Cyber Defense eMagazine January Edition for 2022

“Owning Your Identity” Through Biometric

and Passwordless Innovations

How To Thwart Fraud with Phone Numbers

Phishing: How To Improve Cybersecurity

Awareness

Cybersecurity Alone Is Not Enough, Systems

Need Cyber Resiliency

…and much more…

Cyber Defense eMagazine – January 2022 Edition 1

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS

Welcome to CDM’s January 2022 Issue ---------------------------------------------------------------------------------- 6

“Owning Your Identity” Through Biometric and Passwordless Innovations --------------------------------- 38

By Bob Eckel, CEO, Aware

How To Thwart Fraud with Phone Numbers ------------------------------------------------------------------------- 41

By Guillaume Bourcy, Vice President, Data & Identity Solutions, TeleSign

Phishing: How To Improve Cybersecurity Awareness -------------------------------------------------------------- 45

By Jason Stirland, CTO at DeltaNet International

Cybersecurity Alone Is Not Enough, Systems Need Cyber Resiliency ------------------------------------------- 48

By Eric Sivertson, VP of Security Business Development, Lattice Semiconductor

Why Hackers Attack Mobile Devices and How to Prevent It ----------------------------------------------------- 51

By Nicole Allen, Marketing Executive at Salt Communications

How to Avoid Spam Texts and Protect Personal Information in the Digital Age ---------------------------- 56

By Reinhard Seidel, Director Products at Clickatell

Microsoft Successfully Defended The Azure Cloud From A Massive DDOS Attack. (Spoiler: You Can,

Too.) ---------------------------------------------------------------------------------------------------------------------------- 59

by Jason Barr, Senior Director of Innovation, Core BTS

Why Americans Joined Europe in Not Paying Security Ransoms ------------------------------------------------ 63

By Lee Pitman, Global Head of Response Services, BreachQuest

First Steps to Alleviate Long-Term Consequences from A Cyberattack ---------------------------------------- 66

By Sergey Ozhegov, CEO, SearchInform

Looking Ahead: Five Security Trends For 2022 ----------------------------------------------------------------------- 70

By Mark Guntrip, Strategy Leader at Menlo Security.

OT/IT Security – Two Sides of the Same Coin ------------------------------------------------------------------------ 74

By Sachin Shah, CTO of OT, Armis



WatchGuard Technologies’ 2022 Predictions: State-Sponsored Mobile Threats, Space-Related Hacks

and More ---------------------------------------------------------------------------------------------------------------------- 77

By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies

What Are DeFi Flash Loans & How to Prevent Flash Loan Attacks? -------------------------------------------- 81

By Kiril Ivanov, Founder and Technical Lead, Bright Union

Protecting Critical Infrastructure Against Cyberattacks ----------------------------------------------------------- 87

By Sean Deuby | Director of Services, Semperis

Three Key Facts About AI-Driven Network Detection and Response ------------------------------------------- 91

By Eyal Elyashiv, CEO, Cynamics

Cybersecurity Experts Share Their Predictions for 2022 ----------------------------------------------------------- 94

By Danny Lopez, CEO of Glasswall

Our Cyber Defenses Need to Be Battle-Tested to Withstand Future Threats ------------------------------ 109

by Hugo Sanchez, Founder and CEO of rThreat

12 Tips for Improving Access Control in Your Organization ---------------------------------------------------- 113

By Bryon Miller ASCENT

Four Cybersecurity Predictions Federal Agencies Should Expect in 2022 ----------------------------------- 117

By Mark Sincevich, Federal Director, Illumio

Recognizing the Value of Secure Wi-Fi for Unified Security Platforms -------------------------------------- 120

By Ryan Poutre, Product Manager at WatchGuard Technologies

Cybersecurity Tips to Help Your Organization in 2022 ----------------------------------------------------------- 123

By Jeffrey J. Engle, President of Conquest Cyber

New Security Report Reveal 91.5% of Malware Arrives Over HTTPS-Encrypted Connections --------- 126

By Corey Nachreiner, CSO, WatchGuard Technologies



@MILIEFSKY

From the

Publisher…

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a

Dear Friends,

Platinum Media Partner of RSA Conference on June 6-9, 2022 – See You There!

As we celebrate completing the first 10 years of Cyber Defense Magazine #CDM, our leading platform at

the Cyber Defense Media Group (CDMG), we also renew our direction and energy toward expanding and

deepening our publishing and information services; filling the needs of the cybersecurity community.

While we still feel the widespread effects of COVID and WFH, we recognize the necessity of keeping

current with developments in the industry and marketplace. The proliferation of points of vulnerability

under the present cyber landscape has been accompanied by the creation and implementation of new

and heretofore unseen attack vectors.

Cyber criminals are not sitting idle while all of these developments take place. In response, we must

constantly explore new ways to bring together cyber professionals with enlightened management and

investors, in order to find and implement the most effective means of bringing the necessary resources

together.

We therefore are launching our ‘bridge’ from Q1 to Q2 with some incredible news. Learn more at:

https://www.cyberdefenseconferences.com/

Please bookmark this website for a once-in-a-lifetime gathering in April, 2022…

Warmest regards,

Gary S. Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about

CDM, please use #CDM and @CyberDefenseMag and

@Miliefsky – it helps spread the word about our free resources

even more quickly

p.s. Reminder, our favorite infosec event, RSAC 2022 has moved to June 6-9, 2022 a.k.a. D-Day or Operation

Neptune. Don’t wait around for D-Day. Every day is cyberdefenseconferences.com day. More OSINT coming…



@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.

InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

From the International Editor-in-Chief…

In observing the behavior of governmental entities, we see different

imperatives come into play. They tend to be related to the impact

of taxes and regulation in encouraging economic development and

employment choices by organizations to locate headquarters and

operating facilities.

In today’s international environment, we see these forces being

played out in the cybersecurity arena, as reflected in such diverse

areas as consumer privacy protection and antitrust law and

regulation.

What are the trade-offs? They are many and varied. In deciding

where to locate a head office or service center or manufacturing

facility, how to corporate executives weigh such values as the overall

cost of doing business, labor costs, regulatory burdens, taxation,

privacy and consumer protections, and many more.

What is the value of operating in an environment of secure elements

of critical infrastructure? In the world of competitive cybersecurity,

we must always take into consideration the value of reliability,

resilience, and sustainability.

As always, we encourage cooperation and compatibility among

nations and international organizations in responding to these

cybersecurity concerns.

To our faithful readers, we thank you,

Pierluigi Paganini

International Editor-in-Chief

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER

Pierluigi Paganini, CEH

Pierluigi.paganini@cyberdefensemagazine.com

US EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

SKYPE: cyber.defense

http://www.cyberdefensemagazine.com

Copyright © 2022, Cyber Defense Magazine, a division of CYBER

DEFENSE MEDIA GROUP

1717 Pennsylvania Avenue NW, Suite 1025

Washington, D.C. 20006 USA

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

9+ YEARS OF EXCELLENCE!

Providing free information, best practices, tips, and techniques

on cybersecurity since 2012, Cyber Defense magazine is your

go-to-source for Information Security. We’re a proud division

of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

PROFESSIONALS

VENTURES

WEBINARS

CYBERSECURITYMAGAZINE (FOR CONSUMERS)



Welcome to CDM’s January 2022 Issue

From the U.S. Editor-in-Chief

In the first issue of Cyber Defense Magazine for 2022, we continue see patterns developing and

extending into the future. The breadth of topics among the two dozen articles in this issue of Cyber

Defense Magazine reflect the perceived concerns and (in many cases) solutions offered by our

contributing authors.

Our contributing authors have much to offer on current industry challenges from both high-altitude

perspectives and down-to-earth practical analysis of the developments in cybersecurity today.

We encourage you to read through the Table of Contents, where you will see numerous articles of

immediate interest. In this manner, Cyber Defense Magazine strives to bring our readers actionable

intelligence from highly knowledgeable cyber professionals.

We always include a broad spectrum of threats, preventive measures, ways to assure resilience and

sustainability, and operational advice for organizations needing to maintain the confidentiality,

accessibility, and integrity of sensitive data.

In this way, Cyber Defense Magazine keeps our readers current on emerging trends and solutions in the

world of cybersecurity. That is our guiding star in proceeding on this journey with our readers.

Wishing you all success in your cybersecurity endeavors,

Yan Ross

US Editor-in-Chief


About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber

Defense Magazine. He is an accredited author and educator and has

provided editorial services for award-winning best-selling books on a variety

of topics. He also serves as ICFE's Director of Special Projects, and the author

of the Certified Identity Theft Risk Management Specialist ® XV CITRMS®

course. As an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft,

privacy, and cyber security for consumers and organizations holding sensitive personal information. You can reach

him by e-mail at yan.ross@cyberdefensemediagroup.com





MOVED TO JUNE 6-9, 2022…



MUST ATTEND REPLAY

AVAILABLE ON-DEMAND

STARTING JANUARY 6, 2022

AT 2PM EDT



























































“Owning Your Identity” Through Biometric and

Passwordless Innovations

By Bob Eckel, CEO, Aware

Consumers around the world have become increasingly comfortable engaging with businesses digitally.

Between 2020 and 2021, driven in part by the pandemic, the proportion of U.S. consumers using digital

financial services grew from 58 percent to 88 percent. Ecommerce has also grown significantly, especially

when it comes to mobile commerce; Forbes reports that by the end of 2021 mobile will make up about

73 percent of all ecommerce sales, up sharply from 52 percent in 2016.

Unfortunately, there is also risk to these business transactions going online. Malicious actors have taken

note of this growth, and identity fraud schemes have escalated in response. Identity fraud scams – which

typically trick users into giving away their username and password to sensitive accounts, including

banking, credit cards, or online shopping profiles, accounted for $43 billion lost in 2020.



But in spite of this threat, consumers are growing increasingly frustrated with passwords. It’s

understandable, given they now expect webpages to load in one to two seconds or less (including on

mobile) - you can imagine that taking extra time to recall and input passwords can be aggravating.

Authentication processes requiring customers to get codes sent via SMS or email before accessing their

accounts may also result in users exiting online transactions; in fact, research shows that up to 60 percent

of consumers do this for exactly those reasons.

Customers want the best of both worlds – superior convenience combined with the best security out

there. Businesses have no choice to deliver, lest they lose customer confidence and revenue. Is there a

way to meet in the middle?

Benefits of Biometric Security

Biometric authentication is a form of security that verifies an individual’s identity via unique physical

characteristics. Customers who own an iPhone that can be unlocked with their fingerprint or face are

already very familiar with this kind of security. It is extremely effective because it relies on a person’s

unique physical characteristics to secure their data as opposed to something a user has – like login

credentials – that can be shared, stolen, or lost.

Biometrics can also be used as a multifactor authentication tool, adding a level of security without adding

significant processing time. Put simply, multifactor authentication is a method in which a user is logged

in after successfully presenting two or more pieces of evidence – like a password, then a fingerprint – to

an authentication mechanism.

To revert to our iPhone example for a moment, customers looking to purchase from the App Store not

only have to enter their passcode but must also use facial or fingerprint ID to verify their purchase. It’s an

extra level of security without adding noticeable time to the process. This time-saving benefit doesn’t just

apply to customers accessing digital services; it can also be used for effectively onboarding remote

employees and ensuring that employees who need faster access to systems can get what they need

quickly.

Countering Concerns Around Implementation

At a higher societal level, some issues have been raised around the use of biometrics, particularly facial

recognition. Citing privacy concerns, one large social media company recently eliminated its facial

recognition capabilities. Simultaneously, a major airline announced they were working to expand their

facial recognition-enabled offerings in scale and scope so more customers can experience a hands-free

journey in the future.

The difference in societal response to the implementation of facial recognition can be traced to a series

of security and procedural concerns. The majority of these concerns stem from the consent and



transparency issues that often surround facial recognition use. Biometrics in the form of facial recognition

can have huge benefits, when implemented properly. What does this mean?

Organizations should ensure that all procedures are clear, consent-based, have easy opt-in and opt-out

options, and are transparent about what information is being used or collected. This enables users to

“own their identities” and helps them feel secure in how their data is being collected and/or used.

Additionally, organizations should only deploy the biometric technologies that are sufficient and accurate

for the given use case. Furthermore, it’s important that humans review a biometric system’s results when

making important decisions.

Additionally, organizations should work to ensure biometric data storage solutions are secure,

anonymized and encrypted. Also, they should facilitate internal and external oversight of biometric

technology deployments and require system operators to complete training on proper use. Along with

these efforts, organizations should consistently conduct operational performance assessments when

deploying these technologies – and keep doing it even after the initial launch. Lastly, it’s important to

upgrade biometric systems to ensure the most accurate, secure and privacy-protective technologies are

being used.

With biometric solutions, everyone benefits; companies can offer greater security and minimize risks, and

customers and employees enjoy a faster, frictionless experience while still owning their digital identity.

There’s no doubt that biometrics is the present and future of authentication, but it needs to be done in a

manner that is consistent with privacy. By following best security practices and ensuring there is always

a human element in place to mitigate potential failures, organizations can ensure that they themselves,

their customers and employees all reap the benefits from these solutions

About the Author

Robert A. Eckel has been Chief Executive Officer and President

of Aware (NASDAQ: AWRE) since September 2019. Mr. Eckel

also serves on the board of directors for the International

Biometrics + Identity Association (IBIA), and as a strategic

advisory board member of Evolv Technology. Over his

distinguished career, he has held many positions of note within

the biometric and identity space, including: Regional President

and Chief Executive Officer of IDEMIA’s NORAM Identity &

Security division from 2017 to 2018; President and Chief Executive Officer of MorphoTrust USA, LLC

from 2011 to 2017; Executive Vice President and President of the Secure Credentialing Division of L-1

Identity Solutions Company from 2008-2011; and President of the Identity Systems division of Digimarc

Corporation from 2005 to 2008. Mr. Eckel has received his master’s degree in Electrical Engineering from

the University of California Los Angeles, and his bachelor’s degree in Electrical Engineering from the

University of Connecticut

Robert A. Eckel can be reached online at bobeckel@aware.com and at our company website



How To Thwart Fraud with Phone Numbers

By Guillaume Bourcy, Vice President, Data & Identity Solutions, TeleSign

During the peak of the global pandemic, online shopping and cybercriminal activity hit unprecedented

figures, hitting merchants' bottom lines hard. Juniper Research predicts that merchant losses from

eCommerce fraud in 2021 will be $20 billion, up from $17 billion in 2020. Slowing – or reversing – this

trend makes prioritizing fraud prevention strategies across all eCommerce channels an imperative in

2022 and beyond. The first step? Require that all new and existing customers provide their phone

numbers. It may sound like an overly simplistic solution but leveraging the data and insights that the

humble phone number offers is a game-changer for fraud protection.

Setting the stage for phone verification with today's data challenges

Understanding how phone numbers can play an essential role in verifying the legitimacy of a transaction

or customer starts with understanding the ever-growing volumes of sensitive data consumers entrust to

brands.



This information falls into two categories:

Online data: Think about everything created and stored on the internet, such as web browsing histories,

digital ad interactions, previous in-app purchases, email addresses, social media posts, and a device's

IP address.

Offline data: This refers to anything related to life in the physical world, including demographics like age,

race, ethnicity, gender, marital status, income, education, and employment, as well as past and current

mailing addresses and social security numbers.

Managing these disparate datasets has become increasingly arduous. They are typically segregated and

scattered across CRM platforms and multiple on-site or cloud-based applications and databases. Evergrowing

legal and regulatory requirements that govern the collection and use of consumers' personal and

sensitive information only add to this complexity. These elements can make it very difficult for merchants

to consistently create holistic customer profiles to verify customers' identities.

The phone number as a game-changer

A customer's phone number is unique from other personal identifiable information (PII) because it "lives"

in both the online and offline data worlds. That makes it the primary customer identifier that links to other

pieces of information to strengthen the KYC/CDD (know your customer/customer due diligence) process.

For many, the first step is implementing one-time passcodes and multi-factor authentication (often

through SMS messages) to reduce new types of account registration fraud and thwart thieves attempting

to disguise themselves as legitimate customers. But because phone numbers bridge and verify identity

between the online and offline world, they are a high-value target for fraudsters to steal.

While it's hard to steal a phone number, it's not impossible. SIM swap attacks, where cybercriminals steal

someone's identity by porting their phone number to a burner phone (often with the carriers' unwitting

assistance) and using those phones to impersonate the victim, are on the rise. Deploying checks at highvalue

and high-risk interactions with phone number intelligence can help prevent account takeovers from

SIM Swap attacks. Phone number intelligence and risk scoring can look at attributes, including the last

porting date, and tie it to other key user identity attributes such as emails, IPs, and devices to assess the

likelihood that a phone is in the possession of its owner.

Don't rely on manual processes

The Juniper report mentioned above also recommends merchants implement artificial intelligence and

machine learning-powered automated fraud prevention systems to validate customers' identities.

Machine learning and AI learns, adapts, and delivers real-time behavioral and digital identity insights to

protect systems and customer accounts better. These ML and AI-powered systems are constantly



mutable and dynamic by continually assessing and tweaking parameters to analyze all potential fraud

avenues at any given time correctly.

Automated phone number reputation scoring is an excellent example of this type of technology. Phone

number reputation scoring helps determine individual risk-level for each user and phone number on a

merchant's platform – in near-real-time. It does this by scrutinizing and redetermining multiple behavior

signals associated with that number for greater accuracy in identifying risky behavior and security threats.

Adding in an association of multiple nodes of identifiers (e.g., associate phone numbers and IPs, emails,

etc.) also helps to improve accuracy.

Businesses that validate their customers behind the scenes with these systems are working to end the

tradeoff between smooth online experiences and fraud prevention tactics. They also relieve security

teams of the responsibility and burden of conducting thousands of manual and friction-inducing security

checks.

The Time is Now

Over five billion people use their mobile phones every day, with millions more signing on by 2022 1 . As

we approach 70% of the world actively using mobile technology, it highlights how truly connected the

world is becoming and reveals the ever-growing potential for fraudulent activities 2 . As fraud becomes

ever more imaginative and adaptive year-over-year, implementing nimble and intelligent fraud prevention

strategies is vitally important. Starting this journey now will ensure a more secure and engaging

experience for both you and your customers.

To learn more about how you can work to protect your customers through phone numbers and establish

continuous trust, please visit TeleSign.

1

https://www.gsma.com/mobileeconomy/wp-content/uploads/2021/07/GSMA_MobileEconomy2021_3.pdf

2

https://www.oberlo.com/blog/internet-statistics



About the Author

Guillaume Bourcy is the Vice President, Data & Identity

Solutions of TeleSign

Currently, Guillaume leads teams responsible for data

science, partnerships, product, pre-sales and innovation.

