consequences they have are constantly changing in the COVID-19 era. To

stay protected, either in person working at an essential business, working from home, or simply staying

sane in quarantine using the Internet on personal devices, keep cybersecurity front-of-mind.

Cyber Defense eMagazineJuly 2021 Edition 103

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Major Online Scams

The practice of crafting manipulative messages to elicit a specific behavior is considered to be “social

engineering.” This is an abstract concept considering it casts the widest net, but it is a practice that nearly

all scams and attacks, either in reality or in the cyber world, rely on. No matter how robust, up-to-date, or

complicated your technology is to hack into, social engineering preys on the human behind the devices.

Since the ‘90s, when the term was coined in this context, threat actors have found it’s easier to trick a

person to give information or access than it is to trick a computer. Even for professional vulnerability

testing, social engineering is implemented to see how robust security is when faced with someone who

simply says all the right things to gain unauthorized access.

Rather than a one-size-fits-all message, social engineering includes specific headlines, unique situations,

and emotional manipulation to convince a victim to divulge information. Messages may range from the

email from the “prince in Nigeria who needs your help,” to hyper-specific phone calls or even personalized

texts that “want to confirm your banking credentials.” Social engineering attacks are always more

successful the more information the threat actor has at the start. In the COVID-19 era, being able to

assume that people are home, they are awaiting aid from a stimulus package, or they are collaborating

with their managers and directors from a distance is enough information to deploy a successful,

manipulative message.

Cyber Defense eMagazineJuly 2021 Edition 104

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Phishing Example 1

Phishing refers to messages deployed via email, and this is the most popular channel in this context. For

threat actors, email is an attractive option since it is most likely already connected to an essential device

like a personal computer or smartphone, and it is most likely connected to the public Internet or an

organization’s internal network. Since phishing attempts are now socially engineered to appear as though

they are from credible health sources, the World Health Organization has published guidelines to protect

potential victims.

An acronym to become familiar with is BEC, or Business Email Compromise, the act of gaining

unauthorized access to a business email account. It’s often achieved through the practice of perfectly

impersonating trusted sources, usually via email. This allows threat actors to disguise themselves as a

director, a CISO, or even a trusted colleague that is simply asking for information or suggesting you

download their file. This is one of the most deceptive practices considering the innate trust that we place

with correct email addresses. Without proper password protection, it’s important to consider that the

person behind the address is no longer who you expect.

Staying Vigilant During COVID-19

Threat actors have an impressive toolkit that includes social engineering and impersonation techniques

to harvest sensitive data, and this has been the case for decades. In light of COVID-19, the consequences

of these attacks can prove to be especially devastating. When few businesses are operating at full capacity, and when

healthcare organizations are quickly becoming overwhelmed, an attack can not only cause disruption, it could risk lives.

In uncertain times, the last thing anyone wants to worry about is a threat actor gaining unauthorized

access to valuable data and resources. Malicious organizations have already proven they have no ethical

boundaries — they have targeted critical infrastructure like HHS to take advantage of the situation that

COVID-19 has presented. Here are our tips for maintaining cybersecurity from home in this unique time:

1. Practice “Zero Trust”

As a best practice, maintaining a healthy level of suspicion is the strongest defense against social

engineering. Threat actors are reliant on the naivety of users to grant them access and will present any

number of stories or situations to exploit potential victims. Data manipulation tactics include offering a

sweet return on an investment (i.e., the Nigerian prince will offer you endless riches), pose as people you

may innately want to help or donate to, or even threaten you from the account of someone with authority.

2. Ensure Links are Secure

In many phishing attempts, there are malicious websites that either perfectly clone trusted sources or

appear to be legitimate. These websites, however, often deploy malware at the first click. To ensure you

are visiting trusted web sources, hover over a link before clicking. This will provide, in plain text, the URL

the link will take you to. While you’re there, be sure to be cognizant of other security measures that your

web browser will look out for.

Cyber Defense eMagazineJuly 2021 Edition 105

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

3. Employ Multi-Factor Authentication

If a threat actor has your password credentials, or you suspect to have given information to a malicious

source, Multi-Factor Authentication is a great backstop. If a password is entered, access will not be

granted until a second device can confirm the request, usually through a code or prompt on a smartphone.

This is a simple tool that is often available via major email providers and Internet-based accounts, and it

can deter a threat actor from accessing your information.

4. Use Robust Passwords

While “password1,” or “123456,” are easy enough to remember, the pain of losing access to your

accounts is far worse than the pain of implementing complicated, unique passwords to begin with. Threat

actors can attempt the most common passwords on accounts by the thousands. They scan for any easy

vulnerabilities they can exploit on the Internet, and you can arm yourself with a strong password to deter

them. Common guidelines for building a strong password include using at least 12 characters,

implementing long phrases, and unconventional punctuation.

5. Update, Update, Update

While it may be inconvenient to learn how to deal with a new operating system or a new interface,

updating as quickly as possible ensures your devices are running with the most recent protections. When

threat actors search for vulnerabilities, they can configure nearly any attack to fit a port of entry, even if

that entry only operates on a slightly out-of-date app, mobile device, or computer system. Having a fully

functioning piece of technology from a few years ago is fine, but being sure to update its protection

systems is a simple safeguard as threat actors remain persistent in COVID-19.

While organizations continue to implement changes in the name of health and safety, it’s important to

keep in mind that threat actors are actively working against them. In situations where people are working

from a new home set up, people are grieving the loss of normalcy, and people are awaiting information

regarding their health and their paychecks, threat actors are creating messages to manipulate them.

While these are unprecedented times, and cyberattacks are more consequential than ever, there’s

comfort in knowing that security best practices still stand, and awareness of these online scams prove

as a great safeguard in and of itself.

Cyber Defense eMagazineJuly 2021 Edition 106

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Cindy Murphy is the President of Tetra Defense, an incident

response and digital forensics firm based in Madison, Wisconsin..

She worked in law enforcement for 31 years, starting her career in

the US Army in 1985 and joining the Madison Police Department in

1991. She began investigating computer-related crimes in 1998

before being promoted to detective in 2000. Since then, Cindy has

become one of the most highly respected experts in the digital

forensics field. She has been teaching digital forensics since 2002

and helped develop a digital forensics certification curriculum for

Madison Area Technical College and co-authored the SANS

FOR585 Advanced Smartphone Forensics course.

Cindy can be reached via Twitter @CindyMurph and at our company

website: https://tetradefense.com/

Cyber Defense eMagazineJuly 2021 Edition 107

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Banking Fraud up 159% as Transactions Hit

Pre-Pandemic Volumes

Organizations and users should aggressively embrace passwordless authentication methods to

establish a strong un-phishable relationship.

By Rajiv Pimplaskar, CRO, Veridium

The latest Feedzai Financial Crime Report Q2 2021 Edition which factors in some 12 billion global

transactions between January-March 2021, shows that bank fraud is up 159%, including internet,

telephone, and branch banking. Card-not-present (CNP) transactions were just 18% of all transactions,

but drove 83% of all fraud attempts.

The five most commonly attempted scams were Account Takeover (ATO)-up 47%; account opening

identity theft-up 23%; impersonation scams-up 21%; purchase of goods that never arrived-up 15%’ and

phishing scams-up 7%. A cyber and passwordless authentication expert with Veridium offers perspective.

Cyber Defense eMagazineJuly 2021 Edition 108

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The recent Feedzai report confirms several points regarding the industry’s hypotheses on financial

fraud. First, as transaction volumes reach all-time highs, banks and insurance companies should brace

for higher fraud volumes and proactively bolster their risk processes and customer identity and access

management systems. Second, fraud vectors should be increasingly assumed to be multi modal as bad

actors will often exploit channels with weaker Know Your Customer (KYC) verification processes, such

as telephone banking or contact center, as seen by the high surge in fraud attempts from these

channels. Sometimes even bank card fraud via traditional mail can manifest within the branch and digital

channels for impersonation and Account Takeovers (ATO) scams. Finally, various forms of phishing,

social engineering and Man-in-the-Middle (MITM) attacks can be highly effective at overwhelming a vast

majority of conventional safeguards currently in place by the financial institution.

Organizations and users should aggressively embrace passwordless authentication methods to establish

a strong un-phishable relationship between the user’s designated authenticator and the bank systems.

