02.02.2022 Views

Cyber Defense eMagazine February Edition for 2022

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in D.C., London, N.Y. and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors). Please check them out and see how much more CDMG has to offer! Very respectfully and with much appreciation, Gary Miliefsky, Publisher

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in D.C., London, N.Y. and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors).
Please check them out and see how much more CDMG has to offer!

Very respectfully and with much appreciation,
Gary Miliefsky, Publisher

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

How Criminals Have Migrated Through

Identity Theft and Privacy into Cyber Attacks

The Top 5 Cloud Security Predictions for 2022

Mitigating Risk from Insider Threats in 2022

Responding To the Ransomware Pandemic

…and much more…

Cyber Defense eMagazineFebruary 2022 Edition 1

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


CONTENTS

Welcome to CDM’s February 2022 Issue -------------------------------------------------------------------------------- 6

How Criminals Have Migrated Through Identity Theft and Privacy into Cyber Attacks ------------------- 17

By P. William Zivanchev, Executive Director, Institute of Consumer Financial Education

The Top 5 Cloud Security Predictions for 2022 ----------------------------------------------------------------------- 24

By Amit Shaked, CEO, Laminar

Cybercriminals Hunt For Medical Data. Zero Trust As The Only Good Option To Keep The Healthcare

System Secure ---------------------------------------------------------------------------------------------------------------- 28

By Tomasz Kowalski, CEO, Secfense

How Do I Reliably Identify You If I Cannot See You? --------------------------------------------------------------- 31

By John Callahan, CTO, VeridiumID

How To Improve Federal Endpoint Detection and Response Tactics and Gain Network Visibility ----- 35

By Matt Marsden, Vice President, Technical Account Management, Federal, Tanium

Decision Trees in Case of a Ransomware Attack -------------------------------------------------------------------- 39

By Zsolt Baranya, Information Security Auditor, Black Cell Ltd.

Mitigating Risk from Insider Threats in 2022 ------------------------------------------------------------------------ 42

By Isaac Kohen, Teramind

Web Application Penetration Testing Checklist with OWASP Top 10 ------------------------------------------ 46

By Ankit Pahuja, Marketing Lead & Evangelist at Astra Security

5 Ways to Protect Your Workplace from Cybersecurity Threats ------------------------------------------------ 52

By Nicole Allen, Marketing Executive, Salt Communications

Today's Digital Battlefield Demands Resilience Beyond Infrastructure --------------------------------------- 57

By Mohammed Al Mohtadi, Cyber Information Security Officer, Injazat

Why Ransomware is Only a Symptom of a Larger Problem ------------------------------------------------------ 61

By Jeff Palatt, Vice President, Technical Advisory Services at MOXFIVE

Responding To the Ransomware Pandemic -------------------------------------------------------------------------- 64

By Tom McVey, Solution Architect, Menlo Security

Killware is the Next Big Cybersecurity Threat ------------------------------------------------------------------------ 67

By Brian Erickson, Vice President or Strategy and Solutions and retired U.S. Navy Captain, Vidoori

Cyber Defense eMagazineFebruary 2022 Edition 2

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Combining True MDR & SOC for Robust Cybersecurity ------------------------------------------------------------ 71

By Jon Murchison, Founder and CEO, Blackpoint Cyber

The Cybersecurity Trends You Need to Know About In 2022 ----------------------------------------------------- 76

By Jamie Wilson, MD & Founder, Cryptoloc Technology Group

Detect Ransomware Data Exfiltration Immediately --------------------------------------------------------------- 81

By Randy Reiter CEO of Don’t Be Breached

Understanding Identity Detection and Response ------------------------------------------------------------------- 84

By Dr. Edward G. Amoroso Chief Executive Officer, TAG Cyber LLC

Cyber Insurance: What Executives Need to Know Before Obtaining Coverage ----------------------------- 89

By Amanda Surovec, Director of Security Engagement and Claims, Resilience Cyber Insurance Solutions, and

Shawn Melito, Chief Revenue Officer, BreachQuest

Data Security Must Be a Priority as Employees Quit in Record Numbers ------------------------------------- 93

By Tim Sadler, Co-founder and CEO, Tessian

Why Building Managers Need to Prioritize Cybersecurity -------------------------------------------------------- 97

By Shaun Cooley, Founder and CEO of Mapped

Cyber Defense eMagazineFebruary 2022 Edition 3

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


@MILIEFSKY

From the

Publisher…

Dear Friends,

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and

success at Cyber Defense Magazine!

When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012,

we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise

Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and

governments around the globe with our offices in D.C., London, N.Y. and other locations in play, as we

continue to scale, thanks to you – our readers, listeners, viewers and media partners.

Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has

grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense

Conferences; Cyber Defense Professionals (job postings); Cyber Defense TV, Radio, and Webinars; and

Cyber Defense Ventures (partnering with investors).

Please check them out and see how much more CDMG has to offer!

The full list, with links, can be accessed at:

https://www.cyberdefensemagazine.com/cyber-defense-media-group-10-year-anniversary-dailycelebration-in-2022/

Warmest regards,

Platinum Media Partner of RSA Conference on June 06 – 09 , 2022 – See You There!

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about

CDM, please use #CDM and @CyberDefenseMag and

@Miliefsky – it helps spread the word about our free resources

even more quickly

Cyber Defense eMagazineFebruary 2022 Edition 4

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.

InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

Congratulations to our Outgoing

International Editor-in-Chief

For nearly all of the 10-year history of Cyber Defense Magazine, we

have been very blessed and incredibly fortunate to count on the

active participation and support of Pierluigi Paganini, in his capacity

as our International Editor-in-Chief. While it is our loss, we

celebrate Pierluigi’s career move, though he will no longer be

available to serve Cyber Defense Magazine and our readers in that

capacity.

At the same time, we are pleased to assure our readers that we will

continue to seek and publish relevant articles on cybersecurity

developments in the international arena, as we continue to expand

into new markets, globally.

Pierluigi is a globally recognized cybersecurity leader and with

bittersweet goodbye, working with him has always been

amazing. He’s always on top of the latest cybersecurity news,

trends and activities.

On behalf of the entire team at Cyber Defense Media Group, please

keep in touch and know that we will always consider CDMG your

home,

Yan Ross, Editor-in-Chief

Gary S. Miliefsky, Publisher

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER

Pierluigi Paganini, CEH

Pierluigi.paganini@cyberdefensemagazine.com

US EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

http://www.cyberdefensemagazine.com

Copyright © 2022, Cyber Defense Magazine, a division of

CYBER DEFENSE MEDIA GROUP

1717 Pennsylvania Avenue NW, Suite 1025

Washington, D.C. 20006 USA

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

10 YEARS OF EXCELLENCE!

Providing free information, best practices, tips, and techniques

on cybersecurity since 2012, Cyber Defense magazine is your

go-to-source for Information Security. We’re a proud division

of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

PROFESSIONALS VENTURES WEBINARS

CYBERDEFENSECONFERENCES

Cyber Defense eMagazineFebruary 2022 Edition 5

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Welcome to CDM’s February 2022 Issue

From the Editor-in-Chief

As the Cyber Defense Magazine team members take a look back at the first 10 years of the publication,

we also look forward to developments expected in the future.

This month we are pleased to feature an article from the Institute of Consumer Financial Education (ICFE)

which provides a longer-term perspective, including the transition from identity theft as a distinct

phenomenon to an integrated set of threats and responses involving many aspects of privacy and

cybersecurity.

We note the importance we place on perspectives and high-altitude ways to analyze and understand the

interaction among technical professionals and organizations from very different parts of our society and

economy.

As a brief glance through the Table of Contents of this month’s issue will demonstrate, this is another

way Cyber Defense Magazine keeps our readers current on emerging trends and solutions in the world

of cybersecurity. That continues to be our guiding star in proceeding on this journey with our readers.

Wishing you all success in your cybersecurity endeavors,

Yan Ross

US Editor-in-Chief

Cyber Defense Magazine

About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber

Defense Magazine. He is an accredited author and educator and has

provided editorial services for award-winning best-selling books on a variety

of topics. He also serves as ICFE's Director of Special Projects, and the author

of the Certified Identity Theft Risk Management Specialist ® XV CITRMS®

course. As an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft,

privacy, and cyber security for consumers and organizations holding sensitive personal information. You can reach

him by e-mail at yan.ross@cyberdefensemediagroup.com

Cyber Defense eMagazineFebruary 2022 Edition 6

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 7

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 8

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 9

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 10

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 11

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 12

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 13

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 14

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 15

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 16

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


How Criminals Have Migrated Through Identity Theft and

Privacy into Cyber Attacks

By P. William Zivanchev, Executive Director, Institute of Consumer Financial Education

Introduction

At first glance, readers may wonder why an article on identity theft appears in Cyber Defense Magazine,

and why it comes from the Institute of Consumer Financial Education (ICFE). To understand today’s

cyber criminal trends, it’s necessary to delve into the history of the phenomenon.

For nearly 20 years, the ICFE has provided the premier identity theft risk management course for

professionals working with consumers and businesses. ICFE is the certifying and publishing authority

for the nationally recognized Certified Identity Theft Risk Management - CITRMS® course, a credential

which has been earned by thousands of professional advisers and case workers.

During that period, we have seen many changes in the threat landscape, but also many continuing trends

in the ways in which cyber criminals operate and the ways in which defenders, both public and private,

have responded.

Cyber Defense eMagazineFebruary 2022 Edition 17

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Three Types of Cyber Criminals

Functionally, there continue to be three principal types of cyber criminals – and they are consistent with

the three types of identity thieves:

• Money-motivated criminals, who commit identity theft, privacy infractions, and cyber crimes for

the financial payoff

• State-sponsored and terrorist attackers, who desire to perpetrate disruptive effects on critical

infrastructure systems and other vulnerable databases

• Thrill-seekers, who find satisfaction in being able to interfere with the smooth operations and

lives of individuals and organizations holding protected information, such as personally

identifiable information (PII).

High Tech versus High Touch

Over the years, the main changes have been in the tools and methods the cyber criminals utilize to

perpetrate their exploits. Mirroring these developments, the responses have tended to concentrate on

exploit-by-exploit methods, rather than more generalized criminal actions.

One interesting constant has been the phenomenon of social engineering, otherwise known as

manipulation of the target in order to gain access to sensitive information to which the criminal is not

authorized – and then to use that information to perpetrate identity fraud (unlawful use of the personal

information accessed by identity theft).

Phone Scams to Email and Text Scams

For about the same time period as the ICFE has been engaged in the CITRMS® program, the Federal

Trade Commission has been responsible for the administration of the “Do Not Call” list. It’s no

coincidence that one of the principal means used by identity thieves is the spam call, in which the

perpetrator pretends to be a family member or trusted organization seeking to extract sensitive

information from the target individual or company.

Many of the reported cases of identity theft begin with the call to the phone number of the target, using

manipulative scripts to produce urgency and the desire to help in a critical situation – but resulting in the

undue sharing of sensitive information.

As the internet has augmented, or even replaced, conventional phone conversations, social engineering

has leaped from spam calls to spam emails. These provocations typically involve some unrealistic offer

or urgent message seemingly from a known party (but actually from the cyber criminal).

And, of course, the proliferation of social media platforms and usage expands these types of provocative

communication into text messaging (often referred to as “smishing” in the vernacular).

Cyber Defense eMagazineFebruary 2022 Edition 18

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Quite often the perpetrator claims to be calling or emailing from a government agency with urgent need

to get information to maintain the target’s benefits or tax status; of course, Social Security and the Internal

Revenue Service are the agencies most often cloned by the criminals.

Also common is the hyperlink which appears to come from a legitimate source, often a company where

the target already has an account, but directed to a bogus website where the target’s username and

password are collected by the criminals; this information is then used to hijack the target’s real accounts.

Privacy

As identity theft threats have developed, an important aspect of the legal and regulatory response has

arisen out of privacy concerns and consumer rights. This response started with the adoption of privacy

laws by States and has become a focal point for federal action.

In addition to setting standards and requirements for holders of protected sensitive information, broader

provisions have been created, such as disclosure and notification standards and even private rights of

action. Under private rights of action, affected parties whose sensitive information has been

compromised due to failure on the part of the holders, can sue for damages directly rather than waiting

for government fines or punitive actions.

It’s easy to see how any failures in cybersecurity practices resulting in data breaches involving protect

personal information can trigger the provisions and penalties of privacy laws and regulations.

As a result, privacy initiatives have become a major driver with immediate effect on cyber practices. It’s

worth noting that even compliance with privacy laws may not provide a complete shield against liability

in the event of a breach.

In the view of the ICFE, in identity theft risk management, substantial coverage of privacy issues is a

necessity, especially as they affect vulnerable demographics, such as seniors, children, and veterans.

ICFE is pleased to report that this emphasis on privacy issues has resulted in the acceptance for CE

credit by the leading organization in the field, the International Association of Privacy Professionals.

Enter Cyber Attacks and Cybersecurity

By the time of the most recent update to the CITRMS® XV course, cybersecurity had developed to the

point that the ICFE included a whole section on the topic. We were fortunate enough to count on Gary

Miliefsky, Publisher of Cyber Defense Magazine, to provide that content for the course.

At this juncture, ICFE is undertaking to launch an update and expansion of the CITRMS® course.

This will include an enhanced section on Cybersecurity, developments in the attack vectors, public and

private responses, and the implications for consumers, businesses, and organizations with the

responsibility of maintaining the confidentiality, integrity, and accessibility of sensitive information.

Cyber Defense eMagazineFebruary 2022 Edition 19

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Defensive Measures

In response to the continuation of new means used by criminals to gain access to protected

information, both high-tech and granular methods of foiling such attacks have tended to focus on both

resilience and sustainability.

Of course, it’s important to prevent a cyber exploit in the first place. But it’s equally important to

be able to recover in both the short term (resilience) and in the long term (sustainability).

Organizationally, this generally translates to maintaining systems with such actions as software

updates, education and training for all employees with access to the systems, and procedures to be

followed diligently. A good example is the set of “Red Flag Rules” from the Federal Trade Commission

to Identify, Detect, Protect and Mitigate, and Update (for the future).

See:

https://www.ftc.gov/tips-advice/business-center/guidance/fighting-identity-theft-red-flags-rule-howguide-business

Also on the organizational level, but a with more granular focus, a fundamental requirement is initial and

ongoing programs to train personnel to avoid falling into traps such as “clicking” on attachments from

unknown or untrusted sources.

Insider threats

Personnel training addresses one aspect of insider threats, but there are several others which have

resulted in the creation of an entire discipline of recognizing, identifying and responding to insider threats.

They are divided into several categories, based on the individuals and their access to sensitive

information.

• Knowing v. Unwitting Vulnerabilities

The insider threat is typically an employee or other individual (such as a volunteer in non-profit

organizations) with access to records and files with personal sensitive information. A breach, or

access by unauthorized parties, often occurs due to action or inaction by such an individual. The

unwitting breach occurs when the person with access is manipulated into sharing a password,

allowing physical viewing of sensitive information, or otherwise permits the breach. The “knowing”

individual is aware of the unauthorized access and may be under threat or financial incentive to allow

it to happen.

• Bribery/Blackmail/Disgruntled Employee

In the case of the “knowing” insider allowing a breach, there may be any of several reasons. Most

commonly, the knowing party has been bribed, or threatened with some adverse action, of may be a

disgruntled current or prior employee, depending on the circumstances.

Cyber Defense eMagazineFebruary 2022 Edition 20

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


• Identity Access Management (IAM)

Whether the vulnerability occurs under any of the above circumstances, an active Identity Access

Management program is a necessity. With an IAM in place, authorization for access can be restricted,

which in turn makes it more difficult for the criminal to gain access to sensitive information.

Changes in levels of access should be imposed when a new employee comes on board, changes

positions or responsibilities, leaves the organization, and in any case, on a periodic basis (just like

periodically requiring updating passwords).

Ransomware & Malware

Ransomware and other malware are on the rise nearly everywhere accessible throughout the internet.

The trend is away from simple data breaches and toward ransomware attacks. Malware in general is

software which invades the systems of the target organization and either prevents them from operating

as they are intended or gives access and control to the criminals. Ransomware is a more specialized

attack where the cybercriminal demands payment for the data it has accessed and holds hostage to

encryption or public disclosure.

On a financial return basis, this makes sense. Under earlier data breach exploits, the criminals simply

gained access to the personal information in the data bank of the target organization, then sold that

information (usually on the Dark Web) based on the value of the data (financial, medical, etc.).

Typically, the sale would take the form of an auction, in which various (known and unknown) parties

would bid and make the purchase. That process is fraught with vulnerabilities, such as the means of

payment and the trustworthiness of both parties to the transaction.

In a ransomware attack, there’s just one motivated “buyer” for the safe return of the data held hostage

by the criminal. The stakes are high, due to the way the ransomware operates.

The cyber attacker gets 2 bites at the apple: deny access to the target organization; and threaten to make

public the ransomed data. Either or both of these threats compromises the ability of target to continue

as a going concern.