Prior to Telesign, Guillaume had more than 15 years’

experience in rapidly growing the Telco and Identity

Solutions at BICS, a subsidiary of Proximus, from the

ground up to becoming an industry leader using both

organic and M&A growth. Guillaume’s work philosophy is

to learn something new every day so you can bring new

ideas to fuel innovation and drive results. If he is not

working on the next identity solution, you will most likely find him writing comics books, surfing,

or running.

Guillaume can be reached online at (LinkedIN) and at our company website: https://telesign-

3.webflow.io/



Phishing: How To Improve Cybersecurity Awareness

By Jason Stirland, CTO at DeltaNet International

According to research by Proofpoint, 75% of organizations around the world experienced a phishing

attack in 2020, and 74% of attacks targeting US businesses were successful. Furthermore, a study

by ENISA, found that 85% of the SMEs questioned agree that cybersecurity issues would have a

detrimental impact on their businesses, with 57% saying they would go out of business if hit. The study

also reveals that phishing attacks are the most common cyber incidents SMEs are likely to be exposed

to, in addition to ransomware attacks, stolen laptops and CEO frauds.

With many employees continuing to work remotely (or at least commence hybrid

work), organizations must support their employees and educate them on

the cybersecurity threats they will undoubtedly face. These include phishing and social engineering

attacks. As employees are the front line of an organization, it should be their utmost priority to ensure

employees and the organization don’t fall victim to potential phishing attacks.

So how can organizations improve cybersecurity awareness training to protect against phishing attacks?



1 – Educate employees using bitesize online training

It’s no surprise that employees loathe long training sessions that take time out of their day, leading to low

engagement. So, using bitesize learning to teach employees about phishing threats and general

cybersecurity awareness will be better received. Shorter training interventions means employees s can

fit learning around their day and work schedule, which will reduce reluctance to do mandatory

training. Additionally, with attention spans decreased by constant notifications of emails and messages

from collaboration platforms like Teams and Slack, it’s crucial to use interactive content to capture

employees' interest. This way, they are more likely to understand phishing and cybersecurity threats the

business faces daily.

2 – Assess employees on knowledge retention

While it’s easy to think of some compliance training as a mere tick-box exercise, organizations must

check their employees have actually learnt something from the training. If not, then the training needs to

improve - quickly! Phishing and cybersecurity attacks are becoming increasingly sophisticated, so

organizations want to ensure that their employees can spot a phishing scam successfully when faced. A

great way of assessing employee understanding of scams is by using a phishing simulation tool to send

imitation phishing emails to employees to test their awareness levels. It's imperative to test employees

against spear-phishing attacks too. This is a method where a cybercriminal targets individuals within the

organization, posing as a trusted source (e.g., the CEO or a supplier) to gain confidential data.

3 – Auto-enroll employees on correctional training

Understanding which employees failed the simulated phishing scams is a significant way to analyze the

cybersecurity risk employees pose. To reduce risk, organizations should auto-enroll employees who fail

the phishing scam (e.g. by clicking on a suspicious URL or sharing confidential data) onto further

cybersecurity awareness training. Follow up this correctional training with company compliance

documents, internal discussions on the importance of recognizing threats, and how employees must play

their part in keeping the organization safe. This will help to fortify the importance of cybersecurity

awareness.

4 – Track the value of training

Organizations can track and analyze the results of their cybersecurity awareness training by

using a learning experience platform, such as Astute LXP. Intelligent platforms like this can help



organizations gather data all in one place to track the open rates and click rates on suspicious URLs and

the completion of sharing any confidential data. Repeating this exercise once employees have been

refreshed on cybersecurity awareness training, and analyzing their pass rate on the simulated phishing

email, will reveal which employees have understood their training and put it into practice. This helps

organizations to recognize how their security position has improved as a result of the training, making a

clear case for continuous investment and refresher training in cybersecurity awareness going forward.

5 – Update employees on current phishing trends

An organization’s cybersecurity risk is only as strong as its weakest link. According to Tessian, nearly a

quarter (22%) of UK citizens have received phishing emails asking them to download ‘proof of

vaccination’ in the past six months - and in the US, this figure rose to 35%! Statistics like these go to

show how keeping all employees trained, tested, and updated with the latest cybersecurity techniques

and phishing scams is critical to protecting your company’s infrastructure.

6 – Embedding a cybersecurity compliance culture

Putting in place a cybersecurity culture within the organization is easier said than done. But what it means

is that employees understand the importance of following cybersecurity guidelines, completing

mandatory training, and using best practices, e.g., strong passwords and triple-checking emails for any

malicious URLs before clicking on them. If employees are in a company environment where they are

reminded of common phishing and ransomware attacks and what to look out for, it will become second

nature to them and reduce susceptibility significantly.

About the Author

Jason Stirland, CTO at DeltaNet International. Having

completed his degree in Networking & Communications

Technologies, Jason Stirland has spent nine years

working in eLearning. From starting his career as firstline

technical support, Jason has expanded his role to

incorporate programming and sales and often

hosts consultative software meetings for key clients.

Jason has been responsible for developing DeltaNet’s

Astute Learning Management System, as well as the organization’s IT/security infrastructure and

software strategy.

Jason Stirland can be reached online via LinkedIn and via our company website https://www.deltanet.com/.



Cybersecurity Alone Is Not Enough, Systems Need Cyber

Resiliency

Electronics systems today need to go beyond preparedness for an attack to resiliency during and after

one.

By Eric Sivertson, VP of Security Business Development, Lattice Semiconductor

The National Vulnerability Database reported that between 2016 and 2019 the number of firmware

vulnerabilities grew over 700 percent. Industry analyst group, Gartner, reports that by 2022 “70 percent

of organizations that do not have a firmware upgrade plan in place will be breached due to a firmware

vulnerability 1 .”

Not only do these vulnerabilities jeopardize final products deployed in the field, but they can also impact

individual components as they move through today’s rapidly changing and increasingly unpredictable

global electronics supply chain, from initial component manufacturing and shipment to a contract

manufacturer, to system integration and on through the device’s entire operating life in the field. Firmware

vulnerabilities can be exploited by bad actors and expose organizations to different security issues,

including data theft, data corruption, unauthorized hardware modification, equipment hijacking, product

cloning, ransomware, and design theft. Because such exploits occur below the operating system level,

they often go undetected my anti-virus software until the damage is done, potentially having a major

impact on a company’s revenue and reputation.

Electronic systems must be able to adapt to new threats as they evolve and automatically take

appropriate action when compromised firmware is detected. To protect system firmware, security

solutions need resiliency against firmware attacks based on a parallel, real-time, reactive solution that



offers comprehensive firmware protection throughout a system’s lifecycle. Firmware protection must span

the full life cycle of a component, beginning with the time spent moving through the supply chain, initial

product assembly, end-product shipping, integration, through the product’s entire operational life.

While cybersecurity is a widely known necessity, cyber resiliency is still an emerging concept for most

organizations. Cybersecurity refers to the technologies, processes, and practices employed to protect

network, devices, applications, and data from cyberattacks, Cyber resiliency goes a step further and

deals with what is done after an attack takes place. Cyber resiliency is defined as the ability to

continuously deliver an intended outcome despite adverse cyber events like an attack. Cyber resiliency

embraces information security, business continuity, and overall organizational resilience in today’s rapidly

evolving threat landscape.

Cybersecurity is the foundation of cyber resiliency, but cybersecurity is becoming an overloaded term.

Take the widely-used cybersecurity solution, the trusted platform module (TPM), as an example. The

Trusted Computing Group describes a TPM as a computer chip that can securely store artifacts used to

authenticate your PC or laptop, including passwords, certificates, or encryption keys. This is a strong

cybersecurity component but lacks some key features needed to be truly cyber-resilient.

While the TPM concept is certainly an important development in hardware security, it does have

vulnerabilities, particularly during cold boot when some firmware elements are required for boot before

the TPM typically becomes active. That short window of time between when components on a

motherboard are powered up by their firmware and when the OS is an increasingly popular attack vector

for today’s cybercriminals. To combat this threat, systems need to implement a Hardware Root of Trust

(HRoT) with strong, dynamic, cyber resilient protections in addition to cybersecurity solutions like TPM.

A Cyber-resilient HRoT validates the firmware of each mainboard component before activating it. As it

boots the system, the HRoT checks itself to ensure its running valid firmware and holds other system ICs

in reset mode until their firmware is cryptographically validated. It is essential to validate firmware before

it is loaded into ICs, because malware-infected firmware can mask its presence from the OS once it’s

installed itself. In addition to securely booting the hardware, the HRoT continuously monitors other

protected components’ firmware against attacks. If corrupted firmware is detected by the HRoT IC, it can

quickly replace the corrupt firmware with the last known-good firmware, log the violation for future

examination, and resume system operation uninterrupted and un-corrupted. That ability to resume normal

operations securely, quickly, and unassisted is what makes the system cyber resilient.

In an increasingly sophisticated threat environment, organizations must take steps to not only secure

their systems against cyberthreats, but they must also make their systems resilient enough to mitigate

an attack in real-time and maintain the integrity of their firmware automatically.

References:

1

Source: Gartner, July 2019



About the Author

Eric Sivertson is an experienced entrepreneur, executive and

engineer with 30+ years developing technologies to enhance

trust & security in embedded systems, wireless connectivity, and

high performance & reconfigurable computing. He currently

serves as Lattice Semiconductor’s Vice-President of its Security

Business. He is focused on building business in this growth

market for Lattice, as well as supporting leading edge solutions

development within the organization.

Prior to joining Lattice, he founded his own Security & Consulting Company in Silicon Valley and has

been provider and/or advisor to many Silicon Valley Startups and Fortune 500 companies with regards

to Security IP and implementations, blockchain, AI/ML based security solutions, markets and

critical requirements. Additionally, he was Executive Vice-President of Kontron’s Aviation, Transportation

and Defense Business Unit and before that he was General Manager of Xilinx Aerospace and Defense

Business Unit. He also ran one of Thales largest North American engineering organizations that

developed the world’s most secure and advanced Software Defined Radio (SDR) currently deployed

extensively throughout the world. He earned his Electrical Engineering degree from Virginia Polytechnic

Institute and State University (BSEE).

Eric can be reached online at eric.sivertson@latticesemi.com and at the company website

https://www.latticesemi.com/



Why Hackers Attack Mobile Devices and How to Prevent

It

By Nicole Allen, Marketing Executive at Salt Communications

According to a Gallup poll, the frequency of remote work cyber-attacks has nearly doubled since the

beginning of the pandemic. Employees were thrown into a world of remote work immediately, utilising a

wide variety of cloud-based software and apps. With the need to adapt so quickly, many businesses have

been left unprepared in terms of their cybersecurity protection.

Businesses may not understand that in many cases their weakest link is their mobile security. To gain

access to a company's whole network, a cybercriminal only has to break into one unprotected mobile

device (phone, laptop, or tablet).

Why it only takes one device

Such intrusions can be crippling to a business. The implications can be vast with an immediate impact

on costs, interrupting operations, jeopardising crucial data assets, and damaging customer relationships.

In reality, when a small business is harmed by a cyber-attack, nearly 60% of those affected are unable

to recover and go out of business within six months.

Employee mobility has transformed the way we do business, but it has also introduced new security

vulnerabilities. Mobile users, on average, spend about 80% of their time outside of the protected business

network, accessing the internet from places other than the office or company locations. With this

increased mobility, far too many devices are left vulnerable to more sophisticated hacking techniques –

especially when enterprise IT departments fail to deploy mobile device security fixes and upgrades.



Why Hackers Target Mobile To obtain company data

About half of all cyber-attacks on organisations are aimed at collecting company information and/or

proprietary data from customers, such as personal mobile data, social security numbers and credit card

numbers. A hacker may be able to simply take a mobile device that an employee is using for email or

accessing company data. Hackers know exactly where to search and download data on mobile devices

because all emails and attachments are stored in one folder.

Mobile Interception

Your mobile phone could be used for industrial espionage, illicit data transfers, or exchanging business

secrets. All of this is accomplished via intercepting mobile signals, listening in on voice calls, or utilising

your phone as a bug. With the number of workers increasingly working from home there is a higher

amount of business related communications being exchanged remotely which increases the danger if

not protected.

The Stingray/GSM interceptor/IMSI catcher is a piece of equipment that can collect data from hundreds

of phones in a specific region, as well as launch denial-of-service attacks and intercept conversations.

These products are not legally available, but they can be obtained on the black market or over the deep

web.

As well as NGN (Next Generation Networks, such as 3G, 4G, and 5G), GSM (Global System for Mobile

Communications), and CDMA (Code Division Multiple Access) are the three types of mobile networks

(Code Division Multiple Access) and multiple surveillance systems are tracking all three of them. Data

from mobile phones is passively captured as it passes over these networks between the phone and the

base station with which it is communicating. It is possible to intercept both uplink (outgoing voice or data)

and downlink (incoming voice or data) transmissions.

Land & Expand

Land and expand is to move beyond device control to higher-value goals, such as the corporate network.

Someone who has hacked a mobile device can acquire corporate access in a variety of ways. The basic

technique is to utilise the smartphone that the hacker now controls to send messages and emails in the

name of the real user in order to obtain additional information or cause disruption. Alternatively, the

hacker can take advantage of the mobile device's access to the corporate Wi-Fi network when the user

returns to the office and reconnects.

The guest network in a target company's lobby can potentially be exploited by a hacker. They may

observe if there are more persons connected than are actually waiting in the lobby once they log onto



the network. This is a good indicator that employees are accessing the guest network to access apps

and sites that the corporate network blocks. The hacker can then simply deceive a user into downloading

what appears to be a game, take control of their device, and grant themselves super-admin capabilities,

allowing them to access the entire network for nefarious purposes.

Deliver Malware

Ransomware and viruses can give a hacker an immediate cash advantage. That was the case with the

WannaCry ransomware assault in 2017, which notified victims that their device had been encrypted and

demanded payment in Bitcoin to unlock it.

WannaCry's hackers specifically targeted Android devices and hacked into a Wi-Fi network and scanned

all linked Android smartphones to see which were vulnerable to their ransomware. The hackers infected

one phone, then used it to lock down entire firms and demand ransom payments when the user returned

to the corporate office and connected onto the company network.

Another example is a malware called ‘Pegasus’ was being used to target WhatsApp users through a flaw

in the app. According to a product description filed as an exhibit in WhatsApp’s 2019 lawsuit, the Pegasus

software was designed to “covertly collect information about your target’s relationships, location, phone

conversations, plans and activities – whenever and wherever they are.” According to this description, the

programme also tracked GPS whereabouts, monitored audio and VoIP communications, and gathered

other data - leaving no trace on the device.

Some organisations even after these events are still dealing with sensitive corporate, Government or

client communications on consumer apps. . Using a closed system like Salt Communications protects

businesses from the risk of crucial and sensitive data being compromised.

How to prevent it

Business cybersecurity has never been more critical than it is now, both to the pandemic and the rise of

the mobile workforce. To guard against potential dangers and safeguard your firm from a potentially

catastrophic cyber-attack, you must implement a zero-trust mentality. This necessitates a proactive

strategy to threat management, as well as how you monitor the people, systems, and services that

connect to your network.

There are a number of ways that your organisation can protect themselves through simple strategies.

Organisations can implement a unified endpoint management (UEM) which allows IT to manage, secure

and deploy corporate resources and applications on any device from a single console. Mobile device



management was the initial step toward unified endpoint management, followed by enterprise mobility

management. The mobile device management strategy, on the other hand, does not offer BYOD

flexibility, which allows employees to switch from personal to work use of their devices at any time and

from anywhere.

Another method is providing regular cybersecurity awareness best practices training. Rather than

imposing regulations that impede employees' capacity to do their jobs, a good staff awareness

programme should complement how people work. The goal is to assist them in gaining the necessary

skills and knowledge to work, as well as recognising when to express any issues. No one is immune to

making mistakes or being a victim of a scam. In fact, because senior personnel are higher-value targets,

scammers are more likely to target them (for example, through business email infiltration techniques), as

the information that they share is often deemed to be most valuable.

This is often why organisations choose to implement a secure communications platform to communicate

securely both internally and externally. This system allows professionals to carry out secure calls and

message threads with the assurance of complete privacy of their communications. Applications such as

Salt Communications protect your company's data from coming under threat from attacks from outside

your organisation.

To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications

contact us on info@saltcommunications.com or visit our website at saltcommunications.com.

About Salt Communications:

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged

software solution giving absolute privacy in mobile communications. It is easy to deploy and

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications

offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and

secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in

Belfast, N. Ireland, for more information visit Salt Communications.



About the Author

Nicole Allen, Marketing Executive at Salt Communications.

Nicole has been working within the Salt Communications

Marketing team for several years and has played a crucial

role in building Salt Communications reputation. Nicole

implements many of Salt Communications digital efforts as

well as managing Salt Communications presence at events,

both virtual and in person events for the company.

Nicole can be reached online at (LINKEDIN, TWITTER or by

emailing nicole.allen@saltcommunications.com) and at our

company website https://saltcommunications.com/



How to Avoid Spam Texts and Protect Personal

Information in the Digital Age

With Spam Texts on the Rise Consumers Must do their Due Diligence

By Reinhard Seidel, Director Products at Clickatell

How to Avoid Spam Texts and Protect Personal Information in the Digital Age

There have been many advantages to the accelerated digital revolution we are experiencing, but a

negative impact is the increased risk for cyber threats. In 2020, spam and phishing text messages were

up 146% in the US, subjecting consumers to dangerous cybercriminals attempting to steal valuable

personal information. While the FCC says they plan to crack down on these messages, it’s still more

important than ever that consumers are aware of the tell-tale signs of spam texts and phishing messages,

and how message content, encryption security and identity are handled by SMS providers and business

chat technology vendors to protect themselves and their information.



Know your customer

As spam and phishing messages are on the rise messaging service providers need to ensure more than

ever that its business customers are complying to rules and regulations. This includes communicating

compliance rules to brands, ensuring the legitimacy of businesses, understanding the use cases and go

through proper approval processes for new service offerings.

These compliance efforts have been underway for several years now in the US when it comes to Short

Code services (5-or 6-digit numbers that are used for sending messages). This year mobile operators

have launched additional compliance requirements for message traffic that is sent on long numbers

(standard 10-digit phone numbers). Those type of message traffic has been flowing largely unregulated

in the US for the last 10 years and has been subjected to spamming and phishing attacks by bad actors.