As identity becomes the new perimeter, strong customer authentication solutions such as Phoneas-a-

Token and FIDO2 security keys are increasingly gaining popularity. Also, such authentication methods

offer lower friction and can improve user experience and productivity.

Fraud is Multi-modal, Constantly Evolves and Gravitates to the Weakest Channel

With fraud costing the global economy over $5 trillion, financial services firms worldwide are focused on

fraud prevention in a big way. In countries like the UK, fraud is currently the #1 crime – far outpacing all

other crime categories! With cost containment being very important in driving shareholder value, fraud

is a key area, which if not managed carefully, can quickly erode the bank’s earnings. Consequently,

hundreds of millions of dollars are being invested and fraud defense systems are getting increasingly

sophisticated. Customer education is also at an all-time high to ensure fraud awareness is top of mind,

much like conventional wisdom of locking the front door to your house or not leaving valuables left in

plain sight within your vehicle.

However, fraudsters are also evolving at an alarming rate and continuously devising new approaches.

For example, improved defense against ATO scams is being circumvented by a rise in authorized push

payment fraud where an impersonator convinces the legitimate account owner to authorize a payment

for a fake crypto currency investment, or a fake invoice. Often the account owner is coached regarding

what to say if the bank’s fraud department contacts them and many times winds up taking sides with the

fraudster against the bank’s investigators! From a bank’s perspective, this complicates matters

significantly as apart from their usual screening, they must now also verify the legitimacy of the safe

account where the payment is being wired. First party fraud is also on the rise. In several countries

“money mules” are systematically recruited by organized gangs using a cover story promising quick

monetary gain via social media with the objective of fraudulent account opening and laundering crime

money. While several of the victims are college students and teenagers getting scammed, many do it

for money. As controls over mobile and digital channels have strengthened, fraud has also shifted into

the contact center where social engineering and MITM attacks can be highly effective at compromising

traditional KBA (Knowledge Based Authentication).

Cyber Defense eMagazineJuly 2021 Edition 109

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Strong Digital Identity Needs Modern Authentication

Digital transformation initiatives can leverage a treasure trove of personal information already stored by

the bank including biometrics, biographic information and behavioral data gathered since account

opening. For example, a video face capture or liveness check during KYC could be combined with

behavioral data to detect impersonation or known bad behavior. This identity verification could also be

used as a “trust anchor” as defined by Gartner research, to step up authentication during risky or high

value transactions, or during a vulnerable situation such as device enrollment or account recovery.

Passwordless methods such as Phone-as-a-Token or FIDO2’s strong passwordless authentication can

be adopted to improve website security and reduce dependence on passwords. FIDO2 is the set of

standards and protocols developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to

strengthen website authentication. An added benefit is that such technologies, while more secure, are

also easier to use, providing a better overall user experience and satisfaction.

Passwordless authentication options for consumers could include use of Phone-as-a-Token where an

un-phishable trusted relationship is established between the individual and their enrolled mobile phone.

Phone manufacturers and versions can be managed as part of a “allow / deny list” and potential issues

exploited during MITM attacks such as jailbreak can be detected. Upon securing consent, the security

level could be dynamically adjusted depending on the customer’s geolocation and/or behavior, which

improves protection for the consumer, employee and the company. For private or secure environments

like contact centers where a phone may not be feasible, FIDO2 security keys could be an efficient


About the Author

About the author: A seasoned cybersecurity executive, Rajiv Pimplaskar is

driving global go-to-market strategy and revenue for Veridium. Based out of

the company’s New York headquarters, Rajiv comes to Veridium from San

Francisco-based Cloudmark – a leader in threat intelligence (acquired by

Proofpoint). Previously, he held senior leadership roles spanning sales,

marketing, product, and corporate development at Atlantis Computing

(acquired by HiveIO) and Verizon. Rajiv is an Electrical Engineering and

Computer Science professional by trade and is passionate about building and

scaling enterprise software companies that offer a market disruption.

Rajiv can be reached online at @veridiumid and at our company website https://www.veridiumid.com/

Cyber Defense eMagazineJuly 2021 Edition 110

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Why Cyber Risk Is the Top Concern of The Financial

Services Industry

The sector faces a wide range of challenges ranging from Covid to compliance to the cloud, to name just

a few.

By Paul Schiavone, Global Industry Solutions Director - Financial Institutions at Allianz

Global Corporate & Specialty

Ever since Covid-19 led to an unplanned increase in homeworking and electronic trading, cyber security

experts have been warning financial institutions of a perfect storm. In fact, attacks against the financial

sector were reported to have increased by well over 200% globally from the beginning of February 2020

to the end of April 2020, with some 80% of financial institutions reporting an increase in cyber-attacks,

according to security firm VMware. Weaker controls and oversight, laxer security in the home office and

the greater likelihood of employees falling victim to scams while working remotely were just some of the

reasons cited behind this dramatic rise.

The reason for the uptick in cyber-attacks on the financial services is simple. At the end of the day, cyber

criminals go where the money is, and financial companies hold an extraordinary amount of sensitive data

on individuals, businesses and governments. Cyber security has been an existential issue for financial

institutions, and they have been investing heavily in it for years. However, with such potentially high

rewards, cyber criminals will also invest time and money into attacking them. For example, the Carbanak

and Cobalt malware campaigns targeted over 100 financial institutions in more than 40 countries over a

five year period, stealing over $1bn.

Cyber Defense eMagazineJuly 2021 Edition 111

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Regulators get tougher

At a time when financial institutions are becoming more reliant on technology and data to provide products

and services to customers, they increasingly face a challenging regulatory environment. In many parts of

the world, firms face a growing bank of regulation, including evolving data protection and privacy rules,

as well as cyber security requirements.

In particular, there has been a seismic shift in the regulatory view of privacy and cyber security. Where

regulators previously looked to incentivize firms to invest in cyber security, they now see it through the

lens of consumer rights and data privacy. With the General Data Protection Regulations (GDPR) in

Europe and the likes of the California Consumer Privacy Act in the US, companies now need to

operationalize their response to regulation and privacy rights, not just look at cyber security.

The consequences of data breaches are far-reaching, with more aggressive enforcement, higher fines

and regulatory costs, and growing third party liability. Under the GDPR, the number and value of fines for

data and privacy has been growing while jurisdictions around the world have been introducing stricter

data laws. Increasingly, breaches and regulatory actions are followed by litigation, with a number of group

actions now pending in the UK as well as the US. A data breach at Capital One bank in 2019 – one of

the largest-ever – resulted in an $80mn fine and a number of lawsuits by affected customers. More

recently, following a number of major outages at banks and payment processing companies, regulators

have begun drafting business continuity requirements in a bid to bolster resilience.

Ransomware attacks on the rise

Ransomware attacks continue to increase in frequency and severity, with ever larger ransom demands.

Last year, the Securities Exchange Commission in the US warned about a rise in the number and

sophistication of ransomware attacks on US financial institutions. Ransomware attacks were up nine fold

between February and end of April 2020, according to VMware.

A recent development has seen hackers steal sensitive data and threaten to publish it online if ransoms

are not paid. US lender Flagstar Bank, for example, suffered a ransomware attack in early 2020 that saw

hackers post personal details online in an attempt to extort money. Last year, Chilean bank BancoEstado

shut down branches after a ransomware attack. In March 2021, CNA Hardy was also hit by a

sophisticated ransomware attack which impacted its operations and email systems and significantly

disrupted the insurer for a number of weeks.

If criminals can get access to critical systems or sensitive data, they will look to monetize the attack

through extortion. At the same time, the rise of cryptocurrencies like Bitcoin is making it easier for cyber

criminals to carry out successful ransomware or extortion attacks.

“Fake presidents” and ATM “Jackpotting”

With many employees working from home and under increased stress, Covid-19 has created

opportunities for cyber criminals to carry out various scams and cyber-attacks. The US Federal Bureau

of Investigation (FBI) received over 28,500 complaints related to Covid-19 cyber-crime alone in 2020.