How does this work in practice? Once the ransomware attack is in place, the attacker has full access to

the underlying data and files. The next step is to notify the target organization that it no longer has access

to its own information. Usually, the notification discloses that the data has been encrypted, and only by

paying the ransom can the target get access again.

Now there is an important trust issue: can the criminal be trusted to provide the decryption key or other

means of returning access to the rightful owner? There is no reliable information or statistic on this

question, due to the secrecy involved in the ransom process, as might be expected. Even payment of

the demanded ransom cannot assure the safe return of the hijacked data.

If it turns out that the target organization has viable back-up files of the breached data, the attacker can

fall back to the secondary position of demanding payment to refrain from making all the sensitive

Cyber Defense eMagazineFebruary 2022 Edition 21

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


information public. If course, such disclosure would undermine the trusted relationship between the

target organization and its customers and clients. That’s why it continues as a threat to the survival of

the breached organization.

How difficult is it for criminals to get ransomware? Unfortunately, fairly easy. The software itself can be

purchased outright or even used through “Ransomware as a Service” facilities available on the internet.

As a result, the ease of use and financial advantages of ransomware have become widespread among

cyber criminals, and there is no indication of any diminution of this trend.

Cyber Insurance

The classic description of “risk management” is making an informed decision on which risks to retain and

which ones to lay off on someone else (usually in the form of buying insurance to cover specified risks).

As might be expected, the perceived need for insurance against adverse cyber events has been met by

a broad array of offerings by major insurance carriers. Some are added on to integrated packages for

errors & omissions, director & officer, and business continuity coverage. Some are stand-alone

specialized policies.

There appears to be no standardized underwriting process among the dozens of insurance carriers

offering some form of cyber insurance. As a result, it is difficult for potential insured parties to make

“apples to apples” comparisons of coverage limits, exclusions, deductibles, premiums, and other terms.

Further, as the carriers gain more experience with claims and payments, it appears that the market will

continue to be in flux for the foreseeable future. One thing is certain: the carriers must conduct their

business in a profitable manner. So ultimately, the rewards (in the form of premiums) must outweigh the

risks (in the form of claims payments).

When the Risk becomes a Reality

We come full circle in this discussion, as the educational mission of ICFE is brought to bear on these

challenges.

With the pending update of the ICFE’s Certified Identity Theft Risk Management - CITRMS® course,

integration of all of these trends will include adding the expanded Restoration/Remediation section.

The entire realm of Identity Theft Risk Management and its implications for Privacy and Cybersecurity

developments continues to be a challenging, but very worthwhile, arena for the ICFE to make its

contribution to organizations, professionals, and consumers at large.

Cyber Defense eMagazineFebruary 2022 Edition 22

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About The Author

Active with the ICFE since 1987, Mr. Zivanchev worked

alongside of Paul Richard, the then president of the ICFE as

the graphic and publication designer for the ICFE. In 2000,

Mr. Zivanchev was appointed the office of Vice President

and Secretary to the ICFE Board of Directors and titled the

Director of Information Technology. The ICFE hit the

internet with its online presence in 2000, with its offerings to

consumers and organizations in ICFE Certification Courses,

Identity Theft Risk Management and Credit Report

Reviewing taking the lead.

Mr. Zivanchev, stepped in as the Executive Director for the

ICFE with the passing of Mr. Richard, 2020. It is Mr.

Zivanchev’s goal to take the ICFE to the next step in its

evolution in the digital age.

ICFE company website https://icfe.org/

Cyber Defense eMagazineFebruary 2022 Edition 23

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


The Top 5 Cloud Security Predictions for 2022

New threats, new apps, new players – but data plays the biggest role in shaping the future.

By Amit Shaked, CEO, Laminar

2021 Attacks Set New Records

Looking back, 2021 had its fair share of cybersecurity incidents. Take for example the Colonial Pipeline

breach, where the U.S. fuel supply was at risk of coming to a grinding halt. A ransom of $2.3 million in

Bitcoin was paid to avoid catastrophe and continue business operations.

You can likely expect a continued rise in attacks and new methods of targeting in 2022. However, the

one element to the advancement of security measures making a huge difference next year is data —

cloud data.

According to Techjury, on average, every human created at least 1.7 MB of data per second in 2020. Per

second, think about that. Data is the critical element in every environment and having a plan to safeguard

yours is paramount. The democratization of data means putting it in the hands of more users and data

scientists who can quickly create customer value. What better place to do this than the cloud? However

as developers now have extreme flexibility and power to do what they want in the cloud, data protection

teams have fallen behind.

Cyber Defense eMagazineFebruary 2022 Edition 24

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Given the rise in cyber-attacks, the ubiquity of cloud computing, and the ever-increasing production of

data, here are our top five cloud security predictions for 2022.

The Top 5 Cloud Security Predictions

1- Increased Investment will Lead to Better Cloud Security

Each and every year we see increased investments in cloud security.

According to Gartner, cloud security is the fastest growing security segment, projected to increase 41.2%

between 2020 and 2021, reaching nearly $1 billion.

What does all of this mean? Better cloud security.

Data protection is the highest priority for many organizations, especially since much of the data lives in

the cloud. Consumers and businesses expect protection, and they will weigh in with their dollars. It’s

essential for organizations to continue to invest in data protection in order to reach a better outcome.

2 - Cloud Data Protection Will Make Strides to Keep up With Data Democratization

Every organization, no matter how big or small, is changing the way they operate through digital

technology. The majority of these changes involve moving processes and data to the cloud and making

data accessible to everyone in the organization. This is data democratization.

2022 will see cloud data protection begin to keep pace with data democratization.

Data is the new currency. It’s the critical factor in making informed business decisions and delivering

personalized experiences that consumers are not only anticipating but expecting.

Protecting and monitoring your data is crucial to survival, but in order to have proper defenses,

organizations must have a baseline understanding of their data.

IT leaders should know the answers to five very important questions:

1. Where is my data?

2. Who has access?

3. What’s the security posture?

4. Who owns the data?

5. Where is my data going?

Cyber Defense eMagazineFebruary 2022 Edition 25

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


One sensitive breach can bring a company to its knees. So as more investments are made in the digital

transformation, more investments are needed in data protection.

3- Cloud-Native Security Tools Will Become Mainstream

As more data is moved to the cloud, more workloads, processes and solutions are being natively built

and run there.

Cloud-native applications are run and hosted in the cloud, and are designed to capitalize on the inherent

characteristics of a cloud computing software delivery model.

Security solutions built for the cloud, in the cloud, aren’t totally mainstream yet, but are growing much

faster than their legacy counterparts. In 2022, we’ll see many more of them arise and mature.

4 - Security Teams Will Move from Gatekeepers to Enablers

It’s the responsibility of the security team to ensure every process follows strict security protocols, so

historically, they are viewed as a barrier to progress. 2022 is going to see a change in that pattern, as

security teams move from being the gatekeepers to the enablers.

Why is this? Because more applications are being built in the cloud, as opposed to on-premises.

Cloud application developers don’t have as many restrictions, and don't have to wait on multiple

stakeholders to move to the next phase. At the same time, security teams are deploying cloud-native

solutions that continuously monitor and enforce policies, enabling a “trust but verify” stance. This way,

developers are not hindered and security teams can move at the speed of the cloud.

So to continue digital transformation yet stay secure, the once-restricting gatekeepers will harness the

power of cloud development and become the enablers.

5 - Best of Breed Tools Will Continue to Emerge, not Consolidate…Yet

According to The Cyber Research Databank, there are more than 3,500 cybersecurity vendors in the

market.

If you’re a security leader, you’re probably bombarded with offers for the next best solution. You may

wish there was one tool that served as a one-stop-shop for all of the features and capabilities you need,

but we're not quite there yet.

Consolidation is happening, but we think vendor proliferation will continue in 2022.

Cyber Defense eMagazineFebruary 2022 Edition 26

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Why is that?

Let’s take COVID-19 as an example. Think of the virus as a new breach. When that breach hit, people

scrambled to build the defenses to battle it. You developed a vaccine and are feeling good, but then the

Delta variant pops up, and you scramble again. Hoping to quell that variant, suddenly Omicron arises.

On it goes. How many variants will appear before we feel we’ve addressed every threat? There is no way

to tell, so you keep building defenses to stay safe.

The security world is similar. Each year we see new threats arise and we build the tools to combat them.

Before these breaches slow down, there will continue to be a proliferation of new tools in the market.

The Year that Data Matters More

Data truly is the key element for business survival and, as a result, it’s also the element you need to

protect the most. It is the new business currency and something everyone benefits from when harnessed

securely.

In this cloud-first world, where digital transformation is happening fast and complexity is high, traditional

methods are falling away. The ability to discover, classify, and categorize all the data within your public

cloud environment is a necessity to stay safe and nimble.

About the Author

Amit Shaked, CEO, Laminar. He is also the Founder of

Laminar which started in 2020.

Cyber Defense eMagazineFebruary 2022 Edition 27

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cybercriminals Hunt For Medical Data. Zero Trust As The

Only Good Option To Keep The Healthcare System Secure

By Tomasz Kowalski, CEO, Secfense

According to a Trustwave report, medical data may cost up to $250 per record on the black market, while

stolen payment card data is sold for $5.40. That is why the healthcare institutions are becoming the main

vector of cybercriminals attacks. How to defend against them? The right approach is to protect the space

where usually attacks come the most often so the accounts of all employees of clinics or hospitals.

Zero trust security is a cybersecurity concept that implies a total lack of trust in users, systems, or services

within the network. What does this mean and how does it relate to the safety of the healthcare industry?

Zero trust relies on 100% certainty that the right person is on the other side of the computer, and not a

thief who wants to take over your sensitive data.

Medical data worth its weight in gold!

Medical data is extremely attractive to cybercriminals. Mainly because intruders know very well how to

cash them. Theft of medical data can threaten the reputation of individuals or institutions and cause

enormous damage. That is why all healthcare facilities must remodel their approach to IT security as

Cyber Defense eMagazineFebruary 2022 Edition 28

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


soon as possible and base it on strict user authorization, restriction of permissions and limiting access to

medical resources in accordance with the principle: never trust, always verify.

One of the latest media attacks against a medical institution was an attempt by intruders to get into the

computers of AstraZeneca employees (including those who worked on the Covid-19 vaccine).

North Korean cybercriminals used phishing and social engineering claiming to be recruiters. According

to the Wall Street Journal the attackers also tried to steal vaccine information from Johnson & Johnson

and Novovax, as well as from three South Korean drug makers.

2-Step Verification

The credential theft - employees' passwords and logins - is one of the most common causes of attacks

on medical institutions today.

Cybercriminals usually send an e-mail designed to trick the person into thinking that the message comes

from a legitimate source and then obtain credentials. Bad actors also often use WhatsApp or LinkedIn

messengers, as happened in the case of the attack on AstraZeneca.

Why is this happening? The healthcare industry is one of the worst when it comes to data security

knowledge. Data from the Wombat Security’s learning management system shows that 23% of best

practice questions are answered wrong on average by medical personnel. Fraudsters know that very

well. The difficult period associated with the pandemic only makes it easier for them to get access to

extremely valuable information, for which, for example, they can receive a large ransom (ransomware

attacks).

User access security broker is an approach to cybersecurity consistent with the zero trust security

approach. It triggers MFA during a login session on any hospital or clinic web application - regardless of

whether the person logging in is currently at the facility or works remotely. Before the employee enters

the application or system, he must enter, for example, a one-time code or verify his identity through face

biometrics or a fingerprint.

What’s important is that the integration of MFA takes place without changing the protected application’s

code. This basically means that the security broker can add multi-factor authentication on the accounts

of all employees in any number of applications without any subsequent support for IT specialists, who

are constantly lacking in the medical sector. It also allows for convenient scaling - simple and quick adding

of users and protected resources, regardless of their number and complexity. Moreover, organizations

do not have to share any of their information with third parties - strong authentication can be easily applied

to the current infrastructure without long and tedious programming. This is important in the case of

dynamically developing private hospitals and medical clinics.

Cybercriminals use the pandemic very efficiently and target the weak points of the healthcare system.

Therefore, medical facilities must ultimately do a very difficult task and protect not only selected, but in

reality all applications used by their employees on a daily basis. This could mean using advanced

Cyber Defense eMagazineFebruary 2022 Edition 29

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


analytics to track identities on their network, multi-factor authentication, and enforcing "least privilege

policies" for specific accounts.

One thing to remember - flexibility, scalability and speed of response in the case of precise and

increasingly sophisticated attacks will be a key factor influencing the final result. Well-thought-out choices

in this context really pay off. The costs of healthcare attacks are growing exponentially as prolonged

system downtime not only hampers but often paralyzes medical care for patients.

About the Author

Tomasz Kowalski is a CEO and co-founder of Secfense. He has

nearly 20 years of experience in the sale of IT technology. He was

involved in hundreds of hardware and software implementations in

large and medium-sized companies from the finance

telecommunication, industry and military sectors. Tomasz can be

reached online at (tomek@secfense.com, Tomasz Kowalski |

LinkedIn) and at our company website https://secfense.com/

Cyber Defense eMagazineFebruary 2022 Edition 30

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


How Do I Reliably Identify You If I Cannot See You?

eKnow Your Customer Requirements Driving Change

By John Callahan, CTO, VeridiumID

KYC – Know Your Customer is a process used around the globe for many years to validate the identity

of a customer. Many of you will have already experienced KYC, if you have ever opened a bank account,

bought a property or even obtained a SIM card for your mobile phone. You will have been asked by the

bank/solicitor/mobile operator for proof of identity.

Organisations have typically required you to present passport/driving license or ID card, perhaps with a

recent utility bill for proof of address before providing you services.

Why do they do this?

It may seem fairly obvious for certain use cases, particularly for banking or where financial transactions

occur. Fraud is a significant challenge in Financial Services, fraud always increases during economic

Cyber Defense eMagazineFebruary 2022 Edition 31

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


downturns and it would appear during global pandemics according to a recent study by the World Bank.

Fraud presents itself in many different formats, from false account setup, unauthorised account access

and money laundering. While the criminal fraternity, may look to line their own pockets, there is a more

extreme side, which funds drugs cartels or finances terror organisations.

After the financial crisis of 2008, financial organisations became heavily regulated and KYC was

introduced as a regulatory requirement after a series of major fraud, money laundering and tax evasion

cases. However, even in the last decade global financial services have been exposed by a number of

money laundering scandals which have resulted in over $36 billion in fines.

Heavy regulation ultimately creates more friction, especially for the consumer. 1 in 5 banks onboarding

times have doubled, from 4 to 8 weeks and expect this time to increase even further. This challenge has

been typically addressed head on by throwing money and head count at the very manual and legacy

process for KYC. However, COVID has forced a new way of thinking.

eKYC/mKYC – (Electronic/Mobile) requirements have driven transformational change in organisations,

who can no longer expect customers to visit branch offices and present themselves in person for manual

KYC. Additionally, using computer vision and artificial intelligence has removed the subjective human

error prone process of matching a person to a photograph, providing higher levels of assurance, that an

individual is who they claim to be.

But what options are available for eKYC? Actually, there are a number of options available to

organisations to securely and remotely perform Identity Verification. Let’s explore a couple of them.

Firstly, it is now possible to take the tried and tested identity document, such as passport, driving license

or identity card and remotely scan that document into a mobile application, this can be done by simply

capturing the document with the mobile camera or for a more reliable and performant solution, leveraging

the document RFID chip to extract information via NFC to the smartphone. While not everybody has the

latest phones capable of using NFC and not every government documentation that has a RFID chip to

extract information from, it’s encouraging to know there is always a fall-back option of simply taking a

picture of the document.

We then simply use the same application to take a selfie and the application attempts to match the selfie

with the face image extracted from the documentation. In the background there is a validation check of

the document itself, is it a genuine document, has it been reported lost or stolen? All of these factors

combined, allow organisations to deliver a remote and secure on-boarding capability, which also provides

a frictionless user experience for customers. It accelerates the KYC process and reduces costs at the

same time.

All good? Well not quite, unfortunately Government documentation availability is not a certainty,

additionally face matching from a 10-year-old photograph which has been captured using the mobile

phone camera (as opposed to NFC) comes with its challenges in terms of performance and reliability.

Additionally, cultural and religious requirements can present additional problems when the app asks to

perform a selfie for face verification, add in poor lighting conditions and a requirement for “liveness”

Cyber Defense eMagazineFebruary 2022 Edition 32

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


validation, what can be a very reliable and performant solution takes a performance hit and can lead to

a frustrating user experience.

Since biometrics are clearly the preferred method for eKYC and where face recognition may present

challenges and/or there is no documentation available with which to match the face against, there needs

to be flexibility of biometric modalities to provide not only choice to the customer, but performance and

security improvements to the organisation.

Fingerprint recognition is the other obvious biometric modality that could be used for Identity verification.

Fingerprints as well as face images are stored on many forms of government documentation around the

globe, however this doesn’t help where that documentation is not readily available. There is an alternative

to Government documentation though and that is National Identity Databases.

National Identity databases are scattered around the globe but are prominent in Latin America, Middle

East / Africa as well as ASIA. These databases provide a trust anchor for the government who

ask/mandate citizens to enrol themselves into the database in order to leverage Identity verification.