Not anymore, as now every entity who seeks to send SMS text traffic in the US is required to register its

brand and campaign before being able to obtain a long number and send message traffic. The new

regulatory regime is called 10DLC (10 Digit long code). It is the responsibility of SMS providers like

Clickatell to enforce those rules and make sure its customers are fully compliant.

Similar to how compliance is managed in the SMS world messaging service providers as well as the

large chat app providers such as WhatsApp or Apple are also enforcing strict registration and verification

rules. Messaging service provider are required to help qualify and register campaigns and services for

its business customers on channels such as WhatsApp or Apple. In addition, they provide end to end

service security via message encryption and manage authentication, verification and other security

related services for its business customers.

Spotting a Fraudulent Text Message

The first step in identifying a fraudulent message is understanding the different types of phone numbers

used to deploy messages. Most legitimate text messages are sent via short code numbers that contain

5-6 digits and are primarily used only by large enterprise companies due to high costs. As mentioned,

short code numbers have been strictly regulated for many years making it extremely rare to receive

a spam text or phishing attack from a short code number.

On the other hand, if you receive a message from a normal 10-digit phone number claiming to be your

bank, network provider, or retailer you’ve engaged with, you need to be cautious. The message could

still come from a non-compliant long number that was obtained before the introduction of stringent

registration requirements allowing only established brands to send messages via 10DLC regulation. If

the message is coming from an 1800 number, it will have also have gone through a verification process

and can be considered relatively safe.



What to do if you receive a message from a 10-digit number

If a suspicious text message received on a 10-digit number requires action and includes a shortened

URL, consumers should avoid the link provided and contact the brand directly to validate the

claim. Chances are the message is fraudulent and the sender is attempting to steal valuable information,

so ensure you are calling the company directly and not replying to the sender. Often the fraudster will

impersonate a large brand asking for personal information, claiming an account reset, information update,

missed shipment, failed payment or even a prize to be claimed.

What can businesses do to mitigate fraud?

Digitalization has transformed businesses, and business owners are increasingly realizing that using chat

platforms to manage and mitigate fraud offers them immediate and significant gains. While retailers,

banks, financial services providers have traditionally conducted the majority of transactions within a

native branded application, there is an increasing shift to use SMS text for brief notifications and complete

transactions in rich chat applications such as WhatsApp, Messenger, etc. Likewise, there is a shift to

mitigate fraud in the chat channel.

When someone is using a chat application, the identity of the user can be ascertained with a high level

of certainty through various means. For example, biometric information such as fingerprint could be used

in addition to a standard login and password or the mobile user can be asked to submit a picture of their

ID in the rich chat for critical transactions. It is also possible to have additional security questions captured

through a chat engagement. All of this means that the fraud department can flag suspicious behavior with

a high level of confidence.

In today’s business environment, forward-thinking businesses absolutely must ensure sensitive

commercial and customer data remains secure. Incorporating chat commerce platforms with fraud alert

programs allows customers to transact via secure chat apps with end-to-end encryption, multi-factor

authentication, and privacy.

Next time you receive a skeptical message from a brand, be sure to reference these tips to ensure your

data is secure. Happy shopping!

About the Author

Reinhard Seidel is Product Director at Clickatell responsible for

Clickatell’s communication platform including messaging APIs

and channels such as WhatsApp, SMS, and more. He manages

overall communication channel vision and strategy, collecting

market input, and defining product roadmap and requirements.

For more information, visit https://www.clickatell.com/.



Microsoft Successfully Defended The Azure Cloud From A

Massive DDOS Attack. (Spoiler: You Can, Too.)

How can you fend off the largest DDoS attack in history? For Microsoft, early detection and investing in

software as a service was key. Read on to learn more.

by Jason Barr, Senior Director of Innovation, Core BTS

Last month, European Azure Cloud users faced the largest Distributed Denial-of-Service (DDoS) attack

in history. Yet, it was business as usual for Azure Cloud customers — all thanks to Microsoft’s well

thought out security protections.

For years, Microsoft has warned that cyberattacks are growing more sophisticated. Beyond predicting

the future of the security landscape, the industry leader has worked hard to prevent attempted breaches

before they happen.

As technology environments continue to grow more complex, we can all take note of Microsoft’s

successful defense strategy consisting of early detection, effective defense of data, and depth of

coverage.



Yet, no organization should entirely rely on its cloud provider for protection. Beyond the cloud, companies

also need to invest in security software and services to protect themselves and equip their organizations

to rapidly respond to the unexpected.

Early detection made Microsoft stand out

Over the course of just 10 minutes in August 2021, 70,000 sources across East Asia and the U.S.

attempted to breach the Azure Cloud. They were unsuccessful. But this 2.4 Tbps DDoS attack was 140

percent larger than 2020’s largest attack, proving the durability of Microsoft’s platform.

At Microsoft, the Azure DDoS protection team protects the property in Microsoft and the wider Azure

infrastructure. While no cloud system is infallible, Microsoft’s distributed DDoS detection can quickly scale

to absorb tens of thousands of terabits of DDoS attacks in seconds.

During the first half of 2021, Microsoft reported a 25% increase in the number of attacks compared to Q4

2020. While it’s impossible for security analysts to pinpoint exactly how it blocked this particular attack,

there are several key elements that contributed to its secure infrastructure:

Early detection: Early warning indicators gave Microsoft instant visibility so the company could respond

and scale its systems. The sooner your software detects a breach, the less likely it will get out of hand.

Immediate mitigation: Azure’s DDoS control plane logic immediately took action when it detected the

DDoS attack. By optimizing the fastest time-to-mitigation, they were able to prevent collateral damage

from large-scale bad actors.

Strategic allocation of resources: Like many of its counterparts, Azure DDoS protections trigger

mitigating sequences that dynamically allocate resources closer to the attack sources — and as far away

from the customer region as possible.

5 steps to investing in security as a service

Security is a shared responsibility between clients and cloud providers. As you consider your options,

evaluate software as a service (SaaS), key infrastructure elements, and the UX of the app or platform

hosting the technology.

The more clients can push for software as a service (SaaS), the more protection and capabilities they’ll

have in place. Providers like Microsoft also offer infrastructure optimization, which involves patching the

infrastructure and ensuring all virtual machines are up to date. If you ask me, the app interface you’re

interacting with regularly is paramount to a strong security platform. Microsoft is taking on these services

to ensure they are delivering accessible and high-quality content at the tap of a button.



However, you can’t rely 100% on the cloud provider to keep you safe in today’s landscape. The

responsibility also falls to you. It’s important to build strong protections, evaluate the business implications

of a breach, and determine which additional security software to invest in, independently of your cloud

provider.

As the bandwidth, frequency, and duration of attacks soars, here are a few key actions you can take to

determine the right type of security protection for your organization.

Ask yourself “Why me?” Requirements drive decision-making. The first step in defending your data is

simple: Understand the scope of your risk in the short and long term. While the industry is doing a great

job informing organizations that security should be top of mind, it is equally important to determine your

organization’s unique vulnerabilities.

Evaluate the business outcomes. Only 65% of organizations have a cybersecurity expert, yet the

business implications of a breach can be astronomical. Remember, cyber criminals aren’t trying to steal

your data. They’re trying to halt all business functions to stop revenue in its tracks. E-commerce platforms,

for example, can lose millions of dollars every minute they are shut down by a DDoS. With that in mind,

consider the impact of the breach on your products, supply chain, and brand visibility to make the case

for better security technology.

Assess the value of your tools regularly. Security and risk management spending grew 6.4% in 2021

alone. Ever-evolving cloud capabilities come at a cost, so be sure to weigh your risk against relevant

surfaces and tools. Since price models will continue to change, you should evaluate your risks and unique

needs on a monthly basis.

Build a business case. Many traditional mentalities don’t view security technology as a necessary

investment. Counter outdated perspectives by educating your executive leadership, providing relevant

total cost of ownership (TCO) financials, and presenting return on investment (ROI) evaluations.

Establish your non-negotiables. From a security perspective, there are certain elements that are nonnegotiable

on the cloud. Know your business requirements, people, apps, and data to inform your security

needs.

While the threat of cyberattacks is ongoing, you can reduce the risk of DDoS attack on the cloud by

investing in a range of security solutions. As technology professionals, everything we do involves data.

We see security threats every single day, and it’s essential to stay visible.

The next biggest DDoS attack in history is around the corner. Learn more about how to face the future

head on today.



About the Author

Jason Barr is the Director of Innovation of Core BTS. He specializes

in leveraging Microsoft technologies to drive digital transformation

across enterprise organizations. A supportive mentor and coach,

Jason has 20 years of experience helping C-Level executives and

technology professionals align IT initiatives to business goals. His

expertise includes IT strategy development, cloud roadmapping,

project management, software architecture, and cloud

architecture. Jason is also a proud Walsh University instructor,

supporting their skilled workforce training program which equips

businesses with practical technology solutions. Jason Barr can be

reached online at https://www.linkedin.com/in/jbarr1108/ and at

https://corebts.com/.



Why Americans Joined Europe in Not Paying Security

Ransoms

By Lee Pitman, Global Head of Response Services, BreachQuest

As we close out 2021, the biggest trend in the security and insurance space has to be the heightened

regulatory scrutiny on the payment of ransoms, and the general reduction in the number of ransoms

being paid by insurers in a hardening market. It’s interesting that this shift only happened recently in the

US. Having worked in the ransom recovery space for a number of years, I have seen only around 20%

of companies in Europe pay ransoms, whereas in the US that number was closer to 90% of the time, just

12 months ago. So what changed?

There has been a litany of events this past year that have changed the equation on paying ransoms. At

one point there was a sense from US-based companies that they would rather pay the money and get

back to doing business. However, the practicality of that approach has shifted dramatically, new laws

have been passed and public perception has changed.



Shockingly, you can’t trust criminals

There used to be a myth that acquiring a decryption key would make all problems post ransom attack

magically disappear. But this has never been true. It should go without saying that you can’t trust

criminals, but up until this year that is exactly the approach many businesses have taken.

First off, the keys provided by the threat actors are never 100% effective in recovering all the data.

Unsurprisingly, the threat actors are more focused on locking the valuable data away than with being

able to unlock the data. In my experience, at least some data is always lost. The keys provided by the

criminals are clunky and cumbersome to utilize and require more time, energy and money to go through

the recovery process.

Secondly, paying a ransom has never guaranteed that a threat actor would not publish stolen data further

down the line. Whilst the premise of Ransomware as a Service (RaaS) would suggest it is in the best

interests of the threat actor’s business model to comply and support their clients - victims - post a ransom

being paid, the very nature of the criminal underworld underpinning these groups is unstable. As such,

groups often merge or are acquired, or simply cease their operations, but the data they have stolen will

remain and is often disclosed anyway.

Laws are driving change

While there aren’t any major laws in Europe that prevent businesses from paying ransoms, the United

States has looked to curtail ransom payments with new legislation. The US Department of the Treasury

released an advisory stating that organizations that facilitate ransomware payments to hackers on behalf

of ransomware victims, including financial institutions, cyber insurance firms, and companies involved in

digital forensics and incident response, are potentially violating OFAC regulations. The Biden

administration has been particularly boisterous on the topic since the colonial pipeline attack, making it

much more difficult for companies to pay threat actors - which is a good thing.

Businesses can do a lot to protect themselves

With the worsening risk-benefit equation and the changing laws, many businesses are now looking at

alternatives to paying ransoms, and in most cases, there are good alternatives to paying ransoms. Or at

the very least, better alternatives. With the right cyber hygiene, most companies can protect themselves

fairly well. While there is no hard and fast solution that will always protect a business, they can certainly

mitigate the potential damages by having some sound security principles in place. Having worked in the

IR and recovery space for some time, here are some of the top tips companies need to take to protect

themselves:



Have a good backup policy. A good policy means that the backups are saved often and in intervals. Your

company should have a recent backup of a week or so ago and a longer-term backup of a month ago.

The more backups you have the more you are protected. It is very common that companies don’t know

when they were breached and their backups don’t do them any good because the backup was saved

after the hackers were already in the system. It is also critical to have both online and offline backups. If

a company can protect their backups they are well on their way.

Don’t assume that you are safe after restoring from a backup. Another common mistake is restoring from

a backup and not rebuilding the OS to ensure that you can keep the hackers out. They obviously got in

once so companies need to ensure that they can't get in again.

Be insistent with security training, even if it is a little annoying. It is still true that most attacks are

successful because an employee clicked on a malicious link or let the hacker in through some kind of

social engineering hack. I know employees often don’t love those training courses, but increasing

employee knowledge around the ways hackers will attempt to trick them is an underrated defense

mechanism. This is particularly crucial for senior executives who are often the most targeted employees

within an organization.

Key Takeaways

The decline of ransom payments in 2021 is a positive trend to come out of this year and I suspect we will

see the number of payments drop even further in 2022. We have already seen a general tightening of

controls around insurers underwriting cyber risks, such as the push to insist their insureds implement

MFA if they want coverage. Moreover, the focus has shifted to preparing for and recovering from attacks

more organically via restoration, rather than by simply paying a ransom. I am optimistic that this shift in

thinking will lead to better security hygiene and a decrease in the lucrative nature of hacking.

About the Author

Lee Pitman is the Global Head of Response Services for

BreachQuest, a company revolutionizing incident response,

where he is focused on delivering reduced breach costs and

maximum recovery speed in IR and Recovery services to clients

globally. Lee began his career as an intern in Big 4 Risk

Consulting, spending 6 years working at KPMG and EY. He has

worked exclusively with the world’s largest conglomerates in a

variety of sectors.



First Steps to Alleviate Long-Term Consequences from A

Cyberattack

Brief Guide

By Sergey Ozhegov, CEO, SearchInform

When a cyberattack occurs it is easy to panic and forget all the steps you have been told to make before.

What is the very first thing to do, to report, to find out every detail about what happened, to inform your

users?

Report

According to the regulators, the first thing ever is to report a breach (although we solemnly swear that

hoping ardently that comprehensive back up had been configured is believed to be the first thing to think

of). It does create an unneeded problem quite often, as many companies can’t discover a source of an

incident, aren’t aware of an incident or simply prefer to take time and solve it as soon as possible

themselves because they fear ruining their reputation. More often a breach gets discovered by a

researcher who, in case a company doesn’t respond to the researcher’s attempt to notify it, posts about

it online bringing the situation to a dead end.



Secure

Apart from reporting, the affected systems should be secured promptly. In order to limit the possible

spread of a cyberattack, the attack must be contained, which mostly include terminating as many system

connections with outer world as possible in the first place, focusing on the Internet, devices and access

rights.

Prioritise

Think of what can be affected first or what could be a priority target for a violator. It is fair to look at the

matter making your point based on your industry. Depending on a certain industry, particular steps would

be of primary importance. User accounts should be secured. Banks should be informed of the possibility

of unverified transactions.

Do not reboot

As for the rebooting, there used to be an opinion that booting a computer during an attack might tamper

with an attacker’s desire to look at one’s screen, but modern ransomware overwrite encryption keys while

a PC is rebooting, it can also cause ransomware relaunch if its remains weren’t detected which would reencrypt

the recovered assets. Today specialists suggest that users hibernate their computers instead.

This also concern the advantages from back up. Back up helps you restore your data but in case of a

wrongly treated ransomware situation the retrieved data can get encrypted again.

Backup

Backup ensuring is the first “to-do” one in the list which gets treated by both remediation plan mechanisms

and information security. Covering all chances to avoid losing sensitive data, it is strongly advised against

backing information with only one type of backup. Files should be insured onsite and offsite, the more

different storages save the copies the lesser the risk of never retrieving them. It proves to be helpful

storing a few copies on a bunch of your servers while trust a third-party center or cloud service with at

least one copy as well to make sure that in case it “rains outside” there are some umbrellas waiting above,

as if it leaks inside only the comprehensive information security plumbing, including prevention,

monitoring and investigation tools can ensure that such a thing almost never happens.



Monitor and alert

The capability of monitoring all traffic may play the role of an occasional saviour – monitoring doesn’t

neutralise a cyberattack, but it helps to notice it when the first alarming processes are triggered.

Notify top management and employees who could be responsible for the affected assets and users first,

then think of how to provide customers with correct and timely information as quick as possible, it can

help them to rescue their information and money in case its integrity wasn’t or was partially ruptured.

Investigation

Investigation is commonly considered as a final step or rather a long-term phase in which every incident

is destined to fade into. A third-party investigation team is usually hired to conduct an in-depth analysis

which can take up months of research to inform of the key findings which would have been useful straight

when the incident got detected.

Thus, investigation – which usually gets launched after containing a cyberattack and reporting and can

be truly time-consuming – is really the process the results of which are highly required right at the

beginning of dealing with the consequences. These are the missing facts which can be extracted only

from a “probe”. It doesn’t have to be detailed from the very start, but ongoing investigation already

deployed in a corporate system helps an enterprise get its bearings significantly faster and with a good

deal of transparency unavoidable when managing assets security risks.

All things considered, investigation seems to be not just a first and foremost step to take after a

cyberattack occurs but a pre-incident measure which would make every further step a bit more coolblooded

and definitely much more elaborate and mature.

Remediation

Remediation or recovery has its own program under the whole business continuity and disaster recovery

plan. This is another measure which should be taken rather in advance, but goes a long way and reminds

of itself as the final step to make after an information security incident. Data protection and risk

management are well suited for integration with the overall business continuity approach.



Taking a hard look at the current security situation within an organisation, what is implemented and how

many sensible measures there are to take yet is part of the continuity approach. Deploying a monitoring

solution in an enterprise will alert to the issues which were never addressed and would give an opportunity

to configure security policies and establish internal regulations which genuinely correspond with the

company’s needs, thus helping enhance risk assessment.

It is advised to ensure data visibility and user activity transparency as well as human behavior smart

control allowing to prevent an incident at an early stage or predict a violation, mitigate human error and

detect aiding hackers.

A post-breach remediation step fully depends on how well-thought-out the risk management program is

and how efficient it had proved itself before. Knowing what time length of a recovery period a certain

company can afford, the extent of damage affecting finance due to a forced downtime, loss of data taken

hostage or stolen, reimbursing impacted customers is essential for quick and full recovery. Often

companies have to splash out on security solutions only after a disaster happens, which multiplies

financial loss.

Solid monitoring rules out the possibility of poor communication within a team when an incident occurs,

as a specialist responsible for risk mitigation will be promptly alerted to a suspicious event and report it

to the management. Corresponding regulations or instructions should be adopted within a company, thus

everyone must know his or her role in the breach offset process.

About the Author

Sergey Ozhegov, CEO, SearchInform. He has

been contributing to the company’s

development, handling strategic decision

making since 2015. Co-founder of the annual

SearchInform Road Show series of

conferences. He has been working in IT and

information security for 15 years. Sergey can

be reached online at serg@searchinform.com,

www.linkedin.com/in/sergey-ozhegov-

6b625681/ and at our company website

https://searchinform.com/.