Many incidents looked to exploit stimulus funds and Paycheck Protection Program (PPP) loans, as well

as to use Covid-19 related phishing attacks to steal money or personal data. Business email compromise

Cyber Defense eMagazineJuly 2021 Edition 112

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

(BEC) attacks, also known as “fake president” attacks, are a particular problem for financial institutions

that make large numbers of high value payments on behalf of their customers. The cost of BEC attacks

reached $1.86bn in 2020, accounting for almost half of all reported cybercrime losses. Such attacks are

becoming more sophisticated and increasingly involve identity theft and funds being converted to


ATM “jackpotting” attacks continue to be a threat as well. On July 13, 2020, a Belgian savings bank

Argenta shut down 143 cash machines after criminals tried to take control of their cash machines through

their network servers. These attacks have become increasingly sophisticated and over the last five years,

“jackpotting” has cost the financial services sector millions of dollars.

Third party service providers can be the weak link in the cyber security chain

One of the largest and most sophisticated cyber-attacks of the past year, the SolarWinds incident, was a

supply chain attack. Hackers accessed SolarWinds’ network and injected malware into its management

software in order to target thousands of organizations, including banks and agencies. The SolarWinds

breach is an important reminder of the potential vulnerabilities of the financial services sector to cyberattacks

and outages via their reliance on third-party suppliers and service providers, over which they

have little or no control when it comes to cyber security. This is likely to become a bigger issue as

regulators increasingly focus on business continuity and operational resilience going forward.

Most financial institutions are now making use of cloud services-run software to access additional

processing capacity, as well as for IT infrastructure or to carry out certain processes, such as fraud

detection or analytics. On one hand, cloud providers are developing tools to help organizations manage

and mitigate their cyber risks. On the other hand, there is a growing reliance on a relatively small number

of cloud providers and an opaque cloud infrastructure can potentially create large and systemic risks. A

Bank of England survey of banks and insurers last year found the provision of IT infrastructure in the

cloud is already highly concentrated – the top two infrastructure-as-a-service providers had around twothirds

market share for banks.

How financial institutions manage risks presented by the cloud will be critical going forward. They are

effectively offloading a significant portion of cyber security responsibilities to a third-party environment.

Your cloud service vendors can become your exposure.

Risk mitigation best practice

Cyber-attacks often include a human element, where employees, contractors or even customers are

unwittingly complicit in incidents. When talking to clients, they say cyber is the number one concern of

every C-suite executive. Particularly we see growing concern for the human factor. Just one click on a

link or a download can lead to a costly ransomware attack or a data breach, with reputational damage

and loss of data.

Training and technology can help minimize human error. As the first line of security and defense,

employees can make or break an organization’s cyber security position and at often times, their

reputation. Those that are well trained can significantly reduce the impact of a breach or even prevent it

from happening. Employees should be regarded as part of the cyber security team, and, as such, there

should be a corresponding investment in their training and education. The same applies to top

Cyber Defense eMagazineJuly 2021 Edition 113

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

management, who should periodically rehearse scenarios to better prepare and respond to a major cyber

incident. Since cyber security goes right up the chain, building resilience and business continuity planning

is absolutely key to reduce the impact.

Companies should consider taking the opportunity to carry out a desktop exercise with their insurer and

broker, and include key internal and external stakeholders. This builds trust and can take the sting out of

any crisis. Cross-sector exchange and cooperation among companies – such as what has been

established by the Charter of Trust – is also key when it comes to defying highly commercially organized

cyber crime, developing joint security standards and improving cyber resilience.

About the Author

Paul Schiavone, Global Industry Solutions Director Financial Services

at Allianz Global Corporate & Specialty, has over twenty years of

experience in the insurance industry as legal counsel, underwriter,

broker, manager and Chief Underwriting Officer, working in New York,

Paris, San Francisco and London.

Paul can be reached online at https://www.linkedin.com/in/paulschiavone-91401b40/

Cyber Defense eMagazineJuly 2021 Edition 114

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

What Educational Institutions Need to Do to Protect

Themselves From Cyber Threats?

By Cyril James, Founder and CEO, Secure Triad

The COVID 19 pandemic and the subsequent lockdown have forever changed how we socially mingle

and live our lives. The effects are felt in our personal and professional lives as well.

A major impact is felt in the education fraternity who as a response to the threats posed by the pandemic,

has adopted an online learning and training format.

The use of technology in the education sector is no longer considered a novelty but a norm, making them

prime targets for cyber-attacks.

Though online learning has made it possible for students across the world to continue their education

from the safety of their homes. It has added new complexities to the cyber security challenges faced

by educational institutes.

The current pandemic has handed cybercriminals tailor-made opportunities for attacking the institutes'

network and its teachers and students as well.

Though this may not be a challenge unique to the education sector alone, it poses a larger threat. Unlike

office employees, students lack exposure and training in dealing with school cyber security.

Cyber Defense eMagazineJuly 2021 Edition 115

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Challenges Faced by Education Institutes

An increase in coronavirus related phishing mails is on the rise. With teachers, students and school

administration workers spending more and more time online such mails can easily find their way into their


These malware scams can easily prey on the naïve and untrained minds of students and teachers,

making them victims of account takeovers and accidental sharing of private information.

This provides cyber hackers with the information required to log into the institute's servers, access

sensitive and important data, and launch Ransomware attacks.

Another challenge faced by educational institutes is the lack of skilled IT staff, leaving the institution's

network susceptible to such cyber threats.

With institutions being shut down due to the pandemic, a skeletal staff is at work, with a majority working

remotely from home. In such a scenario, the institute's cyber security needs such as identification of risky/

suspicious users or mail, effective implementation of network security, device management, and endpoint

security policies may be neglected.

This lack of or weak cyber security infrastructure provides hackers with a golden opportunity to attack

and infect the network. Many employees are using personal systems while working remotely, which does

not possess a robust and sophisticated security system and is susceptible to malicious attacks easily.

The aforementioned are some of the challenges faced by institutes. It is essential to understand the

measures that need to be adopted to safeguard their network and data.

Awareness and Training

Basic training should be provided to the administration and faculty and the students and their parents.

Especially in the case of younger students, parents should be responsible for monitoring the child’s

activities online.

Faculty, students, and parents need to be made aware of the risks of using online platforms and the

threat of being targeted by cyber hackers. It is imperative to train staff, students, and parent in how to

identify and deal with malware and phishing emails.

In this way, the risk of accidental opening and clicking of phishing emails can be significantly reduced.

Institutes should also prepare and enforce an acceptable use policy that clearly states to the students

what is acceptable or what is not, and the faculty clearly understands the framework for what is allowed

when using online learning forums.

Technical Treat Response Support

Institutes should hire cyber security experts. It should be looked at as an investment in the institute’s

security. The team would be responsible for managing all the security needs of the institute, which

includes configuration and update of the security system, threat hunting, detection, and response

services 24/7.

Cyber Defense eMagazineJuly 2021 Edition 116

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Firewall Security

VPN connectivity, giving institutes the option to choose either or both for secure remote connectivity.

Having SD-WAN integrated in the firewall allows institutes to connect remotely and share data securely

with each other.

Synchronized security is also possible, making it easy to identify if a connected remote device is infected

and can be isolated until it is clean and free of malware. This way they spread of infection across the

network can be prevented.

Two-factor or multi-factor authentication

It is an effective tool against unauthorized access or phishing. To ensure that the faculty and students

adhere to internet safety policies and as a precautionary measure, the institute should mandate turning

on alerts for any suspicious activity or non-compliant devices.

Antivirus and web access

Unless institutes are providing faculty and students with a secure VPN, they will need to ensure their

online safety, which can be easily done by setting up web filtering rules.

Licensed antivirus software’s block access to inappropriate websites, stop risky files from being

downloaded and provide category-based web filtering. Additionally, phishing can be prevented by using

advanced endpoint protection technologies to stop the attack chain and predictively prevent future attacks

of similar nature.

The software should also be capable of automatic roll back to a pre-altered state if files are encrypted.

This will protect data if faculty or students are using school-supplied laptops or tabs.

The increase in the coronavirus cases has created uncertainty as to when educational institutes will be

able to go back to functioning normally or is this going to give rise to an entirely new normal of online


This makes it essential that the educational institutes take the appropriate steps to adopt cyber security

measures that will maximize their safety.

If in case institutes do not have cyber security resources, third party managed security service providers

can also be hired. These vendors can provide support or coordination in developing a sustainable, secure

and successful online learning experience.

However, when dealing with third party individuals who will be having access to sensitive data, institutes

conduct their due diligence and background must check before hiring such entities to manage their

systems and services.

