Cyber Defense eMagazine March Edition for 2022

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors). Please check them out and see how much more CDMG has to offer! Very respectfully and with much appreciation, Gary Miliefsky, Publisher

The view from the Publisher’s desk is very encouraging, based on celebrating 10 years of growth and success at Cyber Defense Magazine! When our tiny team began our journey at Cyber Defense Media Group (CDMG) together in January 2012, we were happy to help smaller, lesser-known innovators of infosec, get their message out there and Rise Above the noise. Now, after 10 years, we’re even helping multi-billion-dollar companies and governments around the globe with our offices in DC, London, FL, NY and other locations in play, as we continue to scale, thanks to you – our readers, listeners, viewers and media partners. Beyond the magazine, in response to the demands of our markets, the scope of CDMG’s activities has grown into many media endeavors. They now include Cyber Defense Awards; Cyber Defense Conferences; Cyber Defense Professionals (job postings site being revamped); Cyber Defense TV, Radio, and Webinars; and Cyber Defense Ventures (partnering with investors).
Please check them out and see how much more CDMG has to offer!

Very respectfully and with much appreciation,
Gary Miliefsky, Publisher


Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Why Changing Classified Document Status<br />

Can Affect Risk Levels and How Proactive<br />

<strong>Cyber</strong>security Methods Can Help<br />

Ransomware — Encrypt Your Data Be<strong>for</strong>e<br />

Others Do<br />

The Role of The CFO In Enterprise <strong>Cyber</strong><br />

Security<br />

…and much more…<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 1<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.


Welcome to CDM’s <strong>March</strong> <strong>2022</strong> Issue ----------------------------------------------------------------------------------- 7<br />

Why Changing Classified Document Status Can Affect Risk Levels and How Proactive <strong>Cyber</strong>security<br />

Methods Can Help ---------------------------------------------------------------------------------------------------------- 18<br />

By Sam Hutton, SVP, Glasswall<br />

The Fragility of a GPS Centric World and the Importance of eLORAN ----------------------------------------- 21<br />

By Dan Dickey, President, Continental Electronics Corporation<br />

The Role of The CFO In Enterprise <strong>Cyber</strong> Security ------------------------------------------------------------------- 25<br />

By Glenn Murray, CEO at Sapien <strong>Cyber</strong><br />

The Safest Ways <strong>for</strong> Bitcoin Trading ----------------------------------------------------------------------------------- 29<br />

By Robert Wilson, Freelancer<br />

Ransomware — Encrypt Your Data Be<strong>for</strong>e Others Do ------------------------------------------------------------- 32<br />

By Robert Freudenreich, CTO and Founder, Secomba GmbH | Boxcryptor<br />

Endpoint Malware and Ransomware Volume Already Exceeded 2020 Totals by the End of Q3 2021 36<br />

By Corey Nachreiner, CSO, WatchGuard Technologies<br />

Don’t Become a Horrible Headline: Some Tips on Redesigning Your Threat Posture <strong>for</strong> The <strong>2022</strong> Threat<br />

Landscape --------------------------------------------------------------------------------------------------------------------- 39<br />

By Omar Zarabi, Founder and CEO, Port53 Technologies<br />

Have We Learned from Our Past Mistakes to Prevent Future <strong>Cyber</strong>attacks? ------------------------------- 43<br />

By Marc Packler, President, CISO Advisory, Silent Quadrant<br />

How to strengthen cyber resilience with Unified BCDR ----------------------------------------------------------- 47<br />

By Joe Noonan, General Manager, Unitrends and Spanning<br />

3 <strong>Cyber</strong>security Certainties <strong>for</strong> <strong>2022</strong>------------------------------------------------------------------------------------ 50<br />

By Bill Moore, XONA<br />

Is XDR The Right Solution <strong>for</strong> Today’s Security Threats? ---------------------------------------------------------- 53<br />

By Steve Garrison, VP Marketing, Stellar <strong>Cyber</strong><br />

Why the Future of Threat Detection and Prevention is Unified Security and Risk Analytics ------------- 56<br />

By Sanjay Raja, VP of Product Marketing at Gurucul<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 2<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Tips And Trends <strong>for</strong> OT <strong>Cyber</strong>security In <strong>2022</strong>: More SOAR, <strong>Cyber</strong> Hygiene And Renewed Compliance<br />

----------------------------------------------------------------------------------------------------------------------------------- 60<br />

By Peter Lund, Vice President of Product Management at OT security company Industrial Defender<br />

Top 10 Reasons <strong>Cyber</strong> <strong>Defense</strong> Firms Should Hire Veterans------------------------------------------------------ 63<br />

By Bryon Kroger, Founder of Rise8<br />

5 Reasons Organizations Need Comprehensive AD Security Across Cloud and On-Prem ----------------- 67<br />

By Justin Kohler, Director of BloodHound Enterprise at SpecterOps<br />

Directed Analytics - The Future of Data Management ------------------------------------------------------------ 71<br />

By Simon Rolph, CEO & Founder of Such Sweet Thunder<br />

Phishing Techniques in Disguise: What to Look <strong>for</strong> And Why You Should ------------------------------------ 74<br />

By By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto<br />

Are You Prepared <strong>for</strong> the New Normal of Jekyll and Hyde Data?----------------------------------------------- 77<br />

By Howard Ting, CEO, <strong>Cyber</strong>haven<br />

How To Defend Railway Subsystems from Targeted <strong>Cyber</strong>-Attacks ------------------------------------------- 80<br />

By Michael Cheng, Director at TXOne Networks & C. Max. Farrell, Senior Technical Marketing Specialist at<br />

TXOne Networks<br />

Biggest <strong>Cyber</strong> Trend in <strong>2022</strong> ---------------------------------------------------------------------------------------------- 84<br />

By Guy Rosefelt, CPO, Sang<strong>for</strong> Technologies<br />

On The Frontline in The War Against Hackers ----------------------------------------------------------------------- 89<br />

By Damien Fortune, Chief Operations Officer of Secured Communications<br />

How to Fix Mid-Market Security Using Intelligent Automation and AI --------------------------------------- 91<br />

By Guy Moskowitz, CEO, Coro<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 3<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

5 Ways <strong>Cyber</strong>security Will Change In <strong>2022</strong> --------------------------------------------------------------------------- 95<br />

By Jaime Coreano, Vice President of Sales – Flexxon<br />

Executive Order Instructs Certain Organizations to Improve Their <strong>Cyber</strong>security Stance ---------------- 99<br />

By Bob Thibodeaux, Chief In<strong>for</strong>mation Security Officer, <strong>Defense</strong>Storm<br />

Too Hot to Handle:The case <strong>for</strong> Zero Trust and SASE ------------------------------------------------------------ 103<br />

By Jonathan Lee, Senior Product Manager, Menlo Security<br />

Lessons Learned: In the Principle Of “Least Privilege,” Where Do Companies Fall Short? -------------- 106<br />

By Raj Dodhiawala, President, Remediant<br />

Redefining Resilience in The New World of Work ---------------------------------------------------------------- 109<br />

By Andrew Lawton, CEO of Reskube Ltd<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 4<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.


From the<br />

Publisher…<br />

Dear Friends,<br />

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a<br />

Platinum Media Partner of RSA Conference on June 06 – 09 , <strong>2022</strong> – See You There!<br />

As international tensions rise, and manifest themselves as cybersecurity threats and attacks, the role of<br />

<strong>Cyber</strong> <strong>Defense</strong> Media Group becomes even more important than during “ordinary” times. We face both<br />

a reality and a challenge, but one we are well prepared to undertake.<br />

As our Editor-in-Chief has noted in his welcome message, we are now emphasizing immediacy of issues,<br />

and moving away from a fixed annual calendar, in order to support our community in responding<br />

effectively to the most pressing cybersecurity issues of the day.<br />

In that spirit, let me take this occasion to invite both our contributors and readers to submit, or suggest<br />

topics <strong>for</strong>, articles you perceive to be most valuable to you in your professional activities. “Actionable<br />

intelligence” continues to be our watchword, and we welcome thoughts and suggestions from our entire<br />

community.<br />

I would like to reiterate that, beyond the magazine, in response to the demands of our markets, the scope<br />

of CDMG’s activities has grown into many media endeavors. We now offer <strong>Cyber</strong> <strong>Defense</strong> Awards;<br />

<strong>Cyber</strong> <strong>Defense</strong> Conferences; <strong>Cyber</strong> <strong>Defense</strong> Professionals (job postings); <strong>Cyber</strong> <strong>Defense</strong> TV, Radio,<br />

and Webinars; and <strong>Cyber</strong> <strong>Defense</strong> Ventures (partnering with investors).<br />

Please check them out and see how much more CDMG has to offer!<br />

The full list, with links, can be accessed at:<br />

https://www.cyberdefensemagazine.com/cyber-defense-media-group-10-year-anniversary-dailycelebration-in-<strong>2022</strong>/<br />

Warmest regards,<br />

Gary S.Miliefsky, CISSP®, fmDHS<br />

CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

P.S. When you share a story or an article or in<strong>for</strong>mation about<br />

CDM, please use #CDM and @<strong>Cyber</strong><strong>Defense</strong>Mag and<br />

@Miliefsky – it helps spread the word about our free resources<br />

even more quickly<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 5<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.



Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />

and distributed electronically via opt-in Email, HTML, PDF and<br />

Online Flipbook <strong>for</strong>mats.<br />


Yan Ross, JD<br />

Yan.Ross@cyberdefensemediagroup.com<br />


Marketing Team<br />

marketing@cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

Toll Free: 1-833-844-9468<br />

International: +1-603-280-4451<br />

http://www.cyberdefensemagazine.com<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />


1717 Pennsylvania Avenue NW, Suite 1025<br />

Washington, D.C. 20006 USA<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />


Gary S. Miliefsky, CISSP®<br />

Learn more about our founder & publisher at:<br />

http://www.cyberdefensemagazine.com/about-our-founder/<br />


Providing free in<strong>for</strong>mation, best practices, tips, and techniques<br />

on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong> magazine is your<br />

go-to-source <strong>for</strong> In<strong>for</strong>mation Security. We’re a proud division<br />

of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />





<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 6<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Welcome to CDM’s <strong>March</strong> <strong>2022</strong> Issue<br />

From the Editor-in-Chief<br />

In editing, as in other activities, it’s important from time to time to review all processes and products in<br />

order to assure they are working smoothly.<br />

As my Dad often said: “You can’t tell how you stand from where you sit.”<br />

At this point, in conducting such a review, it appears that we have two aspects of our editorial process<br />

which are no longer in sync with each other: the annual editorial calendar and the submission of articles<br />

from sources in the cybersecurity industry.<br />

It has become clear that the strictures of a monthly calendar simply don’t work efficiently <strong>for</strong> CDM to bring<br />

to our audience the most current and relevant articles on topics of vital interest.<br />

As part of the central role <strong>Cyber</strong> <strong>Defense</strong> Magazine plays in the breadth of activities conducted by the<br />

entire <strong>Cyber</strong> <strong>Defense</strong> Media Group, we do now and will continue in the future to select and publish the<br />

most actionable intelligence from the most knowledgeable writers in the field.<br />

Of course, as we perceive patterns in the trends in cybersecurity, and the submission of articles, we will<br />

always be responsive to the needs and interests of both authors and readers.<br />

Wishing you all success in your cybersecurity endeavors,<br />

Yan Ross<br />

Editor-in-Chief<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

About the US Editor-in-Chief<br />

Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & U.S. Editor-in-Chief of <strong>Cyber</strong><br />

<strong>Defense</strong> Magazine. He is an accredited author and educator and has<br />

provided editorial services <strong>for</strong> award-winning best-selling books on a variety<br />

of topics. He also serves as ICFE's Director of Special Projects, and the author<br />

of the Certified Identity Theft Risk Management Specialist ® XV CITRMS®<br />

course. As an accredited educator <strong>for</strong> over 20 years, Yan addresses risk management in the areas of identity theft,<br />

privacy, and cyber security <strong>for</strong> consumers and organizations holding sensitive personal in<strong>for</strong>mation. You can reach<br />

him by e-mail at yan.ross@cyberdefensemediagroup.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 7<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 8<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 9<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 10<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 11<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 12<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 13<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 14<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 15<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 16<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 17<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why Changing Classified Document Status Can Affect Risk<br />

Levels and How Proactive <strong>Cyber</strong>security Methods Can<br />

Help<br />

By Sam Hutton, SVP, Glasswall<br />

As ransomware attacks, insider threats, data breaches and phishing attacks against government<br />

agencies continue to skyrocket, organisations are at constant risk. There are many recent events such<br />

as the JBS Foods, the Colonial Pipeline and SolarWinds in 2020, proving that organisations need to be<br />

aware of any possible vulnerabilities that could potentially affect sensitive data.<br />

Security risks <strong>for</strong> remote federal employees and government agencies<br />

Since there is a discussion on keeping federal workers remote, there are concerns around the decreased<br />

level of precautions being taken toward cyber risks and the legal implications associated with<br />

cyberattacks. The 2021 Thales Data Report: Global <strong>Edition</strong> stated that 82% of people expressed some<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 18<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

level of concern while working remotely. This number is even higher <strong>for</strong> federal employees at 84%.<br />

Remote work can harbor more risk <strong>for</strong> cyber attacks than <strong>for</strong> those in offices because at home<br />

connections are generally less secure, making access easier <strong>for</strong> cybercriminals to find. The report also<br />

notes that only 44% of employees were not confident in their existing security protocols.<br />

For companies, organisations and government agencies, there can be legal repercussions <strong>for</strong><br />

cyberattacks too. According to The Securities and Exchange Commission and Commodity Futures<br />

Trading Commission, while state and federal regulations vary, there may be further reporting required<br />

depending on the conditions of the cyberattack and the type of data that was compromised.<br />

The impact of malware on classified files<br />

Malware operates by infiltrating a point of weakness through a network, beginning the journey of lateral<br />

movement. Bad actors understand this and will intrude through an organisation, undetected, attempting<br />

to gather as much data as possible. For federal agencies, documents that enter government systems at<br />

an unclassified point are viewable <strong>for</strong> a wider audience, however, once they enter into a classification<br />

level -- whether confidential, secret or top secret -- there is a chance of malware being attached.<br />

“Classified” determines in<strong>for</strong>mation specifically designated by a U.S. government agency <strong>for</strong> limited,<br />

restricted dissemination or distribution. When documents are being taken up or down to higher or lower<br />

confidentiality levels, there is valuable in<strong>for</strong>mation at stake. If files that were previously unclassified carry<br />

hidden viruses, there is an opportunity <strong>for</strong> digital adversaries to break into top-secret networks and<br />

infiltrate government in<strong>for</strong>mation. This could enable them to steal trade secrets, learn about secret <strong>for</strong>eign<br />

policies or military tactics, which in turn can put lives at risk.<br />

SolarWinds, one of the most catastrophic cyberattacks in U.S. history, resulted in the hacking of major<br />

enterprises and government agencies including the Department of Homeland Security and the Treasury<br />

Department <strong>for</strong> over 14 months be<strong>for</strong>e being discovered. The hackers were able to break into the<br />

SolarWinds systems by implementing a malicious code into a system known as “Orion” which was<br />

commonly known by companies to handle IT resources. This code is what created an opening <strong>for</strong> the<br />

hackers to install malware that allowed them to spy on companies. Due to the stealth movement of the<br />

hack, some of those involved may still be unaware. Bad actors know how to identify loopholes in the<br />

system to gain access to sensitive in<strong>for</strong>mation. This further proves the value of implementing strict<br />

cybersecurity methods to ensure that sensitive data is protected. There needs to be proactive, zero-trust<br />

cybersecurity methods in place as government documents go through the confidentiality cycle to ensure<br />

that all files are protected and monitored.<br />

How Content Disarm and Reconstruction (CDR) technology can help<br />

It is imperative that federal agencies take a proactive approach in their file security methods. CDR<br />

technology works to clean and rebuild files to a ‘known good’ industry standard by automatically removing<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 19<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

potential threats. Reactive cybersecurity strategies such as anti-virus software and sandboxing are no<br />

longer effective enough to keep up with the growing sophistication of cyberattacks. In fact, they can<br />

actually place users in the direct line of attack and increase the pressure on teams to handle threats.<br />

CDR helps assess the areas of weakness by rebuilding files and removing areas of vulnerability. For<br />

government agencies, it helps close up loopholes and allow leaders to focus on more important things<br />

such as policy making and strategy.<br />

The hackers behind SolarWinds are still actively trying to break into federal agencies. <strong>Cyber</strong>attacks are<br />

expected to become more prolific and more sophisticated as they develop new strategies <strong>for</strong> getting into<br />

private networks. Although there is an ef<strong>for</strong>t being made to improve the government’s cybersecurity such<br />

as Biden’s recent <strong>Cyber</strong>security bill, promising to develop a more comprehensive plan to mitigate risk;<br />

there is a crucial need to take steps to protect the safety of classified documents. If organisations<br />

implement a proper system of proactive cybersecurity, they will be better prepared to handle it when an<br />

attack comes.<br />

About the Author<br />

Sam Hutton, SVP, North America, Glasswall<br />

"Sam prides himself on offering perfect partnership (and true<br />

collaboration) to organizations all over North America. Because<br />

with over 20 years’ experience in selling and delivering solutions to<br />

financial, security, defense and commercial sectors in this space,<br />

Sam knows even the most cutting-edge technology needs the best<br />

team of people to support it."<br />

Sam can be reached online at (https://www.linkedin.com/in/samhutton-8b08243/)<br />

and at our company website<br />

https://www.glasswallsolutions.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 20<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Fragility of a GPS Centric World and the Importance<br />

of eLORAN<br />

By Dan Dickey, President, Continental Electronics Corporation<br />

Both the importance of GPS systems and their vulnerability to a cyber incident or attack are well<br />

understood. What is less understood is that GPS and the satellites behind them now comprise<br />

the very threads in the fabric of our modern economy.<br />

The value of GPS is built on three primary pillars: position, navigation and timing (PNT). While<br />

position and navigation are a logical given, the exact time is the unsung contribution of GPS that<br />

largely affects the way our world functions. Without an accurate source of timing, banks would<br />

be unable to timestamp payments. In fact, they couldn’t conduct any kind of banking without<br />