Organisations who can reference these databases have a ready-made platform to query and using

biometrics to validate individual identity with a simple capture of fingerprint or face (where available). The

benefit here is, this is a centralised database, the risk of fraudulent documentation is eliminated, in

addition the biometric “image” is clean, no holograms over passport pictures to affect face matching

performance.

Since fingerprint has no cultural, racial or religious bias and fingerprints are largely unaffected by the

aging process, fingerprint recognition delivers a highly performant and secure biometric modality to verify

Identity. Fingerprint also eliminates the “twins” issue associated with facial recognition, since every

fingerprint in unique. The challenge now is how to capture the fingerprint remotely…..Any of us who have

experienced US border control or watched a Mission Impossible film, will of seen the requirement to place

your fingers/thumbs onto a hardware scanner of some description. Sadly, very few of us have these

devices available to us at home and before you jump to the assumption that your phone has a fingerprint

scanner built into it, sadly that particular sensor has no mechanism to capture a fingerprint image and

send it outside the phone for matching.

However, at Veridium we developed a mobile software solution that uses just a smartphone camera to

capture fingerprint images, by simply taking a picture of your hand. This fingerprint image can be used in

addition to, or as an alternative to face matching. It can be matched by National Identity Databases (and

Security Services Databases) as well as matching against documentation where fingerprint images are

stored on RFID chips. Since every smartphone has a camera and a torch, performance is assured in

pitch black or bright blue sky conditions, coupled with in built liveness detection to deter against simple

and complex presentation attacks.

Now organisations can securely and reliably deliver eKYC/mKYC for their clients, deliver flexibile

biometric modalities of face and fingerprint capture, leverage Government issued documentation or

National Identity database and provide flexibility to ensure they are not caught out with racial, religious

or cultural bias. Organisations can now reliably identify you without seeing you in person. Provide a

frictionless onboarding experience to customers and help eliminate fraud, all at the fraction of the cost of

traditional KYC processes.

Cyber Defense eMagazineFebruary 2022 Edition 33

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Dr. John Callahan is responsible for the development of the

company’s world class enterprise-ready biometric solutions,

leading a global team of software developers, computer vision

scientists and sales engineers.

He has previously served as the Associate Director for

Information Dominance at the U.S. Navy’s Office of Naval

Research Global, London UK office, via an Intergovernmental

Personnel Act assignment from the Johns Hopkins University

Applied Physics Laboratory. John completed his PhD in

Computer Science at the University of Maryland, College Park.

John can be reached online at https://www.linkedin.com/in/john-callahan-430707/ and at

https://www.veridiumid.com/

Cyber Defense eMagazineFebruary 2022 Edition 34

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


How To Improve Federal Endpoint Detection and

Response Tactics and Gain Network Visibility

By Matt Marsden, Vice President, Technical Account Management, Federal, Tanium

Endpoint detection and response (EDR) was put on center-stage when the Office of Management and

Budget (OMB) released a memo requiring that agencies must collaborate during the development and

deployment of their EDR solutions.

The OMB memo intends to create government-wide visibility through a centrally located EDR initiative,

implemented by the Cybersecurity and Infrastructure Security Agency (CISA), to support host-level

visibility, attribution, and response across federal information systems.

Within 90 days of the memo’s release, agencies are required to provide CISA with access to their current

and future EDR tools, and CISA is to provide recommendations for accelerating EDR adoption. Within

120 days, agencies must analyze their EDR solutions with CISA and identify any gaps.

A recent report stated that since the shift to working-from-home, 79 percent of IT teams have seen an

increase in breaches at the endpoint. There is a dire need for useful EDR solutions within the federal

government, especially in the era of remote work, as they will improve “the ability to detect and respond

to increasingly sophisticated threat activity on Federal networks.”

Cyber Defense eMagazineFebruary 2022 Edition 35

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


What is EDR?

EDR is a capability that identifies and responds to cyber threats by combining real-time

continuous monitoring of data and endpoint collection with rules-based automated response and analysis

capabilities. EDR tools have gained a significant amount of popularity among IT security operations

teams due to their ease of use and the understanding that endpoints can provide the richest data about

intruders.

EDR enables:

‣ Automated, simple pattern detection of known bad-attack types, leading to triage and

investigation of those alerts

‣ Automated response in the sense that pre-determined actions can be configured from the

detection rules

‣ Centralization of endpoint log and telemetry data in the cloud for offline analysis

While useful, EDR technology only locates certain types of activity, or “known bad” activity. Most

EDR tools limit the activity they record to reduce bandwidth and storage. So, what happens when there

is an “unknown bad” in a network? This vulnerability gap creates plenty of blind spots for attackers to

enter, but it is possible to diminish those issues through other solutions.

Cyber Defense eMagazineFebruary 2022 Edition 36

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


What should agencies look for in a solution?

Skilled attackers are aware of the EDR capabilities and know how to get around them. If agencies pair a

threat hunting solution with their EDR technologies, they will have a deeper, more

comprehensive visibility over their endpoints.

When looking for the right threat hunting platform, it is crucial that agencies keep certain criteria in mind –

adaptability, scalability, and extensibility. It is also important to use a platform that is fully powered by

accurate data and can respond to threats in seconds. Here are some elements to look for when choosing

an EDR solution:

‣ Continuous monitoring of endpoints. Legacy security solutions tend to employ a collection of

incompatible point solutions tied together in a SIEM, resulting in a data set that is weeks old, and

doesn’t include unmanaged, offline, or off-network endpoints. Instead, it is important to have

a comprehensive platform to gather in-depth endpoint data, giving agencies the ability to collect

accurate, real-time data in minutes, not months

‣ Formatted, organized data. Many tools require you to export data from different sources,

normalize output, then attempt to combine it all into one report. It is important for agencies to

streamline this process through a solution that provides actionable data that is already in the

correct format for use

‣ Zero-trust architecture. Achieving a strong endpoint defense requires complete visibility into the

entire operating environment. Agencies should look for a platform with a zero-trust architecture

that continually monitors device health and checks whether it is patched, secure, compliant, and

managed

An endpoint security and management platform solution can dig deeper into the suspicious activity

detected by EDR to understand the threat and protect any additional machines that may have been

compromised. A single platform of this nature gathers in-depth endpoint data, giving agencies the ability

to collect accurate, real-time data in minutes.

The time to improve cyber is now, and everyone plays a part in this process. The federal government has

set the precedent with this memo, and agencies understand the importance of the guidance. Agencies

must implement a strong EDR solution and enhance their EDR capabilities to improve their security

posture and response capability.

Cyber Defense eMagazineFebruary 2022 Edition 37

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Matt Marsden is the Vice President, Technical Account Management,

Federal at Tanium. He is a career cyber professional with more than 24

years of experience working with the Federal government. Matt began his

federal service in the United States Navy supporting submarine operations

afloat and transitioned to Civil Service where he supported the DoD and

Intelligence Communities prior to joining Tanium. Matt can be reached online

at LinkedIn and at our company website

https://www.tanium.com/solutions/federal-government/

Cyber Defense eMagazineFebruary 2022 Edition 38

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Decision Trees in Case of a Ransomware Attack

Does Your Organization Have a Procedure to Handle a Ransomware? Is It Worth Paying the

Attackers?

By Zsolt Baranya, Information Security Auditor, Black Cell Ltd.

The number of ransomware attacks is growing from day to day, as mentioned many of the publications

and reports. The ransomware kill chain, describes the phases of a ransomware attack, and each phases

the security trams can implement some actions to mitigate the probability of occurrence. For example,

the first phase of the ransomware kill chain is the campaign, where the security team can reduce the

success of the campaign with awareness trainings. The second phase is the infection, where the security

team can handle the situation with restricted file downloading methods and so on.

But if the chain reaches the encryption phase, the preventive actions were not effective. In this case, only

a few organizations have a playbook specified to handle the consequences of ransomware attacks. A

decision tree had been created to help organizations where this type of playbook is missed.

Consider actions for ransomware attack event

Firstly, all the affected devices and systems that have been attacked have to be identified and must be

disconnected from the network as soon as the detection occurred. This is the most important action

before the incident handling starts!

Cyber Defense eMagazineFebruary 2022 Edition 39

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


1. Check that the encrypted data classified or not. In case of the classified data is mission critical,

the incident handlers must know the recovery point objective (RPO) of the data to identify how

much time the organization have from the business continuity perspective. (This may be related

in the future to how much time the attacker gives to contact or pay.)

2. The security event should be reported to the relevant CERT or CSIRT. The response teams

maybe have some information about the specific ransomware or the attacker that can help.

3. Make sure that your organization have security backups of the affected data. If there is, check the

backup restoration tests results, and if the restoration was successful there is no risk to the

restore. Before you restore the data, you should check the system status. System could have

backdoors in or other relevant risks. If the organization didn’t have such a test, or the test result

was unsuccessful, you can consider that the restoration as a risk factor.

4. If your organization doesn’t have a backup, you should check other alternatives to replace the

data has been encrypted (for example: whether it exists on paper or may be available from

another organization, etc.). If yes, consideration shall be given to recovering it within the time

limits referred to in point 1. set up encrypted files with an alternative solution. If so, this may be

the solution for incident management.

5. If steps described in point 3. and 4. did not lead to results, you can search on the internet and

open-source databases (for example: nomoreransom). There is a possibility you could find some

information related to the specific ransomware or system to find some recommendations to

restore your files. Sometimes these sites publish the secret key pairs (decryption key) to decrypt

the affected files.

6. If your efforts unsuccessful after the 5 points, and the data counts as mission critical, you should

consider paying the attackers.

Pay or not to pay decision process

1. The first thing to consider is whether it is worthwhile for the organization to get Bitcoin. If the last

chance to give back the data is the paying, not necessarily have to spend time purchasing Bitcoin.

2. If the affected data counts as mission critical, and the earlier actions were unsuccessful, it should

be to check if we have files that is both encrypted and original available. If so, you can turn to

expert organizations, but it is not guaranteed the success. If not, you can go to the next step.

3. There are some cyber security firms, who are expertise of cyberattacks handling. If the

organization has received the cyber security firms quote, and it’s more than the attacker’s

demand, the head of the organization should consider that whichever is better, paying to the

attackers or the experts. (In neither of these cases have 100% guarantee that the original of all

encrypted files will be decrypted and returned to organization.)

4. Attackers usually give a deadline for the payment of the dept. If the victim organization wants to

use the professional services of a cyber security firm, must consider the deadline and the

Cyber Defense eMagazineFebruary 2022 Edition 40

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


expertise’s recommended returning time. There is a chance that an expert team needs more than

24 or 72 hours (which commonly given by the attackers) for the restoration of the original files .

5. If the encrypted files count as critical and the management decided to pay the attackers, it should

be considered whether it is worthwhile to communicate to media about the ransomware attack, in

the hope that attackers obtain information about the incident coming to light. In this case, there is

a chance for the organization to get help for a fee. It would be extremely bad ‘marketing’ for the

attackers if the organization did not get the original.

6. Another opportunity to mandate a negotiator to reduce the amount of the attackers. Sometimes it

works, so the decision makers should consider this solution.

These are very important issues to be decided to handle a situation after a ransomware attack. In any

case, it is necessary to consider what damage a ransomware attack can cause. In comparison, incident

management needs to be built and implemented for a price that an attack could cost.

Pay for attackers is not recommended. In any case, this should be the last option to solve the incident.

The present study is not intended to encourage paying to attackers. The study merely attempts to draw

attention to the complexity of such an attack, and what all is worth considering before doing anything an

organization does after a security incident is detected.

About the Author

Zsolt Baranya is an Information Security Auditor and head of compliance

of the Black Cell Ltd. in Hungary. Formerly, he has filled information

security officer and data protection officer roles at a local governmental

organization. He worked as a senior desk officer at National Directorate

General for Disaster Management, Department for Critical Infrastructure

Coordination, where he was responsible for the Hungarian critical

infrastructure’s information security compliancy. Zsolt can be reached

online at zsolt.baranya@blackcell.io and at his company’s website

https://blackcell.io/

Cyber Defense eMagazineFebruary 2022 Edition 41

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Mitigating Risk from Insider Threats in 2022

By Isaac Kohen, Teramind

Back in August 2020, a story of an insider threat caught headlines when the employee turned down a

$1M bribe to put ransomware on Tesla’s servers at the Gigafactory outside of Reno.

That story was exceptional both for the amount of the payoff and for the fact that it really is the exception

to the rule.

The far more common case is that a malicious actor will find someone inside who can help them to carry

out their attacks, thus getting around whatever protections that the organization has put in place to defend

itself from external threats.

One area where we have seen this story repeat time and again is in the cellular service industry.

Mobile Mischief is Afoot

The mobile industry has found itself the target of malicious actors who have used insiders to worm their

way in and effectively steal from the service providers. In September, a man named Muhammad Fahd

Cyber Defense eMagazineFebruary 2022 Edition 42

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


was sentenced to 12 years for paying employees at AT&T a $1M to help him unlock phones and then

later implant malware on the company’s system that allowed him to do the dirty work himself.

While you can buy an unlocked phone, AT&T and other companies offer lower prices for customers to

sign on with their service as an incentive. They also have a revenue stream that is generated by unlocking

phones for customers.

According to reports, Fahd and his co-conspirators succeeded in unlocking some 1.9 million phones.

This fraud was shown to cost AT&T $201M out of their pocket. So good ROI for Fahd’s bribes and a bad

time for AT&T.

The court documents note how the malware used by Fahd could be used for stealing credentials, helping

him impersonate legitimate AT&T employees for use in his fraud. This allowed him to continue his

operations even after the company made changes that would have blocked his illicit activities.

From the looks of it, AT&T had done a pretty good job of protecting itself, limiting who was authorized to

unlock devices to specific users and only under certain conditions. However, despite the protections, the

criminals were able to exploit the human element and had the insiders knowingly compromise their

employer.

Defining the Insider Threat

Insider threats are where someone inside your organization is the one doing the harm.

The 2020 Verizon report indicates that insider threats are on the rise. Their statistics show that these

types of threats are nearing 40%, pushing up nearly 20% in just five years. To be clear, external threats

still outnumber the number of internal incidents by a wide margin. There is also an additional component

that insiders are oftentimes not malicious but simply careless. However, despite the intention, the results

are the same.

Insider threats are a double risk in that anything that an insider can access, an attacker who has

compromised a privileged user’s account can access too. In a world where user credentials are constantly

being compromised in data leaks, hacks, and other sorts of mischief, the chances are more than

reasonable that a legitimate user will have their credentials used by attackers. If they have a highly

privileged account or there are paths for escalation, then the organization may be in for a bad day ahead.

And it can always be worse as the details of the story unfold.

Why Insider Attacks Can Be More Damaging to Victim Organizations

All cases of a breach are bad news for an organization. The level of bad can vary depending on if they

were negligent or the victim of elite state actor hackers.

What nobody wants to hear is that your customer’s data was knowingly compromised by an employee.

Such incidents can kill user trust and be hard to bounce back from.

Cyber Defense eMagazineFebruary 2022 Edition 43

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Partners, investors, and of course customers, all want to know that they are working with trustworthy

folks. Winning over customers in the first place is hard enough, just ask your marketing and sales teams.

Especially in markets where the customers are asked to share access to their data and the core of their

products, they need to feel that your organization is trustworthy and their data protected. Having your

system breached by a hacker can be a hard knock to customer trust.

Regaining their trust after the damage came from the inside is an even bigger uphill battle, so this really

might be a case where an ounce of prevention can be worth a pound of cure.

3 Tips for Mitigating Insider Threat Risks

Risks from inside and out are always present, but there are steps that we can take to lower our potential

for threats and mitigate damage when they do occur.

1. Train Your Team to Identify Risky Situations

Whenever attackers approach a prospective insider to get them to expose their organization, they offer

serious rewards while downplaying the severity of what they are doing. In some cases, an insider may

know that they are doing something wrong but will not understand the repercussions of their actions. If

the person approaching them is a friend or family member, then they may be even more likely to go

through with it.

Talk to your employees to explain the risks that can emerge from them taking steps that can compromise

the organization. Give them tools to spot red flags before they may unwittingly take part in something

destructive.

Finally, clarify what your policy is and let them know that you have protections in place.

2. Use Solutions to Monitor User Actions

Having the right tools in place to identify when a user is performing actions that may fall outside of their

normal duties or another kind of anomaly, can help to stop them sooner.

User and Entity Behavior Analytics can help to detect these threats, understanding what the baseline of

normal behavior is and alerting when a user strays from their expected routine.

3. Use MFA Whenever Possible

As we have noted, credentials will be compromised. In those instances, multi-factor authentication can

play a serious role keeping the attackers out because having your credentials are no longer enough.

Many organizations use SMS as their MFA solution, but this is against best practices that call for using

an app to generate the one-time-codes. For extra points, get a Yubikey for your most privileged users,

adding that extra layer of security.

Cyber Defense eMagazineFebruary 2022 Edition 44

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Verify But Trust

Managing insider threats is a balancing act.