Cyber Defense eMagazineJuly 2021 Edition 117

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Cyril James is the Founder and CEO, Secure Triad. He has a solid

foundation in the Information Technology and Communication

industry with over 13 years of experience. His expertise lies in

Information Security, specializing in network, web and mobile

applications, and cloud penetration testing across various industry

domains like banking, insurance, energy, telecom, IT products and

services, and others. He is well-versed in penetration testing

methodologies including OWASP, OSSTMM and PTES. He has solid

understanding of technical concepts of cloud computing, machine

learning, and various programming languages. Cyril is a visionary and strategy-builder, has good

communication skills, and is great with managing teams. Cyril can be reached online at (EMAIL,

TWITTER, LinkedIn) and at our company website https://securetriad.io/

Cyber Defense eMagazineJuly 2021 Edition 118

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Business Continuity: Where InfoSec and Disaster

Recovery Meet

By Adam Berger, VP of Global IT and Cloud Operations, Infrascale

The escalation of cyber-attacks and the intensity of recent natural disasters create the same fundamental

risk for businesses large and small — business continuity. Every business manager feels the weight of a

potential disruption to normal operations, whether ransomware attack or storm-induced mass power

outages are to blame. Ensuring business continuity requires maintaining vigilance on two sides of a coin:

preventing disruption from occurring in the first place and restoring operations as quickly as possible after

any disruption. For the sake of this article, we’ll limit our use of “prevention” to topics of Information

Security (InfoSec) (i.e., procedures or measures used to protect digital data from unauthorized use) in

businesses with any online or digital presence.

The efficacy of any business continuity plan depends largely on the fast, robust implementation of both

information security and disaster recovery. But the reality is that the two are deeply intertwined, both

fundamentally concerned with keeping network, infrastructure configurations, and data protected and


Cyber Defense eMagazineJuly 2021 Edition 119

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Leaving Nothing to Chance: Assess and Mitigate your Risks Through Asset Identification and

effective risk analysis. Three Effective Asset Determinations

Developing information security and disaster recovery plans that ensure a high level of data protection

and safeguard business continuity begins with a baseline evaluation that makes three vital determinations

which can be done as part of a risk analysis.

First, businesses must identify all assets important to the company, including physical and information

assets. These might be servers, confidential files, intellectual property, customer product, and other key

assets. While it sounds obvious, software asset management (SAM) isn’t only about optimizing

purchases, deployment, and maintenance of tech. It begins with a comprehensive inventory of assets.

This is important since many SMB and midsized businesses simply do not have a complete view into

every tool and process their teams use.

For information security plans, an inventory should include knowing what kinds of secure access and

protections from data exploitation is in place for every asset. For disaster recovery, the inventory should

include knowing the required availability of all infrastructure assets and data for internal or external

customers to maintain service levels.

Second, for each asset inventoried, businesses must specify the value of what they’re protecting, to both

the company and to customers. If particular infrastructure processes or data were gone, what will the

damage be to the company? This should be measured in terms of both direct revenue loss and in terms

of reputation loss.

Third, businesses must determine the level of investment the company is willing and able to make to

protect each asset, including all types of data. An honest cost-benefit analysis and assessment of the

company’s financial health should be factored into the level of investment required and weighed against

other business priorities.

Although these baseline evaluations are often tasked to particular management and technical teams, a

company’s leadership team bears ultimate responsibility. An effective leadership team knows what assets

the company has, the value of each, risks related to each and the investment that should be made to

protect them based on a business’s risk tolerance. A healthy information security practice helps deliver

an effective risk analysis to allow businesses make these critical decisions.

Heads: Mitigating InfoSec Risks in Business Processes and in Technical Choices

Beyond the baseline evaluations, the information security side of the equation requires that businesses

drill down into the origin of risk. A sound plan should consider risk that comes from business processes

as well as technical choices.

With respect to risk in business processes, company leaders should ask:

What vendors do we use, and do we understand their processes and protections?

Are there third-party requirements such as protocols and regulations like ISO 27001, SOC, and


Have we evaluated our contract management processes? Are these processes fully understood?

What kinds of confidentiality agreements do we have in place?

Cyber Defense eMagazineJuly 2021 Edition 120

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

How educated are employees on information security risks? Are they trained properly regarding

acceptable use policy and how to protect infrastructure and data?

Is there change management established to prevent infrastructure and data from being

compromised by mistake or deliberately?

If a software company, are engineering practices in place to make sure code is developed in a

secure way?

What regulatory laws are applicable to our business for the regions we operate in?

With respect to technical choices, company leaders should ask:

What kinds of technical controls are in place for every asset, and do we know where every asset

is located and who has access?

Are appropriate antivirus and malware protections in place?

Are the right tools in place to identify other kinds of malicious behavior?

Is strong network protection in place, like firewalls and next generation options for enterprises?

Are there different layers of application filtering and strong access control systems in place?

Are there powerful logging tools in place that help ensure excellent visibility into what’s happening

inside infrastructure?

Are there powerful monitoring tools in place to detect any anomalies that may compromise servers

and other infrastructure?

For every interface from which critical information can be accessed, a company needs to have a tool or

mechanism in place to identify what’s happening. The bottom line with risk, however, remains twofold. If

information security is not baked into the ongoing business processes that support daily and changing

business needs, a potential security threat could completely bypass all the powerful technical tools in

place. A CISO can spend a million dollars on technical security and backup disaster recovery tools, but

risks will remain if business processes are poorly managed. Making sure a company is investing in

securing those “softer” processes, as well as its technical tools, is key and an often-overlooked part of

information security.

It’s noteworthy that approaches like zero trust architecture are best suited to mature enterprise security

programs that can accommodate the level of granularity that zero trust requires. Zero trust makes sense

for banks or companies with financial data and intellectual property or other information that is high value,

where a security topology already features robust process management and significant financial

investment. However, despite its value, SMB and midsized businesses typically are not able to make the

investment in tools, people, and processes that zero trust requires.

Tails: Upon Disruption, Planning for Optimal RPO and RTO – Your response to incidents is as

important as your defense from them.

If business disruption does occur and breaks through a company’s administrative processes and

technical defenses, whether via attack or non-malicious disaster, disaster recovery planning dovetails

with infosec incident management. For disaster recovery, two key metrics come into play, and both are

very important for business leaders to understand.

Cyber Defense eMagazineJuly 2021 Edition 121

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Recovery Point Objective (RPO) refers to the amount of data a company can lose or the time period of

data loss that a company can withstand and still be viable. Recovery Time Objective (RTO) refers to the

time frame after a disaster until business operations are functioning normally again, with resources

available for use. Financial institutions with sensitive data and real-time transactions require RPO and

RTO that are much smaller and briefer — seconds or minutes — than other kinds of businesses that may

be able to withstand hours of data loss and days until recovery. An RTO that is two minutes versus 24

hours equates to a very different level of business investment in people, processes, and availability. Do

your security and disaster response plans allow you to meet these objectives? Do you have the people

and technical resources to executive on these plans?

Another key consideration for disaster recovery planning is how to utilize cloud and on-premises

resources. Enterprises with highly customized infrastructure may benefit from hosting their own data

center or leveraging hybrid-cloud deployments. Smaller to midsized companies, where workloads are not

as customized, may achieve a better return on investment (ROI) with a cloud provider. Public cloud can

enable efficient spin up and getting infrastructure back online quickly when there’s no need for heavy

customization of services.

Companies must seek to safeguard business continuity both before disruption occurs and after the fact.

Since the weight of a potential disruption to normal business operations can be crippling, business

leaders need to clearly assess both information security and backup and disaster recovery. A data

protection plan that includes both will ensure that the best and safest path forward is always available -

on either side of the business continuity coin.

About the Author

Adam Berger is VP of Global IT and Cloud Operations at

Infrascale. Prior to Infrascale, Adam has managed cloud

operations organizations at VMWare, OVHcloud US and

AWS. In his career, he has helped grow and run

operations teams to provide world class infrastructure

support, security and compliance as well as technical


As the Director of Cloud Operations at VMware, he grew

the cloud operations infrastructure team to support

vCloud Air platform which expanded globally over three

years. This included establishing a centralized global

NOC, platform engineering teams and operational tooling development teams across US, APAC and

EMEA. At OVHcloud US, as the Senior Director of Operations, he continued managing vCloud air

(purchased by OVH) while helping the France-based based company establish their US footprint. This

included helping launch the US service offering, operationalizing two new data centers, building the

security and compliance organization as well as establishing the internal IT support functions. Most

recently he was with AWS, where he served as the Global service owner for EC2 in their technical support

group. Adam can be reached online at https://www.linkedin.com/in/adamlberger and at our company

website https://www.infrascale.com/.