GPS. Communications networks could not communicate, the stock market would seize, ships<br />

and aircraft would be imperiled and our various terrestrial networks from power grids to<br />

broadcasting and cloud computing – and the Internet itself - would fail or slow down dramatically.<br />

The newest 5G based systems also depend on GPS as their primary source of time. A<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 21<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

staggering number of critical systems necessary <strong>for</strong> modern life are wholly dependent on GPS<br />

with no other primary standards traceable source <strong>for</strong> accurate time.<br />

Other countries have deployed their own systems such as BeiDou (China) and GLONASS<br />

(Russia). Today’s threat analysts are aware that being 100% dependent on space-based<br />

systems with no other PNT alternative leaves America’s national security profoundly vulnerable<br />

to a wide variety of attackers. Single person local attacks and nation-state threats are easily<br />

conceived.<br />

This leads to the question, “What is the likelihood of our GPS system failing?” The possibility of<br />

a system-wide failure is remote. But the impact of such a failure is incalculable. The reality is<br />

that GPS satellite signals are vulnerable, not only to space weather, missiles, space debris and<br />

general wear and tear, but also to bad actors on the ground via spoofing and jamming. If we<br />

continue to rely exclusively on GPS it will remain an attractive attack surface because nearly all<br />

modern systems depend on it as a source of coordinated universal time.<br />

Many analysts see such an exploitation as a matter of when, not if. Bad actors – any<br />

cybersecurity adversary interested in attacking IT systems – may harness a spoofing attack, an<br />

intelligent <strong>for</strong>m of interference which makes the receiver unusable or worse by making it believe<br />

it is at a false location. Even traditional means of intentional interference such as jamming can<br />

still jeopardize GPS transmissions as effectively as they did to international broadcasting<br />

stations during the Cold War.<br />

Alarmingly, successful satellite hacking has already occurred multiple times over that last 20<br />

years and was first noted as far back as in 1998 when hackers took control of the U.S.-German<br />

ROSAT X-Ray satellite. Over the years, hacking became more prevalent with two more<br />

successful attacks, believed to be led by China in 2008 and 2018. In response to the growing<br />

amount of threats, specifically from Russia, China and Iran, the U.S created the Space Force in<br />

2019, specifically designed to operate and defend military satellites and ground stations that<br />

provide communications, navigation and Earth observation. While enhancing the profile of these<br />

initiatives is a step in the right direction, a more robust strategy is needed to ensure accurate<br />

PNT in case threats slip through new security measures. An equally dependable and ubiquitous<br />

source of position and time is the best way to minimize the attractiveness of the GPS system as<br />

an attack vector. eLORAN is the perfect tool to fill this role in any nation’s security.<br />

Enhanced Loran (eLORAN) is a positioning, navigation and timing (PNT) service <strong>for</strong> use by<br />

many modes of transport and a secure source of time <strong>for</strong> countless systems critical to everyday<br />

life. eLORAN is terrestrial based, meaning that instead of low power signals beamed from space,<br />

it utilizes much higher power transmitters which are difficult and expensive to jam. It is fully<br />

independent from GPS because it provides an independent source of accurate location and time<br />

traceable to a national time standard.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 22<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Formerly known as LOng-RAnge Navigation (LORAN), eLORAN is “enhanced” to provide<br />

accurate time and geolocation data whereas LORAN originally only provided approximate<br />

location in<strong>for</strong>mation. eLORAN is a modern digital system, which builds on proven analog radio<br />

frequency technologies such as Loran-C. eLORAN can provide robust and accurate position,<br />

navigation and time data across any desired area of the Earth. It can be received in many indoor<br />

and subsurface locations whereas GPS generally requires an unobstructed view of the sky. This<br />

makes eLORAN receiver installations less visible and thus more easily secured.<br />

Today’s eLORAN systems transmit signals that are three to five million times stronger than<br />

GPS/GNSS and have 99.999% availability and reliability. Each tower has up to a 1,200-mile<br />

signal range. Its spectrum of 90-110 kHz is internationally protected, and eLORAN is deployable<br />

rapidly, so military branches can quickly set up systems anywhere in the world.<br />

An eLORAN system designed to cover the contiguous United States requires only a handful of<br />

towers are <strong>for</strong> mission critical timing applications. Less than 2 dozen high-power transmission<br />

sites are needed <strong>for</strong> full CONUS position and navigation capability.<br />

eLORAN is a practical solution that is too often underestimated by planners and analysts, many<br />

of whom are not familiar with modern eLORAN. They know GPS is vulnerable but may not be<br />

aware of recent advancements that make eLORAN practical, af<strong>for</strong>dable and deployable now.<br />

Fortunately, there is a renewed and growing national consensus that the deployment of eLORAN<br />

must be accelerated to strengthen the nation’s infrastructure that is increasingly and solely<br />

dependent on GPS. Companies such as ours, with a tradition of innovation and RF leadership,<br />

have spearheaded development of the latest generation of this technology. Through these<br />

ef<strong>for</strong>ts many of the past cost and technological constraints, such as land area needed <strong>for</strong><br />

eLORAN transmission towers, have been overcome. Today’s fully digital eLORAN systems<br />

reduce antenna tower height by half and the necessary land area by 75%. Making eLORAN<br />

system planning and deployment much simpler at a time when the world needs the more resilient<br />

and independent solution eLORAN provides.<br />

For America and our allies, eLORAN is a necessary and fundamental “fail safe” at a critical time.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 23<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Dan Dickey has been the President of Continental Electronics<br />

Corporation since 2009. Dickey is a named inventor on multiple<br />

patents, and has previously held design engineering and<br />

management positions at Harris Corp. and ADC<br />

Telecommunications. He has published papers through the world’s<br />

largest technical professional organizations, IEEE, and has coauthored<br />

a book on broadcast engineering published by the<br />

National Association of Broadcasters. Dickey holds a Bachelor of<br />

Science degree in Electrical, Electronics and Communications<br />

Engineering from the University of Missouri. For more in<strong>for</strong>mation<br />

about Continental Electronics Corp. please use this link:<br />

https://contelec.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 24<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Role of The CFO In Enterprise <strong>Cyber</strong> Security<br />

By Glenn Murray, CEO at Sapien <strong>Cyber</strong><br />

Who is responsible <strong>for</strong> cyber security in your organization? Smart businesses know that it’s not just the<br />

IT teams who need to be investing in cyber security.<br />

Faced with increasingly complex and severe cyber-attacks on operational technology (OT) designed by<br />

criminals who are well-organized, well-financed and willing to wait <strong>for</strong> the right opportunity to strike,<br />

businesses need everyone in leadership roles to not only acknowledge the situation, but put in place<br />

strategies to minimize risk. This includes the CFO.<br />

The Chief Financial Officer (CFO) plays a crucial part in ensuring that the investment in cyber security<br />

matches not only the potential risks but mirrors the value and importance of the company’s infrastructure,<br />

from financial systems to operational technology networks. In some organizations this can be viewed as<br />

a cost drain. As such, investment levels tend to be far too low relative to the scale of the risk.<br />

It is not uncommon <strong>for</strong> IT teams or their executives to be rewarded based on reduction in expenditure vs<br />

budget, breeding an alarming culture of penny pinching each year. This short-term thinking is putting<br />

organizations in jeopardy, and at risk of everything from data breaches to system hacks. A boardroom,<br />

including the CFO, that recognizes the devastating effect a cyber-attack can have, both financially and<br />

reputationally, will be better placed to protect their ‘crown jewels’ from this new age of cyber criminals.<br />

There is an opportunity to engage the CFO in the full spectrum of cyber security and the potential<br />

mitigations, from IT to OT networks. Great CFOs don’t act as a blocker or barrier but are ready to invest<br />

in comprehensive and robust cyber security systems. Here’s how to make sure your CFO is one of them:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 25<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Make clear the opportunity cost<br />

There is, of course, a cost to cyber security systems, but the cost to not having them is far larger. The<br />

average cost of an attack has been rising rapidly and now stands at $3.9 million, according to the annual<br />

Cost of a Data Breach Report by IBM and the Ponemon Institute, although this rises to $8.64 million in<br />

the US. This includes costs of OT systems and hardware, disruptions to critical activity resulting in down<br />

time and business lost, and fines. When put in this context, the investment in cyber security will seem<br />

minimal. Businesses that rely on insurance as mitigation may feel that they are covering the financial<br />

cost, but this does not take into account the cost of reputational damage, which can far exceed any<br />

monetary loss. Further, the insurance market is taking a tougher stance due to the rising frequency and<br />

scale of cyber-attacks. This makes it a multi-faceted challenge <strong>for</strong> finance leaders.<br />