Looking Ahead: Five Security Trends For 2022

A look at some of the key security trends for next year

By Mark Guntrip, Strategy Leader at Menlo Security.

1. Ransomware and the fight back

Ransomware has dominated the cybersecurity news for the past year, but how will the landscape change

over the next 12 months?

We have seen lots of commentary from vendors around remediation strategies, such as XDR. It’s not

possible with ransomware. Remediation does not work; you must restore everything and set up separate

systems. Companies need to focus on prevention first.

Once ransomware has got you, it’s got you. Locking up your systems is the last action that attackers

take. They have been in your systems for weeks, months, possibly even years, figuring out what they

can steal. They are patient, they have been taking your credentials and looking at what they can use.

Locking up your system is the last resort to see if they can extort a few more million dollars from you.



There are plenty of organizations that have been breached but they simply don’t know until the switch is

flicked and they then become a victim of ransomware. It’s lying in wait while attackers are in there

harvesting everything else.

Given the time of year, I expect to see a rise in seasonal ransomware. Every organization has seasonal

weak points, whether it’s confectionary manufacturers, the travel sector, or a global enterprise holding a

big annual event. Expect to be attacked when you are at your most vulnerable. This year we have seen

attacks on critical national infrastructure, supply chains, healthcare and government. Attackers are just

watching and waiting.

We can also expect to see more questioning of the honesty of ransomware groups. As those behind the

attackers become better known, being recognized as the group that gives the data back, once a ransom

is paid, might make businesses more likely to pay. All too often we see ransoms being paid and the data

not returned.

There needs to more direction from government on regulation and tightening of existing practices. We

should see clearer processes and mandatory reporting procedures on ransomware. We’re already seeing

this in APAC, so may well see it replicated elsewhere.

2. Future of Work

Remote and hybrid working has led to an exponential increase in security breaches. So, how will

staff going back into the office, with others still working remotely, impact organizations’ cybersecurity

efforts? Will there be more or less breaches as people return to the office?

Organizations will move to consolidate their security solutions. We know from our own research that 75

per cent of businesses are re-evaluating their security strategy as a combination of remote and hybrid

(home/office) working is set to remain.

They will be looking to ensure they don’t get left with two security solutions – the one that existed before

and the one implemented when employees switched to remote working. To avoid twice the work and

twice the reporting (as well as other associated tasks for security teams) organizations need a common

approach. There will be more focus on adopting zero trust network access, whether staff are working in

the office, remotely, or a combination.



3. Focus on zero trust architecture

In May 2021, President Biden signed an executive order to improve the nation’s cybersecurity, with

arguably the most important order of business being an emphasis on zero trust architecture within

government.

We have seen attacks on critical national infrastructure and supply chains. We have learnt that it doesn’t

matter what you do and what industry, geography or sector you operate in, security is everyone’s

problem.

The US government calling out widespread security failings is a good thing and will force many

companies to change their ways and move much more quickly. Businesses will realise that they must

seek an alternative. We hope that this emphasis by government on implementing a zero trust architecture

means that organizations recognise this to be the blueprint and the approach they should follow.

4. The move to the cloud will finally happen

While other industries moved operations to the cloud years ago, there has been some reluctance to shift

away from on-premises operations for security professionals. With the increase in sophisticated threats,

as staff continue to work remotely, organizations can no longer depend on legacy systems for protection,

but instead shift to cloud-native solutions.

Ultimately, what will drive business to move to the cloud is the need to do security better.

We are also seeing the pendulum beginning to swing in the favour of the user experience. The emphasis

is on how you can carry out your job without negatively impacting workflow processes and device choice

for the end user. Users must be able to work as they expect to, and at speed, but with security a priority.

That points to the cloud because you need the scalability, you need a global view, device coverage, and

you need to be in between the end user and the cloud services they are accessing and using.



5. The impact of the talent shortage

Microsoft recently announced a partnership with community colleges around the US to provide free

resources in an attempt to help end a shortage in cybersecurity workers by 2025. The question is whether

the talent shortage will impact the security industry in 2022 and how technology can help to mitigate this?

It stands to reason that if there are less security incidents to manage, the need to recruit new talent will

be reduced and the impact of a talent shortage less. How can vendors take a services and people

augmentation approach? We need to give them the tools that they were hiring services to do. The

shortage is not going away – solutions will be built around it, but better solutions will mean fewer incidents.

About the Author

Mark Guntrip is the Strategy Leader at Menlo Security. Before, he

worked as Director of Product Marketing at Proofpoint. Mark also worked

as a product manager in companies like Symantec, Cisco Systems, and

Websense.



OT/IT Security – Two Sides of the Same Coin

By Sachin Shah, CTO of OT, Armis

The distinction between information technology (IT) and operational technology (OT) is rapidly

converging as the Industrial Internet of Things (iIoT) – with cross-boundary traffic pollination from

enterprise-connected devices, applications, and connectivity of all types – proliferates across the Federal

ecosystem.

Agencies have long managed and secured these two types of technologies in distinct silos, using different

approaches and solutions, sharing little data, and relying on management by distinct teams with unique

skill sets. They have also largely relied on control segmented networks to protect OT devices. The

convergence of IT and OT is closing that gap, and in doing so is making the legacy siloed security model

increasingly outdated and risky.

Although many legacy control systems still maintain effective segmented networks, the trend is to connect

OT devices on the edge directly to the enterprise network. As a result, the Purdue Enterprise Reference

Architecture model, which for years indicated a standard hierarchy of applications, controls, data flows,

and enforcement boundaries, is being flattened and the lines between levels are dissolving. Today,

agencies simply can’t secure OT without securing IT along with it.



The industry is already embracing a more integrated approach to IT/OT security, with Gartner projecting

“by 2025, 75 percent of OT security solutions will be delivered via multifunction platforms interoperable

with IT security solutions.” Gartner further notes that “brownfield operational technology/information

technology convergence acceleration and a growing number of greenfield cyber-physical systems push

OT security needs to evolve, and more IT security leaders to become involved, as threats and

vulnerabilities increase.”

Today’s agencies need a passive and agentless security approach that secures all types of connected

devices—OT, IT, and IoT devices. It needs to be able to:

●

●

●

●

Generate a comprehensive inventory of all connected devices – OT & IT

Today’s enterprises still struggle to see their complete IT asset inventory – from managed to

unmanaged to IoT devices, from virtual machines to clouds, and more. Most organizations cannot

accurately identify all of the devices in their environment and airspace – on-premises and on the

edge – leaving them exposed to compliance, vulnerability, and security issues.

Ensure that all devices and technology are discoverable

IT teams depend on asset discovery and configuration transparency to ensure visibility into the

environments they manage. If the IT team cannot see a device, they cannot securely manage it.

Therefore, government agencies must ensure discoverability – with the ability to track IT and OT

devices in real-time – identifying critical information, such as location, users, which applications

they are using, and more.

Deliver comprehensive coverage for security controls, devices, and communication.

The security controls should meet most of the important cybersecurity goals specified by security

frameworks such as NIST CSF or CIS CSC, and NISTIR 8228. In the IT world, this typically

requires the use of several different security tools. For the OT environment, it would be desirable

to obtain comprehensive coverage of the required security controls using as few tools as possible.

The security platform should work for all types and brands of devices common to agencies and

their facilities, including IP security cameras, fire alarm systems, switches, firewalls, wireless

access points, printers, and more. Finally, the platform must be able to directly monitor all

communication pathways that could be used by a cyber attack, including Ethernet, Wi-Fi,

Bluetooth, BLE, and possibly other wireless protocols such as Zigbee. Wireless coverage is

important because attackers can exploit vulnerabilities such as BlueBorne, KRACK and

Broadpwn to compromise OT devices over the air, without any user interaction.

Identify risks associated with every device

Beyond discovering the assets, agencies require a platform that enables them to identify risks

and vulnerabilities for devices in the office, at remote locations, as well as those interacting with

cloud environments. This requires understanding what a device is and how it is being used and

an inherent understanding of device characteristics. The organization must then be able to

compare the device’s individual risk profile with the agency’s risk posture to provide security and

policy enforcement. Automation is critical to ensure accuracy and efficiency when managing

environments with tens of thousands of devices and counting.



●

●

Passively monitor the behavior and communication patterns of every device

Real-time collective intelligence helps agencies make policy recommendations to better protect

their environments, maintain mission continuity and operational resiliency, and reduce risk. The

ability to passively monitor all unmanaged and OT, IT, and IoT devices on a network and in the

airspace is key to not interfering with device performance.

Take automated actions to thwart attackers

When a device operates outside of its known-good profile, the platform should issue an alert

and/or trigger automated actions. The platform must have the ability to correlate observed activity

in the network with broader industry and device-specific threat intelligence, as well as take into

account the presence of vulnerabilities and other risk factors to detect actual attacks with higher

confidence.

The security outcomes needed for OT environments are well understood but can’t be achieved using

traditional security tools. Neither specialized OT security tools nor traditional IT security tools were

designed for today’s hybrid OT/IT environment. With the continued convergence of OT and IT, agencies

need a different approach to security—one that bridges the two domains for a more secure agency and

greater mission continuity.

About the Author

Sachin Shah is the Chief Technology Officer, OT at Armis. A Chief

Technology Officer, OT at Armis Security, He is responsible for setting a

technology, outlining the goals, resources, and timelines for the research

and development team of all technological services. Making executive

decisions on behalf of the company's technological requirements, he

also acts as a mentor to evangelize the technical leadership team,

maintaining a consumer-focused outlook and aiding in the delivery of

projects to market. He is also responsible for ensuring all technology

practices adhere to regulatory standards. He is a visionary public

speaker to meet current and future technology security needs.

Sachin can be reached online at sachin@armis.com and at our company website

https://www.armis.com/.



WatchGuard Technologies’ 2022 Predictions:

State-Sponsored Mobile Threats, Space-Related Hacks

and More

A look at the future of cybersecurity in 2022 and beyond

By Corey Nachreiner, Chief Security Officer, WatchGuard Technologies

2021 was another wild year in cybersecurity with the industry facing everything from hackers attacking

remote workers to a deluge of ransomware attacks against critical infrastructure and much more. As we

wave goodbye to 2021, it’s time for the WatchGuard Threat Lab to provide its annual predictions for 2022.

This year the team decided to layer on some added humor and deliver our predictions with some fun

“SNL Weekend Update” parody style videos – so if you’d rather watch than read, take a look here. If not,

here are some of our 2022 predictions (you access the entire list here):

1. State-Sponsored Mobile Threats Trickle Down to the Cybercrime Underworld

Mobile malware certainly exists – especially on the Android platform – but hasn’t yet risen to the

same scale of traditional desktop malware. In part, we believe this is due to mobile devices being

designed with a secure mechanism (e.g., secure boot) from the start, making it much more difficult



to create “zero-touch” threats that don’t require victim interaction. However, serious remote

vulnerabilities have existed against these devices, though harder to find.

Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to

both the devices’ capabilities and information contained in them. As a result, groups selling to

state-sponsored organizations are mostly responsible for funding much of the sophisticated

threats and vulnerabilities targeting mobile devices. Unfortunately, like in the case of Stuxnet,

when these more sophisticated threats leak, criminal organizations learn from them and copy the

attack techniques.

Next year, we believe we’ll see an increase in sophisticated cybercriminal mobile attacks due to

the state-sponsored mobile attacks that have started to come to light.

2. News of Hackers Targeting Space Hits the Headlines

With renewed government and private focus on the “Space Race” and recent cybersecurity

research concentration on satellite vulnerabilities, we believe a “hack in space” will hit the

headlines in 2022.

Recently, satellite hacking has gained investigative attention from the cybersecurity community

among researchers and at conferences like DEF CON. While satellites might seem out of reach

from most threats, researchers have found they can communicate with them using about $300

worth of gear. Furthermore, older satellites may not have focused on modern security controls.

Meanwhile, many private companies have begun their space race, which will greatly increase the

attack surface in orbit. Between those two trends, plus the value of orbital systems to nation

states, economies, and society, we suspect governments have quietly started their cyber defense

campaigns in space already. Don’t be surprised if we see a space-related hack in the headlines

soon.

3. Spear SMSishing Hammers Messenger Platforms

Text-based phishing, known as SMSishing has increased steadily over the years. Like email

social engineering, it started with untargeted lure messages being spammed to large groups of

users, but lately has evolved into more targeted texts that masquerade as messages from

someone you know. In parallel, the platforms we prefer for short text messages have evolved as

well.



Users, especially professionals, have realized the insecurity of cleartext SMS messages thanks

to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards like

Signaling System 7 (SS7).

Where legitimate users go, malicious cybercriminals follow. As a result, we are starting to see an

increase in reports of malicious spear SMSishing-like messages to messenger platforms like

WhatsApp. We expect to see targeted phishing messages over many messaging platforms

double in 2022.

4. Password-Less Authentication Fails Long Term Without MFA

It’s official. Windows has gone password-less! While we celebrate the move away from passwords

alone for digital validation, we also believe the continued current focus of single-factor

authentication for Windows logins simply repeats the mistakes from history. Windows 10 and 11

will now allow you to set up completely password-less authentication, using options like Hello

(Microsoft’s biometrics), a Fido hardware token, or an email with a one-time password (OTP).

The only strong solution to digital identify validation is multi-factor authentication (MFA). In our

opinion, Microsoft (and others) could have truly solved this problem by making MFA mandatory

and easy in Windows. You can still use Hello as one easy factor of authentication, but

organizations should force users to pair it with another, like a push approval to your mobile phone

that’s sent over an encrypted channel. We predict that Windows password-less authentication will

take off in 2022, but we expect hackers and researchers to find ways to bypass it.

5. Companies Increase Cyber Insurance Despite Soaring Costs

Since the astronomical success of ransomware starting back in 2013, cyber security insurers

have realized that payout costs to cover clients against these threats have increased dramatically.

In fact, according to a report from S&P Global, cyber insurers’ loss ratio increased for the third

consecutive year in 2020 by 25 points, or more than 72%. This resulted in premiums for standalone

cyber insurance policies to increase 28.6% in 2020 to $1.62 billion USD. As a result, they

have greatly increased the cybersecurity requirements for customers. Not only has the price of

insurance increased, but insurers now actively scan and audit the security of clients before

providing cyber security-related coverage.

In 2022, if you don’t have the proper protections in place, you may not get cyber insurance at the

price you’d like, or at all. Like other regulations and compliance standards, this new insurer focus

on security and auditing will drive a new focus by companies to improve defenses in 2022.



About the Author

Corey Nachreiner is the CSO of WatchGuard Technologies. A

front-line cybersecurity expert for nearly two decades, Corey

regularly contributes to security publications and speaks

internationally at leading industry trade shows like RSA. He has

written thousands of security alerts and educational articles and

is the primary contributor to the Secplicity Community, which

provides daily videos and content on the latest security threats,

news and best practices. A Certified Information Systems

Security Professional (CISSP), Corey enjoys "modding" any

technical gizmo he can get his hands on and considers himself

a hacker in the old sense of the word. Corey can be reached

online via Twitter and WatchGuard’s company website

https://www.watchguard.com.



What Are DeFi Flash Loans & How to Prevent Flash Loan

Attacks?

Decentralized Finance is changing the way we borrow and invest. Flash loans, a type of uncollateralized

lending, have gained in popularity, as well as bad press. Flash loan attacks are a common threat that

enable hackers to steal massive amounts of cryptocurrency reaching up into the hundreds of millions.

By Kiril Ivanov, Founder and Technical Lead, Bright Union

What is a flash loan?

A flash loan is an ultra-fast, unsecured loan, where the whole lending and returning process occurs

within a single transaction on the blockchain. The loan is able to by-pass the numerous prerequisites

of a traditional loan, used to guarantee their repayment. No credit checks, collateral and guarantors

are needed, provided that the liquidity is returned to the pool within a single transaction block. If this

fails to occur, the whole transaction is reversed, effectively undoing the actions executed up until that



point. This guarantees the safety of the funds in the reserve pool.

Watch this 1 min video to see how a flash loan works. Source: Coindesk.

https://www.youtube.com/watch?v=4CEeP7ar2X0&ab_channel=CoinDesk

The primary intended reason for these flash loans is for users to capitalize on

arbitrage opportunities. Arbitrage is the simultaneous purchase and sale of the

same asset in different markets in order to profit from marginal differences in the

asset's listed price. Arbitrage traders are vital for their role in increasing market

efficiency as they narrow the gap in these price discrepancies. Other use-cases

include collateral swapping, self-liquidation, and more.

Typically, the concept works well, but some misuse this form of lending, intending to drain

vulnerable DeFi protocols of millions of dollars.

Flash loan attacks - why they are easily executed

Flash loan attacks are relatively common because they are easy for a hacker to perform and low-risk

due to the probability of exposure being so low. The resources required to execute a flash loan attack

are nothing more than a computer, internet connection and ingenuity as stated by Coinmarketcap.

One of the most common types of economic exploit in DeFi involves a flash loan attack. Source: Elliptic



DeFi hackers can easily exploit flash loans as they can be used to create artificial arbitrage opportunities.

It involves manipulating asset prices in order to take advantage of arbitrage opportunities on DeFi

services that would not otherwise have existed. In short, due to the theoretically infinite size of the loan,

the attacker is able to ‘increase demand’ and raise the price. They can make a trade just like any other

arbitrage opportunity [buy low, sell high], then pay off the loan and keep the profits. The maximum size

of the loan could be as great as the liquidity pool could handle; theoretically reaching into the billions of

dollars, draining the liquidity of the effect pools.

Their unlimited and instantaneous nature mean that a well-planned attack can be executed in one go,

with no risk if it fails [since the loan transaction will automatically reverse if the loan isn’t repaid.

Examples of flash loan attacks in 2021

● C.R.E.A.M. Attack October 2021 loss of ~$130m

The hacker borrowed $500m DAI and $2bn ETH with two separate addresses. Through a series of

trades, and using the loans as collateral for more loans, the attacker was able to artificially double the

price of the yUSD and repay the loans. With the remaining $1bn of collateralized crYUSD, the attacker

borrowed all the liquidity from the C.R.E.A.M. Ethereum v1 markets.

In the post-mortem by C.R.E.A.M., it is stated that the key vulnerability lies within the price

calculation of the wrappable token.

● xToken Attack August 2021 loss of ~$4.5m

This hack was the result of a flash loan being used to deflate an xSNX token price and the hacker’s

ability to call a function which shouldn’t have been within their power to do so. The source of value

extraction was the artificial arbitrage by the price manipulation of xSNX. Interestingly, xToken has

since retired the xSNX product due to its complexity.