Cyber Defense eMagazineJuly 2021 Edition 122

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Biometrics Challenges

By Milica D. Djekic

The armed guys have approached a bank and made an assault to its office. The security manager has

followed procedures and the criminals have collected money safely leaving the crime scene. After several

minutes the Police patrolling has arrived there. They have started an inspection as well as interviewing

of all people being present at the crime scene at that moment. That seems as a lot of hard work. The first

step the authorities have taken is collecting the findings and evidence from the place of the crime. The

video monitoring system has served its role, but there have been some fingerprint and DNA footages as

well. So, they have gotten an identity of offenders, but the good question is how they might track their

route. The experienced investigators know that the criminals could take some of the communication

devices with themselves, so that search could be run, too.

It appears that’s only an empty bullet as the offenders have switched off their devices while on the crime

scene. In other words, the authorities can get who they are, but not where they are. It seems like a maze,

does not it? Think twice! If the Police deal with their biometrics parameters they can run a search through

some domestic and international databases looking for ID documents that match such a criterion. Next,

they will do so and bingo – the several passports with those biometrics inputs have been found for the

same fingerprint trace. In other words, now the authorities know those guys cope with the fake passports.

And what then? Still unclear? Basically, no!

What’s possible to do in such a case is to figure out that the bank robbers need to make some route after

committing the crime. They need the communication, logistics and accommodation in order to stay on

the surface. Above all, they deal with the fake ID cards and passports, but the biometrics with those

Cyber Defense eMagazineJuly 2021 Edition 123

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

documents is theirs. If not, they would fail at the simple identification anywhere. Also, what is obvious

someone will insert those data into the Police register. Some corrupted staff or clever hacker – does not

matter! The fact is the criminals are always on the move and sooner or later they will need to give their

details for scanning if, for instance, they want to cross some border. That’s the moment the smart

investigators have been waiting for. In other words, if that location and time are known, it’s possible to

make some search for device being present then and there. Bingo again! The investigation has gotten

the signal and the entire history and ongoing route have been discovered. The bad guys need some

accommodation to spend their time there, so it will be a piece of cake to get those asset connections as

well as all the contacts being made from there. It seems it’s not that hard to track the biometrics, right?

The new tendencies could bring us a better focus of the offenders that will deactivate their devices at the

place of checking out, but it’s quite challenging being that uncatchable, so far. Anyhow, we need the

smart policing that will always be at least one step ahead of threats, so as the bad guys have capacity to

think we must do so better than them, so far.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, the

Republic of Serbia. She received her engineering background from

the Faculty of Mechanical Engineering, University of Belgrade. She

writes for some domestic and overseas presses and she is also the

author of the book “The Internet of Things: Concept, Applications

and Security” being published in 2017 with the Lambert Academic

Publishing. Milica is also a speaker with the BrightTALK expert’s

channel. She is the member of an ASIS International since 2017 and

contributor to the Australian Cyber Security Magazine since 2018.

Milica's research efforts are recognized with Computer Emergency Response Team for the European

Union (CERT-EU), Censys Press, BU-CERT UK and EASA European Centre for Cybersecurity in

Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person

with disability.

Cyber Defense eMagazineJuly 2021 Edition 124

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Epic V. Apple Trial - Impact of Big Tech Battles on

Consumers' Rights

By Brad Ree, CTO, The ioXt Alliance

Recently, popular app Fortnite’s parent company Epic Games, has taken Apple to court over the hold the

tech giant has over the app store ecosystem. The argument being made was that the Apple app store is

a monopoly and stifles competition by charging exorbitant rates on purchases in the store and that it has

breached antitrust laws by removing apps, including Fortnite, from the app store. Epic Games is fighting

for app developers’ rights which would remove Apple’s power and require the shift in policies to allow

developers to include in-app purchases without Apple its 30% “Apple tax” commission, which has the

potential to permanently alter the mobile apps industry.

As the closing arguments came to an end and we await a verdict, this “app battle royale” has certainly

raised other questions on tech companies’ effect on consumers. When companies such as Apple put up

walls and don't allow for competition within their devices or app stores by blocking outside apps and

integrations within the ecosystem, the consumers’ right to choose is impacted.

If Epic Games ends up winning the trial, the iOS store market will be forced to open to many, which would

be a win for app developers and consumers, but could come with some security risks if not managed

properly. The app store and developers need to consider how they should emphasize safety so

Cyber Defense eMagazineJuly 2021 Edition 125

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

consumers are able to make informed decisions on what they download to mitigate security risks and put

those app-users first.

What does more open mobile ecosystems mean for the industry

A more open app ecosystem would increase competition and allow consumers to have a bigger pool of

apps to choose from. While competition benefits consumers, it also could open them up to some unknown

risks and security vulnerabilities – especially as there aren’t currently universal security standards for app


To execute a secure, open mobile app market properly, standards need to be put in place to ensure apps

are developed with security in mind from the start to protect all consumers, and developers, from the

devastating impacts of a data breach.

Why the mobile app industry needs security standards

According to Apple, it’s security standards in the iOS store are high which is why they limit developers in

their store and is how they have earned consumers’ trust - and opening their ecosystem to other

developers could threaten that. However, if they did open the store, Apple could adopt security measures

for mobile apps to encourage competition and guarantee that any new and current apps have been

developed per the guidelines to make them cyber-secure. To be the most effective, security standards

should be based on industry-wide agreement and managed by a third party whose only interest is

securing the applications for the consumer. Apple setting the standards and being the sole judge and jury

leaves them in the same controlling seat that they are already in.

Transparency from the developers and the app stores need to play a bigger role to protect consumers

and give them the resources to make informed decisions on their downloads. Universal security

standards for mobile apps could help create a safer environment for end-users and help provide cohesive

guidelines for industry stakeholders to align with to mitigate security risks and put consumers first. There

are already mobile app standards available through industry-led organizations such as the ioXt Alliance,

which could help create uniformity when it comes to security across the mobile app ecosystems if

implemented. With standards in place, consumers can be in control of their downloads and app

developers could safely participate in the app store with minimal risks.

The Epic Games vs. Apple trial has the potential to change the mobile apps industry if the verdict is

swayed in Epic Games’ favor. This could set a standard to stop big tech companies from monopolizing

ecosystems and stifling consumers’ right to choose, giving other developers a chance to benefit from an

open market. Universal standards in place for mobile app development would help create a safer mobile

apps industry and hold the app store and developers accountable to uphold security for all end-users –

thus putting consumers first in this competitive market.

Cyber Defense eMagazineJuly 2021 Edition 126

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

About the Author

Brad Ree is the Chief Technology Officer at the ioXt Alliance,

the leading organization for IoT standardized security and

privacy requirements. In this role, he leads ioXt’s security

products supporting the alliance. Brad holds more than 25

patents and is the former security advisor chair for Zigbee. He

has developed communication systems for AT&T, General

Electric, and Arris. Before joining the ioXt Alliance, Brad was

vice president of IoT security at Verimatrix, where he led the

development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols

and their associated security models.

Brad can be reached at the ioXt Alliance company website : https://www.ioxtalliance.org/

Cyber Defense eMagazineJuly 2021 Edition 127

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

How The Pandemic Has Changed the Value of Health


By Aman Johal, Lawyer and Director of Your Lawyers

The 11 th March marked one year since the World Health Organisation (WHO) declared the Covid-19

outbreak a pandemic. To date, over 34,505,380 people in the UK have been vaccinated, paving the way

for a return to normality by allowing the easing of restrictions. At present, people who have had a Covid

jab receive a vaccination card and the details are stored on their medical records. The government is

now considering how people could prove their Covid vaccination status, with vaccine passports the most

likely solution as "a temporary measure". The hope is that this could reduce social distancing and facilitate

international travel.