Think about long term sustainability<br />

<strong>Cyber</strong>-resilience is about ensuring the continued success of an organization. Business continuity,<br />

reputation and finance are all at stake, but also the potential <strong>for</strong> injury and even loss of life. Imagine how<br />

much money would be lost if you were unable to service clients, and the reputational damage of a splash<br />

across the headlines. To continually win new business you need to be able to show you are diligent and<br />

trustworthy, and cyber security plays a big role in this. Data security is increasingly important, and<br />

customers will not want to do business with you if their own in<strong>for</strong>mation is seen to be at risk. Similarly,<br />

vendors will harbor concerns about stability and ultimately shareholders will become worried about<br />

per<strong>for</strong>mance.<br />

See cybersecurity not as an IT overhead but an OT asset<br />

<strong>Cyber</strong> security is not just a tick box or policy adherence exercise, but brings huge value. It’s about more<br />

than systems and software of IT – it’s essential <strong>for</strong> full and essential OT. The CFO’s remit spans the<br />

entire business, meaning they are perfectly positioned to support cyber security ef<strong>for</strong>ts spanning the<br />

entire estate. They are able to look at the technology and systems and what investment in them can bring<br />

the business from a strategic standpoint.<br />

Improve the risk management framework<br />

The CFO’s job is to finance things that are business critical. If the Chief In<strong>for</strong>mation Officer (CIO), Chief<br />

In<strong>for</strong>mation Security Officer (CISO), Senior Management Team (SMT) make cybersecurity part of<br />

everyone’s role, from team members to those at the top of the organization, it ensures it is ingrained in<br />

policy and procedure. By having this shared visibility and responsibility, it will be clearer as to why it needs<br />

financing, not just as a cost centre, but an enabler. <strong>Cyber</strong> security is about protecting the assets that are<br />

of value to your company, and so should be embedded in everything that you do. Effective governance<br />

is essential to business success.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 26<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Help them mitigate potential risks<br />

Across the business we are constantly putting plans and procedures in place to mitigate risk. And most<br />

often this risk is based on potential risk, rather than historic experience. Just because it hasn’t happened<br />

doesn’t mean it won’t. In fact, threats are constantly changing and cyber criminals are increasingly<br />

diversifying the comprehensive strategies that they use to infiltrate organizations. Most businesses have<br />

smoke alarms or defibrillators yet have never had a fire or someone have a heart attack during the<br />

working week. They have this equipment installed to minimise the impact of any future disaster. The<br />

same is true of cybersecurity. CFOs should think of cyber security as part of the package that a business<br />

has to mitigate against risk and maintain fully functioning OT at all times to ensure business activity can<br />

proceed as normal. CFOs should there<strong>for</strong>e be discussing cyber-risk exposure with their CIO and CISO<br />

regularly. This ensures it doesn’t just get thought about on an annual basis but is front of mind all year<br />

round. That regular reminder of why it is so important will help ensure that it is viewed as a business<br />

critical expense that needs to be fully backed financially.<br />

Use their expertise<br />

Your CFO does not have to be a cyber security expert. But their risk management skills will be essential<br />

to asking the right questions around issues such as where data is stored and who has access to it. They<br />

especially understand the risks and issues presented by protecting financial data. By ensuring that your<br />

CFO is part of the process <strong>for</strong> assessing risk, identifying assets and selecting vendors, they become part<br />

of that process of essential cyber security.<br />

Present a united front<br />

The CFO is a business-critical part of strategic and functional operations across the organization.<br />

Businesses fall prey to cyber-attacks when they have a weak link. We think of clients as castles, and all<br />

of the battlements need to be strong. This includes everyone from the CEO to the cleaner to the<br />

connected systems used to make the business run. Vigilance and security are crucial across the board,<br />

and the CFO is an integral part of that.<br />

We know that cyber security is essential. In the modern working environment, more and more of us are<br />

geographically dispersed and more devices are connected to the internet. At the same time cyber<br />

criminals are getting increasingly sophisticated. <strong>Cyber</strong> security needs to be a top priority <strong>for</strong> all<br />

organizations – and all members of those organizations, including the CFO. Investment in cyber security<br />

is absolutely business-critical, and by making your CFO part of the strategic journey of cyber security you<br />

will make it easier to get that much needed sign off.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 27<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Glenn Murray is the Chief Executive Officer at Sapien <strong>Cyber</strong>. Glenn has<br />

extensive experience in the management of multi-million dollar projects<br />

in the identification and application of ICT solutions across the oil and<br />

gas, mining, heavy vehicle manufacturing, mining, defence (Electronic<br />

Warfare) and telecommunication industries.<br />

His military background and focus on national security has built a<br />

passion <strong>for</strong> cyber security and protecting the world we live in. As CEO<br />

of Sapien <strong>Cyber</strong>, Glenn’s vision is to provide world class cyber security<br />

solutions to critical infrastructure industries globally.<br />

Glenn can be reached online at (https://au.linkedin.com/in/glennmurray,<br />

https://twitter.com/otcybergm?lang=en) and at our company<br />

website https://www.sapiencyber.com.au/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 28<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The Safest Ways <strong>for</strong> Bitcoin Trading<br />

By Robert Wilson, Freelancer<br />

During the year 2021, we experienced history in the cryptocurrency niche with the 3rd Bitcoin<br />

halving event unfolding. There has been unprecedented hype after this news with a great rise in<br />

interest <strong>for</strong> the coin around the world. More and more people are expressing their interest in<br />

learning about the places to buy Bitcoin safely and some are asking about how to become a<br />

reputable Bitcoin trader. Although the recent stats may dishearten you in getting into Bitcoin or<br />

crypto <strong>for</strong> the first time, it is a good idea to get into digital currencies.<br />

Using VPN<br />

The VPN allows you to hide the IP address and it provides better anonymity on the internet. It is<br />

possible to trade the cryptocurrency more securely by using the VPN because it can encrypt the<br />

internet connection you are using with the external server. This makes sure that your data is<br />

secure. Luckily <strong>for</strong> the Bitcoin traders, almost all the crypto exchanges use HTTPS end-to-end<br />

encryption <strong>for</strong> their activities. So, the hackers can't intercept the data this way unless the device<br />

you are using is susceptible to other security vulnerabilities. VPN adds another layer of security<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 29<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

to the proceedings making your online activities anonymous. You can read VPN reviews online<br />

to get the most suitable alternative <strong>for</strong> your case. If VPN doesn’t seem the right option, try using<br />

Residential Proxies as a way to secure your privacy and browse anonymously.<br />

Secure avenues <strong>for</strong> trading Bitcoin<br />

Here are some secure avenues <strong>for</strong> trading Bitcoin.<br />

1. Using Fiat to Bitcoin exchanges<br />

Using a reputable and well-established cryptocurrency exchange is a simple and convenient<br />

way of buying Bitcoin <strong>for</strong> fiat through your bank account. The term "fiat" is utilized in the<br />

cryptocurrency sector <strong>for</strong> denoting government-backed currencies such as GBP, USD, or JPY.<br />

You can buy Bitcoin from several exchanges and the more dependable ones are secure and<br />

straight<strong>for</strong>ward to use. But, keep in mind that if your currency is stored custodial meaning you<br />

do not hold the private keys, and if the exchange crashes or gets hacked you will lose all you’re<br />

holding. There<strong>for</strong>e it is a good idea to move your funds to a private non-custodial wallet quickly<br />

after buying Bitcoin. Just keep the bare minimum currency required <strong>for</strong> the transactions.<br />

Remember, there are many fake exchanges on the internet that cheat gullible people. Investors<br />

should only use regulated exchanges that display their permits on their sites.<br />

2. ATM Action<br />

If you take into consideration convenience there is nothing to beat the Bitcoin ATMs especially<br />

when you are located near one of these machines. The buying process is stress-free and it is<br />

similar to depositing the fiat money in the ATM and then the BTC coins afterward. The accurate<br />

info about the machines can be found on Coinatmradar. There are more than 7000 crypto ATMs<br />

available across the world. They allow people to use cash and debit cards <strong>for</strong> buying Bitcoin and<br />

other similar digital assets. It is also possible to convert BTC into fiat. More than 5000 ATMs are<br />

located in the U.S. alone. Unlike conventional exchanges, these ATMs allow the users to access<br />

a physical kiosk where it is possible to trade fiat with popular digital assets such as ETH, BTC,<br />

and LTC.<br />

3. Using a credit card<br />

Another quite simple way of purchasing Bitcoin is by using credit cards. It is possible to do this<br />

from buy.Bitcoin.com and the users may select either BTC or BCH (Bitcoin Cash) <strong>for</strong> the<br />

transaction. After you have clicked the Buy button you will get a prompt pop-up asking you to<br />

enter your Bitcoin wallet address. For the users not having a BTC wallet, you can find simple<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 30<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

and clear instructions through a "Need a wallet?" alternative. It offers assistance in downloading<br />

one <strong>for</strong> free. Even though this alternative normally charges a fixed service charge, it is a quick<br />

and convenient trade-off.<br />

Conclusion<br />

As we enter <strong>2022</strong>, there are several references out there <strong>for</strong> buying Bitcoin. But, due to the<br />

availability of these many alternatives you are going to come across scammers and fraudsters<br />

who will also be geared up to get a piece of your hard-earned coin. There<strong>for</strong>e the crypto-buyers<br />

have to be vigilant as there are several dishonest exchanges, sellers, and services out there.<br />