We hire our people because we believe that they will be good workers who will look out for the

organization’s best interests. Putting protections in place to help keep folks honest or catch an external

threat actor are common sense and can help avoid some uncomfortable situations.

But at the end of the day we have to trust that we have the right people working with us, and it is up to

us to make them feel that they are part of our team. Work with your team to have transparent

conversations about the protections that you have in place so that everyone will be on the same page. In

this case, honesty really is the best policy.

Balancing the right mix of surveillance with trust is important for the long term success of the organization,

if only because employees who feel that they are guilty until proven innocent simply will not stick around

for long.

About the Author

Isaac Kohen is VP of R&D at Teramind, a leading global provider of

employee monitoring, data loss prevention (“DLP”) and workplace

productivity solutions. Follow on Twitter: @teramindco and LinkedIn.

Cyber Defense eMagazineFebruary 2022 Edition 45

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Web Application Penetration Testing Checklist with

OWASP Top 10

We've gone ahead and compiled this article to shed some light on the top ten web application security

risks according to OWASP and how you can use this as a guiding light while penetration testing.

By Ankit Pahuja, Marketing Lead & Evangelist at Astra Security

Image Source: Appknox.com

Cyber Defense eMagazineFebruary 2022 Edition 46

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


We now live in a world where the internet has altered our daily lives for good. Working and interacting

with one another no longer requires the physical presence of both parties within the same room. The

number of people on the Internet is rapidly increasing, with around 3 billion individuals now having access.

This has led to an exponential growth of web applications in recent years. Web applications, though

convenient, also come with vulnerabilities. When it comes to web application security, organisations turn

to penetration testing in order to identify potential vulnerabilities and weaknesses in their applications.

We've gone ahead and compiled this article to shed some light on the top ten web application security

risks according to OWASP and how you can use this as a guiding light while penetration testing. Let's

get started.

What is penetration testing?

Penetration testing specifically in the web application domain is the process of testing for vulnerabilities

by simulating attacks on it. Penetration testers use a variety of methods to attempt to exploit vulnerabilities

in order to gain access to sensitive data or systems. The main goal of penetration testing is to identify

and report on any security weaknesses that may exist in an organization's web applications and have

them fixed as soon as possible.

Why do you need to perform penetration tests on web applications?

Image Source: foregenix.com

Web application pen testing is carried out for a number of reasons. The most important include:

● To ensure that online applications are safer and have little to no vulnerabilities

● To prevent unauthorized access

Cyber Defense eMagazineFebruary 2022 Edition 47

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


● To comply with external regulations, policies and standards

● To meet internal security requirements

● To verify the effectiveness of security controls

● To resolve issues uncovered during previous online penetration tests

● To remain competitive among other top businesses

What is the OWASP Top Ten?

Image Source: cybervaultsec.com

OWASP stands for Open Web Application Security Project. The OWASP Foundation is a global nonprofit

organization striving to improve the security of web applications and related technology. OWASP

publishes an annual list pertaining to the top ten web application vulnerabilities. The list was originally

published in 2007 and has been updated since then. It covers all areas from common coding to cyber

attacks. Although these are not the only threats out there, they are the most common ones that web

developers should address before releasing an app into production for use by customers, clients, and

employees.

OWASP Top 10 Web Application Security Risks for 2022

1. Broken Access Control - An adversary is able to obtain access to resources or data that they

should not have access to when normal security measures, such as permissions and access

controls have been poorly implemented.

Cyber Defense eMagazineFebruary 2022 Edition 48

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


2. Cryptographic Failures - Cryptographic failures are when a web application's underlying

cryptographic algorithms or protocols are compromised and can be exploited.

3. Injection and Cross-Site Scripting - Injection occurs when an attacker is able to inject

malicious code into input fields on a web page, such as in a search bar or comment box. Cross-

Site Scripting is when the attacker inserts malicious code into a web page while or before it is

viewed by other users.

4. Insecure Design - A web application that is designed in an insecure way leaves room for

attackers to exploit. This is often the case since web application developers are not well versed

with secure coding practices.

5. Security Misconfiguration - Security settings that are incorrectly configured are quite

prevalent, making it simple for attackers to capitalize.

6. Vulnerable and Outdated Components - When an attacker is able to take benefit of known

vulnerabilities in the application or underlying platform, it's possible that vulnerable and obsolete

components will be involved.

7. Identification and Authentication Failures - This is when an attacker is able to impersonate

another user or gain access to restricted sections of the application without having proper

authentication.

8. Software and Data Integrity Failures - This happens when an attacker is able to gain access

to sensitive information within the application, such as user credentials or credit card numbers.

9. Security Logging and Monitoring Failures - Security logging and monitoring failures occur

when an attacker is able to disable or circumvent the logging mechanisms in place, making it

difficult to track activity within the application.

10. Server-Side Request Forgery - This occurs when an attacker is able to inject illegitimate

requests from the server-side, such as forgery of login credentials.

These are errors developers often make when creating websites that, if exploited, can lead to serious

consequences for your business - including data theft or financial loss!

Cyber Defense eMagazineFebruary 2022 Edition 49

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


What is OWASP penetration testing?

Image Source: kirkpatrickprice.com

OWASP penetration testing is pen testing specifically to eradicate the vulnerabilities mentioned in the

OWASP top ten list. This is a good starting point but your penetration tests should not be limited to these.

OWASP Penetration Testing Checklist

Keeping in mind the OWASP top ten web app vulnerabilities, we have compiled a checklist to help you

with your penetration testing process:

1. Review the application's architecture and design

2. Identify and attempt to exploit all input fields, including hidden fields

3. Tamper with data entered into the application

4. Use a variety of automated tools to find vulnerabilities

5. Scan the network for exposed systems and services

6. Attack authentication mechanisms - try logging in as different users with known credentials, or

using brute force techniques

7. Try to gain access to restricted parts of the web application that should otherwise be only

reachable by authorized individuals

8. Intercept and modify communications between the client-side and the server-side

9. Exploit known vulnerabilities in the web application platform or frameworks it is built on

Once you have completed your penetration test, document your findings in a concise report and begin

patching your web application immediately.

Cyber Defense eMagazineFebruary 2022 Edition 50

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Conclusion

Penetration testing is a very important step in securing your web application and should not be

overlooked. The OWASP Top Ten list is a great starting point, but it should not be the end of your

penetration testing journey. In order for penetration tests to be effective, you need an experienced

security team who can perform these types of audits and also provide actionable results in a timely

manner.

About the Author

Ankit Pahuja is the Marketing Lead & Evangelist at Astra Security. Ever

since his adulthood (literally, he was 20 years old), he began finding

vulnerabilities in websites & network infrastructures. Starting his

professional career as a software engineer at one of the unicorns

enables him in bringing "engineering in marketing" to reality. Working

actively in the cybersecurity space for more than 2 years makes him

the perfect T-shaped marketing professional. Ankit is an avid speaker

in the security space and has delivered various talks in top companies,

early-age startups, and online events.

Ankit can be reached online at Email, LinkedIn and at his company

website http://www.getastra.com/

Cyber Defense eMagazineFebruary 2022 Edition 51

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


5 Ways to Protect Your Workplace from Cybersecurity

Threats

The cybersecurity environment is rapidly evolving. Meanwhile, technological advancements are steadily

improving the ability for cyber criminals and hackers to exploit data security flaws.

By Nicole Allen, Marketing Executive, Salt Communications

The cybersecurity environment is rapidly evolving. Meanwhile, technological advancements are steadily

improving the ability for cyber criminals and hackers to exploit data security flaws. The ever-increasing

scope of data breaches and cybersecurity threats should be a major source of concern for all types of

organisations.

No one could have predicted the holes in network security postures that the 2020 coronavirus pandemic

has revealed with the increase of employees working from home. Unsecured home networks, BYOD

(bring-your-own-device) policies, and compartmentalised operations turned previously evident hazards

on corporate networks into invisible, hidden threats on a wider range of networks. As a result of the

increasing attack surface even more than usual phishing vishing, and ransomware assaults were

launched. So in this article Salt Communications are going to explain five ways to protect your workplace

from cybersecurity threats.

Cyber Defense eMagazineFebruary 2022 Edition 52

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


1. Increase enterprise security protection

Mobile workplaces can boost productivity and access to work-related resources, but they also raise the

danger of data leaks due to apps and services like email, social media, and cloud access. Maintaining a

more secure organisation while enabling mobile productivity requires creating a safer environment for

employees to work remotely.

The risks to organisations from actions or inactions of employees come from a wide range of factors:

such as human error - this can include sending sensitive information or personal data to the wrong person

by accident. There's also the issue of system misconfiguration, which can lead to unauthorised access if

sensitive data isn't adequately secured, encrypted, or password protected. It's also crucial to consider

the loss of sensitive information-containing devices or documents.

Many businesses do not take data security as seriously as it should be. They have weak passwords,

important files that aren't encrypted, and servers that aren't configured correctly. More than 4 billion data

records containing sensitive information were allegedly compromised in the first six months of the year

in 2021 as a result of this negligent attitude.

2. Enable secured collaboration for business communications

Since the recent crisis-forced transition to remote work, there has been an increase in the use and

reliance on communication tools. Employees across organisations are looking for an effective, secure

approach to continue collaborating throughout the business now that they are dispersed in various remote

locations. Migration to business communication platforms as a replacement for in-person and other

technical communication has become a major goal for a business's digital transformation.

Companies become more vulnerable to major security concerns when more communication – and

business-critical information – is shared across cloud platforms likeZoom and Teams. As we saw with

COVID-19, there has been an increase in hacks, including targeted Teams attacks using impersonating

Teams notifications and GIFs vulnerabilities.

With the likes of Teams in terms of external vulnerabilities, federated access to external users is enabled

by default when Teams is implemented out of the box. This means that anyone in the world can send an

email to a user, request to chat with them, or exchange files with them, exposing the individual, and

hence their entire organisation, to messages that are frequently hostile in nature.

Whereas, if an organisation uses a closed communications platform such as Salt they don’t leave

themselves open to these types of threats. Salt Communications recognizes that encryption alone isn’t

enough to keep an organisation’s data safe. Salt delivers a highly secure platform that gives the same

convenient user experience as consumer apps, but in a safer and more secure manner, allowing the

Cyber Defense eMagazineFebruary 2022 Edition 53

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


usiness to maintain complete, centralised management of the system at all times and therefore ensure

complete control.

3. Ensure you are reducing malware exposure

Malware infections is frequently linked to user mistakes. Phishing and spoofing schemes have advanced

to the point where they can trick users into downloading innocuous-looking apps that contain hidden

attacks by sending them fake emails from trusted brands. These emails lure users in with fake news

stories, or very personalised offers, which leaves themselves and their companies open to attack. As well

as this in the past year there has been an increase in ‘smishing’ attacks which are threatening businesses

worldwide. Smishing is a form of ‘phishing’ using SMS or text messages instead of emails to entice

recipients to click on fake links which downloads malware onto their device.

On their own devices, users cannot be prevented from surfing the web, utilising social media, or

accessing personal email. How can you assist them in performing these routine duties in a safer manner?

Request that all staff read basic instructions and/or participate in training that covers common malware

attack strategies.

Employers should also teach users to double-check URLs in emails to ensure they are accurate, relevant,

and trustworthy. Also, think about deploying email security solutions that can help prevent malware and

phishing attacks from reaching employees' inboxes. It makes no difference if you have the world's most

secure security system. It only takes one inexperienced employee to be deceived by a phishing attempt

and hand up the information you've worked so hard to safeguard. Make sure you and your staff are both

aware of these specific email phishing examples, as well as all of the warning indicators of a phishing

attempt.

4. Back everything up regularly

What if your organisation already has a backup system in place? First and foremost, kudos on a job well

done; but, the task does not end there. It's critical to test your backup recovery process on a frequent

basis. It's pointless to back up data if you can't recover it. You'll know if your backup procedure is working

properly if you run that test on a frequent basis. It's not uncommon for a backup drive to run out of disc

space for no one to notice.

Performing a proper backup can be a challenging task. Therefore, backups should be included in your

business continuity plan. A business continuity plan, according to Travelers Insurance, is "a proactive

plan to avoid and manage risks associated with a disruption of operations."

It outlines the measures that must be performed before, during, and after an event in order for an

organisation's financial viability to be maintained. That implies that if your business systems are affected,

whether by a fire or flood in the office or, more recently, a cyber-attack, you'll have a plan in place to

Cyber Defense eMagazineFebruary 2022 Edition 54

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


minimise the impact on business performance. Backing up your company's data could mean the

difference between surviving a cyber attack and going out of business.

5. Manage all organisational devices

Security concerns are growing as the Bring Your Own Device (BYOD) trend rises and the use of

Software-as-a-Service (SaaS) applications spreads. Organisations can begin with user education on

devices is a simple but crucial step in securing them. It guarantees that every employee in your company

is informed of the best procedures for safeguarding your data. While it starts with onboarding, teaching

your staff how to safeguard their devices is a continuous activity.

Mobile security should be at the top of any company's cybersecurity priority list, especially in an era where

remote working has become the standard and isn't going away anytime soon. Many of the companies

and organisations in which Salt Communications works have experienced a surge in mobile usage for

communications and day-to-day tasks. Often, businesses will consider creating a mobile security policy

that outlines what users should and should not do while using their mobile devices. Other businesses

have implemented MDM/UEM systems to lock down devices and add an extra layer of security to

company-issued devices that employees use.

Allowing employees to be flexible does not have to mean jeopardising the security of your cybersecurity,

mobile security and corporate communications. You can provide your employees the freedom to work

anywhere, anytime with adequate planning, the correct tools, and education while avoiding risk. Our team

of professionals have worked with a variety of organisations to assist them in dealing with cybersecurity

issues.

To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications

contact us on info@saltcommunications.com or visit our website at saltcommunications.com.

About Salt Communications

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged

software solution giving absolute privacy in mobile communications. It is easy to deploy and

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications

offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and

secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in

Belfast, N. Ireland, for more information visit Salt Communications.

Cyber Defense eMagazineFebruary 2022 Edition 55

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Nicole Allen, Marketing Executive at Salt Communications.

Nicole has been working within the Salt Communications

Marketing team for several years and has played a crucial role

in building Salt Communications reputation. Nicole implements

many of Salt Communications digital efforts as well as managing

Salt Communications presence at events, both virtual and in

person events for the company.

Nicole can be reached online at (LINKEDIN, TWITTER or by

emailing nicole.allen@saltcommunications.com) and at our

company website https://saltcommunications.com/

Cyber Defense eMagazineFebruary 2022 Edition 56

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Today's Digital Battlefield Demands Resilience Beyond

Infrastructure

By Mohammed Al Mohtadi, Cyber Information Security Officer, Injazat

There is a battle underway globally that requires every business to identify their risks of attack, fortify

their defences, and continually evolve their capabilities. Every company will need to be on the front foot

in terms of being equipped with the latest skills to deal with it and innovating their armoury to counter it.

The battle for data increasingly sees sophisticated attacks by organised hackers rising rapidly.

A study by Cybersecurity Ventures indicated that cybercrimes will be the reason for the greatest transfer

of economic wealth in history, costing the world $10.5 trillion by 2025. To place that in the context of a

country wealth equivalent, it would be the world's third-largest economy after the U.S. and China.

Reframing the Digital Battleground

With the level of technology integration in nearly every business, it could be argued that every company,

to some degree, is a technology business. As a result, each could face extremely damaging risks to the

business by losing productivity, operations, reputation and incurring a substantial financial loss.

This digital battleground is constantly evolving. With it is the need for the business world to change its

approach from simple prevention steps to a more proactive approach rooted in a dynamic business-wide

state of readiness. Given the current landscape, the focus should shift towards better detection and

readiness for the inevitable to survive the digital battlefield today.

Cyber Defense eMagazineFebruary 2022 Edition 57

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


It is no longer the case that the "it will never happen to us" attitude is accurate. In fact, to the contrary, as

every 39 seconds, there is a new attack somewhere on the web, and the rapidly rising cost of global

cyber hacks rising every year around 15 per cent.

Testing your resilience: Attack yourself.

It is now more vitally important than ever before to test the company's resilience to ensure that critical

data is secure and vulnerabilities are identified. These vulnerabilities can also include programming

errors, or improper computer or security configurations which can be then be exploited by hackers who

discover these unintentional flaws and use these an opportunity for cyberattacks which are known as

zero day attacks. To address this, the software developers have to release updated software patches.

However, since they have just learned of the flaws, they have “zero days” to fix the problem and protect

the users.

A secure way to achieve the testing of resilience is by evaluating your company's vulnerabilities through

being breached voluntarily. Therefore, attack yourself before hackers do, and assess what weaknesses

in your IT infrastructure would make them successful and proactively fix them. You stand a significant

chance to reduce the impact of an attack, provided you have a robust response plan and that it is

consistently tested.

Most security leaders do not know how their team would react to a cyber breach. These exercises are

critical to help provide an understanding of the capabilities of your team and your existing technology and

are great for building muscle memory and assessing where to invest budgets.

Fortunately, there are several ways and methods to do this today, from tabletop exercises to penetration

testing and simulation exercises such as red teaming.