According to UK government sources, the NHS app could host the vaccine passports, although it is

unclear how far the project has progressed. A government source reportedly told the BBC that the app

will not be ready “imminently”, while Vaccines Minister Nadhim Zahawi said work is underway to prepare


However, the use of vaccine certification is proving controversial. Basing the passport on an app may

discriminate against those with low incomes or older people who don’t have access to smartphones, and

some may be unable or unwilling to have a vaccine. There are also worries that the immunity passports

could pave the way for a full ID system, which civil rights group Liberty said could permanently curb rights

and freedoms once the pandemic is over. Added to this, they could potentially heighten the risk of data

Cyber Defense eMagazineJuly 2021 Edition 128

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

eaches because large amounts of highly private information could be readily available if a hacker gets

access to a mobile device.

The rise in cybercrime

During the last year, the UK has seen a significant rise in cybercrime which was likely worsened by the

pandemic. Cybersecurity firm ESET analysed the state of cybercrime in the UK for 2020, and identified

an increase of 19% compared to 2019. The UK Government has announced “ground-breaking” plans to

protect consumers using smart devices from cyberattacks. As sales in smart devices soar (up 49% since

the start of the coronavirus pandemic), cybercriminals continue to become more adept at exploiting

security weaknesses. Many devices remain vulnerable to attack, and just one vulnerable device could

jeopardise a whole network – as illustrated by the 2017 North American casino attack.

The legalities surrounding vaccine passports

It is important to dissect whether companies like airlines can legally require travellers to input vaccination

information, as the entitlement to process medical data normally requires consent. However, if it became

a prerequisite for travel, the focus then is on whether a person wishes to travel or not. We should not

simply assume consent.

An overarching consideration is the highly sensitive nature of the information in question. The

confidentiality and sensitivity of medical records makes them prized assets for cybercriminals, and

potentially raises the chances of a data breach occurring.

Compensation pay-outs for offending businesses are often far more costly because of the increased

potential for consumers to experience distress and psychological trauma from breaches or leaks involving

medical data. For example, victims of the 2018 British Airways (BA) data breach could be eligible to claim

up to an estimated £16,000 in cases of severe psychological distress. Comparatively, in the case of

the 56 Dean Street data breach in 2015, when a leak exposed the contact details of almost 800 patients

using the clinic for HIV services, the most seriously affected claimants could potentially receive damages

of up to £30,000.

The importance of health data

Storing any type of personal consumer data comes with risks. BA suffered two significant data breaches

in 2018, exposing the personal information of more than 420,000 customers. As a result, the Information

Commissioner’s Office (ICO) issued BA with a £20m fine, with the total compensation pay-out in the

group action against BA potentially reaching an additional £2.4bn.

Health data is among the most valuable data a cybercriminal can steal, with a single health record

reportedly costing $250 on the black market, compared to a reported $5.40 for payment card details.

Vaccine passports could heighten the risk to health data: increased accessibility may result in more

Cyber Defense eMagazineJuly 2021 Edition 129

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

cybercriminals targeting the public’s health information as we loosen restrictions over the next few


Gary Cantrell, Head of Investigations at the HHS Office of Inspector General, said hackers tend to steal

medical records because they are like "a treasure trove of information about you." They can contain a

patient's full name, address history, financial information, and National Insurance numbers, which can be

enough information for hackers to take out a loan or set up a line of credit under patients' names.

Increasingly, hackers are selling information for profit on the black market. According to Reuters, buyers

might use the information to create fake IDs to purchase medical equipment or drugs, or to file a false

insurance claim.

The impact of medical data breaches

As we increasingly rely on technology, hackers are finding new ways to attack IT systems, disrupt

computer networks, and steal information. There can be huge benefits when patient data is used

responsibly to save lives and advance medical research, but it is undeniable that it comes with risks.

The potential impact of a data breach often depends on the circumstances. Someone who has a sensitive

medical condition may be much more concerned if part of their medical history was exposed or disclosed.

The possibility that it might fall into the wrong hands could cause them emotional distress.

According to Brandon Reagin, a victim of medical record theft, it's a "mess." Reagin's identity was stolen

in 2004, and the person who accessed Reagin's personal information used it to steal cars and rack up

$20,000 worth of medical procedures. He was reportedly unable to get the charges scrubbed from his

credit report "until the next billing cycle." Then, the process would start all over again.

The person who stole Reagin's identity served time in prison. But, 17 years later, he still hasn't been able

to undo all of the damage, including to the integrity of his own medical files, as the “hospital may still have

his information, his blood type under my name at that hospital… It's a little weird to think".

Proactive steps consumers and healthcare providers can take to protect their data

Healthcare providers and their business associates must balance delivering quality patient care with

protecting patient privacy, always ensuring that they are meeting the strict regulatory requirements set

out in legislation, such as the General Data Protection Regulation (GDPR).

Healthcare staff can protect information with a number of measures including:

• educating staff;

• restricting access to information and applications;

• implementing data usage controls;

• logging, auditing and monitoring use;

• encrypting data both on servers and when it is being transferred;

Cyber Defense eMagazineJuly 2021 Edition 130

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

• securing mobile and remote working devices;

• mitigating connected device risks by conducting regular risk assessments;

• backing up data to secure offsite locations;

• carefully evaluating the security and compliance of business associates.

The past has taught us that protecting information in the healthcare industry is not an easy task, but an

important one nonetheless – even more so in a post-pandemic world.

About the Author

My name is Aman Johal, I am a lawyer and director at

Your Lawyers.

Aman can be reached online at his company website


Cyber Defense eMagazineJuly 2021 Edition 131

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Galvanizing the Cyber Workforce in Private Industry

An agile approach for developing key talent

By Brandon Rogers | CEO & Principal Consultant | Paradoxical Solutions, LLC


Cyber is a highly specialized field that is in high demand for talented individuals, yet there is so much that

is unknown about the field itself. How is it that we know that the field of cybersecurity is the future; on

the horizon and unparalleled in employment opportunity but lack so much of the fundamental knowledge

of what is needed in the field?

According to cyberseek.org, there are approximately 465,000 cyber security job openings across the US

in both private and public sectors (Cyberseek, 2021). With the development of the National Institute of

Cybersecurity Engineering (NICE) framework, the regulations defined by the National Institute of

Standards and Technology (NIST) and the National Institute of Cybersecurity Careers and Studies

(NICCS), the public sector has made great strides to develop cyber career pathways for government

employees. In the private sector, there needs to be a similar push for organizations, as cyber

vulnerabilities are a huge threat to corporations and proprietary information.

Cyber Defense eMagazineJuly 2021 Edition 132

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

This topic has great relevance because national security and protecting proprietary information are

pressing issues on the minds of many corporate leaders. In addition to this, especially in a COVID

environment, the way that we work is rapidly evolving. There is a high demand and short supply of

talented cyber professionals and it seems that there is a need for a cyber version of “Talent Management”,

and there is great need for versatility and agility in designing the cyber workforce of tomorrow.

Observations from the field

In both private and public industries, workforce development is usually broken into two separate

functions: talent management and organization development. Talent management is usually positioned

to focus on high potential individuals (a small subset of the full workforce), while organization

development has been stated to encompass the whole. As the field of cyber security expands and

organizations rush to fill the demand across the world, it seems that cyber career development is

becoming a nearly separate initiative to talent management and organization development. It is

imperative that cyber, organization development and talent management professionals begin to

collaborate and dig deep into the field in its nascency to understand the needs of the upcoming workforce.

For roughly six months, I had the opportunity to work as a contractor to a federal organization in a role

focused on cyber workforce development. It was during this time that I learned about the various

initiatives being taken within the public sector to strengthen national security defense against cyberattacks.

One of the key efforts being taken was to develop cyber career pathways and comparative

roles between sibling fields (i.e.- information technology, project management, etc.) and one of the most

interesting observations I noted was the creation of a focused role specific to cyber workforce

development. It’s become apparent to me that the public sector may be on to something; private industry

should consider establishing such a function as well.

Establishing a dedicated role for cyber workforce development

When taking a step back to consider the compartmentalized nature of these three areas, relevant

research by Bazerman et al. introduce two distinct concepts that inhibit creativity and rationale as to why

this concept of a new hybrid role has not yet emerged (Bazerman et al., 2013, p. 63):

• Bounded rationality – suggests that our thinking is limited and biased in systematic ways.

• Bounded awareness – prevents people from noticing or focusing on useful, observable and

relevant data

The concepts of bounded rationality and bounded awareness continue the mindset of the past and

potentially obstruct the logic for such a position to be created in the future. As private companies aim to

protect critical business information, it may be well worth the time to develop key resources to create a

strong team of cyber individuals. An effort of this magnitude highlights the need for organizations to have

a resource with the combined skills of a talent management, organization development and cyber

professional to execute such an endeavor.