● Pancake Bunny Attack May 2021 loss of ~$200m

The hacker used pancakeswap to borrow BNB. They used this to manipulate the price of USD/BNB and

BUNNY/BNB, gaining a huge amount of BUNNY. They then dumped the BUNNY and remaining BNB

which was at the time worth around $200m.

**The figures quoted are the amount of value extracted at the time of the hack. The protocols may

have recovered some of the tokens or compensated the users after.



Consequences of flash loan attacks

Depending on the scale of the attack, consequences can vary. But one thing is certain, the reputational

damage is great, and the other protocol users pay the adverse effects. Seemingly never out of the

spotlight, C.R.E.A.M. has been attacked three times in 2021, two of which were flash loan attacks. In the

case of flash loans, lightning can and does strike the same place twice.

The primary and most important consequence is the impact that flash loan attacks can have on other

users. DeFi would be nothing without the loyalty and money of the users who are all key players in an

intricate autonomous ecosystem. It is presumptuous to assume that victims have available cash to put

back into a system that has failed to protect their assets adequately.

Questions about whose responsibility it is to ensure that flash loan attacks don’t occur will continue

to rise and protocols will rightfully be expected to defend themselves. Is taking preventative

measures enough to adequately prove that the platform isn’t responsible if an exploit occurs? A

prudent protocol or exchange should also consider a post-exploit action plan, if the worst is to

occur.

5 Steps for protocols to take to minimize the likelihood and impact of flash loan exploits

The recommendations here align with the three pillars of cyber security: security, vigilance and

resilience.

1. Design of the protocol matters

Complexity comes with risk. While developing a large smart contract or building a dApp it is difficult to

pinpoint loopholes. Therefore, all external calls should be located, to explore if these could serve as a

path for the malicious actors in the contracts. In older versions of Solidity, even reading a public field

could lead to unsafe external calls that can be easily manipulated. Therefore, developers should always

use the stable and updated versions of Solidity.

2. Use a decentralized oracle

Oracle manipulations are the biggest cause of flash loan attacks. Smart contracts heavily rely on oracles

which provide an effective interface between the contracts and the external source to push the required

data. Decentralized Oracles like Chainlink, gather data about prices from multiple sources, which reduces

the likelihood of a single data point influencing the oracle. If a platform relies solely on the data of one

particular DEX, then its data is at risk of being flawed. Mal Intended users could directly manipulate the

price of the singular DEX where the loan price is based off, resulting in loans issued with an inaccurate

average price. On the other hand, limited data could form an inaccurate representation of the average

market price and thus promote excessive slippage exploitation.



3. Get audited

Getting a smart contract audit is one of the most vital steps before launching your product. These

audits identify and remediate vulnerabilities in the smart contracts before they can be exploited by

someone with malicious intent. Source Consensys Source Certik

Due to the interwoven nature of these protocols, just focusing the attention of the audit on the critical

components isn’t enough to guarantee their security. A chain is only as strong as its

weakest link, perfectly showcased by the recently detected Log4Shell vulnerability. If an audited protocol

integrates with, for example, an un-audited bridge, well this might be the gap that a hacker is looking for.

If a hole in the code of the platform is found, then it is crucial for the developers to remedy it as soon as

possible. It may sound obvious, but apparently it isn’t to everyone. As described in the examples above,

in May of 2021, Pancake Bunny was hit resulting in an enormous loss. Just days after, AutoShark was

hit in a copy-cat attack, which fortunately resulted in significantly smaller losses. The kicker, however,

is that AutoShark officially published its acknowledgement that it was vulnerable to a similar style hack.

4. Participate in a Bug Bounty program

Continual vigilance over the smart contracts while they are in operation is critical, especially if updates

and integrations are occurring. Offering a bug bounty incentivizes those with ‘hacking skills’ to act

ethically. They are prizes for ethical hackers who report holes in code, which they could have exploited.

It encourages these white hat hackers to work with the protocols rather

than against them. ImmuneFi is a platform that advocates for the rights of white hat hackers. Protocols

list their bounty on the database and offer a portal for hackers to submit their findings.

It isn’t enough to just offer a few thousand dollars as a bounty. ImmuneFi suggests 10% of TVL. It has

to be enough to incentivize a hacker to act ethically when they know they have ‘illegal’ access to a much

larger pool of funds. The incentives provided are attractive with a record amount of $10m being offered

by BXH after a hack where over $139m was taken.

5. Offer in-App coverage

Despite all efforts to prevent a flash loan exploit, there is always a possibility for the event to occur.

Proactively educating users about the risks of investing should be the responsibility of the protocols. Do

your own research (DYOR) is one of the most thrown-around phrases. However, in the context of

deciding which protocols to use, the protocols themselves should do the research about their risks and

present these to users in a clear way.

The impact of an exploit can cause a serious business crisis if the protocol doesn’t act transparently.

By offering in-app coverage, crypto's alternative to insurance, protocols are acknowledging the risks

and presenting their users with a discretionary option to mitigate the risks based on their risk appetite.



How does it work in practice? There are multiple risk platforms offering coverage against smart contract

failures for hundreds of protocols, exchanges and wallets. Nexus Mutual is currently the best known,

with TVL around $1B. New players are slowly building up traction in the market like Bright Union and

Bridge Mutual.

Bright Union, DeFi coverage aggregator, has developed a way for protocols to offer their users coverage

from their own app with an SDK. The cost of coverage can even be deducted from the APY so no out of

pocket costs for users creating a seamless customer journey.

A protocol proactively offering users coverage is Alpaca Finance. The app connects the users directly

to these risk coverage platforms, where they are then able to buy coverage. Similarly Don-key finance,

a social platform for yield farming, is soon offering a fully covered strategy for users to invest in, with

coverage just a click away.

About The Author

Kiril Ivanov is the Founder and Technical Lead at Bright

Union. He is one of the Bright Union founders, has 20 years

of development experience comprising 15 years in finance,

10 years in the insurance space and the last five in blockchain

and decentralized finance. Before starting Bright Union, Kiril

provided blockchain powered solutions for innovative digital

insurance. He’s been highly interested in the growing DeFi

space for years, where decentralized networks transform old

financial products into trustless and transparent protocols that

run without intermediaries. Kiril can be reached online at

https://www.linkedin.com/in/kirivanov/ and our company website https://brightunion.io/.



Protecting Critical Infrastructure Against Cyberattacks

Understanding how attackers get in is the critical first step to mounting an effective defense.

By Sean Deuby | Director of Services, Semperis

Cyberattacks in any industry cause multiple forms of damage. But attacks on public infrastructure—such

as transportation systems and public utilities—can cause wholesale disruptions in daily life or threaten

public safety. The U.S. Department of Homeland Security (DHS), and its subsidiary Cybersecurity and

Infrastructure Security Agency (CISA), administer the National Infrastructure Protection Plan to protect

all sectors of “critical infrastructure” of fundamental concern for vulnerability and resiliency. See

https://www.cisa.gov/national-infrastructure-protection-plan .

A few high-profile attacks, such as the Colonial Pipeline ransomware attack in May 2021, brought

cyberattacks to the forefront for people on the U.S. East Coast who experienced gas shortages and

higher prices. Following the attack, Colonial Pipeline proactively took some systems offline—including

8,850 kilometers of gas pipelines—to address the threat.

The increase in attacks on public infrastructure signals that for some cybercriminals, the gloves are now

off. For some, the goal of a ransomware attack isn’t solely to make money but rather to simply wreak

havoc, disrupt services, and incite panic. Any sense of morality that might have been ascribed to threat

actors in the past seems to have disappeared in the last couple of years.

Another case that proves this point is the attack on a water treatment facility in the small U.S. town of

Oldsmar, Florida, in April 2021. During the time that the breach went undetected, the threat actors were

able to manipulate the system to increase the amount of sodium hydroxide in the water supply. Although



the attack was mitigated before the substance reached a health-threatening level, the potential for

cyberattackers to endanger lives is real.

Public infrastructure organizations can strengthen their defenses against attacks by understanding the

entry points for these attacks, addressing challenges inherent to the industry, and implementing new

practices to guard against the current threat landscape.

Addressing identity system challenges in public infrastructure organizations

Public infrastructure organizations face unique challenges with securing their identity systems. Because

many utilities manage infrastructure that is critical to daily life, nation states and other malicious actors

have an interest in developing cyber weapons that target utilities, according to a

Siemens/Ponemon Institute survey of global utility companies. The study called out several factors

reported by utilities operators that undermine efforts to improve security posture, including:

• Lack of technical skills needed to identify threats

• Poor alignment between operational IT teams and security teams to recognize threats originating

in the identity or other IT systems

• Outdated security practices, including limited understanding of the current threat landscape and

risk-based best practices

• Lack of investment in training and personnel

• Inadequate cyberattack response plan and slow response to past incidents

• Deployment of digital and networked equipment, providing new targets for cybercriminals—

and far-reaching consequences

The obstacles are daunting, but by implementing a systematic approach to closing security gaps in the

identity system, public infrastructure organizations can significantly improve their security posture—a

worthy goal given that these systems are clearly becoming a favored target for cybercriminals.

Closing the attack entry points in the identity system

Understanding how attackers get in is the critical first step to mounting an effective defense. In both the

Colonial Pipeline and the Oldsmar attacks, threat actors targeted Active Directory, which is the core

authentication service used by 90 percent of businesses worldwide. AD is a common attack path for

cybercriminals because of its size, complexity, and tendency toward configuration drift, especially in large

organizations with 20-year-old AD implementations.

The Colonial Pipeline attack was carried out by the DarkSide group, one of many ransomware-as-aservice

(RaaS) organizations that have pooled their cybercrime skills to carry out attacks on behalf of

clients. These groups operate systematically to gain access to an organization’s infrastructure through

AD security weaknesses:



• They use penetration tools to gain access to the system, then start their reconnaissance efforts

• Next, the threat actors will spend days or weeks (or months, in the case of the SolarWinds attack)

hunting for vulnerabilities and gaining access to privileged user accounts

• After gaining control of the assets they crave, they complete their mission—whether it is poisoning

a public water supply, encrypting sensitive data in exchange for a ransomware payment, or other

evil deeds

Although DarkSide claims to have some principles (declining to attack hospitals or schools, for example),

the group strikes only lucrative targets and exhibits impressive patience by lurking within systems

sometimes for months in order to locate the most valuable assets.

Systematically identifying and addressing Active Directory vulnerabilities is an essential step in guarding

against cyberattacks. Even the sophisticated RaaS groups prefer to take the easy path—when it works—

rather than devising new tactics. Although the work can be tedious and time-consuming, implementing

good AD security hygiene is achievable with focus, time, and effort.

Protecting organizations before, during, and after the attack

The first step in defending against identity system attacks is identifying and addressing vulnerabilities

that are prime targets for cyberattackers. Especially for large, established organizations with legacy

Active Directory systems, risky settings can accumulate over time, leading to easily exploitable security

gaps.

For example, some of the most common and riskiest configuration errors in Active Directory are related

to the authentication process. Let’s say an organization uses an application that doesn’t directly integrate

with AD, but the application needs to query AD for active users. The easiest way to facilitate this process

is to enable anonymous access to Active Directory. But if that setting is enabled without any mitigating

controls, the organization’s risk profile would substantially increase. This is just one example of lax

password policies that can open the door to cyberattackers.

Permitting excessive permissions is another practice that initially saves time or addresses a perceived

need for urgent access to business-critical applications and services—but leaves dangerous security

weaknesses. In too many cases, after the privileged access is granted, the ticket is closed and that

access is never reviewed again. Over time, the number of excessive permissions continues to grow. It’s

not uncommon for AD environments to have unnecessarily high numbers of domain administrators.

Service accounts with excessive permissions also pose a high risk because their passwords are usually

set to not expire, and many have weak passwords.

To identify and address these security risks, organizations need to invest time and resources in evaluating

risky AD settings. Regularly scanning AD provides insight into its security posture and reduces the risk

of unauthorized changes or misconfigurations going undetected. (One tool that can help with this is

Purple Knight, a free AD security assessment tool that scans the AD environment for indicators of

compromise or exposure.)



Beyond closing AD security gaps, public infrastructure organizations can implement solutions that

continually monitor the environment for malicious changes. The ability to detect attackers moving laterally

through the network can substantially limit the damage done. Attack paths can be closed before the

malicious actors are able to deploy malware, for example. And setting up automated remediation can

help defuse an attack when every minute counts. Cyberattacks can infect globally connected systems in

minutes, so the ability to automatically reverse malicious changes helps contain the fallout.

In the event of a cyberattack, one of the key factors in resuming delivery of public services is being able

to quickly recover Active Directory to a known-secure state. As any IT administrator can attest, rebuilding

an AD forest is a laborious, time-consuming process that is prone to errors. Rebuilding an AD forest while

under the stress of an in-progress attack is the stuff of nightmares. Every organization needs to have a

fully tested, documented plan for recovering AD—the system that authenticates and grants access to all

other systems—in the event of a cyberattack.

Ensuring public services are safe from cyberattacks

Although public infrastructure organizations are in the crosshairs of attackers, they can improve their

defenses against even the most sophisticated attacks. By evaluating the security posture of their Active

Directory environment, setting up monitoring to detect malicious changes, and implementing a fully tested

AD recovery plan, these organizations will be better positioned to combat attacks and continue to deliver

vital public services.

About the Author

Sean Deuby | Director of Services, Semperis

Sean Deuby brings 30 years’ experience in Enterprise

IT and Hybrid Identity to his role as Director of

Services at Semperis. An original architect and

technical leader of Intel's Active Directory, Texas

Instrument’s Windows NT network, and 15-time MVP

alumnus, Sean has been involved with Microsoft identity technology since its inception. His experience

as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the

challenges of today's identity-centered security. Sean is also an industry journalism veteran; as former

technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure

Active Directory and related security, and Windows Server. He has presented sessions at multiple CIS /

Identiverse conferences.

For more information, visit http://www.semperis.com



Three Key Facts About AI-Driven Network Detection and

Response

By Eyal Elyashiv, CEO, Cynamics

Most network detection and response solutions and network performance monitoring and diagnostic

tools are using the same paradigm that was invented three decades ago. However, networks themselves

have changed dramatically; modern networks grow more complex and interconnected every day,

and these new connections increase potential for vulnerabilities. Malicious actors are constantly hunting

for ways to infiltrate corporate networks, and overly complex, linked systems allow them to slip through

the security gaps unnoticed. For years enterprises have been attempting to address this security

challenge but have failed to gain the upper hand.

The primary reason for this failure is two-fold: human analysts can’t keep up in this environment

and legacy tools can’t either. Enterprises need assistance from AI-based solutions to enable full visibility

into their network. Network detection and response (NDR) solutions derive particular benefit from AI.

However, to implement NDR well, organizations need clarity on its key elements, both before and after

implementation.

AI helps fill in the security skills gaps

As networks become more complex and data volumes continue to grow, the fact is human analysts are

incapable of monitoring all of it, alone. To make matters worse, the industry is experiencing an

estimated shortage of 2.72 million skilled cybersecurity professionals – there just aren’t enough skilled

people to adequately defend organizations’ critical assets. Instead, the industry must learn how to use

tools like AI and ML to supplement these skills gaps. The lack of capable and experienced cybersecurity

talent can leave networks vulnerable to a myriad of threats.



How AI addresses the network visibility problem

Meanwhile, a seemingly intractable security hurdle arises as “smart networks" increase in scale and

complexity. Anomalies, attacks and threats can start with one simple click and begin at one of the

hundreds or thousands of devices connected to the network – workstations, routers, switches and

more, significantly compromising network security.

It’s both impractical and expensive to add specialized network monitoring and detection solutions to each

network device, and it can negatively impact device performance. Monitoring each network component

separately is insufficient, detecting a sophisticated attack requires a holistic view of the network

and comprehensive analysis of network patterns across devices.

Using AI/ML provides this holistic view. Machine learning techniques extrapolate the most likely behavior

of all network traffic based on radically small traffic samples from every network device, including

private or public cloud and legacy routers, using standard sampling protocols that are built-in in every

network device. Then, the ML automatically learns the most important network fields, using these to

summarize the network state in each device at each timestamp. It can also understand changing network

trends autonomously.

AI detection models constantly analyze network traffic patterns over time in several layers – including

each device by itself, the entire network level and groups of devices, and looks for suspicious behaviors.

These models are based on analysis of small samples of network traffic which greatly

reduces processing time, compared to current solutions that must collect, process and analyze each and

every packet. Such models enable early and faster detection.

Previously unseen traffic patterns can uncover what’s really taking place on networks in real time, without

the expense and impracticality of monitoring every device. This makes AI-based NDR solutions timeefficient,

cost-effective and holistic in their network coverage.

Predicting threats and anomalies

AI-based NDR can autonomously predict threats and hidden patterns before attacks happen. It

automatically monitors the network to detect threats and anomalies for rapid, precise prediction, while

you focus on operations. This triggers appropriate policies to block today’s most damaging threats,

including ransomware and DDoS attacks, long before they reach your sensitive assets.

A significant benefit of this kind of solution is that it doesn’t require any changes to your network, some

are even agnostic to network hardware and architectures. You don’t need to install any appliances or

agent, and it’s non-intrusive, which reduces risk.

Integral to network security

Thirty years in the technology realm is like a lifetime due to the rapid pace of change. It’s unrealistic to

think that solutions designed three decades ago can protect today’s complex networks against

sophisticated attackers. Another massive technology change that has shaken up the industry is the

advent of AI- and ML-based security applications, including NDR.

These technologies provide full network visibility across all endpoints, some do so using only a fraction

of network traffic. This enables fast and accurate threat detection that immediately identifies network

deficiencies and vulnerabilities. These non-intrusive, cost-effective solutions create a comprehensive

view of your network and are rapidly becoming an integral part of modern-day network security.



About the Author

Eyal Elyashiv is the CEO and co-founder of Cynamics the only

Next Generation (NG) Network Detection and Response (NDR)

solution in the market today using standard sampling protocols

built-in to every gateway, patented algorithms, and AI and

Machine Learning, to provide threat prediction and visibility at

speed and scale.

Eyal can be reached online at @cynamics_ai (Twitter) or on

LinkedIn at https://www.linkedin.com/company/cynamics/. The

company website is: https://www.cynamics.ai/



Cybersecurity Experts Share Their Predictions for 2022

By Danny Lopez, CEO of Glasswall

The year 2021 raised many major cybersecurity concerns including the rise in ransomware attacks,

phishing scams, and data breaches. Many organizations have embraced a fully remote or hybrid work

model which has led to an increase in security risks. In addition, there is a skills gap as 82% of employers

have reported a shortage of cybersecurity skills in the workplace.

