Cyber Defense eMagazine July 2021 Edition

More documents

Recommendations

Info

identity theft even more attractive since employee credentials can unlock enterprise access as well as enabling identity theft. As a result, employers are seeing a rise in problems related to stolen credentials. With the coming of the COVID-19 pandemic, organizations found themselves scrambling to extend security to work-from-home employees. To promote business continuity and still maintain systems security, companies realized they had to secure employees’ home networks, laptops, and mobile devices. At the same time, more than half of workers reported having to find a workaround to security measures to do their jobs. The old security strategies are inadequate to support the new remote workforce. What is needed is a new approach that makes personal security and identity authentication easy, foolproof, and costeffective. A digital trust ecosystem could be the golden ticket to security. But, organizations must first learn from the pandemic and adapt to the challenges it presents. Security Lessons Learned from the Pandemic Among the emerging trends from the pandemic is the new work-from-home culture. According to Gartner, 82% of corporate leaders plan to make some form of remote work-from-home policy permanent. What started as a scramble to support a new remote workforce is now an enduring part of the enterprise landscape. While maintaining firewalls and malware protection is still essential, infosec managers also must give more attention to securing home offices and validating remote worker credentials. Authenticating individual employees is an ongoing challenge for the enterprise. While reports of malware attacks are down, phishing attacks are on the rise with companies reporting an average of 1,185 attacks per month, with most attacks seeking to acquire user credentials. No matter how resilient a company’s security measures are, user behavior continues to be a wild card. Any employee can be fooled by a phishing attack and inadvertently hand their keys to corporate access to a cybercriminal. Personal identity continues to be the weak link in security. By acquiring the right personal information, cybercriminals gain unauthorized access to business assets, personal finances, medical records, and more, or they can use stolen credentials to open fraudulent accounts. Since individual user authentication is the weak point in security, there must be a better approach to secure identity. The ideal solution is to create a unique, foolproof personal identifier that stays with the individual. Such an identifier must be able to authenticate identity without revealing personal information that can be used for identity theft, such as a social security number or even a mother’s maiden name. Managing these individual credentials also must create little or no work for infosec while still giving them the means to control access to enterprise assets. Cyber Defense eMagazine – July 2021 Edition 76 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Implementing a digital trust ecosystem based on distributed ledger technology like that used in blockchain offers the ideal approach. Creating a Digital Trust Ecosystem Distributed ledger technology has created new possibilities for managing digital identity. Unlike a traditional database, distributed ledgers record transactional or record details in multiple locations at the same time, with each node verifying every item to create a consensus. For identity management, using distributed ledger allows you to authenticate identity or credentials without exposing the credentials themselves. The only thing that is revealed is that the distributed ledger system has verified the information to prove identity. Using distributed ledger technology, you can create a digital trust ecosystem as a SaaS platform. This approach can be used by a single organization, such as a company, or it can be established as a confidential consortium where multiple entities use the same digital identity verification system. While the underlying technology of a digital trust ecosystem is somewhat complex, the practical approach is simple: 1. It starts with a trusted attribute authority that validates identity information. It could be a government agency such as the Department of Motor Vehicles, or it could be a private company. 2. Users who want to participate need to onboard the consortium. That way they stay in control of who has access to their identity data. 3. During the onboarding process, their identity is verified. The attribute authority validates individuals using whatever information is necessary, such as a social security number, birth certificate, or login credentials, and that data is protected using a distributed ledger. The individual is then given a unique authenticator, such as a QR code. 4. Any organization can opt into the same consortium to authenticate user identity. Since none of the credentials themselves are exposed, there is no risk of identity theft, and there is no longer any need to share passwords or login credentials. The benefit of this approach is the unique identifier follows the user, so the same code can be used for multiple applications. Anyone who wants to use the system simply downloads a QR reader for their smartphone. There is no added work for IT or infosec to secure enterprise users, and the same identity can be extended to partners, suppliers, and other parties without having to set up new credentials each time. Cyber Defense eMagazine – July 2021 Edition 77 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Colonial Key Business Pipeline, Les
Page 3 and 4:
Ransomware, the Ultimate Cyber Thre
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s July 2021 Issue
Page 9 and 10:
Cyber Defense eMagazine - July 2021
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26: Cyber Defense eMagazine - July 2021
Page 33 and 34: Colonial Pipeline, JBS Cyber Attack
Page 35 and 36: is clear: Cyberattacks will continu
Page 37 and 38: of management complexity for any bu
Page 39 and 40: Flipping the Cyber Script Getting A
Page 41 and 42: Trust strategies, they will prevent
Page 43 and 44: The growing threat In the last 12 m
Page 45 and 46: Common Sense Cybersecurity Steps fo
Page 47 and 48: The next big thing: addressing remo
Page 49 and 50: Applying PR tactics is a new page i
Page 51 and 52: NATO to Consider Military Response
Page 53 and 54: The number of open positions in var
Page 55 and 56: 3. Delivery - Transmission of the p
Page 57 and 58: Uncovering the Dark Side of the Col
Page 59 and 60: Energy and Utilities - You Have No
Page 61 and 62: a cyberattack that shut down approx
Page 63 and 64: Ransomware and the Cybersecurity In
Page 65 and 66: About the Author Jack Blount is Pre
Page 67 and 68: The airline industry’s poor recor
Page 69 and 70: Ransomware, the Ultimate Cyber Thre
Page 71 and 72: About the Author Yehudah Sunshine,
Page 73 and 74: A second reason for the increase in
Page 75: A Case of Identity: A New Approach
Page 79 and 80: A 3-Part Plan for Getting Started w
Page 81 and 82: As threats continue to evolve, it
Page 83 and 84: 1. Endpoint and user protection Des
Page 85 and 86: The Risks of The Vulnerable Iot Dev
Page 87 and 88: Insecure Data Transfer and Storage
Page 89 and 90: Three Steps to Building Email Cyber
Page 91 and 92: Plan Ahead and Avoid Disaster The H
Page 93 and 94: NDR technology is built on three pr
Page 95 and 96: Hardware Trojan Detection By Sylvai
Page 97 and 98: the properties (user mode, memory a
Page 99 and 100: About the Author My Name is Sylvain
Page 101 and 102: outside coaches - to help them impr
Page 103 and 104: Tips for Avoiding Online Scams Duri
Page 105 and 106: Phishing Example 1 Phishing refers
Page 107 and 108: About the Author Cindy Murphy is th
Page 109 and 110: The recent Feedzai report confirms
Page 111 and 112: Why Cyber Risk Is the Top Concern o
Page 113 and 114: (BEC) attacks, also known as “fak
Page 115 and 116: What Educational Institutions Need
Page 117 and 118: Firewall Security VPN connectivity,
Page 119 and 120: Business Continuity: Where InfoSec
Page 121 and 122: ● ● ● ● How educated are em
Page 123 and 124: Biometrics Challenges By Milica D.
Page 125 and 126: Epic V. Apple Trial - Impact of Big
Page 127 and 128:
About the Author Brad Ree is the Ch
Page 129 and 130:
eaches because large amounts of hig
Page 131 and 132:
• securing mobile and remote work
Page 133 and 134:
This topic has great relevance beca
Page 135 and 136:
I recommend that leaders of private
Page 137 and 138:
fail that promptly. After, say, sev
Page 139 and 140:
1. Infosecurity Europe Where: Olymp
Page 141 and 142:
leaders, and help each other advanc
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
You asked, and it’s finally here
Page 155 and 156:
9 Years in The Making… Thank You
Page 157 and 158:
show all

Cyber Defense eMagazine July 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?