In order to identify key talent, it requires a seasoned cyber professional to understand the technical

aspects of each role to build strengths, close gaps, and recognize the attributes necessary to be

successful in cyber. In addition to technical acumen, a working knowledge of the human capital lifecycle

Cyber Defense eMagazineJuly 2021 Edition 133

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

and organizational enablement is necessary to understand how to grow talent. Relevant literature

supports the idea of hybrid roles when discussing the concept of the Versatilist, or “people whose

widening portfolios of roles, knowledge, insight, context and experiences can be applied and recombined

in numerous ways to fuel innovative business value” (Bopp et al., 2010, p. 130).

One way to visualize such a role could be achieved is through the use of the cyber workforce development

logic model:

The logic model establishes Cyber Workforce and visualizes Development a dedicated Logic Model. role Rogers, (the 2021 cyber workforce development versatilist)

for an individual that possesses the skills of a talent management and organizational development

professional, and the arrows indicate support from those dedicated functions. This individual also

possesses the technical skills of a cyber expert, and the light arrow indicates foundational support from

information technology and cybersecurity. The expert is then able to properly support, grow, and

enhance professionals at any stage of their career.

Potential arguments and considerations

With any new idea, there is always inherent risk. A potential argument to this proposal is that having a

cyber workforce development versatilist role could be considered a duplication. As talent management

and organization development professionals are skilled in developing individuals across the human

capital lifecycle, the responsibility of recruiting by identifying expertise could be shifted to hiring

managers. Hiring managers typically possess the technical skills and (ideally) have moved into

management roles based on their ability to lead. As they possess the necessary skills needed to identify

and recruit talent, they could work with talent management/organization development professionals to

get the same result.

Cyber Defense eMagazineJuly 2021 Edition 134

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

I recommend that leaders of private organizations consider this framework and a dedicated role to cyber

workforce development as there is a great need and not enough bandwidth on either side to ensure

focused development of cyber professionals. Should this approach be adopted, private organizations

(which tend to have less of a cyber team, and instead a cyber individual) would be able to better prepare

for cyber threats and ultimately protect proprietary information. In addition to this, organizations would

become more aware of the resources needed for proper cyber security and have a dedicated

professional(s) for managing and developing those employees across the human capital lifecycle.


Ultimately, the key position is that the landscape of cyber is brand new and there is a great deal that we

do not know about it, yet we still need to prepare. In order to do so, the public sector should consider

developing a specific role (cyber workforce development versatilist) to develop that specific subset of

talent. A cyber workforce professional would have the ability to conduct the responsibilities of a Talent

Management/Organization Development professional but would also have the technical expertise of a

cyber professional. That unique skillset would enable them to identify, recruit and develop talent and

galvanize the workforce.

About the Author

Brandon Rogers is the Chief Executive Officer and Principal

Consultant of Paradoxical Solutions, LLC and a second-year student

at Bowling Green State University in the Doctorate in Organization

Development and Change program. In his most recent role, he was

responsible for cyberspace workforce development with a federal

agency. Before this role, he worked at Honda R&D Americas and was

responsible for implementing engineering tools for requirements

management and Agile project management initiatives for the vehicle

integrated controls department. Brandon graduated from Kent State

University with a BA in I/O Psychology and obtained his MS in Positive

Organizational Development and Change from Case Western Reserve

University. Brandon can be reached online via email

(Brandon.Rogers@paradoxicalsolutions.com) and at his company

website www.paradoxicalsolutions.com.

Cyber Defense eMagazineJuly 2021 Edition 135

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Play 'Smart' on the Crime Scene

By Milica D. Djekic

In criminology, the crime scene is a transferrable term that can cover many physical locations at the same

glance. Also, that spot can be correlated with one or more offenses and in such a fashion it’s important

to deal with the policing as well as investigation skill in order to make an accurate estimation of what

happened for real. It’s quite hard explaining what occurred somewhere and for such a purpose it’s needed

to organize so many officers, detectives and investigators that are capable to during the certain period of

time document the entire situation and do some tracking after the crime has been committed. The crime

scene spot on its own can be permanent and temporary depending if the criminals with their activities are

linked to some spot only for few hours or apparently, several years. In case anyone is doing an

exploitation or production of some good it’s clear that such a group will not change their location that

frequently. On the other hand, in case of some looting scenarios the offenders will just attack some place

and vanish, so far. In both cases, playing smart on the crime scene means leaving no trace in the

cyberspace and some well-organized criminal groups will know so and, say, in some armed robbery they

will switch off their devices relying on the local telecommunication or satellite infrastructure. As it’s known,

the best way to avoid tracking is to disclose device from the crime scene or probably remove its battery

from the housing as that’s the most convenient method to stay invisible, so far. In this article, we will

make a look at the possibilities of the interconnected world to get disconnected sometimes as well as

analyze how it is feasible to avoid the criminal justice tracking for some time, but also never commit the

perfect crime as it does not exist as the absolute security is still impossible.

Many of us have read the news saying some criminal group or syndicate committed some heavy offense

and consequently, they have been arrested after some period of time. Immediately after the incident the

investigators have appeared on the crime scene and they collected the findings and evidence, so far.

Some time has passed and the entire occurrence was under the investigation, so the criminals did not

Cyber Defense eMagazineJuly 2021 Edition 136

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

fail that promptly. After, say, several months the law enforcement agency has announced that the

offenders are finally behind the bars and the entire case is waiting its epilog on the court. It’s quite

challenging to prove someone’s guiltiness and issue some kind of punishment, so it’s clear why it is

significant to do the good investigation and clue collecting procedures. Indeed, the part of the public will

be amazed with so effective policing work, while many will wonder how the officers have accomplished

such a demanding task. The fact is the bad guys will not play that smart on the crime scene and they will

take the activated devices with them. What does that mean? In case anyone is using internet, cell phone

or satellite communication service their signal will leave some footage within the local ICT infrastructure.

Any device amongst the range will do a plenty of recalling in the sub-second moment and doing so it will

send the information it is still the part of the local grid. So, that recalling is crucial and if it is happening

the local service provider will be quite confident that the trace comes from such a device. Another good

point could be how we can know that such a device belongs to that offender.

In the looting sort of crime when some place or person is attacked there will be heaps of security cameras

that will precisely determine and record the moment of the criminal offense. On the other hand, if we

know the time and place we can confirm with the local network if it has caught the signal of any portable

device that uses the internet, cellular or satellite connectivity to deal with the rest of the environment.

That was the piece of cake, was not that?

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, the

Republic of Serbia. She received her engineering background from

the Faculty of Mechanical Engineering, University of Belgrade. She

writes for some domestic and overseas presses and she is also the

author of the book “The Internet of Things: Concept, Applications

and Security” being published in 2017 with the Lambert Academic

Publishing. Milica is also a speaker with the BrightTALK expert’s

channel. She is the member of an ASIS International since 2017 and

contributor to the Australian Cyber Security Magazine since 2018.

Milica's research efforts are recognized with Computer Emergency

Response Team for the European Union (CERT-EU), Censys Press,

BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests

are cyber defense, technology and business. Milica is a person with disability.

Cyber Defense eMagazineJuly 2021 Edition 137

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

The Top 10 Cybersecurity Conferences of 2021

By Nicole Allen, Marketing Executive, SaltDNA.

If you're anything like us, you love going to technology and cyber conferences. Expert forums,

opportunities to test out emerging innovations, and opportunities to network with those in the industry are

just a few reasons as to why attendees enjoy these events. It's important for business and security

executives who want to implement successful cybersecurity programmes to stay up to date on industry

best practises and technologies. That's why we've compiled a list of the best conferences to attend in

2021 from around the world. There's bound to be an event on this list that fits your interests, regardless

of your status or goals!

Despite the fact that COVID-19 has put an end to in-person industry conferences in most countries for

the time being, the cybersecurity events calendar has remained impressively busy. Indoor events will

almost certainly be among the last to return to normal once the Covid response-mandated restrictions in

several countries are lifted. However, due to the widespread availability of vaccines, certain information

security activities scheduled for the second half of 2021 will be held in person. If such plans are carried

out or not, there may be no going back to the previous way things used to be.