This all creates an urgent need for cybersecurity professionals and best practices to be of higher priority.

While some larger companies invest in robust solutions, unfortunately, many organizations fail to view

cybersecurity as a necessity. It’s imperative that organizations implement a zero-trust method of security,

where threats can come from anywhere, whether it be inside or outside the organization.

We connected with a diverse group of cybersecurity executives to discuss their predictions for 2022. See

their predictions below:



Tyler Farrar, CISO, Exabeam

“What do ransomware, phishing, advanced persistent threats and the like all have in common? Access.

In the New Year, organizations should expect all of these attack methods to grow, but an all-too-important

area to watch out for that often gets missed is initial access brokers.

Initial access brokers are individuals or groups that resell credentials in the criminal marketplace. In turn,

other adversaries can use the information to cause further damage for a company, often going

undetected. According to a recent SANS Institute survey, 14% of organizations on average have

indicated that the time between the compromise of a network and detection of an adversary is between

one to six months.

Nation-state groups in particular will continue to take advantage of this information to conduct continued

and persistent access attacks. Similar to trench digging in actual warfare, they will keep manufacturing

exploits to launch a full-on cyber war in the future.

The key to stopping the most popular attack methods used by adversaries today is to control access

points and reduce overall dwell time. One of the simplest ways for organizations to achieve this is by

preventing compromised credentials incidents — which is the reason for 61% of breaches today —and

monitoring user behavior. Doing so provides the necessary context needed to restore trust and react in

real-time to protect user accounts -- halting malicious access in its tracks.”

Steve Cochran, CTO, ConnectWise

“Infosec will dominate our lives in the tech space for the foreseeable future. Companies may think they’re

protected, however, many of them are using slingshots to protect themselves while the bad guys have

tanks, bombs, and machine guns. We have a long way to go as a technology-driven society in terms of

cybersecurity. Getting ourselves to the point where we aren’t at risk of a serious attack will be our focus

for the next two to three years. On the less serious side, tools that allow us to better engage in the new

hybrid working model will become more prevalent. Solutions will be developed that will allow us to work

in a more meaningful way during this new era. Tools that let us set up conferences, arrange food

deliveries, and show who is in and out of the office will take center-stage now that the majority of

companies have introduced hybrid working models.”



Neil Jones, cybersecurity evangelist, Egnyte

“Ransomware-as-a-service (RaaS) will continue to grow and become more sophisticated over the next

year. By September of 2021, the number of publicly reported data breaches had already surpassed the

total of the previous year by 17%. This is not a new problem and with its increasing frequency it’s

important for our leaders to understand how profitable an industry RaaS has become, and the risks they

may be facing.

While it’s easy to imagine these cybercriminals as an underground operation in someone’s basement,

they don’t always appear that way. In fact the group linked to the Colonial Pipeline attacks were anything

but ‘hackers in hoodies.’ They fronted themselves as an agency selling cybersecurity services, including

a predictable schedule, benefits and lunch breaks as part of their job posting.

If we can take any lessons from this, it’s that we cannot underestimate the intelligence of these RaaS

gangs. They are constantly overcoming systems and evolving with new technological advancements.

Don’t let your company be fooled by false notions or assumptions about cybercriminals, especially that

paying ransom will magically restore access to your company’s files. Instead, stay proactive and vigilant

as you create and manage your cybersecurity systems.”

Jeff Sizemore, chief governance officer, Egnyte

“We can expect to see a steep rise in US state-by-state data privacy requirements and movement toward

a potential federal privacy law in 2022. In fact, by 2023, it’s expected that 65% of the world’s population

will be covered by privacy laws.

This becomes even more critical with many companies’ employees working from home or adapting to

hybrid work models. Increasingly, these organizations are aiming to be more data-driven by measuring

employee productivity. To achieve desired productivity, organizations will need to ask employees

intrusive questions, and those questions will create their own privacy impacts.

Increasingly, personal privacy is being viewed as a human right, and the way vendors handle consumer

and employee data will determine how much the public trusts them and wants to conduct business with

them.



Protecting unstructured data will likely be one of the biggest challenges in the new year. If you can’t see

it, you can’t govern it. If you can’t govern it, you definitely can’t manage privacy. However, organizations

need to have visibility into structured and unstructured data to build out an effective data governance

program, and there are data security and governance tools available to protect that information across

the board. We also expect to see ongoing privacy assessments becoming more common. Organizations

need to put privacy at the forefront and make sure they are solving the problem holistically in the new

year and well beyond.”


“In 2022, I hope to see executives finally view cybersecurity as a wise investment rather than an optional

budget line-item. Significant investment is required to stay one step ahead of cyber-attackers, and

ongoing, company-wide cybersecurity training is required for employees in our ‘work from home’ world.

Modern businesses can’t have effective data governance and security programs that consist of a single

person, and historically, far too many companies have relied on the CISO’s or CPO’s efforts alone.

Cybersecurity needs to be an all-hands company effort.

In the new year, we will be seeing the further distribution of risk management within companies and hope

to see increased engagement from end-users and customers, so they can better understand what is

happening at a security level. Any opportunity to educate individuals about security and privacy will be a

step in the right direction as people are more drawn to being educated than being sold to. And, Just like

travelers at a bus or a train station, ‘If end-users see something, they should say something.’

It is time for companies to make humans part of the solution, rather than the cause of the problem.

Transparency of risk with the Board and internal staff will help stakeholders understand the importance

of the security teams’ requests and will maximize organizational buy-in.”

Jeff Sizemore, chief governance officer, Egnyte

“The ransomware attacks that impacted Colonial Pipeline, SolarWinds, and Twitch in 2021 have put

cybersecurity at the forefront of global business operations - both for consumers and businesses. The

immediate impact of a data breach is devastating but it’s only the tip of the iceberg. According to an IBM

study, the average cost of a data breach is more than $4 million per incident. Unfortunately, recovery

from an attack is a perpetually uphill battle that will continue as we move into 2022.



With the onslaught of breaches expected to continue, so will the spike in cybersecurity insurance

premiums. Insurance carriers will perform their due diligence on hacked companies delving into their

CSOs’ preparedness activities, data suppliers and supply chains, leaving no stone unturned. Currently,

insurance policies are increasing at a rate of 200 - 300% at the time of renewal and that trend is

anticipated for the foreseeable future. It’s a Catch-22; the higher the risk, the harder it can be for a

company to find insurance coverage, which can impact new business and government contracts.

The long-term damage a data breach does to a company, no matter the size, only exemplifies the

importance of data protection. As we roll into 2022, companies must keep cybersecurity a number-one,

top-of-mind issue in all of their business operations.”


“In 2021, attackers noticed that major data breaches or ransomware attacks could influence a company’s

stock and brand reputation, and public announcements could disrupt customers, partners and business

markets. In 2022, we expect attackers to begin leveraging attacks to not only collect ransom but to make

additional profits trading on the information by announcing ransomware attacks publicly. Ransomware

attacks may even be timed to coincide with quarterly earnings announcements or other events.”

John Noltensmeyer, chief technology officer at TokenEx

“My advice to organizations in 2022, as we continue to see the proliferation of privacy laws both at the

state level and potentially the federal level, is that globally, organizations need to ensure that they have

a lawful basis for collecting data. That has been part of European data protection law for decades. In the

United States, we have treated personal data as a free-for-all: if you can collect it, then you can do

anything you want with it. That is obviously changing, so if organizations are not considering that, and

not using something like the GDPR or CCP as a guide - even if an organization feels those laws don't

apply to them - they should absolutely begin considering the effect of similar legislation on their

organization. It is likely that there will be some type of comparable regulation that does apply to their

business within 2022.”

Matthew Meehan, chief operating officer at TokenEx

“For data security and protection, if an organization has to extensively re-architect its internal

environments to be secure, it will be difficult to ever reach project completion. And environments will



change again before they’re done. Instead, organizations need to find data protection approaches that

provide the flexibility to work with and conform to the specific environment.”

Matthew Meehan, chief operating officer at TokenEx

“Indeed, the continued rise in cyberattacks we witnessed in 2021 will cause C-level execs to take

cybersecurity more seriously. There are two risk buckets to consider in this regard: business interruption

risk (where the business goes down as the result of an attack); and liability for loss of sensitive customer

and other data. The technologies to manage these risks are different, but both sets of risks are concrete,

quantifiable, and have a direct, immediate economic impact as well as reputation and brand-value

implications. Boards and executives that appreciate the quantifiable aspects of these risks will invest

wisely to protect and build company value over the coming years.”

Steve Moore, chief security strategist, Exabeam

"Quality leadership is essential in running a successful company, but did you know that poor leadership

methods result in poor performance and a heightened risk of cyberattacks?

We've seen a steep rise in cybercrime in 2021 that we can expect to continue into the new year, and an

effective defense begins with influential leaders. However, it would be a shame if leadership adapted to

new work dynamics as they've historically adapted to adversaries - which is slowly.

This cyber security climate applies more significant pressure to leaders; will strain the mediocre ones

well beyond their value. In this example case, defenders' networks, already rife with gaps and missing

capabilities for digital adversaries to exploit, will fail to meet the basics of relevance. Leaders must focus

on outcomes for their staff - focus on 'why' instead of the 'how,' and reflect on their abilities to lead, retain,

and recruit will come out on top.

An unproductive and stressed security operations center (SOC) only places a target on a company's

back, leading to the loss of talented workers in an already competitive sector -- and potential loss of

business due to data breach-driven reputational damage. Instead, SOC leadership should carefully track

the happiness and career fulfillment of their staff.



Now, the question from a technical and human perspective is this: how quickly can the defending

organization adjust to such rapid and frequent attacks -- and improve internal culture during change? In

addition, cybercriminals are increasingly targeting companies going through significant financial events,

such as acquisitions and mergers, knowing security teams are likely unstable, stressed, and managing

integrations during the process.

This tidal wave of cybercrime will not die down any time soon. Still, if SOCs dedicate themselves to

understanding the adversary and hire leaders who focus on a healthy culture that boosts morale, a better

outcome of defense will be fostered."

Gorka Sadowski, chief strategy officer, Exabeam

“If we’ve learned anything in 2021, it’s that cybercrime is a collaborative effort in which crime syndicates

share and learn from each other to make their attacks increasingly sophisticated and damaging. With

global ransomware payments on track to hit $265 billion by 2031, cybercriminals have the resources they

need to work together in developing new and improved ways to breach organizational frameworks around

the world.

As the year draws to a close, I’m excited to see organizations take cybersecurity much more seriously

and realize that we’re in this together. 2022 will be a test of how well we can work together, putting

collaboration above the competition in order to fight against the growing threat that cybercriminals pose

to industries of all scopes and kinds. Cybercriminals have shown to be highly coordinated, so the only

hope we have in defeating them is to be just as united in our efforts.

Another encouraging sign to take into the new year is that governments are finally beginning to mobilize

and take action against cyberthreats. In the past, it has been largely down to each organization to fend

for itself, which inevitably exacerbates asymmetry between well-funded attackers and individual

defenders, leading to costly breaches. Initiatives such as California’s Cal-Secure plan show governments

are taking a stand and promoting comprehensive, collaborative efforts in the fight against cybercrime.

Cyberattacks can have devastating consequences on both the public and private sectors alike, making

government support crucial.

Cyber adversaries, unfortunately, won’t be going away anytime soon, so the key moving forward is for

businesses and governments to consolidate their efforts and support each other as the threats grow both

in complexity and ambition. We’re poised to achieve great things if we remember who the enemies are

and focus on how we can help each other defend against the next threat that comes our way.”



Samantha Humphries, head of security strategy EMEA at Exabeam:

“Ransomware has been at the forefront of cybersecurity concerns this year and I think, unfortunately,

we’ll continue to see the hold of ransomware leading to extortionware, and also as a distraction.

Ransomware is an ‘end problem’ for companies. It’s not a case of getting struck by a cyberattack and

asking ‘what do we do now?’ – by that point it’s far too late. Instead, it needs to be a question of ‘how do

we make ourselves less of a target, to begin with?’.

The crux of the problem is that there’s an overwhelming amount of false confidence by companies

thinking ‘it won’t happen to us’ because they’ve added a new compliance tool, or moved to the cloud. It’s

not that simple. Cybersecurity is not a ‘tick box exercise’ and then you’re safe. Too many organisations

still have this mindset that sees them scrimp on the fundamentals of cyber hygiene.

Everything starts with having visibility across your systems. Put simply, if you don’t know what you’ve

got, you’re not going to be able to protect it. This insight will help to provide teams with a clear

understanding of user accounts’ and devices’ normal behaviours, enabling them to spot anomalies more

easily when they happen - and they will. Not to mention, distributed workforces and a work-fromanywhere

culture have meant less visibility, less control, and less understanding of what covid-world and

beyond ‘normal’ user behaviour is.

I don’t think we’ve seen the whole brunt of the shift to remote work yet. The combination of dispersed

workforces and more employees using personal devices for work will continue to open up the potential

for an influx of Bring Your Own Device (BYOD) security risks, meaning growing attack surfaces and

increased vulnerability to security threats.

Though it may feel like we are against all odds, it’s important to not be discouraged, downtool, or divest

our security teams. Companies must continue to tackle modern threats head-on, replacing outdated

security tools to ensure security teams are prepared and have the ability to understand exactly what’s

going on inside their changing IT environment.”

Samantha Andrews, director of account-based marketing at Exabeam:

“It’s apparent that many company boards are still not prepared for cybersecurity, and are not making the

connection between the pervasiveness of cyber threats and their vulnerabilities. All too often, cyber is

taking a backseat behind regulatory and reputational risks.



The last 18 months have been eye-opening for everyone - we’ve seen the biggest shift in working patterns

since the Industrial Revolution, it’s been a catalyst for change across numerous industries, and called for

people to reflect and rethink their priorities. We also saw exponential growth in cyberattacks where threat

actors took advantage of the disruption. As a number of prolific data breaches have hit headlines this

year, you’d hope it serves as a reminder to boards and C-level executives to take cybersecurity more

seriously. Cybersecurity needs to begin in the C-suite.

C-suite executives are among the top targets for attackers and because of their growing exposure to

cyber attacks, they need to ensure that they are not the weak link in the cybersecurity chain. I hope that

this coming year will be the one where cybersecurity becomes a fixed board agenda item. It’s time to

adjust thinking to discuss risks, review contingency plans, and shake off the false sense of ‘it won’t

happen to us’ confidence - because cyberattacks are inevitable. It’s not a question of ‘if’ and more a

question of ‘when’ you’ll be a target if you haven’t been already.

2021 proved what we already knew… that nothing is off-limits. We’ve experienced monumental change

and the C-suite must now make fundamental changes too, bolstering cyber-crisis preparedness in the

fight against ever-changing, ever-evolving cyber threats. Next year will be a huge opportunity for

everyone.”

Danny Schaarmann, CEO, xSuite North America

“E-invoicing is a disruptive technology that gives organizations the ability to easily digitize their processes.

E-invoicing will become more common going forward as organizations transition into going paperless.

From the customer’s perspective, many organizations are already relying on digital documentation, but

suppliers need to catch up. Companies that have a stable Electronic Data Interchange (EDI) process can

expect it to be replaced by e-invoicing in the near future. While some countries, like Aruba for example,

have already implemented paperless invoicing, the US could follow suit in the future. In 2022, expect to

see states begin to make moves, starting with California.“

Danny Lopez, CEO, Glasswall

“Before we take a look at what organisations will be facing in 2022, it is important for security

professionals to reflect on what has worked for adversaries in the past year. In 2021, a cyberattack

occurred every 39 seconds. The world experienced a ransomware explosion, which will likely continue

its upward trajectory in 2022. Strict sanctions on countries like Russia and China also increased tensions

and led to several large-scale cyberattacks being attributed to the two nation states.



Due to their successes, adversaries are going to get craftier in their practices in 2022. The attackers will

use a more personalised approach and aim to blend into the network to look like an insider.

Cybercriminals will target more customer success centers to increase the chances of a big cash payout.

Ransomware crime organisations may ask for less and allow for payment flexibility, so they can receive

steady income over say 12 to 18 months.

Tension in the South China Sea is also going to have a lot of influence on the threat landscape. A large

number of warships on both the Chinese and American sides are currently residing in a very small

geopolitical zone. History shows when those things happen there tends to be an event that triggers an

avalanche. Cyber is the newest warfare tactic, and a small spark could launch flames that engulf a large

number of countries into a full-on cyber conflict threatening the global supply chain.

We need to learn from our mistakes, and stay vigilant, in order to bolster cybersecurity defenses. It's

impossible to look into a crystal ball and predict the future, but we have the past to learn from in order to

move forward to a more secure future.”


“With each new year, it’s important for executives and board members to view their cybersecurity

measures with fresh eyes. Hackers will never rest when it comes to finding new angles to break into

organisations’ critical systems. Once one problem is patched, they will just continue to poke and find new

openings that will enable them to steal data or move laterally across the network. One way, this is

expected to escalate over the next year is through the insurgence of bad actors and insider threats.

According to IBM, 60% of organisations have more than 20 incidents of insider attacks a year and the

cost related to these incidents was over $2.7 million. This means not only do companies need to be

aware of exterior threats, but aware of internal vulnerabilities by implementing a zero trust approach.

With all these things to consider in a board environment, the conversations need to be constructive and

centered around a proactive approach. Not only do leaders need to be aware of the massive risk that

isn’t going away, but ensure that a zero trust approach is in place. No organisation, large or small, is

exempt from the risk of cyberattacks. Remaining vigilant will empower companies as they move forward.”




“If there is any topic the cybersecurity industry will continue to discuss in 2022, it’s the talent shortage. In

the U.S., there are almost 500,000 jobs to be filled in this industry alone. What’s more troubling is that

it’s not just organisations competing to secure talent anymore since ransomware-as-a-service (RaaS)

has entered the market. Cybercriminal groups are heavily recruiting in tandem. In an attempt to respond

to the skills shortage exacerbated by the ‘great resignation,’ commercial enterprises will find themselves

also looking at the talent pool of former (and now reformed) hackers in an effort to improve their own

cybersecurity systems and pad their teams.

The most easily achieved response to addressing the labour shortage today, beyond getting creative with

hiring, is to ensure that organisations have the correct products to protect their systems and data and

automate more menial tasks for their security analysts and leadership -- so they can spend their time

focusing on stopping digital adversaries. Overall, companies must be proactive in both their recruitment

and building out their cybersecurity infrastructure.”

Steve Roberts, chief financial officer at Glasswall

“Many organisations are currently still figuring out what a hybrid working model means for them.