Ensure that you are buying from a credible source.<br />

About the Author<br />

I’m Robert Wilson and I’m a security software developer with<br />

three years of experience as a freelancer. I research, design,<br />

implement and manage software programs I test and evaluate<br />

new programs. I’m very passionate about writing, reading, and<br />

drawing.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 31<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Ransomware — Encrypt Your Data Be<strong>for</strong>e Others Do<br />

Don’t let them look at your data.<br />

By Robert Freudenreich, CTO and Founder, Secomba GmbH | Boxcryptor<br />

A single malicious email, with the sender of the mail disguised as a colleague or client, can have severe<br />

consequences <strong>for</strong> a company. With a fraudulent link that transmits sensitive account data in the wrong<br />

hands or malware disguised as a seemingly ordinary Microsoft Office file, hackers will gain access to<br />

business systems and servers within minutes. In this article, we will take a look at how the cloud and<br />

encryption can help prevent or reduce damage in case of a ransomware attack on your company.<br />

What is Ransomware and Why is it so Dangerous?<br />

Ransomware is malicious software that gives unauthorized people access to company data, programs,<br />

or even the entire computer system. In case of an attack, business operations are severely affected and<br />

exclude personnel and organizations from accessing their files and systems. Ransomware attacks not<br />

only have an impact on individual company processes but can also affect the entire supply chain.<br />

The damage usually also affects external stakeholders of the company that was the victim of the attack,<br />

<strong>for</strong> example customers, suppliers, and partners. With most operations coming to a complete hold,<br />

companies are <strong>for</strong>ced to pay high ransoms in order to regain control over their data and devices.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 32<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

According to <strong>Cyber</strong>eason’s “Ransomware: The true cost to Business” (Source:<br />

https://www.cybereason.com/hubfs/dam/collateral/ebooks/<strong>Cyber</strong>eason_Ransomware_Research_2021.<br />

pdf), it is estimated that there is a ransomware attack on a business every 11 seconds on average, with<br />

global ransomware damage losses projected to reach $20 billion in 2021. The FBI reported an increase<br />

of more than 225% in total losses from ransomware in the U.S. in 2020 alone.<br />

While the huge amount of ransom is already critically affecting companies, pressure is further increased<br />

when sensitive data is threatened to be publicized. While, in theory, the ransom payment can be settled<br />

rather inconspicuously, data protection laws like the European GDPR require very strict measures when<br />

data of citizens of the European Union is breached. The company, whether American or European, must<br />

notify all affected individuals or businesses about the data loss, which not only results in high<br />

inconveniences but more importantly a loss in trust. According to <strong>Cyber</strong>eason, 53% of all attacked<br />

reported their brand suffered.<br />

How Can Businesses Prevent Ransomware Attacks?<br />

The likelihood of being affected by viruses or malware can be kept within limits if some internal company<br />

rules are observed. Even smaller measures can protect companies and organizations from severe<br />

consequences. Such measures can be comprehensive security software that detects unknown<br />

vulnerabilities or so-called zero-day gaps and prevents their execution.<br />

With a growing number of businesses allowing their employees to work from home, new security<br />

challenges arise. There<strong>for</strong>e, companies need to sensitize their staff to the issue of proper cyber-security.<br />

This can include everything from a well-protected network to VPNs or data encryption solutions.<br />

Furthermore, companies should offer regular training and conduct random tests to raise awareness of<br />

ransomware and similar malware amongst employees.<br />

If despite all security measures, a company still falls victim to a ransomware attack, it is advised to have<br />

an emergency plan at hand. This way, those responsible in the company can act faster and keep the<br />

damage caused by ransomware as low as possible. Companies can implement the following steps into<br />

their data breach emergency plan:<br />

1. Immediately disconnect or remove any potentially affected or suspicious devices from the<br />

network.<br />

2. Inspect the damage that has been caused.<br />

3. Identify the ransomware to determine which relevant authorities or individuals need to be notified.<br />

4. In<strong>for</strong>m all relevant authorities and affected persons.<br />

How Can the Cloud and Encryption Help Against Ransomware Attacks?<br />

Many companies have already shifted their work into the cloud to benefit from increased flexibility,<br />

efficiency in team communication, and optimized workflows. Company data can be accessed at any time<br />

and from any location. One cloud feature that comes in handy in case of a ransomware attack is<br />

versioning. When your company data is encrypted by malicious software, you can simply switch back to<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 33<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

a version of your data be<strong>for</strong>e the attack, and you gain back control over your data. This way, the damage<br />

done by the ransomware attack is reduced to a minimum.<br />

However, by the time you find out about the attack, the attackers probably already copied and stole your<br />

company data. This is where encryption comes in, as the second protection measure against<br />

ransomware.<br />

Every business possesses confidential in<strong>for</strong>mation and data that should not be disclosed, such as<br />

personal data of customers or trade secrets. There<strong>for</strong>e, it is important to protect this in<strong>for</strong>mation as best<br />

as possible, <strong>for</strong> example through end-to-end encryption. When encrypted, the data contents are protected<br />

from malicious software, since only worthless strings are transmitted to the attackers. Thus, without<br />

interesting data, no worthwhile attack scenario arises, as the affected company cannot be blackmailed<br />

into paying a ransom.<br />

In the case of unencrypted data being involved in a data leak, there is no guarantee that the attacker will<br />

not still publish sensitive data, regardless of whether the ransom has been paid. This would hit companies<br />

particularly hard, as they not only suffer a huge financial loss but also must take responsibility <strong>for</strong> the lost<br />

data.<br />

In combination with the cloud, encryption solutions can offer even greater protection. In the event of an<br />

attack, all securely encrypted files are protected and can be restored even if the attacker deletes the files.<br />

However, regular backups and cloud-optimized encryption solutions, like Boxcryptor, are required to<br />

ensure continuity. At the same time, it is important to choose an encryption solution with zero-knowledge,<br />

so that only authorized people in your company will have access to sensitive company files.<br />

An example: You decide in your company to store the data not only locally, but also with an automatic,<br />

regular backup in the cloud storage of Microsoft and Dropbox. Additionally, you encrypt those data with<br />

Boxcryptor be<strong>for</strong>e uploading to the cloud. If you now become a victim of a ransomware attack, you can<br />

restore the affected data via your last backup in the Microsoft or Dropbox cloud. Moreover, you can be<br />

sure that the attacker will not be able to do anything with the stolen data, as this data has been encrypted<br />

with the key known only to you and is thus not visible to the attacker. You can rest easy and do not have<br />

to pay a ransom.<br />

Conclusion<br />

Companies all over the world are falling victim to ransomware attacks. However, it is important to ask<br />

how well or poorly prepared an organization is in the event of an attack. Fortunately, there are<br />

preventative measures that can be taken:<br />

- Make employees aware of spam and phishing emails.<br />

- Back up your data regularly.<br />

- Protect sensitive files with zero-knowledge encryption solutions.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 34<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

If you implement these three tips, your business will already be in a better position than most other<br />

companies worldwide. Use this knowledge to your advantage and start to encrypt your files today.<br />

About the Author<br />

Robert Freudenreich is the CTO of Secomba GmbH | Boxcryptor. In<br />

2011, the computer scientist founded the company together with<br />

Andrea Pfundmeier, CEO at Boxcryptor. The Germany-based<br />

company's software has over 500,000 satisfied customers worldwide<br />

and is used by both private users and numerous companies to protect<br />

data stored in the cloud. In their first year, Freudenreich and<br />

Pfundmeier received the EXIST Founders’ Scholarship from the<br />

German Federal Ministry <strong>for</strong> Economic Affairs and Energy. In 2013,<br />

they won the highly endowed “Wirtschaftswoche founder competition”<br />

and in 2014 the German Founder’s Prize.<br />

Robert can be reached online at Twitter (@robfreudenreich) and at our<br />

company website https://www.boxcryptor.com/de/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 35<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Endpoint Malware and Ransomware Volume Already<br />

Exceeded 2020 Totals by the End of Q3 2021<br />

By Corey Nachreiner, CSO, WatchGuard Technologies<br />

The cybersecurity landscape of today is constantly evolving and threat actors are not far behind as they<br />

target users with increasingly sophisticated and complex attacks. To help both professionals and casual<br />