It will be interesting to see how many formerly in-person events stick with the online model, follow a hybrid

model where those who can't participate can instead stream presentations, or dismiss the hybrid

alternative altogether.

Cyber Defense eMagazineJuly 2021 Edition 138

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

1. Infosecurity Europe

Where: Olympia, London

When: 8th-10th June 2021

The biggest cybersecurity conference in Europe is Infosecurity Europe. This year marks the 25th

anniversary of the three-day festival. This year's theme is "resilience." Hours of information and

cybersecurity content will provide attendees with realistic insight into governance, risk management, and

compliance, identity and access control, data privacy, and threat intelligence.

It is the European marketplace for information security professionals to conduct business, learn about

industry trends, and communicate with current and potential clients or suppliers. Exhibitors will present

the most diverse selection of new products and services on the market at the show. In addition, an

unrivalled complementary education network draws delegates from all over the world. It will provide you

with business critical knowledge, best practise, and realistic case studies while addressing the most

recent issues and needs.

2. 2021 National Cyber Summit

Where: Huntsville, AL

When: 8th-10th June 2021

The National Cyber Summit is a premier cyber security-technology event that provides industry

visionaries and rising leaders with unique educational, collaborative, and workforce development


The Summit gathers both government and business participants and is held in Huntsville, Alabama, one

of the United States’ greatest technical hubs. Huntsville has long been renowned as the home of

Department of Defense and civilian departments and agencies such as DHS, NIST, NASA, TVA, NSA,

and DOE, but it also has a diverse range of companies. Healthcare, automotive, and energy industries,

as well as academics, genetic research, and high technology, are all represented.

3. Hack In Paris

Where: Maison de la Chimie, Paris

When: 28th June - 2nd July

This event is for hands-on cybersecurity enthusiasts, and it includes realistic laboratories, seminars, and

wargames where you can put your hacking skills to the test against your peers. Hands-on malware

analysis and reverse engineering training with Amr Thabet, a vulnerability researcher at Tenable, are

among the notable training sessions already reported.

Cyber Defense eMagazineJuly 2021 Edition 139

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

4. Black Hat USA 2021

Where: Mandalay Bay Convention Center, Las Vegas

When: 31st July- 5th August 2021

Black Hat USA, now in its 24th year, is hosting a unique hybrid event experience, giving the cybersecurity

community the option of how they want to participate. Black Hat USA 2021 will kick off with four days of

virtual training (July 31-August 3) that will be performed in real-time online with all instructors available at

all times. The two-day main conference (August 4-5), which will include Briefings, Arsenal, Business Hall,

and more, will be a hybrid event, including both an online (virtual) and a live, in-person event in Las


These trainings, which are often only available during Black Hat, are given by professionals from around

the world and provide opportunity for offensive and defensive hackers of all levels to gain firsthand

technical skill-building.

5. DefCon 29

Where: Las Vegas Nevada

When: 5th-8th August 2021

DefCon is the oldest event on the list, having been hosted for the first time in 1993. It is a hands-on

gathering for amateur and professional hackers. The identity of the 25,000 attendees are kept hidden,

and the event features lock-picking contests, cypher challenges, and technical pranks in a competitive

atmosphere. Even the conference badges are highly complicated electronic artefacts full of challenges,

rather than basic laminated pieces of paper.

The badge challenge, which consists of many "sub-puzzles" placed around DEFCON, is one of the most

popular cryptographic puzzle challenges at DefCon. Some tasks are classics that occur every year, while

others are famously tough to solve.

6. Women in Cybersecurity

Where: Denver, Colorado

When: 8th-10th September 2021

This event honours women in academia, industry, and government who are leaders in the field of

cybersecurity. It's a fantastic project to increase diversity in the cybersecurity field, encourage female

Cyber Defense eMagazineJuly 2021 Edition 140

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

leaders, and help each other advance. There is a special emphasis on encouraging female students to

enrol, with scholarships and other forms of support. The list of speakers hasn't been released yet, but

we're expecting it to be fantastic! If you're a woman in cyberspace, you should attend this event.

7. Cybersecurity & Cloud Expo Global 2021

Where: Business Design Centre, London

When: 6th - 7th September 2021

The Cyber Security & Cloud Expo event is co-located with the IoT Tech Expo, AI & Big Data Expo, and

Blockchain Expo on the 6-7 September in the Business Design Centre, and virtually from the 13-15

September, so you can discover the future of these converging technologies under one roof.

As modern companies evolve, the conference agenda will address the genuine concerns that CISOs and

security professionals face today. With an emphasis on collaboration and support for the security

community, we're displaying the most innovative and significant advances in the solutions industry. With

a focus on learning and creating connections in the burgeoning cyber security and cloud arena, the

conference will feature a series of top-level keynotes, interactive panel discussions, and solution-based

case studies.

8. Gartner Security & Risk Management Summit

Where: Orlando, FL

When: 20th-22nd September 2021

The timetable and programme for 2021 are currently in the works. Gartner's own summary of the 2021

event is as follows: Over the course of four days, leaders from security, identity and access management,

and risk management joined Gartner experts digitally to provide vital ideas on developing an effective,

risk-based cybersecurity programme. The conference will provide the tools needed to establish agile

security and IT risk management plans in order to manage the risk that comes with digital companies

and to be better prepared for the next global shock.

9. InfoSec World

Where: Disney Coronado Springs Resort, Orlando, Florida

When: 25th-27th October 2021

InfoSec World has been the "business of security" conference for the past 25 years. While the agenda

has yet to be released, we have no doubt that the organisers will put together a fantastic lineup of

speakers this year, as they always do. The InfoSec World conference is one of the world's largest,

Cyber Defense eMagazineJuly 2021 Edition 141

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

inging together information security professionals from all walks of life, industries, and fields of study -

bringing together over 100 nations worldwide.

The conference this year will combine the best of both worlds, with both an in-person and a virtual

component. If you can, we recommend going in person because you'll be close enough to "breach" the

Magic Kingdom main gate from the conference floor.

10. ACM Conference on Computer and Communications Security

Where: Seoul, South Korea

When: 14th-19th November 2021

The flagship annual conference of the Association of Computing Machinery's Special Interest Group on

Security, Audit, and Control (SIGSAC) is primarily focused on research. Researchers, practitioners,

developers, and users from all around the world will gather at the conference to discuss cutting-edge

ideas and outcomes. The conference holds a range of keynotes with expert speakers specialising in

information security, along with a variety of workshops to get involved in during the event.

If you can’t wait for all of these events and are seeking a way to secure your organisation's

communications in the meantime, please contact us.

About SaltDNA

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software

solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered

encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for

Organisations who value their privacy, by giving them complete control and secure communications, to

protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more

information visit SaltDNA.

About the Author

Nicole Allen, Marketing Executive at SaltDNA. Nicole has been working

within the SaltDNA Marketing team for several years and has played a

crucial role in building SaltDNA's reputation. Nicole implements many

of SaltDNA's digital efforts as well as managing SaltDNA's presence at

events, both virtual and in person events for the company.

Nicole can be reached online at (LINKEDIN, TWITTER or by emailing

nicole.allen@saltdna.com) and at our company website https://saltdna.com/.

Cyber Defense eMagazineJuly 2021 Edition 142

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 143

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 144

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 145

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 146

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 147

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 148

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 149

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 150

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 151

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 152

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

You asked, and it’s finally here…we’ve launched CyberDefense.TV

Hundreds of exceptional interviews and growing…

Market leaders, innovators, CEO hot seat interviews and much more.

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

Cyber Defense eMagazineJuly 2021 Edition 153

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.



This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at


Cyber Defense Magazine

276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.




Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 07/02/2021

Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH

(with others coming soon...)

Cyber Defense eMagazineJuly 2021 Edition 154

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

9 Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know

What You Think. It's mobile and tablet friendly and superfast. We hope you

like it. In addition, we're shooting for 7x24x365 uptime as we continue to

scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS

and CyberDefenseMagazine.com up and running as an array of live mirror

sites and our new B2C consumer magazine CyberSecurityMagazine.com.

Millions of monthly readers and new platforms coming…starting with

https://www.cyberdefenseprofessionals.com this month…

Cyber Defense eMagazineJuly 2021 Edition 155

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 156

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 157

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Cyber Defense eMagazineJuly 2021 Edition 158

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!