Permanent office space and long term leases are likely to be a thing of the past and this will inevitably

lead to a shift in budget allocation. My advice for businesses in 2022 is to ensure any budget that is no

longer attributed to office leases is reallocated to effective collaboration tools, increasing security and

employee wellbeing. An unused budget is not a net saving, so it should be applied elsewhere to ensure

that the new hybrid working model is secure and healthy.

Companies implementing a hybrid working model should ensure both their office infrastructure and

remote working environments are secure. Remote working can result in security vulnerabilities,

particularly if employees are using their own devices to connect to corporate systems. The budget should

be reallocated to invest in security solutions that will close these gaps and keep systems and data secure.

With the uncertainties around long-term working models, most organisations don’t want to be tied into

long-term contracts. Technology providers will need to rethink and evolve how they are selling their

products. Offering short-term contracts for SaaS solutions that can be deployed solely in the cloud or as

a hybrid solution will enable businesses to better support their customers. Organisations aren’t going to

transition to the cloud overnight, so technology solutions need to be able to protect them in every

environment.”



Paul Farrington, chief product officer at Glasswall

“We’re constantly seeing cybercriminals changing their methods, and this will continue in 2022. Not only

do we anticipate the use of automation to create scale - for example in DDoS attacks and the

communication of malware - but we’re seeing machine learning (ML) being used to make attacks more

effective. It’s one thing for a human attacker to analyse email characteristics to work out what entices a

reader to click on a malicious link - applying ML to this adds a completely new dimension. In doing so,

attackers have an almost infinite ability to tweak variables and ultimately secure a better payoff for their

efforts.

This kind of analysis – where ML is used to make small changes to malware properties, for example in a

PDF or a Word document – needs to be stopped in its tracks. Organisations need to seriously consider

whether this type of malware will evade detection from their anti-virus tools. If the answer’s yes, the

problem needs to be looked at in a new way.

Polymorphic malware has been around for a decade – metamorphic malware, on the other hand, is a

more recent phenomenon. It’s taking time for organisations to build up strategies to combat it. I predict

that this form of malware will take off over the next few years, as cybercriminals increasingly leverage

ML to make malware more personalised, and thereby easier to evade detection.

At the extreme end, this will see every piece of malware become novel or unique. This makes it far more

likely it will be able to slip through an unknown gap in the defenses. Delivered at scale, this has the

potential to become a significant problem for organisations that are not taking a proactive approach to

file sanitisation.”

Paul Farrington, chief product officer at Glasswall

“Cyber is now the weapon of choice for nation-state attacks and we can expect to see even more

evidence of this in 2022. This means new cyber-focused legislation is, and will continue to be, a priority

amongst governments, as reflected in Biden’s Executive Order.

The positive side to this is that cybersecurity will continue to be spoken about more widely and openly

among private sector organisations. At a high-level, businesses will need to take notice of the changing

legislative landscape and adopt a compliance-first mindset, irrespective of whether cybersecurity is



currently a priority focus for them. For those selling into the government, security will continue to be a

competitive advantage, but this will increasingly become buying criteria more broadly. The value of

security will continue to grow, and will no longer be just about functionality.

In 2022, countries that are yet to adopt or improve cyber legislation to protect government and critical

infrastructure will likely do so. We’ll also see countries becoming more granular with this by legislating

around software development and data protection. Governments will start by focusing on critical national

infrastructure, for example utilities, before moving on to any entity playing a pivotal role in keeping the

country moving and the economy growing, such as financial services. By setting out legislation on how

companies handle data and interact with the outside world, common standards around security can be

developed that will help keep both organisations and customer data safe.”


“With a 62% year-over-year increase of ransomware complaints, the demand for cybersecurity will

continue to escalate. We expect to see more investors turn their attention to the market -- and invest in

cybersecurity organisations addressing today’s most prevalent threats like file-based malware, critical

infrastructure vulnerabilities and ransomware-as-a-service (RaaS)-- rather than those from 10-15 years

ago that today’s public cyber companies were founded to protect. Since there is ample capital available

for private companies, M&A deal flow is likely to increase in 2022.”

Amit Shaked, CEO & co-founder, Laminar

“When the pandemic first started, many organizations went into emergency infrastructure planning mode

and shifted immediately to the cloud in order to continue business operations. As the dust continues to

settle and enterprises have adjusted to our new normal, it has become very clear that organizations now

have another enemy to face: data protection in the public cloud.

Cloud transformation has overall been great for business, but has not come without its downsides — one

of the top ones being that data protection has not kept pace with data democratization. A 2021 IDC survey

reported that 98% of companies experienced at least one cloud data breach in the last year and a half.

The solutions data protection individuals are using haven’t adjusted to this new public cloud environment,

which makes work much more challenging than ever before. On top of that, most data protection teams

are blind to what sensitive data they have in the public cloud.



In 2022, it is going to become crucial that organizations use solutions that provide visibility, context,

accountability and alert data protection teams to data leaks in order to halt adversaries in their tracks.

The solution should be able to continuously and automatically discover and classify data for complete

visibility, secure and control said data to improve data risk posture, and detect data leaks and remediate

them without interrupting data flow. These simple approaches can go a long way in preventing

devastating breaches in 2022 and beyond.”

Oran Avraham, co-founder & CTO, Laminar

“In 2022, data is going to be the most valuable currency around the world. As a result, the data breach

culture we have seen emerge over the past few years is going to continue to permeate if we do not take

a moment to reflect on the causes of attacks in the last year.

It is imperative to understand where these attacks are originating from in order to discontinue the cycle

of data abuse. If one were to examine some of today’s biggest data breaches, a pattern will immediately

emerge — the majority by far originated from public cloud infrastructure.

So what should organizations be looking for to protect public cloud environments? First, the solutions

must be cloud-native. Second, data protection teams are almost blind when it comes to data residing in

the cloud. Therefore, the solution must start by integrating with the public cloud itself in a modern,

agentless way. It must be able to identify where and which types of data reside there. This way

organizations can focus on protecting what matters most. Finally, the solution must not impact

performance.

It is my hope that organizations will take a moment to reflect on the importance of public cloud data

protection in order to change the data breach narrative in 2022 and beyond.”



About the Author

Danny Lopez is the CEO at Glasswall. Danny has enjoyed a

successful international career to date in banking, marketing,

diplomacy, and technology. Glasswall delivers unique protection

against sophisticated threats through its ground breaking

technology. For two years up until August 2018 Danny was the

COO at Blippar, a UK-based augmented reality (AR) pioneer.

Between 2011 and 2016 Danny was the British Consul General

to New York and Director General for trade and investment

across North America. Before this diplomatic posting, Danny was

appointed by the Mayor of London as the inaugural CEO of London & Partners, the UK capital’s official

promotional agency. Previously, Danny was a Managing Director at the UK government’s Department

for International Trade. The first ten years of Danny’s career were at Barclays Bank, where he held

several senior international positions in corporate and investment banking in London, New York, Miami,

and Mumbai. Danny is a Non-Executive Director at Innovate Finance – the UK industry body championing

global FinTech – and a special advisor to New York-based venture capital firm, FinTech Collective. He

is also a Council Member and Trustee at the University of Essex, his alma mater. Danny speaks regularly

on platforms across the world on topics including geopolitics and the intersection of market disrupting

technologies and government policy. Danny holds a Bachelor of Arts degree in economics and a Master’s

degree in international economics and finance from the University of Essex. Born in England, Danny

grew up in Spain and is a fluent Spanish speaker. Danny and his Australian wife Susan live in London

with their three children. Danny can be reached online at @GlasswallCDR and at our company website

www.glasswallsolutions.com



Our Cyber Defenses Need to Be Battle-Tested to

Withstand Future Threats

by Hugo Sanchez, Founder and CEO of rThreat

Just a few weeks ago, the FBI released a statement confirming that their server was hacked over the

weekend, resulting in thousands of spam emails warning of a fake cyberattack that were sent to

individuals and companies nationwide. In the statement released to address the incident, the bureau

clarified that the attack did not compromise their system or allow an outsider to gain access to their data.

The mere fact that this attack was possible, however, highlights the glaring problem with our cyber

defenses: they are not impenetrable, and the gaps are not proactively identified because they are not

battle tested.

In a world where cyber criminals are getting smarter and our technology is becoming more advanced

with every passing day, it is unthinkable that our approach to cyber defenses should remain unchanged.

To combat the attacks of tomorrow and shore up our defenses to meet them, cybersecurity needs to pivot

in favor of defending forward and using threat emulation - and not simulation - to determine any

vulnerabilities.



The

concept of modern penetration testing was dreamed up in the 1960s, and in 1967, more than 15,000

computer security experts, government and business analysts gathered together at the annual Joint

Computer Conference to discuss concerns that computer communication lines could be penetrated. Early

penetration testing was carried out primarily by the RAND corporation and the government, and most

systems immediately failed the tests, confirming the validity of the concerns.

Today, penetration testing has evolved to enable ethical hackers to test a system’s vulnerabilities through

simulated cyber attacks. A recent survey found that 70% of organizations perform penetration tests as a

way to measure their security level and 69% do so to prevent breaches.

But these tests are flawed. Simulations using threat signatures are not enough to ensure defenses are

adequate, and testing the capabilities of cyber protections in this way is akin to testing a bulletproof vest

by firing blanks.

The biggest difference between attack simulation and attack emulation is that attack emulation

showcases a threat actor’s strengths and weaknesses. In an attack simulation, it is possible to recreate



the exploitation aspect, but if testers aren’t using the same tools and making the same mistakes that

threat actors do, they will be unable to create defenses that detect those same mistakes.

Another problem is that current methods dictate the use of customized and refined attacks to test cyber

defenses, when in reality, it’s essential to replicate exactly what the system will be responding to in a

real-life scenario, utilizing the same tools and the same mistakes that threat actors use during security

tests.

Those that rely on a machine learning or AI-based solution also have to contend with the possibility of

causing the program to learn the wrong behavior during simulated attacks, because the attacks are not

based on the latest threat intelligence or indicative of what threat actors are using. Additionally, because

attack simulations are not real attacks, they run the risk of not being recognized by security controls as a

threat, making it impossible to be sure the controls will work in a real-world scenario.

Experts who weighed in on the FBI breach pointed to the possibility that the lack of malicious email

attachments was simply due to the hackers finding the vulnerability without a concrete plan to exploit it.



But Austin Berglas, a former assistant special agent in charge of the FBI’s New York office cyber branch,

summed up the problem quite succinctly: “It could have been a lot worse.”

Leaving our systems vulnerable to attack is unacceptable when there is a better way. Breach and attack

emulation solutions are more dynamic in nature, can expose gaps in a company’s infrastructure, and can

mimic the tactics of real-world threat actors, allowing organizations to prioritize the gaps that represent

the greatest threat to their networks.

We have come a long way in our understanding of cyber threats and methods of detection, but our

defenses remain lightyears behind. The government wouldn’t send soldiers into combat with faulty

equipment, and it’s time we take that same tack with our cybersecurity. Battle testing our defenses is a

necessary next step, and until we do, we are leaving ourselves open to the kind of threats that could

bring our country to its knees.

About the Author

Hugo Sanchez is the founder and CEO of rThreat, a breach and

attack emulation software that challenges cyber defenses using

real-world and custom threats in a secure environment. Learn

more about Hugo and his company at www.rthreat.net.



12 Tips for Improving Access Control in Your

Organization

By Bryon Miller ASCENT

In today’s world, we have more access to essentially all that’s available in our lives. More access to

people and places. More access to information and knowledge. More access to everything and anything

on the Internet. With this increased access comes an increased desire within us as human beings to

control our proprietary or private data, especially as it relates to the organizations for which we work.

However, there is a fear that the wrong people are going to access just the right information or systems

to create major issues for our organizations. But there is no need to fear losing control over who is

accessing these things if we make access control a priority in our overall Corporate Security Programs.

By examining the strategy for access control, organizations can ensure appropriate practices are in place

to govern user access.

An effective Access Control Program is necessary to protect your people, information, and assets by

enabling your organization to reduce the risk of harm to your people, customers, and partners, as well as

reduce the risk of your information or assets accessed. An effective Access Control Program helps an

organization make a reasonable determination that individuals are granted the proper access needed to

effectively do their jobs without putting the organization in a compromising situation.

To help you improve your organizational access control, consider the following tips:



1. Develop requirements for an Access Control Program. A formal Access Control Program

should be implemented that includes a documented user registration and de-registration process

for requesting, approving, granting, modifying, reviewing, or revoking access. Access control rules

should reflect the requirements of your organization for the authorization, access to,

dissemination, and viewing of information. These rules should be supported by formal procedures

with clearly defined responsibilities that are assigned to appropriate roles. Be sure your access

control requirements address both logical and physical control measures which should both be

based upon the principle of least-privilege.

2. Identify and document account types. Account types (e.g., standard user, privileged user,

system, service, etc.) used by your organization should be identified and documented. Access

control rules for each user, or group of users, should be clearly stated. The conditions for group

or role membership should be established as well. Users should have a clear understanding of

the security requirements to be met by the access controls implemented by your organization.

3. Ensure ongoing account management is in place. Unauthorized or inappropriate account

access is likely to occur if ongoing maintenance is not in place for all accounts. Account

management is not a “one-and-done” exercise but must be performed on a recurring basis to

maintain effectiveness. Management approval should be required for all requests to create

accounts. Accounts should be created, enabled, modified, monitored, disabled, and removed in

accordance with an approved Access Control Policy. Supporting procedures should detail the

steps required to meet the defined policy control requirements. Periodic internal account and

access reviews or audits should be performed, at least annually, during which the privileges

should be verified to validate that the need for currently assigned privileges still exists.

4. Actions need to be associated with a unique, individual user. All users should be assigned a

unique identifier (user ID) for their personal use only. Appropriate user authentication techniques

should also be implemented to substantiate the claimed identity of any authorized user requesting

access each time they log in to your organization’s networks, systems, or applications. Baseline

controls should include settings for password or passphrase composition and complexity

requirements.

5. Set controls for accounts with privileged access. This is needed to reduce the likelihood of

providing standard users with more access permissions than they require. Appropriate checks or

validations for actions performed with privileged accounts should also be implemented to ensure

authorized privileged account users are fulfilling their assigned roles in accordance with

prescribed security control requirements. The principle of least privilege must be followed,

authorizing only access that is necessary for each individual user to accomplish their assigned

tasks in accordance with your organization’s mission or business functions.

6. Implement and maintain secure logon processes. This verifies the identity of users and

associates the user with the actions they perform. Secure logon processes may also help reduce

the likelihood of password compromise that may lead to security incidents or data breaches. A

limit of five (or less) consecutive invalid logon attempts by a user during a fifteen-minute period

should be implemented. Accounts should be locked after this threshold of failed logon attempts

is reached. It is encouraged to send failed logon alerts, along with other appropriate domain

controller alerts, to personnel responsible for monitoring the networks of your organization.

7. Provide for password management. This serves as one line of defense for protecting

organizations, along with customer information they manage, from unauthorized access due to



weak passwords. Password management systems should be interactive and should ensure only

quality passwords are being used. Users should be required to follow best practices for the

selection, use, and maintaining the confidentiality of passwords. It is recommended that your

organization provides training on the selection, along with the safeguarding, of passwords.

8. Implement controls to secure information systems when unattended. These controls should

provide a layer of defense for organizations to decrease the risk of an unauthorized user gaining

access to an authorized user’s system or the output from system devices. Your Access Control

Policy should contain clean desk control requirements to ensure that papers or media that are not

actively being used are kept in desk drawers or filing cabinets. Personnel should activate a screen

lock when they leave their work area to reduce the opportunity for unauthorized personnel viewing

potentially sensitive information displayed on a monitor or other peripheral device. Output devices,

such as printers or faxes, should also be safeguarded to help prevent unauthorized individuals

from obtaining the output from these devices.

9. Provide for remote access management. Controls need to be implemented to protect remote

access to networks, systems, and applications, thus minimizing the window of exposure

organizations face regarding unauthorized access or potential intrusions associated with remote

access activities. All remote access should be authorized prior to allowing remote connections to

your organization’s network to occur.

10. Manage and protect wireless access. Controls need to be implemented to manage how

networks, systems, and applications are accessed using wireless technologies. Wireless access

for users should be authorized prior to allowing wireless connections to be made. Wireless access

to systems and applications should be protected using authentication of users or approved

devices.

11. Have defined controls to support the segregation of duties. Your organization should

implement segregation of duties for conflicting functions, or areas of responsibility, to reduce the

opportunities for the unauthorized or unintentional modification, fraud, or misuse of information

and information systems. A system of dual controls (e.g., two individuals with separate

responsibilities needing to work together to accomplish a single task) should be required and

implemented whenever possible.

12. Ensure effective controls are in place for mobile computing and working from home. Usage

restrictions, configuration requirements, connection requirements, and implementation guidance

should be established for all organization-controlled mobile devices. Full-device encryption or

container-based encryption should be used to protect the confidentiality and integrity of

information on mobile devices. Personnel should be required to report any lost or stolen mobile

devices. Your organization should have the ability to wipe mobile devices remotely to remove all

information if they are lost or stolen.

Your organization should ensure that a comprehensive Access Control Program is developed and

implemented consistently across the organization. Organizations that do not could potentially overlook a

pivotal security function or leave a control unaddressed. By developing a comprehensive Access Control

Program, supported by all organizational stakeholders, organizations can avoid key access control pitfalls

for effective overall security.



About the Author

Thomas Bryon Miller is co-founder and CISO at ASCENT Portal, a leading

Software-as-a-Service (SaaS) platform for comprehensive security and

continuous compliance management. An expert in security and

compliance best practices, Miller is also the author of the book, “100

Security Program Pitfalls and Prescriptions to Avoid Them,” available on

Amazon.



Four Cybersecurity Predictions Federal Agencies Should

Expect in 2022

By Mark Sincevich, Federal Director, Illumio

This last year thrust Zero Trust into the spotlight as the Biden administration released the Cyber Executive

Order (EO) calling for all federal agencies to bolster their cybersecurity posture and implement a Zero

Trust architecture. As the new year approaches, what can federal agencies expect the cybersecurity

landscape to look like in 2022?

1. Visibility-First Security

In 2021, we learned you can’t protect your network from an attack if you don’t thoroughly understand your

network. Visibility (also known as network discovery) is becoming more and more of a focus for federal

agencies. If you look at the DoD (Department of Defense) Zero Trust Reference Architecture v.1,

‘improved visibility control’ is one of the key tenants.

Right now, federal teams do not have a real-time map of how applications and workloads communicate

with each other on the network. How could you secure what you cannot see? Establishing visibility is

going to emerge as the core focus of agencies’ Zero Trust efforts – it's a critical and impactful first step

in any security strategy.