Internet users alike better understand the current state of these threats, WatchGuard wanted to share<br />

our quarterly Internet Security Report (ISR), which outlines the latest malware and network attacks in Q3<br />

2021.<br />

The most shocking statistic from this recent report revealed that the volume of endpoint malware and<br />

ransomware exceeded all of 2020 by the end of Q3 2021. The research (done by the Threat Lab) also<br />

found that a significant percentage of malware continues to arrive over encrypted connections, as we<br />

saw in previous quarters, and much more. While most people continue to work in a hybrid or mobile<br />

work<strong>for</strong>ce model, its crucial organizations move beyond a traditional approach to cybersecurity and<br />

leverage layered-security approaches and zero-trust. So, let’s take a look at some of the top insights from<br />

the Q3 ISR:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 36<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Nearly half of zero-day malware is now delivered via encrypted connections – While the<br />

total amount of zero-day malware increased by a modest 3% to 67.2% in Q3, the percentage of<br />

malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. A lower<br />

percentage of encrypted zero-days are considered advanced, but it is still concerning given that<br />

WatchGuard’s data shows that many organizations are not decrypting these connections and<br />

there<strong>for</strong>e have poor visibility into the amount of malware hitting their networks.<br />

• As users upgrade to more recent versions of Microsoft Windows and Office, attackers are<br />

focusing on newer vulnerabilities – While unpatched vulnerabilities in older software continue<br />

to provide a rich hunting ground <strong>for</strong> attackers, they are also looking to exploit weaknesses in the<br />

latest versions of Microsoft’s widely used products. In Q3, CVE-2018-0802 – which exploits a<br />

vulnerability in the Equation Editor in Microsoft Office – cracked WatchGuard’s top 10 gateway<br />

antivirus malware by volume list, hitting number 6, after showing up in the most-widespread<br />

malware list in the previous quarter. In addition, two Windows code injectors (Win32/Heim.D and<br />

Win32/Heri) came in at number 1 and 6 on the most detected list respectively.<br />

• Attackers disproportionately targeted the Americas – The overwhelming majority of network<br />

attacks targeted the Americas in Q3 (64.5%) compared to Europe (15.5%) and APAC (20%).<br />

• Overall network attack detections resumed a more normal trajectory but still pose<br />

significant risks – After consecutive quarters of more than 20% growth, WatchGuard’s Intrusion<br />

Prevention Service (IPS) detected roughly 4.1 million unique network exploits in Q3. The drop of<br />

21% brought volumes down to Q1 levels, which were still high compared to the previous year.<br />

The shift doesn’t necessarily mean adversaries are letting up as they are possibly shifting their<br />

focus towards more targeted attacks.<br />

• The top 10 network attack signatures account <strong>for</strong> the vast majority of attacks – Of the<br />

4,095,320 hits detected by IPS in Q3, 81% were attributed to the top 10 signatures. In fact, there<br />

was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’<br />

(1054837), which targets older, but still widely used Microsoft Internet In<strong>for</strong>mation Services (IIS)<br />

web servers. One signature (1059160), a SQL injection, has continued to maintain the position it<br />

has held atop the list since Q2, 2019.<br />

• Scripting attacks on endpoints continue at record pace – By the end of Q3, WatchGuard’s<br />

AD360 threat intelligence and WatchGuard Endpoint Protection, Detection and Response<br />

(EPDR) had already seen 10% more attack scripts than in all of 2020 (which, in turn, saw a 666%<br />

increase over the prior year). As hybrid work<strong>for</strong>ces start to look like the rule rather than the<br />

exception, a strong perimeter is no longer enough to stop threats. While there are several ways<br />

<strong>for</strong> cybercriminals to attack endpoints – from application exploits to script-based living-off-the-land<br />

attacks – even those with limited skills can often fully execute a malware payload with scripting<br />

tools like PowerSploit, PowerWare and Cobalt Strike, while evading basic endpoint detection.<br />

• Even normally safe domains can be compromised – A protocol flaw in Microsoft’s Exchange<br />

Server Autodiscover system allowed attackers to collect domain credentials and compromise<br />

several normally trustworthy domains. Overall, in Q3 WatchGuard Fireboxes blocked 5.6 million<br />

malicious domains, including several new malware domains that attempt to install software <strong>for</strong><br />

cryptomining, key loggers and remote access trojans (RATs), as well as phishing domains<br />

masquerading as SharePoint sites to harvest Office365 login credentials. While down 23% from<br />

the previous quarter, the number of blocked domains is still several times higher than the level<br />

seen in Q4 2020 (1.3 million). This highlights the critical need <strong>for</strong> organizations to focus on keeping<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 37<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

servers, databases, websites, and systems updated with the latest patches to limit vulnerabilities<br />

<strong>for</strong> attackers to exploit.<br />

• Ransomware, Ransomware, Ransomware – After a steep decline in 2020, ransomware attacks<br />

reached 105% of 2020 volume by the end of September (as WatchGuard predicted at the end of<br />

the prior quarter) and are on pace to reach 150% once the full year of 2021 data is analyzed.<br />

Ransomware-as-a-service operations such as REvil and GandCrap continue to lower the bar <strong>for</strong><br />

criminals with little or no coding skills, providing the infrastructure and the malware payloads to<br />

carry out attacks globally in return <strong>for</strong> a percentage of the ransom.<br />

• The quarter’s top security incident, Kaseya, was another demonstration of the ongoing<br />

threat of digital supply chain attacks – Just be<strong>for</strong>e the start of the long 4 th of July holiday<br />

weekend in the US, dozens of organizations began reporting ransomware attacks against their<br />

endpoints. WatchGuard’s incident analysis described how attackers working with the REvil<br />

ransomware-as-a-service (RaaS) operation had exploited three zero-day vulnerabilities (including<br />

CVE-2021-30116 and CVE-2021-30118) in Kaseya VSA Remote Monitoring and Management<br />

(RMM) software to deliver ransomware to some 1,500 organizations and potentially millions of<br />

endpoints. While the FBI eventually compromised REvil’s servers and obtained the decryption<br />

key a few months later, the attack provided yet another stark reminder of the need <strong>for</strong><br />

organizations to proactively take steps like adopting zero-trust, employing the principle of least<br />

privilege <strong>for</strong> vendor access and ensuring systems are patched and up to date to minimize the<br />

impact of supply chain attacks.<br />

In Q3, malware per device skyrocketed and was up <strong>for</strong> the first time since the pandemic began. Looking<br />

at 2021, it’s clear cybersecurity continues to challenge users. Its critical organizations think about the<br />

long-term ups and downs as well as focus on persistent, concerning trends factoring into their security<br />

posture. A strong cybersecurity strategy includes endpoint protection, multi-factor authentication and<br />

secure Wi-Fi – all important components in a layered approach to security. When implemented properly,<br />

users can drastically mitigate outsider threats.<br />

About the Author<br />

Corey Nachreiner is the CSO of WatchGuard Technologies. A front-line<br />

cybersecurity expert <strong>for</strong> nearly two decades, Corey regularly contributes<br />

to security publications and speaks internationally at leading industry<br />

trade shows like RSA. He has written thousands of security alerts and<br />

educational articles and is the primary contributor to the Secplicity<br />

Community, which provides daily videos and content on the latest security<br />

threats, news and best practices. A Certified In<strong>for</strong>mation Systems<br />

Security Professional (CISSP), Corey enjoys "modding" any technical<br />

gizmo he can get his hands on and considers himself a hacker in the old<br />

sense of the word. Corey can be reached at @SecAdept on Twitter or via<br />

https://www.watchguard.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 38<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Don’t Become a Horrible Headline: Some Tips on<br />

Redesigning Your Threat Posture <strong>for</strong> The <strong>2022</strong> Threat<br />

Landscape<br />

By Omar Zarabi, Founder and CEO, Port53 Technologies<br />

As in previous years, the DefCon of the cybersecurity industry is best illustrated by the headlines – each<br />

a cautionary tale. The past two years were witness to a virtual House of Horrors that has propelled<br />

cybersecurity to the top of corporate agendas. The 2020 supply-chain attack on SolarWinds' network<br />

monitoring application Orion affected thousands of the company's customers around the world, including<br />

several government agencies here in the US.<br />

And the list goes on. <strong>March</strong> 2021: Verkada, a Silicon Valley start-up that provides cloud-based CCTV<br />

systems, was compromised through the simple hijacking of privileged credentials. Attackers were able to<br />

browse the real-time footage of every Verkada customer, including health clinics, psychiatric treatment<br />

centers, and the premises of hybrid and electric car manufacturer Tesla. Also available <strong>for</strong> viewing:<br />

Verkada's own offices.<br />

Another example of stolen credentials was May's DarkSide ransomware attack on the Colonial Pipeline.<br />

It led to panic-buying of gas by the public, and cost the operator $5 million, in a payout characterized by<br />

The New York Times as a red flag to other threat actors who may see a lucrative pay day on the horizon.<br />