Why choose proactive simulation

Penetration testing identifies possible vulnerabilities and security holes but is highly dependent on the

skill of the pentester. This is where immersive solutions such as red teaming have a massive advantage.

It presents you with a heart-pounding, first-hand experience that reproduces the real impact of an attack.

It helps prepare your teams to respond and enables you to understand how competent your response is

and how fluent you are in your response incident response plan.

It is also crucial for the business to view cyber security as a shared responsibility, not simply the IT head's

sole responsibility. Instead, everyone has a role in ensuring the organisation remains cyber secure.

Response plans will have assigned responsibilities for the key decision makers such as the CEO, CIO,

CHRO etc and simulation exercises guarantee that all protocols are fully understood by all parties and

strengthen the cybersecurity bench providing critical in a low-risk, low-cost way to learn from your failures.

Cyber Defense eMagazineFebruary 2022 Edition 58

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


UAE can be a cyber security powerhouse

The UAE is the third most attractive target for cybercriminals, according to the Cyber Risk Index released

by NordVPN, costing the businesses in this country a whopping $1.4 billion per year.

Therefore, it should not come as a surprise that the UAE have announced a national bug bounty program

to enlist the services of qualified global security researchers in an incentive-based programme for

cybersecurity penetration testing and vulnerability identification, towards better prevention against cyberattacks.

As a nation that has always been at the forefront of embracing innovative ways to enhance cybersecurity

across the critical infrastructure in the country, the UAE knows not to stop at just penetration testing. To

align and direct these national cyber security efforts, the UAE Government has a vast array of initiatives

that are designed to improve the national cyber security, and protect the country’s national information

and communications infrastructure. The UAE Information Assurance (IA) Regulation provides the

requirements for raising the minimum level of IA across all relevant entities in the UAE. This is further

supported through the information security standards such as ISO 27001 which is focused on keeping

information assets secure.

With a 250% increase in cyberattacks since last year, the UAE Cybersecurity Council, in cooperation with

National Crisis and Emergency Management Authority (NCEMA), announced a "Protective Shield Cyber

Drill", demonstrating how these exercises and practices can be encouraged from a government level.

As the national technology champion, Injazat is also a leader in cyber security through the provision of

its 'Cyber Fusion Centre'. This capability stands out ahead compared to other less able solutions in the

market. Integrating behavior analytics and machine learning, the Cyber Fusion Center is distinctive. It

leads the MENA region as it provides a proactive and unified approach to neutralize potential threats

before they occur. The platform leverages an Artificial Intelligence-based recommendation engine,

suggesting remediation actions based on previous behavior patterns and reducing response times.

As we approach 2022 next month, now is the time to double up on the action to ensure that every

business is cyber aware and has the proper proactive defences to ensure that they win in the digital

battleground. Every company must act now to put the winning strategy in place and not wait until it's too

late. The cost of not doing so could be high.

Cyber Defense eMagazineFebruary 2022 Edition 59

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Mohammed Al Muhtadi is a highly accomplished cybersecurity and

information governance professional with over 12 years of experience in

leading and implementing security solutions and mitigation plans.

As the Chief Information Security Officer of Injazat, Mohamed is

responsible for spearheading and improving the security programs,

assessment of the organization’s digital landscape, managing disaster

recovery and providing cybersecurity awareness training.

In the span of his career, Mohammed has helped corporate giants in the

region such as Du, Dubai World, Masdar, General Electric and ENOC to

design, implement, operate, grow, and manage their digital infrastructure.

Highly qualified, Mohammed holds an MBA and a Bachelors degree in

Information Technology with over 13 certifications ranging from ethical hacking to data privacy solutions.

The rich and extensive experience he has gained in his previous roles has fully equipped him with the

tools needed to support any company’s security and information strategies and ensure a smooth flow of

operations within the team. Mohammed can be reached online at

https://www.linkedin.com/in/mohammed-al-muhtadi/

Cyber Defense eMagazineFebruary 2022 Edition 60

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Why Ransomware is Only a Symptom of a Larger Problem

While ransomware is arguably the greatest current security threat to organizations, its rise has

distracted us from the true issue at hand: extortion-based crimes.

By Jeff Palatt, Vice President, Technical Advisory Services at MOXFIVE

Encrypted files, corrupted applications, deleted backups, and stolen data - all are debilitating symptoms

attributed to ransomware. With the shift to digital currencies, the monetization from attacks has only

become easier for threat actors to turn unauthorized access to an organization’s computer network into

financial gain.

Where We Are

Since cyber thieves first began physically skimming credit card machines to collect the information

needed for counterfeit credit cards, unauthorized access to private data has led to a

Cyber Defense eMagazineFebruary 2022 Edition 61

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


windfall of financial gain for the threat actors. In the time between WannaCry and the Colonial Pipeline

attacks, ransomware has shifted from single-system encryption events with extortion amounts of less

than $15,000 to enterprise-level encryption events with demands routinely in the tens of millions of

dollars. There has been an alarming increase in the number of instances where organizations have

backups to restore their IT operations, yet still pay a ransom to “buy silence” from the threat actor.

Ransomware is currently the sharpest tool attackers have to monetize these attacks, but it is by no means

the only one.

Where We’re Going

As ransomware continues to gain attention, threat actors will adopt additional escalation techniques to

continue profiting. We are already seeing a sampling of what’s to come, including:

• Distributed Denial of Service (DDOS) Attacks: While not as common today, the threat of a

DDOS can be increased to where threat actors target critical networking gear and block control

of network traffic into and out of the network, which would cripple an environment. Organizations

that rely on a significant Internet presence need to contract with DDOS mitigation firms in a

proactive manner to help mitigate the threat of DDOS attacks. Furthermore, organizations should

implement centralized management of network gear to easily manage, and secure, network

devices in their environment.

• Destructive Attacks: If desperate, or lucrative enough, threat actors could shift to threatening to

bring the environment completely and permanently down if a ransom is not paid in a certain

amount of time. While this type of attack would be difficult, it is not impossible and could leave an

organization scrambling to investigate and remediate as quickly as possible to mitigate damage.

Defending against these types of attacks requires a layered security approach that starts with the

basics and matures into a robust security program. Organizations need a prioritized security

roadmap that pinpoints specific risk areas in an organization and targets pinpoint solutions that

maximize the return on value of security investments.

The Disease: Extortion-Based Attacks

An endless supply of highly skilled adversaries, a precedent of successfully extorting victims for higher

payouts, and less friction collecting (and spending) funds thanks to digital currencies has opened the

floodgates for the frequency and severity of extortion-based attacks. While ransomware has the spotlight

for now, we need to remember that it is merely a symptom of the extortion-based crime disease. To truly

combat extortion-based crimes, starting with ransomware, organizations need a robust defense strategy

that protects environments from current and future trends. Cybersecurity needs to go beyond addressing

the immediate threat of ransomware to impair the ability of threat actors monetizing attacks, starting at

the organizational level to reduce overall risk and repercussions.

Depending on the size and complexity of the network, and the maturity of the security program a

determination should be made with respect to resources, technology, and capability. Smaller

organizations should consider outsourcing a good portion of their security to a Managed Detection and

Cyber Defense eMagazineFebruary 2022 Edition 62

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Response vendor that can leverage an Endpoint Detection and Response (EDR) or Extended Detection

& Response (XDR) solution. Larger organizations can often handle security in house but may want to

consider a hybrid model where the security strategy and program is run internally, and specific services

may be provided by a Managed Security Service Provider (MSSP). In any case, all organizations need

to have basic controls in place, from immutable backups and network segmentation to multifactor

authentication (MFA) and privileged access management.

The Cure: Holistic Cybersecurity

A key part of the game for threat actors is the continual escalation of techniques for profit. To combat

extortion-based crimes, organizations need robust defense strategies that protect environments against

current and future attack trends, addressing the threat of ransomware and impairing the threat actors

from monetizing attacks. Beyond encrypting systems and implementing backup solutions, organizations

need a holistic approach that bands the security, software, and hardware communities together to

eradicate these threats.

Organizations must continue to address the symptoms of extortion-based attacks, like ransomware, but

must also not lose sight of the true disease. The solution will not be quick, complete, or without pain. But

together as an industry we can reverse the concerning trend in the rise of extortion-based attacks.

About the Author

As Vice President of Technical Advisory Services, Jeff leads MOXFIVE's

team of expert Technical Advisors who provide strategic incident

management services and solutions to clients. Prior to MOXFIVE, Jeff was

the Director of Cyber Defense and Incident Response at RSA Security,

joining RSA through the NetWitness acquisition in 2011 where he helped

build the Incident Response Practice from the ground up. Jeff has held

other leadership positions including Delivery Manager for Emergency

Response Services at IBM where he was instrumental in getting IBM ISS

listed as a PCI Qualified Incident Response Assessor (QIRA) in 2006

during the acquisition of Internet Security Systems and assisting with the

integration of the teams through the transfer of trade. Before moving into practice leadership roles, Jeff

was a Principal Consultant (Incident Responder) with Internet Security Systems and has held various

other positions as a Security Engineer, Security Analyst, and Security Auditor.

Jeff has a Master of Forensic Sciences in High Technology Crime Investigations from the George

Washington University, and a Bachelor of Science in Business Administration from Old Dominion

University. He is a Certified Information Security Manager (CISM), Certified Information Systems Security

Professional (CISSP, and a Certified Information Systems Auditor (CISA). Jeff currently resides in

Virginia Beach with his wife and three children. Jeff can be reached online at our company website

https://www.moxfive.com/.

Cyber Defense eMagazineFebruary 2022 Edition 63

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Responding To the Ransomware Pandemic

By Tom McVey, Solution Architect, Menlo Security

Last year, Kaseya became the victim of the largest ransomware attack in history when Russian-linked

hacker group REvil breached the US software company’s systems, in turn gaining access to the

subsequent systems of approximately one million other companies. The ransom they demanded was a

staggering $70 million.

We saw a similar story in May 2021. Both Irish Health Services and insurance company AXA were hit by

ransomware attacks, the former forced to shut down its systems entirely to protect itself, causing mass

disruption and placing a huge strain on the country’s healthcare service. In the same month, the

University of Northampton of the UK saw its entire network go down as a result of a ransomware attack,

severely impacting students’ learning.

It is no coincidence that such significant attacks were orchestrated in such a short space of time.

According to Bitdefender’s Mid-Year Threat Landscape Report 2020 ransomware attacks were up 700

per cent that year.

Much of this spike can be attributed to the changes brought about by the pandemic. Where remote

working shifted to a lockdown-enforced necessity, countless organisations had no choice but to switch

from physical to digital working practices almost overnight.

Cyber Defense eMagazineFebruary 2022 Edition 64

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Critical IT infrastructure had to be adapted. Consequently the digital landscape was greatly expanded,

which led to the exposure of security vulnerabilities that cyber criminals have since exploited at scale.

While the volume is increasing, what is even more alarming is the fact that such attacks are becoming

increasingly sophisticated.

In recent years there have been huge strides made in technological advancements, much of which have

been put to good use in many ways. Yet, for cyber criminals, it is allowing them to create highly legitimate

looking campaigns, such as credentials phishing, with the ability to tap into personal information gleaned

from social engineering initiatives.

It is now easier than ever for them to get a targeted user to click on a link in an email that looks like it’s

coming from a colleague or a trusted person or brand. All it takes is that one click to set the attack in

motion.

It’s not just emails either. Ransomware is also being embedded in digital advertisements and content

modules on news sites, making the filtering of URLs using white/blacklists redundant in preventing many

ransomware attacks.

Extortion Attacks

Beyond these complex phishing techniques, we are seeing the emergence of a new category of

ransomware attacks called double extortion attacks. This is when ransomware is embedded with counter

incident response tools baked right into the malicious code. Alongside this, tactics such as security tool

disablement/bypass, distributed denial-of-service (DDoS) attacks and log destruction are also on the rise;

one of the key reasons that over two thirds of breaches remain undetected for months.

Such is the severity of the problem that a 2021 Menlo Security survey revealed that more than two thirds

of people believe cyber criminals should receive prison sentences. Meanwhile, 60 per cent believe that

ransomware attacks should be viewed as seriously as terrorist attacks.

While harsher penalties may deter some threat actors, it is highly likely that ransomware attacks will

continue to grow, and organisations need to be proactive in protecting core assets.

So what can be done to overcome the challenge? Enter isolation and zero trust – a security-focused

combination that can be used to stop ransomware in its tracks.

Isolation technology has been designed with the purpose of protecting users as they navigate the web.

It works by creating a virtual air gap between the Internet and enterprise networks. All email and web

traffic goes through the isolation layer, where the content is still visible but is never actually downloaded

to the endpoint.

Cyber Defense eMagazineFebruary 2022 Edition 65

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


It does not impact the user experience. Rather, it simply removes the risk of malware exploiting

vulnerabilities on the endpoint.

Zero trust enhances this, working to block both known and unknown potentially malicious activity. It

assumes that all web content is harmful and prevents any website from running code on users’ devices.

It’s a way of protecting users from untrusted actors without inhibiting their ability to do work.

Using this combination, attackers are both prevented from gaining an initial foothold in a network, leaving

ransomware with no route to reach its targeted endpoints.

About the Author

Tom McVey, Solution Architect, Menlo Security. Tom is a Solution Architect

at Menlo Security for the EMEA region, a leader in cloud security. He works

with customers to meet their technical requirements and architects web and

email isolation deployments for organisations across different industries.

Coming from a varied background in cyber, Tom provides expert

cybersecurity advice and strategic guidance to clients. Tom previously

worked for LogRhythm and Varonis.

Cyber Defense eMagazineFebruary 2022 Edition 66

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Killware is the Next Big Cybersecurity Threat

By Brian Erickson, Vice President or Strategy and Solutions and retired U.S. Navy Captain,

Vidoori

Today's battlefield has expanded to a digital landscape, and the impact affects the general population as

well as government agencies. America’s enemies now aim to access sensitive information, disrupt critical

infrastructure, or stop the maneuverability of our armed forces.

As the battlefield continues to evolve, so too do the types of attacks. Phishing attacks, voice bot scams,

and crypto ransomware are examples of how the world of cyberattacks has evolved in recent years.

With these increasingly complex attacks comes new legislation to defend against them. For example,

President Biden's May Executive Order and the Defense Information Systems Agency (DISA) and

Department of Defense’s (DoD) new Zero Trust cybersecurity reference architecture display the efforts

to help mitigate and fight against these threats.

However, with large-scale ransomware attacks - such as the Colonial Pipeline and Solar Winds - going

after our nation's critical infrastructure and putting citizens' lives at risk, cybercriminals have already

displayed the willingness to escalate ransomware attacks to levels previously unheard of.

Cyber Defense eMagazineFebruary 2022 Edition 67

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


This new kind of ransomware attack goes after a person's physical safety and can even take someone's

life and has been called “killware” by Alejandro Mayorkas, Secretary of the U.S. Department of Homeland

Security (DHS).

The Dangers of Killware

Killware is defined by its result, not by its methods like malware and ransomware are and is intentionally

designed to cause real-life harm or death by targeting the health of its victims.

In a Gartner blog titled, The Emergence of Killware, the Lethal Malware, it is predicted that by 2025,

cybercriminals will have weaponized operational technology (OT) environments to intentionally and

successfully kill people.

As our reliance on digital resources increases so does the likelihood of cyber-attacks. And incidents in

the digital world will have a much more significant effect on the physical world as the cyber-physical world

evolves with IoT, smart buildings/cities, and autonomous vehicles. According to Gartner, the predicted

monetary impact of cyber-physical systems attacks will reach over $50 billion by 2023.

However, our critical infrastructure is currently most vulnerable to killware targets. Systems and service

providers like hospitals, water and waste suppliers, power grids and dispatch operations that would result

in physical harm or death should they be compromised in a killware attack.

This malicious cyber activity has already begun to take place. In October, the Federal Bureau of

Investigation, the Cybersecurity and Infrastructure Agency, the Environmental Protection Agency, and

the National Security Agency issued a joint advisory highlighting attempts to compromise the system

integrity of U.S. Water and Wastewater Systems (WWS) Sector facilities. This advisory indicates a larger

problem, as cyber threats continue to increase across all critical infrastructure sectors.

A Military Problem

While the term may be new, the intended outcome of killware is not new to members of the military –

adversaries have been targeting defense systems for decades to disrupt communications and endanger

the lives of our armed forces.

Historically, adversary tactics, techniques and procedures (TTP) are as varied as an individual's choice

in an automobile purchase – they depend on the desired outcome. If the objective of the attack is financial

gain, then the attackers will use ransomware. If the attacker simply wants to disrupt operations and cause

chaos, then malware intrusions into OT systems, such as industrial control systems (ICS) and supervisory

control and data acquisition (SCADA) may be chosen tactic. Stuxnet, a malicious computer worm first

uncovered in 2010, is one of many examples of malicious malware designed to attack these systems.

However, as killware attacks become more prevalent, our defense agencies will have to evolve to ensure

the safety and security of warfighters here and abroad. 5G, future 6G and the Internet of Things (IoT)

introduce a whole new set of rules that may cause lethal results from non-kinetic actions.