2. What Is Zero Trust?

In 2021, Zero Trust has become an overused and under-defined term. To clarify, Forrester defines the

term this way: “Zero Trust is not one product or platform; it’s a security framework built around the concept

of ‘never trust, always verify’ and ‘assume breach.’” It's really a security philosophy.

Given the confusion in the market, it can be hard for security teams to figure out which strategies will

really help them achieve their security goals. There are five main pillars of any Zero Trust Architecture

and being able to prioritize one pillar from another is critical. A prioritization of pillars will lead to a change

in focus in the coming year.

Federal agencies are realizing they need visibility first and then they need to stop cyberattacks from

spreading once they are inside the network with a host-based micro-segmentation approach. In 2022,

agencies will do a better job of prioritizing their Zero Trust approach to those strategies that can show

actionable results quickly – often in the workload and application pillar.

3. Laser Focus Against Adversaries

When it comes to threat defense, we are turning up the volume against our global adversaries in 2022.

Artificial intelligence (AI) is increasing in sophistication, along with the complexity of cyberattacks –

making breaches catastrophic.

In a lot of ways, we are unaware of the multi-pronged approach that attackers are taking to target our

high-value assets (HVA’s). These new attacks will be super creative and will often go undetected even

though agencies and commands have endpoint detection and response (EDR) tools installed. EDR tools

are not effective against attacks where we don’t know the method of attack.

It is time to continue to defend forward as well as prioritize and execute on the plan. The reality is that no

one can do everything perfectly, so we need to focus on one or two things at a time that make the biggest

impact.

Defending forward means you take the fight to the enemy, instead of waiting for them to come to you.

We are going to see serious offensive operations to bring down attacker networks this year. There will

be no more waiting for the attack to come to us, instead, we will seek out the attackers and take proactive

security measures.

The way we can do this is to shore up our own defenses with visibility and Zero Trust micro-segmentation.

We need assurance that the attackers cannot move laterally while we are on the offensive.



4. Cyber Funding Gets Granular

In Federal Fiscal Year 2023 (which begins on 10/1/22), we’re going to start to see program dollars

specifically designated for Zero Trust projects. There will be multiple Zero Trust ‘programs of record’ in

the coming years, and another indication of the seriousness of this effort is the new Department of

Defense (DoD) PMO (Program Management Office) for Zero Trust. Zero Trust is here to stay and in

support of Zero Trust efforts, we will see a focus on specific initiatives such as network discovery and

micro-segmentation.

While none of us have a crystal ball, what we know is that we should expect (and prepare) for the

unexpected – we know there will be many more cyberattacks in the coming year. While the Cyber EO

laid an important foundation, its impact will only be as strong as the actions we take to shore up our

cybersecurity posture over the next year. Agencies must carve out specific funding for Zero Trust,

because the EO didn’t have any funding tied to it. A focus on improving visibility will help cybersecurity

leaders take a proactive approach to defending critical networks to stop the spread, and thereby limit the

impact of cyberattacks.

About the Author

Mark Sincevich the Federal Director at Illumio has 23

years of experience working with the DoD and

Intelligence Community implementing technology

solutions. Sincevich has a background in the

command-and-control market where he specialized in

Cyber Operations Centers, and in the cybersecurity

space. Sincevich is a frequent author and speaker on

cyber topics. He is a graduate of the University of

Maryland, College Park and is a current member of

the Civil Air Patrol (CAP).

Mark can be reached online on LinkedIn and at our company website https://www.illumio.com/



Recognizing the Value of Secure Wi-Fi for Unified

Security Platforms

Why Unified Security Platforms Need Secure Wi-Fi

By Ryan Poutre, Product Manager at WatchGuard Technologies

As we all know, telework is now the new normal for many organizations around the world. Recent

research shows that 1 in 4 Americans worked from home in 2021, and that the number will increase to

28% over the next five years (with some estimates as high as 51%). For many, the remote and hybrid

work models are working just fine. But there is a problem – most organizations are still catching up when

it comes to securing these remote connections, no matter the location. In fact, the threat of unsecured

wireless connections is so widespread that over the summer the NSA published best practices on how

to protect against cyberattacks stemming from compromised or unsecured wireless connections.

While they were originally intended for government workers, the four recommendations outlined below

can benefit those in the private sector as well. They include:

1. Avoid connecting to public Wi-Fi whenever possible. Use a corporate or personal Wi-Fi hotspot

with strong encryption instead.

2. If using public Wi-Fi is unavoidable, use a virtual private network (VPN) to encrypt traffic.

3. Only access websites using Hypertext Transfer Protocol Secure (HTTPS).

4. Disable Bluetooth when not in use or working in a public environment.



Of course, these recommendations are just a start. And they mostly provide best practices for individuals

who are on the move. Securing connections for workers in the office or at places they work from regularly,

like a home office, is a bigger challenge.

Unfortunately, many small and medium-sized businesses grapple with the complexities of managing

network security and Wi-Fi, just as larger organizations do. It can often be the Achille’s heel of IT, and a

cost burden (especially when it breaks). Case in point: the 2007 TJX breach, in which a poorly secured

Wi-Fi network at a single store was compromised by a hacker to gain access to sensitive data for the

entire corporation. As many as 200 million credit card numbers belonging to T.J. Maxx, Marshalls, Home

Goods and A.J. Wright customers were stolen, with estimates of financial damage to the company

exceeding $1 billion.

The challenges of good Wi-Fi security have led many companies to consolidate secure Wi-Fi

management through unified security platforms, which is creating a growing demand for Managed

Security Service Providers (MSSPs). A recent MarketsandMarkets report found that Wi-Fi-as-a-service

is expected to be a $8.4 billion market by 2025 ($5 billion more than in 2020).

But why do unified security platforms need secure Wi-Fi? Most organizations understand the value of Wi-

Fi security, but stumble when it comes to implementation. They often do not realize just how simple it is

to manage, resulting in poor execution. As cyber threats continue to grow and become increasingly more

sophisticated, it is more apparent than ever that security is just not effective unless done at scale.

Traditional solutions do not provide the automation, clarity and control, comprehensive security,

operational alignment, and shared knowledge necessary to face today’s ever-evolving threat landscape.

As a result, secure Wi-Fi is a critical component of comprehensive network security, as are layered

services such as advanced endpoint protections, multi-factor authentication and more. Replacing

traditional Wi-Fi solutions with more advanced infrastructure that leverages a unified approach and a

cloud platform helps to automate and speed service delivery of secure Wi-Fi. With centralized

management capabilities, IT teams (or MSPs) can quickly access important data like utilization, signal

strength coverage and wireless client bandwidth consumption across their entire Wi-Fi deployment. They

can also quickly pinpoint failures and irregularities, and even interrupt device network access when

necessary. It also makes it easier for organizations to manage and customize any captive portals they

may have.

WatchGuard is committed to helping MSPs and organizations modernize and expand security by offering

scalable, unified security platforms with Secure Wi-Fi. To learn more about Wi-Fi in WatchGuard Cloud,

take a look here.



About the Author

Ryan Poutre is a Product Manager at WatchGuard

Technologies. After joining WatchGuard in 2015 as a sales

engineer he began supporting local partners and sales

opportunities in the north central United States. In January

2021 he joined WatchGuard’s Wi-Fi team where he is

responsible for the market ownership of the company’s Wi-

Fi product line. Ryan graduated from college in 2004 with a

computer networking degree and has been in the IT field

ever since. Ryan has held multiple certifications in network

security including secure wireless, Firewall management,

Virtualization and secure network management. Ryan

currently resides in Iowa with his wife and family. He can be

reached online at (EMAIL, TWITTER, etc..) and at

WatchGuard’s company website

https://www.watchguard.com.



Cybersecurity Tips to Help Your Organization in 2022

With the new year upon us there’s never been a better time to evaluate your company’s cybersecurity.

By Jeffrey J. Engle, President of Conquest Cyber

Recent cybersecurity breaches like the SolarWinds and Colonial Pipeline attacks have illustrated the

importance of cybersecurity in all organizations. If protecting your company’s cybersecurity is at the top

of your New Year’s resolutions list, these ideas will have you on your way to checking off that important

item!

Adopt a Risk-Based Approach to Cybersecurity

Cybersecurity threats are a problem for all business segments, not just the IT or security department.

Cyber maturity requires a team effort and must start with business leadership through focus on a resilient

business culture. The IT and security teams may be masters of processes, but the company’s leaders

know the business’ priorities best. A proactive, risk-based approach is the only way to gain a competitive

edge on potential adversaries. Business leaders must think of their cyber posture just like they do their

P&L, as an indicator of business health. This outside the box approach means we can’t rely on

conventional methods.



Get A Managed Security Service Provider (MSSP)

Organizations across various industries have begun to turn to managed security service providers

(MSSPs) to bolster their cybersecurity response. A great MSSP acts as a trusted advisor to your

organization and takes cyber hygiene and business continuity to a new level. Most MSSPs offer

continuous security monitoring, threat detection and response but a great one will go outside their SLAs

to keep your organization one step ahead of cyber threats with a proactive approach.

Be Adaptable, Agile, and Aware

Traditional approaches on how to fight in this digital dimension are good in theory but are doomed to fail,

because conventional wisdom is predictable, and predictability is exploitable. Companies must have the

ability to adapt rapidly and not just follow the rules. In that sense, organizations must be agile and aware

while aiming at the end result of deterrence, defense and resiliency.

Today, the typical approach often falls short of that ending and far too often one settles for security

compliance. We’re doing what we’re supposed to do, years ago, but not looking out for potential new

and emerging challenges. Remember, compliance significantly trails the broad realization of risk.

To start that journey, our evolving processes must be rooted in consistent principles. Sun Tzu offers three

key ideas that can help to identify challenges and opportunities as they form in this new battlespace.

They are:

• Know the environment. If you’re going to climb a mountain, fight a battle, solve a problem, or

face adversaries of any kind, the more you know about the terrain you’re operating on, the better

off you are. Knowing the environment is your starting point, and you build outward and upward

from there.

• Know the enemy. The key to success in special operations and asymmetric warfare is to be able

to put yourself in the position of your adversaries without demonizing them. You must be able to

see the situation through their eyes without your emotions clouding your view, because looking

at it from their perspective will enable you to better predict, prepare, respond and defeat them.

• Know yourself. It doesn’t matter how tough you are. Eventually, you’re going to run into someone

who’s tougher. Once you truly understand that, it frames the way you engage in fights from that

day forward. You no longer fight for sport, you fight only to win. Your survival is at stake.

Don’t Stop at Minimum Compliance Standards

While meeting CMMC compliance or other regulations is imperative and valuable for organizations, it is

merely the start. Compliance standards often follow years of evaluations before they are approved. Often,

by the time a compliance standard is active, it is potentially years out of date from a risk perspective.



Organizations can achieve true cyber maturity when they follow these requirements regularly and then

go the extra mile by adapting programs based on what’s critical to their organization, what can hurt it and

how that can happen.

Achieving and maintaining compliance, maturity and program effectiveness requires dedicated resources

to stay abreast of regulatory developments, threats seen in the wild and ways to educate the entire

organization on potential security problems.

Stay Consistent with Cybersecurity Tools

Every organization wants to stay up to date with the latest software tools and products. However,

constantly switching between different tools to manage your cyber program could increase the likelihood

of a vulnerability slipping through. Companies can build better resiliency against threats by utilizing a

system to manage reporting, communication, and incident response.

About the Author

Jeffrey J. Engle is Chairman & President at Conquest

Cyber, a cyber risk SaaS company which provides cyber

resiliency to the sectors critical to our way of life, where he

brings a broad spectrum of experience in Risk

Management, National Security and Business Process

Optimization. He is responsible for the development and

implementation of all strategic initiatives including cyber risk

management and secure digital transformation programs.

He has served as a consultant for the Department of

Defense’s premier adversary emulation team and has conducted vulnerability assessments and training

on advanced risk management all over the world. Jeffrey can be reached at our company website

https://conquestcyber.com/



New Security Report Reveal 91.5% of Malware Arrives

Over HTTPS-Encrypted Connections

By Corey Nachreiner, CSO, WatchGuard Technologies

Today’s cybersecurity landscape is constantly evolving, opening the door to threat actors targeting users

with increasingly sophisticated attacks. To help professionals better understand the current state of these

threats, we share the WatchGuard quarterly Internet Security Report (ISR), which details the latest

malware and network attacks that plagued our community in Q2 2021.

The most jaw-dropping statistic from this recent report revealed that a staggering 91.5% of malware

arrives over HTTPS-encrypted connections. The research (done by the Threat Lab) also found that

fileless malware, ransomware, and network attacks all increased. With most organizations continuing to

operate in a hybrid or mobile workforce model, it’s more important than ever that organizations move

beyond traditional cybersecurity strategies and embrace layered-security approaches and Zero-Trust.

Let’s dive into some of the key insights from the Q2 ISR:

1. Massive amounts of malware arrive over encrypted connections – As mentioned above, in Q2,

91.5% of malware arrived over an encrypted connection, a dramatic increase over the previous



quarter. Put simply, any organization that isn’t doing HTTPS encryption is missing 9/10 of all malware

at the perimeter.

2. Malware is using PowerShell tools to bypass powerful protections – AMSI.Disable.A showed

up in WatchGuard’s top malware section for the first time in Q1 and immediately shot up for this

quarter, hitting the list at #2 overall by volume and snagging the #1 spot for overall encrypted threats.

This malware family uses PowerShell tools to exploit various vulnerabilities in Windows. But what

makes it especially interesting is its evasive technique. WatchGuard found that AMSI.Disable.A

wields code capable of disabling the Antimalware Scan Interface (AMSI) in PowerShell, allowing it to

bypass script security checks with its malware payload undetected.

3. Fileless threats soar, becoming even more evasive – In just the first six months of 2021, malware

detections originating from scripting engines like PowerShell have already reached 80% of last year’s

total script-initiated attack volume, which itself represented a substantial increase over the year prior.

At its current rate, 2021 fileless malware detections are on track to double in volume YoY.

4. Network attacks are booming despite the shift to primarily remote workforces – WatchGuard

appliances detected a substantial increase in network attacks, which rose by 22% over the previous

quarter and reached the highest volume since early 2018. Q1 saw nearly 4.1 million network attacks.

In the quarter that followed, that number jumped by another million – charting an aggressive course

that highlights the growing importance of maintaining perimeter security alongside user-focused

protections.

5. Ransomware attacks back with a vengeance – While total ransomware detections on the endpoint

were on a downward trajectory from 2018 through 2020, that trend broke in the first half of 2021, as

the six-month total finished just shy of the full-year total for 2020. If daily ransomware detections

remain flat through the rest of 2021, this year’s volume will reach an increase of over 150% compared

to 2020.

6. Big game ransomware hits eclipse “shotgun blast”-style attacks – The Colonial Pipeline attack

on May 7, 2021 made it abundantly and frighteningly clear that ransomware as a threat is here to

stay. As the quarter’s top security incident, the breach underscores how cybercriminals are not only

putting the most vital services – such as hospitals, industrial control, and infrastructure – in their cross

hairs, but appear to be ramping up attacks against these high-value targets as well. WatchGuard

incident analysis examines the fallout, what the future looks like for critical infrastructure security, and

steps organizations in any sector can take to help defend against these attacks and slow their

propagation.

7. Old services continue to prove worthy targets – Deviating from the usual one to two new

signatures seen in previous quarterly reports, there were four brand new signatures among

WatchGuard’s top 10 network attacks for Q2. Notably, the most recent was a 2020 vulnerability in

popular web scripting language PHP, but the other three aren’t new at all. These include a 20ll Oracle

GlassFish Server vulnerability, a 2013 SQL injection flaw in medical records application OpenEMR,

and a 2017 remote code execution (RCE) vulnerability in Microsoft Edge. While dated, all still pose

risks if left unpatched.

8. Microsoft Office-based threats persist in popularity – Q2 saw one new addition to the 10 mostwidespread

network attacks list, and it made its debut at the very top. The signature, 1133630, is the

2017 RCE vulnerability mentioned above that affects Microsoft browsers. Though it may be an old

exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude



awakening if an attacker is able to get to it before they do. In fact, a very similar high-severity RCE

security flaw, tracked as CVE-2021-40444, made headlines earlier this month when it was actively

exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.

Office-based threats continue to be popular when it comes to malware, which is why we’re still

spotting these tried-and-true attacks in the wild. Fortunately, they’re still being detected by tried-andtrue

IPS defenses.

9. Phishing domains masquerade as legitimate, widely recognized domains – WatchGuard has

observed an increase in the use of malware recently targeting Microsoft Exchange servers and

generic email users to download remote access trojans (RATs) in highly sensitive locations. This is

most likely due to Q2 being the second consecutive quarter that remote workers and learners returned

to either hybrid offices and academic environments or previously normal behaviors of on-site activity.

In any event – or location – strong security awareness and monitoring of outgoing communications

on devices that aren’t necessarily connected directly to the connected devices is advised.

With most of the world still working from home or in a hybrid model, the traditional network perimeter is

in flux, but still more important than ever. Strong perimeter security starts with robust network security,

endpoint protection, multi-factor authentication, and secure Wi-Fi. These are all critical elements in a

layered security approach. When done properly, organizations can significantly mitigate outsider threats.

About the Author

Corey Nachreiner is the CSO of WatchGuard Technologies. A

front-line cybersecurity expert for nearly two decades, Corey

regularly contributes to security publications and speaks

internationally at leading industry trade shows like RSA. He has

written thousands of security alerts and educational articles and

is the primary contributor to the Secplicity Community, which

provides daily videos and content on the latest security threats,

news and best practices. A Certified Information Systems

Security Professional (CISSP), Corey enjoys "modding" any

technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word.

Corey can be reached at @SecAdept on Twitter or via https://www.watchguard.com.









































CyberDefense.TV now has 200 hotseat interviews and growing…

Market leaders, innovators, CEO hot seat interviews and much more.

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine.



Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2022, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, Cyber

Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at



276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.


www.cyberdefensemagazine.com

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 03/01/2022



Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

(with others coming soon...)

9+ Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. It's mobile

and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365

uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS and CyberDefenseMagazine.com up and running as an

array of live mirror sites and our new B2C consumer magazine CyberSecurityMagazine.com. Millions of

monthly readers and new platforms coming…starting with https://www.cyberdefenseprofessionals.com this

month…











THE Q1/Q2 GAME CHANGER…

CYBERDEFENSECONFERENCES.COM

COMING SOON…



MOVED TO JUNE 6-9, 2022…



Cyber Defense eMagazine January Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?