Abnormal times<br />

Even in normal years, this series of events – and others too numerous to mention – would have CISOs<br />

scurrying to the drawing board to reimagine their threat postures. But we are not living in normal years.<br />

In the midst of the dramatic contortions we were seeing in the threat landscape, nature threw a curveball<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 39<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

into the mix. The COVID-19 pandemic ravaged families, business communities, and economies around<br />

the globe. Those enterprises that moved decisively, migrated to the cloud almost overnight and instantly<br />

expanded the attack surface.<br />

The problems came from several different directions. First, employees working from home were using<br />

unvetted personal devices that potentially contained a smorgasbord of vulnerabilities. These devices<br />

used private and third-party networks to connect to the cloud-based environments required <strong>for</strong> remote<br />

work. And corporate data, sensitive or not, was crossing unknown boundaries on its journey between the<br />

WFH employee and the corporate environment. Penetration testing became unreliable because the<br />

architecture being probed was half in and half out of an organization’s jurisdiction.<br />

Second, DevOps teams – desperately trying to trans<strong>for</strong>m massive chunks of their employers’ business<br />

models to adapt to the new normal – were releasing new digital experiences at the speed of demand.<br />

These releases could, depending on circumstances, contain any number of security holes picked up from<br />

new PaaS environments.<br />

Rethink your digital dogma<br />

As has been said at many points throughout cybersecurity history, what we were doing two years ago no<br />

longer works. Threat actors have proved themselves capable of using every trend, every market shift,<br />

every consumer habit, and every employee error to their advantage. Responses from organizations have<br />

not been as swift. While cybersecurity professionals can never quite recall a “quiet past”, the “stormy<br />

present” of <strong>2022</strong> requires a rethink of our digital dogmas if we are to ensure that employees can stay<br />

safe but remain productive.<br />

The starting point: know yourself. Line of business will always have a handle on financial plans,<br />

operations, market conditions, and a range of other touchpoints. For IT and security teams to be<br />

successful, they must compile a comprehensive asset inventory – from the machines in the office to the<br />

devices in employees’ homes, from the tools on laptops to the inner workings of containerized apps in<br />

the cloud.<br />

Next comes triage. Identifying vulnerabilities is trivial next to the task of managing action. Some<br />

vulnerabilities will be common but may not represent great damage if they were to be exploited. Others<br />

may be rare but represent considerable business risk. The general rule of thumb is that if a vulnerability<br />

can cause significant damage and is relatively easy to exploit by an attacker, it should be high on the<br />

patching list. Anything that is high-risk and not readily addressable should be on a watch list.<br />

Free to innovate<br />

All of this, from the compilation of the asset inventory to the patching actions, should be automated where<br />

possible. Several tools today are capable of automatic asset discovery and policy-based patching.<br />

Overworked CISOs and their embattled teams represent the most overlooked security issue in the post-<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 40<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

pandemic era. By empowering professionals with the tools needed to automate the mundane, we free<br />

them to become more effective threat hunters.<br />

Once the basics are in place, organizations will be better placed to meet regulation and compliance<br />

obligations. Policies alone will not allow you to prepare the reports required by auditors. And good<br />

intentions will not satisfy the strict requirements of standards such as PCI-DSS. The good news is cloudservice<br />

providers and other vendors are beginning to provide controls such as MFA and DNS security,<br />

and are even offering training sessions <strong>for</strong> end users to prepare them <strong>for</strong> the hybrid-work future.<br />

But chasing the regulators in a constantly reactive mode makes <strong>for</strong> poor security strategy. There is no<br />

substitute <strong>for</strong> gaining a deep and broad understanding of your organization’s environment and selecting<br />

the visualization and automation tools that best fit your circumstances, your architecture, and your<br />

business goals. Getting the basics in place – asset inventory, vulnerability management, and user<br />

awareness – will give you a strong foundation to secure your digital estate.<br />

What next?<br />

Once you have mastered your environment, you can turn your attention to some of the latest policies and<br />

tools that are being deployed against cybercriminals. Many of the headline-grabbing incidents that we<br />

have seen would not have occurred but <strong>for</strong> a lapse in the management of privileged credentials.<br />

SolarWinds’ Orion, <strong>for</strong> example, uses privileged access to connect to other systems, which is how<br />

attackers were able to compromise so many other organizations. Privileged access management (PAM)<br />

is an emerging technique that allows CISOs and their teams to stipulate how accounts connect to<br />

environments, using policies such as session monitoring, password rotation, least privilege, just-in-time<br />

provisioning, and the elimination of shared accounts to keep estates safe while avoiding hits on employee<br />

productivity.<br />

Other practices include Zero Trust, which has become something of a hot topic. Allowing everything in,<br />

and assuming all processes to be suspect until they can prove themselves otherwise, is an approach that<br />

shows how far removed we are from the recent past. Here, we not only assume we are going to be<br />

attacked; we assume we already have been. It is a grim yet justifiable assumption that accurately reflects<br />

the world in which we now live.<br />

Do not dismay, however. The headlines of horror may imply an inevitability in becoming a cyber-victim,<br />

but their postmortems also show a path to risk remediation. There are tools you can procure, policies you<br />

can enact, and action you can take that will ensure that your organization’s name is not the next to be<br />

splashed across media pages.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 41<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Omar Zarabi Founder and CEO of Port53 Technologies.<br />

Growing up in a small, family-run organization, I saw firsthand the<br />

challenges the ever-changing technological landscape presented to<br />

resource-restrained IT teams. With a BA in Economics from UC Davis, I<br />

started my cybersecurity career at OpenDNS, where I was responsible<br />

<strong>for</strong> delivering the DNS security solution to small and mid-sized<br />

businesses in the US and Asia. I worked with thousands of IT<br />

professionals in the SMB space, and truly learned their biggest pain<br />

points, especially as it pertained to cloud adoption and cybersecurity -<br />

two rather new and fluid trends in the SMB IT space.<br />

In September of 2016, a little over a year after Cisco acquired OpenDNS,<br />

I founded Port53 Technologies and its CEO. Port53 is focused on<br />

delivering enterprise-grade, cloud-delivered security solutions that are<br />

easy to deploy, simple to manage and extremely effective, helping<br />

customers not only get a big-data and predictive approach to security, but also a more integrated and<br />

automated approach.<br />

Omar Zarabi can be reached online at (Twitter, Facebook, Linkedin )<br />

Port53 at Port53 (Facebook, Twitter, Linkedin, Youtube)<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 42<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Have We Learned from Our Past Mistakes to Prevent<br />

Future <strong>Cyber</strong>attacks?<br />

By Marc Packler, President, CISO Advisory, Silent Quadrant<br />

Gartner’s article, “The Top <strong>Cyber</strong>security Predictions <strong>for</strong> 2021-<strong>2022</strong>,” contains a quote from philosopher<br />

George Santayana: “Those who cannot remember the past are condemned to repeat it.” Reading the<br />

article made me ponder whether we, as cybersecurity practitioners, actually do learn enough from our<br />

collective cybersecurity past to effectively protect present activities and to anticipate and meet future<br />

threats.<br />

Have we really learned from our past? Because protecting the cyber realm is such a broad duty, I would<br />

have to say the answer is not yes or no, but it is yes and no. As a society, it appears we’ve embraced or<br />

at least acknowledged the ease with which cyber criminals can manipulate enterprise systems, and we’ve<br />

generally accepted the risks-to-consequences ratios in both our personal and professional lives. As a<br />

result, many people take some measures to protect their personal home networks, but ultimately many<br />

just don't think they will be the victim of a cyber attack. So, I would say that yes—most people have<br />

learned that they need to protect themselves in some ways—but I would also say no to whether they<br />

generally do enough. Similarly, the overwhelming majority of corporations have run risk analyses<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 43<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

egarding the use (or not) of various cybersecurity measures against their cost, and most have chosen<br />

to implement at least some protective measures. So, yes, the corporate world has learned that not taking<br />

measures to safeguard their networks would likely negatively impact their bottom lines at some point;<br />

however, I would again say no to whether they generally do enough or to whether they’re generally using<br />

the appropriate tools.<br />

Also, why do we still need to tell a story about cybersecurity to change corporate culture and get serious<br />

funding <strong>for</strong> security? Just walk around your organization, and everyone is on the network. Without it, little<br />

work gets done and productivity drops significantly. If this tool is so important, why do we not treat it as<br />

such? If Gartner’s data is accurate, lessons are coming slowly to many corporations:<br />

• By 2025 ONLY 40% of boards of directors will have a dedicated cybersecurity committee<br />

• By 2025, ONLY 70% of CEOs will mandate a culture of organizational resilience to combat threats<br />

Another lesson still being taught: Do most corporations know they should be en<strong>for</strong>cing updates <strong>for</strong> known<br />

security vulnerabilities that have been documented and announced by respective cyber communities to<br />

keep us all safe? The answer is yes, but do most of them do enough or do it effectively? That answer is<br />

no. Otherwise, consistently updating computers and keeping them current with the latest patches/security<br />

fixes across the enterprise would stop 99% of vulnerabilities exploited to date.<br />