Cyber Defense eMagazineFebruary 2022 Edition 68

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


The most effective way to defend against these threats is to develop and deploy a Zero Trust Architecture

across the enterprise. An effective ZTA can be found in the Office of Management and Budget’s recent

Federal Zero Trust draft strategy. It creates an environment of trust and, depending on the technology,

can create IP cloaking that prevents adversaries from striking what they cannot see.

ZTA is a solution that can be used across all agencies and environments. Although networks may have

certain unique qualities depending on the function and system, all networks are simply a combination of

1’s and 0’s that all require the same basic needs (power, space, cooling, processor) to operate. Thanks

to the similarities, good cyber hygiene addressing all key securing concerns can be applied not only

across agencies, but across industries, from Federal to DoD to commercial.

The current administration and legislators understand this potential, and have made it a point to prioritize

cybersecurity, allocating around two billion in funding for cybersecurity in the recently passed

Infrastructure Bill and releasing a series of Zero Trust guidance. The new Infrastructure Bill also includes

funding for a state and local Cyber Grant Program and over $100 million for the Cyber Response and

Recovery Fund.

The DoD and DISA are also taking large strides to sure up cybersecurity, creating a new Zero Trust

security portfolio office, and sharing cross-agency guidance by creating a Zero Trust cybersecurity

reference architecture.

What’s Next?

Looking ahead, the DoD and defense agencies must continue to combat this new threat by implementing

a comprehensive ZTA, recruiting and retaining cyber talent, ensuring employees are taught and have

effective cyber hygiene, and continually assessing their systems through proactive testing and

integration.

Agencies must have organic staff, educated in the art of hacking and cybersecurity, that are able to

routinely test networks using past and present TTPs. The key to successful network protection is to

continue a defensive posture and think strategically to predict where future attacks may come from given

the course of technology (6G, exascale and quantum computing, hyper-converged drone warfare).

With cyber threats ever evolving and killware being designated a concern by the DHS, the federal

government should leverage lessons learned from the DoD to get ahead of our adversaries. Continuing

to make cybersecurity a legislative priority and taking a forward-looking approach to defensive and

offensive tactics is critical in protecting critical infrastructure from lethal attacks.

Cyber Defense eMagazineFebruary 2022 Edition 69

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Brian Erickson is Vidoori’s Vice President for Strategy and Solutions.

In this role, he oversees the company’s west coast operations and brand

expansion. Prior to Vidoori, Brian served 26 years as a Senior Naval Officer

(Captain/O6) in the aviation and information warfare communities.

Brian earned a Bachelor of Arts degree in Economics from San Diego State

University. He also earned a Master of Science degree in Information

Technology from the Naval Postgraduate School. Additionally, he holds

numerous professional certifications in business and cybersecurity.

Cyber Defense eMagazineFebruary 2022 Edition 70

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Combining True MDR & SOC for Robust Cybersecurity

By Jon Murchison, Founder and CEO, Blackpoint Cyber

Assessing the Current Threat Landscape

The only constant in the cyberthreat landscape is that it is ever evolving. Amid a global pandemic,

cybercriminals have moved quickly to exploit vulnerabilities as organizations make the change to remote

and flexible work environments. Cybersecurity is now a key concern for small and medium-sized

businesses (SMBs) during this shift to a virtual world. More than ever, there is a high demand for efficient

and affordable cybersecurity solutions to help ensure business continuity as much of the workforce

adjusts.

While cyber defense solutions such as anti-virus and anti-malware are affordable and a common choice,

Cyber Defense eMagazineFebruary 2022 Edition 71

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


they are no longer able to fight back increasingly sophisticated cybercriminals and attack methods.

Rather than bulking up your security stack with various solutions, many businesses are now combining

the expertise of a Security Operations Center (SOC) paired with the robust abilities of Managed

Detection & Response (MDR) technology to build a pragmatic, streamlined approach to cybersecurity.

Combating Advanced Cyberattacks

For many organizations, the current pandemic has shown how security programs and tools such as

fire walls, anti-virus, and anti-malware are not enough to fight back cyber adversaries. No doubt they

are useful in providing protection against known viruses and malware, but they cannot thwart dedicated

criminals leveraging newer attack methods such as ransomware and zero-day exploits.

The threat landscape continues to change, and it is evolving much faster than such tools can keep

up with. Consider the following challenges:

• Traditional signature-based anti-virus technology is rooted in blacklisting known viruses, files, and

malware. However, Advance Persistent Threats (APTs) can easily bypass this model by

remaining undetected for lengthy periods of time within a victim’s networks. Further, anti-virus

solutions are only as strong as their last update. The time in between updates is more than plenty

for well-funded and experienced cybercriminals to launch an attack.

• Even next-generation anti-virus and anti-malware software are not able to fully eradicate

cyberthreats. While they do address some weaknesses found in their traditional counterparts,

their technology is centered around machine learning and analysis to catch specific suspicious

behaviors. Next-gen anti-virus and anti-malware solutions are still unable to respond quickly

enough to catch new trending patterns and methods.

Cybercriminals are customizing their malware attacks. Unfortunately, cybercriminals can tailor

their attacks to best infiltrate their victim’s networks and bypass the anti-virus's methods of

detection.

• Over 85% of major cyber incidents occur in organizations that have anti-virus software installed. In

many of these cases, the software either missed detecting the attack completely, or managed to

identify the malicious file but not a critical component of the attack such as a second payload or

a process injection.

• Attack types are varied and advanced. While e-mails and bad links are still a top access vector

into a victim’s networks, organizations also need to be prepared to defend their businesses

against zero-day exploits, ransomware, fileless attacks, credential theft, infected devices,

vulnerable VPN services, and open remote desktop protocol (RDP). These are all ways that

threat actors can infiltrate networks, spread laterally, and launch their attack.

In the current pandemic, many organizations are overwhelmed trying to keep their IT environments

secure and it can seem that cyber adversaries are always a few moves ahead. To combat this, investing

in a Security Operations Center (SOC) can significantly streamline how organizations meet evolving

cyberthreats. Within optimized security operations, organizations develop both their offensive strategy,

as well as their defense. Engaging with a SOC is an increasingly positive option for many businesses,

Cyber Defense eMagazineFebruary 2022 Edition 72

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


especially those who want to build a robust security framework backed by security experts with

experience in dealing with unrelenting waves of advanced threats.

SOC Key Functions

A Security Operations Center (SOC) is a centralized hub that combines dedicated security analysts,

processes, and technology to continuously monitor an organization’s security posture. SOCs are focused

on using telemetry measured from across an organization’s IT infrastructure and assets to prevent,

detect, assess, and respond to cybersecurity incidents.

All SOCs are built differently, and many providers allow organizations to select the specific services that

best serve their line of business. These are some of the common key functions that a majority of SOCs

will offer:

• Asset Discovery and Management – SOCs are responsible for two general categories of assets:

the devices, processes, and applications of the organization they are defending, and the specific

tools and software in place to protect the former. Complete visibility and control are key in SOC

operation. They take stock of all the available assets on their client’s networks to eliminate the

chance of missing a blind spot. With a complete view of all the endpoints, software, servers,

services, SOCs can stay on top of the nature of traffic flowing between these assets and monitor

for anomalies.

• 24/7/365 Proactive Monitoring – Proactive behavior monitoring, and analysis requires the SOC to

scan on a 24/7/365 basis. The SOC is notified anytime their technology flags an anomaly or there

is evidence of suspicious activities within a network. Consistent monitoring allows SOCs to stay

ahead of adversaries and be able to properly prevent or mitigate malicious actions. Further, it is

a common strategy for cybercriminals to schedule their attacks intentionally during off hours and

weekends to maximize the potential rate of success of their operation. Without a SOC monitoring

all hours and days of the week, an in-house IT team may not be able to catch and apply any

defensive efforts until the following business day.

• Alert Severity Ranking – Alert fatigue is a common challenge faced by in-house IT teams,

especially if they are relying on a complex platform such as a Security Information and Event

Management (SIEM) tool to log events across their organization’s networks. A team may quickly

become overwhelmed if their technology is triggering alerts constantly. While some may be valid

early warnings of a cyberattack, there are also false positives and alerts triggered due to lack of

configuration settings. Alert fatigue is the main reason why some legitimate notifications are

missed or not placed at a higher priority. MDR teams are able to better sift through the

complexities of incoming alerts and efficiently determine if they are plausible warnings of a breach

needing immediate action.

• Threat Response – A SOC is a first responder. With 24/7/365 coverage, the SOC team closes the

gap between the identification of an event and the actual response and remediation. By

immediately shutting down or isolating endpoints, they can terminate malicious processes, delete

bad files, and stop the threat from moving deeper into other systems.

Cyber Defense eMagazineFebruary 2022 Edition 73

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Take Your Cybersecurity Strategy to the Next Level

Ultimately, a SOC allows its organizations to operate knowing that cyberthreats can be identified and

prevented in real-time. Regardless of how many endpoints, networks, assets, or locations an

organization spans, SOCs provide a centralized view to ensure that they are monitored and performing

as needed.

From a security strategy standpoint, having a SOC means responding faster, minimizing damages and

costs, and safeguarding data and business continuity. However, is there a way to further maximize

cybersecurity to the next level?

Pairing SOC & Managed Detection Response (MDR) Services

An optimized security strategy is one that streamlines the right methods of threat management into an

effective security solution. All functions should work in tandem so that the solution is easy to integrate

and operate day-to-day. Having the right stack of services in place is a significant measure of how mature

an organization’s security posture is. What a managed SOC cannot do alone is combine network

visualization, insider threat monitoring, anti-malware, traffic analysis, and endpoint security into a

24/7/365 managed service focused solely on detecting and detaining threats in real-time. This is where

MDR comes into play.

To develop the most comprehensive solution, SOCs may augment their services by operating a Managed

Detection Response (MDR) platform. As the SOC collects and monitors various data sources within the

organization, it is the MDR that adds context and makes the information more valuable and actionable

within the overall threat management process.

Take the Offense by Threat Hunting

Threat hunting is the practice of being proactive in the search for cyberthreats within an organization’s

network. It is performed deep within the network to deliberately search for hidden actors and malware

that may have found a way to exist undetected otherwise. Many organizations invest in various managed

services and tools to develop their defensive strategy, but MDR threat hunting is a crucial element to

ensuring the offensive strategy is just as robust. The art of threat hunting relies on three important

elements:

• Investigation through threat intelligence and hypothesis

• Analysis of Indicators of Compromise (IoC) / Indicators of Attack (IoA)

• Machine learning and advanced telemetry

Experienced MDR analysts are highly specialized and trained specifically in hacking tradecraft. They

always take an ‘assume breach’ stance and investigate thoroughly to find evidence of suspicious

behavior or changes that may indicate the existence of threat. They rely on experience and the analysis

of current threat tactics, techniques, and procedures (TTP) to instigate hypothesis-driven hunts. The

human-powered element is a critical element and the link that synchronizes collected threat

Cyber Defense eMagazineFebruary 2022 Edition 74

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


intelligence, data logs, and advanced security technology towards an offensive method for safeguarding

businesses.

Summary

The hard reality is that cybercriminals and the market for their work have become more advanced than

ever before. Despite the constant challenge to fend them off, cybercriminals continue to evolve swiftly

in their tactics. Within the past year alone, some of the largest players in the cybersecurity arena have

fallen victim to breaches. Though the adversary moves fast, there are ways to get ahead of them. By

combining the centralized functionality of a SOC with an MDR’s capability for advanced threat hunting

and network analysis, organizations can build a robust and pragmatic security strategy to protect

themselves against cyberthreats today.

About the Author

Jon Murchison, founder and CEO of Blackpoint Cyber, started his

career in network engineering and IT operations but quickly made

the switch over to the covert world of the intelligence community. He

has since spent more than 12 years planning, conducting, and

executing high-priority national security missions. As a former NSA

computer operations expert and IT professional, he brings a unique

perspective to the mission of developing cyber defense software that

effectively detects and detains purposeful cyber intrusions and

insider threats. Jon has also helmed multiple cybersecurity

assessments, including Fortune 500 enterprises and critical port

infrastructures. Currently, Jon holds multiple patents in methods of

network analysis, network defense, pattern analytics, and mobile

platforms.

Jon can be reached online on LinkedIn, and on our company’s website https://blackpointcyber.com/

Cyber Defense eMagazineFebruary 2022 Edition 75

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


The Cybersecurity Trends You Need to Know About In

2022

By Jamie Wilson, MD & Founder, Cryptoloc Technology Group

In 2021, no sector of the Australian economy was safe from cybercrime. From government agencies to

family businesses, and every type of organisation in between, it’s been one of the worst years on record

– so it’s important to stay ahead of the curve and be aware of what’s coming down the pipeline in 2022.

The explosion in remote work and the accelerated pace of digitalisation have opened plenty of doors for

cybercriminals to walk through. The Australian Cyber Security Centre (ACSC) received a report of a cyber

attack once every eight minutes over the 2020-21 financial year, up from once every 10 minutes the

previous year, and unfortunately, those attacks will probably only become more frequent in the new year.

Cyber Defense eMagazineFebruary 2022 Edition 76

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


But when it comes to cybercrime, a little planning and preparation go a long way – so here are the trends

your organisation should be focused on in 2022.

Rules and regulations are coming

One of the reasons that cybercriminals have been able to operate with virtual impunity is that they’ve felt

secure in the knowledge that technology has always been a step ahead of regulators.

But with the total economic impact of cybercrime estimated at $3.5 billion in Australia alone, and $1 trillion

worldwide, the law is finally catching up to the threat these criminals pose – and in 2022, we can expect

to see much greater regulatory pressure to address the risk of cybercrime.

We’ve already seen legislation for consumer privacy pick up steam, beginning with the EU’s General

Data Protection Regulation (GDPR) and followed by Brazil’s General Personal Data Protection Law

(LGPD) and the California Consumer Privacy Act (CCPA). It’s a sure thing that jurisdictions around the

world – at a national level, but also at a state and local government level – will continue to pass legislation

along these lines.

But that’s just the beginning. In Australia, we’ve seen the recent introduction of emergency laws that

require the operators of ‘critical infrastructure’ to report cyber attacks to the Australian Signals Directorate

(ASD) as they happen. The laws give the ASD the power to plug into the networks of these organisations

to help them fend off attacks.

Those laws were just a prelude to a second bill, expected to be introduced in 2022, that will impose

positive security obligations on businesses, requiring them to develop risk management plans and reach

certain cybersecurity standards. Under these laws, company directors could be made personally liable

for cyber-attacks.

I expect we’ll also see the Government move to make the payment of ransomware illegal – Labor has

already introduced a bill that would require ransomware victims to disclose whenever they make a

payment, and my sense is that both sides of the aisle are keen to disincentivise and defund hackers by

criminalising payments altogether. (Whether or not this would actually help victims is a more complicated

question.)

In their totality, these laws could make the regulatory landscape more confusing and/or costly for

organisations that aren’t prepared for them. But they should also have the effect of raising the

cybersecurity floor, and setting a new standard that, quite frankly, most organisations should be meeting

already.

In much the same way that tougher legal obligations made workplace health and safety a top priority for

employers, we’ll see businesses lift their game when it comes to cybersecurity, and start taking their

stewardship of data more seriously in order to comply with new rules and regulations.

Cyber Defense eMagazineFebruary 2022 Edition 77

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cybersecurity will be treated as a company-wide responsibility

I was recently speaking to the CEO of a large organisation with 10,000 employees. I asked him how

many people were in his cybersecurity team – ‘10,000’, he responded, without missing a beat.

That’s the attitude every employer should have moving forward. Cybersecurity awareness and training

for all staff will be absolutely crucial – because while not everyone on your team needs to be an IT

professional or a cybersecurity specialist, everyone will need to be regularly briefed on the latest

techniques being utilised by cybercriminals, and be aware of best practices.

Businesses have never been more at risk, and the widening of attack surfaces that’s resulted from the

COVID-19 pandemic is a major factor. With more employees using more of their own devices, it’s harder

than ever to secure the perimeter.

IBM and Ponemon’s Cost of a Data Breach Report 2021 found that data breaches are 17.5 per cent more

costly where remote work is a factor, and that organisations that have more than half of their workforce

working remotely take 58 days longer to identify and contain breaches, on average.

That’s why every member of your team will need to be trained to make their connection more secure,

and made aware of the importance of updating passwords and patches, avoiding public networks,

backing up data regularly, and recognising the signs of social engineering scams like phishing emails.

It’s always been the case that when it comes to cybersecurity, your people have the potential to be your

biggest weakness – because if they can be tricked into granting access to an intruder, all the perimeter

security and monitoring in the world won’t be able to protect your system from being compromised.

But now, with the ever-increasing interconnectivity and borderless nature of the modern workplace, it’s

more important than ever that every link in your chain is as strong as it can be.

Cybercriminals are becoming more professional, and more predatory

It’s no secret that ransomware is on the rise. In June 2021, the Director-General of the Australian Signals

Directorate told the Parliamentary Joint Committee on Intelligence and Security there had been a 60 per

cent increase in ransomware attacks on Australian businesses over the previous 12 months.

What’s less understood is the fact that the organisations behind these attacks are becoming increasingly

sophisticated. Rather than operating as lone wolves, hackers have developed cyber cartels that operate

much like the mafia, collaborating as affiliates to pool resources, pass on stolen data, and exploit security

vulnerabilities within hours of their disclosure.

The tradecraft of ransomware is evolving at a rapid rate. In 2020, ransomware group REvil popularised

the tactic known as double extortion, which not only requires organisations to pay a ransom to unlock

their files, but also requires them to pay an additional ransom to prevent those files being leaked.

The double extortion tactic quickly became ubiquitous, and has now evolved into triple extortion, in which

ransom demands are also directed at a victim's clients or suppliers – a method we expect to see plenty

Cyber Defense eMagazineFebruary 2022 Edition 78

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


of in 2022. In effect, ransomware has become less of a singular attack, and more of a series of rolling

demands springing forth from the initial intrusion.

Cyber cartels have also begun offering ransomware-as-a-service (RaaS) to would-be cybercriminals

lacking the expertise to pull off attacks on their own, even going so far as to provide them with 24/7

technical support, in return for a slice of the unskilled attacker’s profits. This has effectively lowered the

barrier to entry to the ‘industry’ – and the more cybercriminals are active, the greater the chance that your

organisation may be targeted.

A major factor in the increasing complexity and professionalisation of these cartels is that many of them

operate freely within nation states that are willing to turn a blind eye to their activities, and even provide

them with tacit support.

These ‘contract hackers’ are carrying out state-sponsored activities, while at the same time extorting

businesses for their own financial gain. In 2021, the United States took the unprecedented step of naming

and shaming the Chinese government as the benefactors of the hackers responsible for the Microsoft

Exchange attack – but the cyber cold war has only gotten hotter since then, and you can expect more

high-profile breaches and raids on hospitals, universities and state-owned utilities in 2022.

Supply chain attacks are set to escalate

It’s one thing to ensure your own organisation is secure. But in 2022, we can expect to see attacks on

supply chains – including widely used software products and services – expand in scope and frequency.

In 2021, the high-profile Solar Winds and Kaseya hacks helped to popularise this attack vector. Closer

to home, a recent attack on external payroll software provider Frontier Software enabled hackers to

access the records of up to 80,000 South Australian government employees, including their names, dates

of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation

contributions. The records, which were stolen and published on the dark web, may even have included

Premier Steven Marshall’s details.

The PWC 2022 Global Digital Trust Insights Survey, which polled 3,602 high-ranking business,

technology, and security executives around the world, found that 56 per cent of respondents are

expecting a rise in breaches via their software supply chain in 2022.

The advantage of this approach, from an attacker’s point of view, is that they can compromise a large

number of organisations in one hit, making the potential reward for a successful attack quite significant.

The downside for you is that your organisation might be one of those affected, even if you may never

have previously been on the attacker’s radar.

Given the high risk of collateral damage if a supplier falls victim to an attack, it will be up to organisations

to closely scrutinise the security credentials and protocols of the third-party vendors they entrust with

access to their data.

Cyber Defense eMagazineFebruary 2022 Edition 79

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber insurance will become harder to obtain

Given the increasing frequency of cyber attacks, and the losses that organisations stand to incur if their

data is compromised, it makes sense that cyber insurance has become highly sought after.

The problem is that most insurers never had any real risk matrix for cybercrime, and therefore no real

sense of what they’d be left paying out. As ransomware has gone through the roof, they’ve been left

scrambling to put limits on the coverage they’re willing to offer.

Cyber insurance premiums for Australian businesses have shot up by up to 30 per cent, and are expected

to keep rising in 2022. Some insurers are refusing to take on new clients, or capping their coverage at

about half of what they used to offer.

To obtain coverage at reasonable rates in 2022 and beyond, organisations will need to be able to

demonstrate that they meet strict cybersecurity standards and are following best practices, which may

include providing cyber security education for all employees, using multi-factor authentication,

implementing zero trust policies, securely backing up and encrypting their data, and having data breach

incident response plans in place.

Of course, my stance is that cyber insurance should only be used as a last resort, and that organisations

should have these policies and practices in place anyway – because if there’s one thing we know for sure

about cyber security in 2022, it’s that cyber criminals aren’t going to take the next year off, so you can’t

afford to, either.

About the Author

Jamie Wilson is the founder and chairman of Cryptoloc,

recognized by Forbes as one of the 20 Best Cybersecurity

Startups to watch in 2020. Headquartered in Brisbane,

Australia, with offices in Japan, US, South Africa and the UK,

Cryptoloc have developed the world’s strongest encryption

technology and the world’s safest cybersecurity platform,

ensuring clients have complete control over their data. Jamie

can be reached online at www.linkedin.com/in/jamie-wilson-

07424a68 and at www.cryptoloc.com

Cyber Defense eMagazineFebruary 2022 Edition 80

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Detect Ransomware Data Exfiltration Immediately

By Randy Reiter CEO of Don’t Be Breached

Ransomeware Attacks Have Increased During the COVID-19 Pandemic

An off-site workforce has resulted in new security concerns since hackers now have many new ways to

penetrate conventional security defenses. Ransomware gangs often go undetected for weeks or months

once they have gained high level access to an organization’s network, servers and databases. The

ransomware gang may try to move laterally across other systems in an organization to access as much

confidential data as possible. Ransomeware attacks in the financial industry for example increased by

1,300% in 2021.

Prior to issuing a demand for a ransomware payment from an organization the hacker group has almost

always already exfiltrated confidential database data from the organization. The exfiltrated data is then

later sold on the Dark Web to other ransomware groups even if a ransomware payment has been made

to the original hacking group.

Cyber Defense eMagazineFebruary 2022 Edition 81

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Ransomeware Hackers May Be Hidden in Your Network for Months

• JBS May 31, 2021. JBS is one of the largest meat suppliers in the US. Hackers caused it to

temporarily halt operations at its five largest US-based plants. The ransomware attack also

disrupted the company's Australia and UK operations. JBS paid the hackers $11 million in

ransom money. The hackers began with a reconnaissance phase in February 2021, followed

by Data Exfiltration from March 1 to May 29, 2021.

• Colonial Pipeline May 6, 2021. The largest refined’ products pipeline in the US went offline on

May 6 h . The pipeline covers 5,500 miles and transports 100 million gallons of fuel daily. The

hackers gained access to their network April 29. On May 6 Data Exfiltration began with the

hackers stealing 100 gigabytes of data before locking Colonial Pipeline computers with

ransomeware. The pipeline paid hackers $4.4 million in ransom money on May 7th.

• CNA Financial March 23, 2021. CNA Financial, the seventh largest commercial insurer in the

US announced it had sustained a sophisticated cybersecurity attack. CNA Financial eventually

paid $40 million in May 2021 to get its data back.

Conventional approaches to cyber security may not prevent Data Exfiltration and Data Breaches. In

2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency recognized this

and all issued requests for proposals (RFP) for network full packet data capture for Deep Packet

Inspection analysis (DPI) of network traffic. This is an important step forward protecting confidential

database data and organization information.

Zero-day vulnerabilities that allow hackers to gain system privileges are a major threat to all

organizations encrypted and unencrypted confidential data. Confidential data includes: credit card, tax

ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland

security, power grid and public utility data. This confidential data is almost always stored in DB2,

Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL and SAP Sybase databases.

How to Stop Data Exfiltration and Data Breaches with Deep Packet Inspection

Protecting encrypted and unencrypted confidential database data is much more than securing

databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders

and Supply Chain Attacks.

Non-intrusive network sniffing technology can perform a real-time Deep Packet Inspection (DPI) of

100% the database activity from a network tap or proxy server with no impact on the database servers.

The database SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users

typically process daily 2,000 to 10,000 unique queries or SQL commands that run millions of times a day.

Deep Packet Analysis does not require logging into the monitored networks, servers or databases. This

approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity

24x7 and 100% protection of confidential database data.

Cyber Defense eMagazineFebruary 2022 Edition 82

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Advanced SQL Behavioral Analysis from DPI Prevents Data Exfiltration and Data Breaches

Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what

the normal database activity is. Now the database query and SQL activity can be non-intrusively

monitored in real-time with DPI and non-normal SQL activity immediately pinpointed. This approach is

inexpensive to setup and has a low cost of operation. Now non-normal database activity from Hackers,

Rogue Insiders or and Supply Chain Attacks can be detected in a few milli seconds. The Security Team

can be immediately notified and the Hacker session terminated so that confidential database data is not

stolen, ransomed or sold on the Dark Web.

About the Author

Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools

company. He is the architect of the Database Cyber Security Guard

product, a database Data Breach prevention product for DB2, Informix,

MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SAP

Sybase databases. He has a Master’s Degree in Computer Science and

has worked extensively over the past 25 years with real-time network

sniffing and database security. Randy can be reached online at

rreiter@DontBeBreached.com, www.DontBeBreached.com and

www.SqlPower.com/Cyber-Attacks.

Cyber Defense eMagazineFebruary 2022 Edition 83

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Understanding Identity Detection and Response

Identity Detection and Response (IDR) is a new enterprise cybersecurity method that relies on the use

of identity-related information to identify that a malicious attack campaign such as ransomware might

be on-going on a corporate network.

By Dr. Edward G. Amoroso Chief Executive Officer, TAG Cyber LLC

Introduction

Cyber defenders categorize security protections as either preventive or reactive. Preventive security,

such as strong authentication, focuses on stopping something bad from happening. Reactive security,

such as log analysis, deals with bad situations that have already commenced or completed.

The prevention argument is that the cost and effort required to avoid a security problem will always be

less than the corresponding cost and effort to respond and recover. The reactive argument is also familiar:

Hacking is inevitable, goes the claim, so you’d better be ready to deal with problems as they occur.

Regarding identities, which are central to every modern cybersecurity approach, the preventive aspect is

controlled by identity and access management (IAM). Every practitioner will recognize IAM as consisting

of the registration, administration, protection, and coordination of identities to support access policies to

data and resources.

Cyber Defense eMagazineFebruary 2022 Edition 84

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


In contrast, the corresponding reactive component for identities is just emerging. Known as identity

detection and response (IDR), the new approach involves using metadata and telemetry from identities

to detect, mitigate, and recover from enterprise attacks such as advanced persistent threats (APTs) and

ransomware.

Cyber Attack Progression

Many attack strategies have been proposed including the MITRE ATT&CK framework 1 and the Lockheed

Kill Chain 2 . The three-step process presented below simplifies these more complex models into the three

most fundamental phases of every offensive cyber campaign.

Phase 1: Accessing the Target

The initial phase of any cyber breach involves exploiting weaknesses in an attack surface to enter a

protected network, domain, system, or other entity. When crossing a perimeter, such access is referred

to as a north-south connection, and firewall-based controls are designed to disallow such connection

based on policy enforcement. Physical perimeters have recently been replaced with software-defined

ones, but the control objective remains.

Phase 2: Traversing the Target

The second phase of a cyber breach involves lateral traversal and privilege escalation, often through

theft and misuse of credentials and access to resources such as Microsoft Active Directory (AD). When

this occurs slowly, we refer to the process as dwelling, and one of the toughest challenges for defenders

involves minimizing attacker dwell time. This report makes the case that IDR offers hope that this

challenge might be addressed.

Phase 3: Consummating the Attack

The final phase involves the attacker consummating the attack, either by exiting the targeted domain with

stolen data, pushing the button on some integrity or availability attack, or otherwise taking whatever step

is required to cause the intended consequence of the attack. Once this has occurred, the best that

defenders can do is to respond, and this report also makes the case that IDR assists in this process.

1

https://attack.mitre.org/

2

https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Cyber Defense eMagazineFebruary 2022 Edition 85

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Figure 1. Three-Phase Attack Process Model

What is Identity Detection and Response?

The identity detection and response (IDR) strategy involves focusing on obtaining evidence during the

latter two attack phases shown in Figure 1 that an adversary is traversing the targeted entity and

preparing to create unwanted consequences. IDR relies on the following strategic protection activities by

enterprise defenders:

Establishing Identity Visibility

With the dissolution of the perimeter, identities have become the new basis for access management. As

a result, visibility into identity-related attack activity information is now a key source of attack surface risk

and an indication that security anomalies might be present. This represents a major shift in how intrusion

detection can be accomplished in the enterprise.

Protecting Credentials

One weak or exposed credential can open the door for an attacker. Identity security starts with finding

and removing exposed credentials. Policy-based controls can also bind credentials to their credential

stores and prevent misuse. Used in conjunction with concealment and deception technology,

organizations can also prevent theft and misuse by hiding production credentials and using deception

lures and fake artifacts to trick attacker tools and divert the attack to decoys.

Addressing Directory Services

For many enterprise teams, their most essential identity resource is Microsoft Active Directory (AD).

Through AD, administrators create new users, groups, and domains to set up policy-based enforcement

Cyber Defense eMagazineFebruary 2022 Edition 86

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


of how PCs, laptops, and other Windows-based services are accessed and managed. Adversaries thus

target AD to gain domain control. Given that it is intrinsically insecure, the success rate for exploits it is

generally high.

Focusing on Privileges

A key activity in the attack strategy for malicious actors involves escalating privileges and entitlements

during dwell time and lateral traversal across the targeted enterprise. For this reason, IDR must also

focus on this privilege-based aspect of an offensive campaign to detect that an anomaly might be present,

and that some security action will be required.

Figure 2. A Platform Model for Identity Detection and Response (IDR)

Commercial implementations of these IDR requirements are beginning to appear – and all seem to tout

the benefits of early detection of lateral traversal, directory-based probing, and misuse of privileges.

Enterprise security teams now understand that IDR is emerging as a new required area of control for

their network.

Action Plan

Security teams should develop a plan to determine how best to leverage IDR solutions to reduce cyber

risk. While the context of each enterprise will vary based on its local systems and infrastructure, most

teams will benefit by following the steps listed below.

Cyber Defense eMagazineFebruary 2022 Edition 87

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Step 1: Review of Identity-Related Exposures and Data Collection

The enterprise team should begin with an inventory of how identity-related vulnerability and live attack

activity information is being handled today to determine exposures, attack status, and posture. In many

cases, the answer will be that this is not being done.

Step 2: Vendor Assessment and Review

The enterprise team is next advised to perform a commercial IDR platform review. This usually involves

proof-of-concept testing in either a realistic simulated environment or on a live production network.

Step 3: Implementation Planning

Implementation planning involves phased introduction, especially for larger, more complex organizations.

The goal, of course, is to deploy IDR quickly to begin detecting identity-based exposures and lateral

traversals that might be occurring in the enterprise.

To learn more about IDR and what to pay attention to throughout the IDR selection and implementation

process, check out my recent report sponsored by Attivo Networks. This report provides a plan for

determining how to use IDR for risk mitigation and highlights the practical use of this technology though

the Attivo Networks platform.

About the Author

Dr. Edward Amoroso, Founder and CEO of TAG Cyber,

is an experienced CEO, CSO, CISO, University

Professor, Security Consultant, Keynote Speaker,

Computer Science Researcher, and Prolific Author (six

published books). Dr Amoroso is skilled in

Cybersecurity, Network Architecture, Wide Area

Network (WAN), Managed Services, and Network

Design. He has a PhD in Computer Science from the

Stevens Institute of Technology and is a graduate of Columbia Business School. He Directly served four

Presidential Administrations in Cybersecurity, and now serves as a Member of the M&T Bank Board of

Directors, Senior Advisor for the Applied Physics Lab at Johns Hopkins University, Adjunct CS Professor

at the Stevens Institute of Technology, CS Department Instructor at New York University, and Member

of the NSA Advisory Board (NSAAB). Dr. Amoroso can be reached at eamoroso@tag-cyber.com.

Cyber Defense eMagazineFebruary 2022 Edition 88

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Insurance: What Executives Need to Know Before

Obtaining Coverage

By Amanda Surovec, Director of Security Engagement and Claims, Resilience Cyber Insurance

Solutions, and Shawn Melito, Chief Revenue Officer, BreachQuest

Introduction

In the last six months, cyber attacks increased by 29 percent worldwide, as thousands of global

organizations and insurers can attest to. This trend has been a driving factor for the growth of cyber

insurance, which has come a long way in the last twenty plus years. However, even then, cyber experts

were raising the alarm on attacks, calling attention to how easy it was for hackers to successfully breach

a system and how little legislation there was to ensure breaches were handled appropriately.

Fast forward twenty years and these concerns have developed into full-fledged crises. Technology, the

internet and growth of the software as a service (SaaS) industry have led to the majority of sensitive

customer and company data being located online, and hackers have come to understand the incredible

value of this data. Not only is this information essential to day-to-day operations but being breached can

damage customer trust. With so much at stake, cyber insurance has become a top priority for many

SaaS-based businesses, yet with the rise of cyber threats and a hardening of the insurance market,

obtaining coverage is becoming more difficult.

Cyber Defense eMagazineFebruary 2022 Edition 89

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Creating a Game Plan

On a global scale, cybercrime is expected to reach $10.5 trillion annually by 2025, up from $3 trillion in

2015. So, when is a company “ready” to purchase cyber insurance? We hear this question a lot in our

line of work.

To start, any company that uses a computer system and the internet as part of conducting its business,

or collects personally identifiable information (PII) of employees, clients, or third-parties, should be

pursuing cyber insurance if they do not have it already. The specific type of coverage, and how much

insurance a company should have, can vary greatly based on the size and industry of the organization.

In order to determine what is best for your company, and to help you prepare to purchase cyber

insurance, you should start with conducting a cyber risk assessment and request a technical consultation

with security and insurance broker experts. This risk and technical assessment will help you determine

any potential gaps or areas for improvement in your organizations’ cyber security program, and help you

decide what kind and how much coverage to purchase.

Once you determine your organizations’ specific cyber insurance needs, your insurance broker will help

you find the right cyber insurance carrier to best serve those needs. Some cyber insurance carriers, such

as Resilience, provide additional risk management benefits during the procurement process and

throughout the policy period to help organizations secure coverage and better improve their cyber risk

posture.

Dress to Impress

With a hardening cyber market, securing cyber insurance can be challenging for even security-conscious

organizations. That said, even before coverage is secured, brokers and insurers work with existing and

potential clients to mitigate cyber risk. Once it has been determined that your business is ready for cyber

insurance, executives can work with them to navigate what security actions need to be taken to ensure

that the cost/risk benefit of the insurance plan will be balanced.

Those that want to secure coverage should be able to come to the table with a robust cyber security plan

that details where their data is located and how they protect it. This might include analyzing and

implementing tools like VPNs and Endpoint Detection and Response (EDR), reconfiguring system

infrastructure, adding multi-factor authentication, segmenting data and networks to better control access

to help mitigate doxxing attacks, and utilizing backup functionalities that are tightly air gapped.

Once set-up, organizations need to test these environments. If security tooling is in place, but done so or

configured incorrectly, hackers can still breach the system through known vulnerabilities or brute force

attacks. However, testing can mitigate this drastically, as well as help an organization determine if

vulnerability management and patching should be done in-house or be outsourced. Security teams

should also be trained on how to monitor and patch systems, privacy protection protocols and how to

identify phishing attempts. If they are unable, then these functions must be outsourced.

Cyber Defense eMagazineFebruary 2022 Edition 90

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Keeping Premiums Low Once Coverage is Secured

Once secured, cyber insurance premiums can be kept low on renewal by continuously improving upon

pre-established security postures, a process that can greatly help prevent attacks, such as those from

business email compromise or ransomware. Still, successful attacks happen and when they do, taking

the proper steps to mitigate risk can help keep your premiums low.

If a breach occurs and company data is being held for ransom, companies need to implement strict

policies that restrict anyone at the organization from reaching out to the threat actor. We have seen many

cases where someone on either the security or leadership team contacted the hacker and divulged

information that made the situation even harder to resolve. Examples include providing their names,

company, whether they have a cyber insurance policy and the value of the data that was taken - giving

more power to the hacker than intended. Keep in mind, hackers don’t always know who they have

attacked and how valuable the data they found is. Instead, teams should contact an experienced recovery

and remediation group, along with their cyber insurance company, to get assistance as quickly as

possible. With this approach, experts can begin to rebuild company infrastructure even as negotiations

play out. It might be counter-intuitive to get the bill running sooner, but at the end of the day, it is almost

always the most cost-effective option. This act reduces the potential business interruption claim, gets a

head start on recovery and identifies systems that could be re-built or upgraded vs. paid to unlock faster.

Having your counsel work with regulators when breached has also become more essential than ever.

Most recently, in September 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control

(OFAC) produced an updated advisory on the use of digital currencies in ransomware attacks and other

financial crimes, discouraging companies from simply paying the ransom to regain operational control

after a successful ransomware attack. While these advisories are aimed at the payment of ransoms to

sanctioned entities, it also may address the ballooning of ransom demands and spiking cyber insurance

costs over the past year.

In working with the client, their counsel, an IR firm and the insurer, the decision to pay a ransom is always

determined on a case-by-case basis, and only after an expert analysis of the situation can be compiled

and payment due diligence completed. While there are still times when a ransom is paid, more and more

often, companies are alternatively using the resources provided by their insurer to remediate and rebuild.

Even with much of the cyber insurance landscape still in flux, opting into cyber insurance can provide a

sense of security if a victim of a cyber attack. It can help companies recover after a data breach when

thousands or even millions of dollars are accrued from business disruption, revenue loss, legal fees,

forensic analysis and more. To best obtain cyber insurance, working directly with brokers and insurers

that can provide advice for setting up security tooling and processes and protocols can be a huge boon

for candidates. Even as coverage is secured, keeping premiums low can be addressed by maintaining

and improving upon internal and external security practices, which can help mitigate risk further, making

your systems protected from the majority of inevitable attacks. And, should a breach occur, calling your

broker, insurance agent and associated firms at the first sign of a breach, such as remediation and

recovery or those well-versed in OFAC regulations, will enable businesses to get back online faster, with

more business value intact.

Cyber Defense eMagazineFebruary 2022 Edition 91

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Amanda Surovec is the Director of Security Engagement and

Claims for Resilience Cyber Insurance Solutions where she

oversees client onboarding and the Resilience Ransomware War

Game Table Top Exercises. Previously, Surovec served as a

claims manager at Beazley and as a claims specialist at Sphere

Risk Partners. Surovec attended Penn State University where she

earned a BA in Human Development and Family Studies.

Shawn Melito serves as Chief Revenue Officer for BreachQuest.

He is responsible for marketing and business development

activities as they relate to the cyber insurance community,

including breach coaches, cyber insurance companies and

brokers. He brings over 20 years of management experience to

his role. Previously, Shawn was a managing director for Kivu

Consulting and a management consultant, information systems

analyst, and business unit leader for NPC’s Immersion Data

Breach Response Service group, a leading notification and call

center service provider to the cyber insurance community. He is

a certified information privacy professional (CIPP/US) through

the International Association of Privacy Professionals (IAPP) and

a previous member of their Canadian Advisory Board. He has

chaired and spoken at many cyber insurance industry

conferences. Shawn has a B.A. from the University of Toronto

and an M.B.A. from the Richard Ivey School of Business in

London, Ontario.

Cyber Defense eMagazineFebruary 2022 Edition 92

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Data Security Must Be a Priority as Employees Quit in

Record Numbers

By Tim Sadler, Co-founder and CEO, Tessian

The massive labor upheaval that dominated headlines in 2021 shows no signs of slowing down. The

latest U.S. jobs report showed that 4.5 million people voluntarily left their jobs in November of 2021, a

record high. Whether you call it the Great Resignation, Great Re-evaluation or Great Reshuffle, it’s not

easing any time soon— and it could be a major data security risk for companies.

Many companies are hiring remote employees to fill the gaps left by record turnover, creating a wider

surface area that must be secured. Meanwhile, the influx of employees coming into or leaving an

organization provides opportunity for more data breaches. This can have serious consequences, from

Cyber Defense eMagazineFebruary 2022 Edition 93

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


potential compliance violations and regulatory fines to a loss of customer trust. Data security must be a

central focus for IT and security teams as we continue to see the impact of an uncertain labor market.

Mid-career employees are resigning— and taking data with them

Turnover trends have shifted since the start of the pandemic. Rather than early-career employees who

dropped out of the workforce early on to pivot their careers or pursue passion projects, turnover rates are

now highest among mid-career employees. These employees are likely to be very knowledgeable and

experienced in their role. They’re looking for more flexibility, better benefits and salary, or a company

mission that aligns with their values.

What does this mean for security? Mid-career employees are more likely to have a detailed knowledge

of an organization’s products, processes and customers. What’s more, they may have greater access to

sensitive (and potentially lucrative) data.

Data exfiltration is a widespread problem when employees leave a company. A Tessian report found that

45% of employees said they’ve “stolen” data before leaving or after being dismissed from a job. The

Verizon Data Breach Investigations Report found that 72% of staff take some company data with them

when they move on, although it isn’t always intentional. They also found that 70% of intellectual property

theft occurs within the 90 days before an employee’s resignation announcement.

Fortunately, there are signs that security teams can look out for to help spot and avoid data exfiltration.

The key is to look for anomalous behavior; for example, major changes in email activity, an employee

accessing documents or files at odd hours, or an increase in data transfers. Email is a popular method

for these exfiltration attempts— employees will often email files or documents to a personal address—

so securing this channel before a turnover surge is crucial. It’s also important for security and IT teams

to be involved in the offboarding process to adjust data access privileges when someone resigns or

changes their role.

New staff are vulnerable to external security threats

New employees who are hired to replace staffing gaps are often vulnerable to external threats like

phishing and social engineering attacks. This is because they may not have met all their colleagues in

person, while remote employees may be even less familiar with their colleagues and less able to verify a

legitimate request. Malicious actors know this and will specifically target new employees in spear phishing

and social engineering attacks.

How do malicious actors know who has started a new job recently? All it takes is a quick search on social

media. A report from Tessian found that 93% of U.S. employees post about a new job on social media

Cyber Defense eMagazineFebruary 2022 Edition 94

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


sites like Facebook or LinkedIn. Cybercriminals use this information to develop targeted scams designed

to trick new employees into sharing valuable data or login credentials, and even wiring money.

According to the FBI, $26 billion has been lost to these kinds of business email compromise attacks since

2016. In one costly example, a scammer posed as the CEO to trick an employee into transferring $17.2

million to a Shanghai bank account as part of a fake deal to acquire another company. New employees

in particular may not be familiar with their new CEO and what type of request is abnormal or suspicious,

so it’s important to train them quickly and effectively.

Comprehensive cybersecurity training should be part of the early onboarding process for all new

employees to help avoid these data security risks. Training should be tailored specifically to the unique

needs and risk factors of new and remote employees and delivered in real-time rather than at mandatory

quarterly trainings. Basic security hygiene can also be effective at preventing data loss. New and existing

employees should be consistently reminded of best practices and what to look for in a suspicious email.

Data security and hiring challenges are intertwined

No matter the issue — hiring new staff, addressing turnover, or preventing burnout among employees

that stay in their roles — IT and security teams must be brought in so that data security impacts are

foreseen and addressed. In these instances, securing the “human layer,” or the employees that handle

a company’s most sensitive data, should be a priority.

Securing important communications channels like email and establishing real-time, automated

cybersecurity training for employees is an important part of the solution. Empower employees to work

both productively and securely by making them part of the solution. Encourage them to report mistakes

or suspicious activity to the IT and security team without fear of repercussions. When an employee

resigns, make sure to walk through data security policies and set clear expectations to avoid inadvertent

exfiltration. By building these processes into the full lifecycle of an employee’s experience, organizations

can help prevent The Great Resignation from turning into a data security nightmare.

Cyber Defense eMagazineFebruary 2022 Edition 95

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Tim is the CEO and co-founder of Tessian. He holds three

Masters degrees in design, engineering and innovation from

Imperial College and formerly worked in HSBC's Global

Banking division. Learn more about Tim on Twitter and at

Tessian.com.

Cyber Defense eMagazineFebruary 2022 Edition 96

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Why Building Managers Need to Prioritize Cybersecurity

By Shaun Cooley, Founder and CEO of Mapped

In an age increasingly dominated by the internet of Things (IoT), buildings have become elaborate

networks of software and hardware designed to monitor and control complex mechanical and operational

systems. Building owners and operators rely on teams of suppliers to install and integrate these systems,

often across multiple properties. These systems improve the quality of the building for users and

managers alike. However, each time a supplier connects to your system, that connection can expose

your building to security threats that can proliferate across your entire portfolio. There are several critical

ways that cyber attackers can use devices to access a building’s systems, including:




Open ports that connect to all systems in a building

Remote support and software update connections

Search engines like Shodan that can identify servers that are connected to the internet

There is always a level of risk to integrating, managing and updating a building’s myriad systems. You

can’t reliably predict the security habits of multiple vendors and managing their systems involves more

Cyber Defense eMagazineFebruary 2022 Edition 97

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


than enforcing physical security. The cloud is a wonderful asset, but multiple connections magnify the

possibility of security breaches.

The solution? Move your perimeter to the cloud

A secure cloud platform that manages access to your systems will improve your security profile and

reduce risk to your systems. To help mitigate these potential security threats, there are certain key

features you should look for in a cloud solution. These include:

Streamlined access to your systems A cloud platform with a single cloud API decreases

security vulnerabilities because it reduces the number of access points to one. Your suppliers

integrate their systems through the cloud API instead of ports in multiple buildings. This eliminates

physical access to your systems and significantly reduces the threat of an on-premises attack.

Integration with all the devices, systems, and sensors in your environment A building can

have 50 or more different systems, including BAS, HVAC, lighting controls, Wi-Fi, digital signage

and more. Your solution should be able to integrate all your systems and provide visibility and

fine-grain control of the data flow between building systems, devices, sensors, and applications.

Monitoring capabilities You should be able to track and monitor the current state of all

environments and control data accessed by internal and external entities. A viable solution should

have the capability to monitor your environments for operational data, firmware and other updates.

Cyber Defense eMagazineFebruary 2022 Edition 98

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


It should also provide the means for peer communications as an ideal source for detecting

unexpected changes to the environment and establishing zero-trust policy. You will be able to

quickly identify any fluctuations in access or data flow that could signal a cyberattack.

Visibility and fine-tuned control of data When you’re collecting data from multiple vendors, you

can lose sight of where data is originating, transiting, and landing in your system. A solution should

let you tag data for easy identification and provide controls that determines who can access the

data.

Some solutions provide account-level access to data types, but that leaves a security gap when it comes

to giving access to actual data. A preferred solution is one where you can tag the data by location, system

type, or personal identifiable information (PII). For example, if data from a badge reader is tagged as PII,

you should be able to identify and limit access to that information.

Protection through a single, secure pipeline solution

Suppliers plug devices into building systems without thinking of the impact to your overall system. The

lack of security protocols that led to the Target attack back in 2013 hasn’t remained an isolated incident.

In 2020, hackers attacked building access control systems and downloaded malware that turned the

system into a distributed denial-of-service (DDoS) bot.

As ransomware and other attacks continue to rise, you need a dynamic solution to monitor and protect

your environment. A secure and reliable API can change the dynamic for managing complex

Cyber Defense eMagazineFebruary 2022 Edition 99

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


environments. Moving access from your physical environment to a cloud platform with a single point of

access and secure encryption can reduce risk and protect your systems.

About the Author

Shaun Cooley is the Founder and CEO of Mapped, the first data

infrastructure platform for commercial and industrial IoT (Internet

of Things). In his prior role as VP.CTO for Cisco’s Internet of

Things (IoT) Business, he was responsible for Cisco’s long-term

IoT technology strategy. This included shaping product

architecture, security, privacy, and technology partnerships, as

implemented by Cisco’s IoT business, advising governments on

IoT regulation, driving Cisco’s participation in IoT related

standards bodies and consortia, and championing innovation to

solve existing or anticipated industry needs.

Prior to joining Cisco, Shaun was a Distinguished Engineer for Norton, by Symantec, where he was a

driving force in Norton’s shift from utilities to security. Over his 18-year tenure, Shaun contributed to the

creation and advancement of offerings in the Norton portfolio – a product portfolio that produces over $2

Billion in annual revenue.

Shaun has over 25 years of industry experience, holds a master’s degree in computer science from

University of Illinois, and is a Certified Information Systems Security Professional (CISSP). He is named

inventor on 121 issued United States patents with over 100 more pending. He is an active angel investor

and a start-up mentor through Acceleprise SF and advisor for Deep Angels. Shaun was previously a

director of the Open Connectivity Foundation and former board member of Attivo Networks.

Shaun can be reached on Twitter at @shauncooley and, and more information can be found about

Mapped at mapped.com.

Cyber Defense eMagazineFebruary 2022 Edition 100

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 101

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 102

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 103

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 104

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 105

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 106

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 107

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 108

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 109

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 110

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 111

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 112

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 113

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 114

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 115

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 116

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 117

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 118

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 119

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 120

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 121

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 122

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


CyberDefense.TV now has 200 hotseat interviews and growing…

Market leaders, innovators, CEO hot seat interviews and much more.

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

Cyber Defense eMagazineFebruary 2022 Edition 123

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2022, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, Cyber

Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2022, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at

marketing@cyberdefensemagazine.com

Cyber Defense Magazine

276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

marketing@cyberdefensemagazine.com

www.cyberdefensemagazine.com

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 02/02/2022

Cyber Defense eMagazineFebruary 2022 Edition 124

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

(with others coming soon...)

10 Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. It's mobile

and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365

uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS and CyberDefenseMagazine.com up and running as an

array of live mirror sites and our new B2C consumer magazine CyberSecurityMagazine.com. Millions of

monthly readers and new platforms coming…starting with www.cyberdefenseconferences.com this

month…

Cyber Defense eMagazineFebruary 2022 Edition 125

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 126

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 127

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 128

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 129

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineFebruary 2022 Edition 130

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!