Inconsistent system updates greatly expand cyber vulnerabilities and risks. If this is known and<br />

understood, then why is it seemingly so difficult to succeed at attaining effective cybersecurity? It’s<br />

because many companies don’t effectively cultivate three critical components of their cybersecurity<br />

processes: 1) people, 2) culture and 3) technology. We must have people who follow the security<br />

processes, a corporate cyber culture that supports its people and the processes, and the technology to<br />

implement the processes, when necessary.<br />

If we agree these are three critical components of effective cybersecurity processes, then we must<br />

remember that people are trainable; the culture can be fixed with training and leadership from senior<br />

management; and technology is constantly adapting with the use of artificial intelligence and machine<br />

learning. Strengthening cybersecurity processes through people, culture, and technology costs<br />

corporations valuable time and money, so it’s wise to use these three resources in the most practical and<br />

beneficial ways possible. This often means that the latest and greatest technologies or programs aren’t<br />

actually necessary to achieve effective cybersecurity.<br />

As an example, look at zero trust. It is an architecture and not a technology, but the cybersecurity industry<br />

very often wants customers to buy all new equipment to implement zero trust. This ends up helping the<br />

bottom lines of the said cybersecurity companies, but are organizations any safer? That is often arguable,<br />

but even newer tools have no better chance of succeeding than in the past unless the people using them<br />

use them appropriately, born out of a culture that teaches and supports such use.<br />

Aside from malicious actors themselves, if we believe people, or network users, are one of the biggest<br />

threats in the cybersecurity realm, an immediate and cost-effective fix is to engender a culture of<br />

cybersecurity professionalism in our everyday users. Train the users to not only prioritize necessary<br />

updates on their systems but to follow other cyber hygiene measures regarding the use of email, the<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 44<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

internet, etc. How much training is sent to the employees? Is it completed, and is it a priority? Do the<br />

employees understand the risks associated with not following proper cybersecurity processes? And is<br />

the example of being a good cybersecurity steward exemplified from the top down—does it begin at<br />

senior levels within the company? This is often the best way <strong>for</strong> culture to be impacted. A great example<br />

of how senior levels can set the example can be taken from Netflix and the implementation of their leave<br />

policy, which is to say they have no complex leave policy. As long as people complete their work and<br />

don’t leave anyone else in the lurch, employees may take leave when and where they’d like. Employees<br />

were initially disbelieving; however, when Reed Hastings, the chairman of Netflix, and the leadership staff<br />

posted photos of their respective vacations, it changed the culture quickly because everyone could see<br />

the boss was embracing the company’s approach to leave. This leave approach certainly wouldn’t work<br />

in all organizations, but that is beside the point. It’s an example of how leaders in an organization can<br />

positively influence their employees.<br />

With predictions that threat actors will weaponize operational technology environments to cause human<br />

casualties by 2025, and with the influx of over-the-air updatable programmable logic controllers and<br />

continued malicious attacks on our SCADA networks, it’s more imperative than ever to learn from and<br />

apply the cybersecurity lessons of the past. We are starting to see more broad negative effects of<br />

breached or attacked systems on administrative networks today. Not only may companies have to stop<br />

operations temporarily, but entire supply chains can be affected, which ultimately can affect the entire<br />

country.<br />

As IT and cybersecurity professionals, it's our duty and challenge to push industry executives to prioritize<br />

cybersecurity as a high-interest item in the funding drills corporations exercise yearly. We must motivate<br />

them to continue to bake-cybersecurity-in from the initial design and conception phases of budgeting<br />

versus tacking it on at the end of the process. To prevent cyber attacks such as those on Sony in 2014<br />

or more recent examples such as Colonial Pipeline or JBS meat processing, we must use all the tools at<br />

our disposal and more effectively apply the cybersecurity lessons of the past. This means not only<br />

budgeting and applying funds to cybersecurity but also cultivating strong cybersecurity processes via<br />

three main components: people, culture and technology. As Gartner pointed out, “99% of vulnerabilities<br />

exploited will continue to be ones that teams knew existed.”<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 45<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

(Source attribution: Silent Quadrant)<br />

Marc is the President, CISO Advisory at Silent Quadrant. He is a widely<br />

acknowledged subject matter expert and public speaker on matters of digital<br />

protection and risk management.<br />

Pioneering, innovative, highly accomplished, and decorated, Marc leverages an<br />

immense and diverse skillset – derived over the course of his 25+ year career in<br />

the United States Air Force – to positively impact digital security, digital<br />

trans<strong>for</strong>mation, risk management, and strategic operations within organizations<br />

across a vast array of industries.<br />

Achieving the rank of Colonel, Marc’s rich military career included assignments as:<br />

• Commander, Air Force <strong>Cyber</strong>space Capabilities Center<br />

• Commander, 375th Communications Group<br />

• Director, Legislative Affairs, United States <strong>Cyber</strong> Command<br />

• Commander, 2nd Communications Squadron<br />

• Executive Officer, Office of Warfighting Integration<br />

• Congressional Fellow <strong>for</strong> Senator Ben Nelson (Nebraska)<br />

• Fellow, Center <strong>for</strong> a New American Security<br />

With digital security at its core, Marc’s experience within both the public and private sectors spans<br />

executive leadership, digital trans<strong>for</strong>mation, artificial intelligence, machine learning, robotics,<br />

governance, and legislative affairs, among many other areas. Marc maintains the prestigious credentials,<br />

CompTIA Advanced Security Practitioner (CASP+), Certified In<strong>for</strong>mation Systems Security Professional<br />

(CISSP), Certified In<strong>for</strong>mation Security Manager (CISM), as well as Project Management Professional<br />

(PMP), and Masters’ Degrees in both National Security Strategy and Management In<strong>for</strong>mation Systems.<br />

Marc can be reached on the Silent Quadrant website, LinkedIn or email marc@silentquadrant.com.<br />

(Source attribution: Silent Quadrant)<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 46<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How to strengthen cyber resilience with Unified BCDR<br />

By Joe Noonan, General Manager, Unitrends and Spanning<br />

<strong>Cyber</strong>crime and hybrid work environments prompted by the pandemic have significantly impacted the<br />

way organizations protect and store their data. Data is living in multiple places, and backups now must<br />

protect data centers, endpoints, multiple clouds and SaaS. More than ever, IT professionals need to<br />

incorporate unified business continuity and disaster recovery (BCDR) plans into their cyber resilience<br />

strategy to protect the organizations they serve.<br />

<strong>Cyber</strong> resilience goes beyond firewall and patching. It refers to how well an organization responds to<br />

cyber threats and involves a strategy that accounts <strong>for</strong> planning, detecting, defending and responding in<br />

case of an attack. There is also a clear process in place <strong>for</strong> recovery and business continuity.<br />

It is difficult <strong>for</strong> IT professionals to find time <strong>for</strong> cyber resilience planning when they’re juggling so many<br />

other responsibilities. But not having a strategy in place can be disastrous <strong>for</strong> an organization.<br />

Terms to Know<br />

When it comes to BCDR, there are two terms that will guide your cyber resilience strategy – recovery<br />

time objective (RTO) and recovery point objective (RPO). RTO is the amount of time it will take to have<br />

the business back online. RPO refers to how much data an organization can af<strong>for</strong>d to lose as it pertains<br />

to time or amount of in<strong>for</strong>mation. The RPO <strong>for</strong> a bank, <strong>for</strong> example, would be close to zero because as<br />

soon as the system goes down, hundreds, even thousands of transactions can take place. A bank cannot<br />

af<strong>for</strong>d to lose this in<strong>for</strong>mation and it would be difficult to recover if the IT environment is non-operational.<br />

One way to think about RPO is the more difficult it is to recover data, or create it from scratch, the shorter<br />

RPO an organization will need to have. Once both RTO and RPO are established, it’s time to look <strong>for</strong> a<br />

unified BCDR tool.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 47<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

What to look <strong>for</strong> in a solution<br />

<strong>Cyber</strong>criminals are becoming more cunning, driving the need <strong>for</strong> backup and recovery. A successful<br />

backup can eliminate the impact of a cyberattack. <strong>Cyber</strong>criminals know this so they look <strong>for</strong> alternate<br />

ways to disable, encrypt and delete those backups. An efficient unified BCDR solution is built on hardened<br />

Linux – not Windows – so it is not as vulnerable. Another way to fend off cyber criminals is by storing<br />

offsite data in an immutable <strong>for</strong>mat, which makes it untouchable and prevents attackers from making<br />

changes to it.<br />

Additionally, there are innovative backup appliances that can protect data wherever it lives. Today, there<br />

are appliances that provide powerful data protection and fit in your pocket! These solutions are perfect<br />

<strong>for</strong> small-office settings or even home offices since they do not require a server rack. They are extremely<br />

quiet and come with built-in software tests recoverability right on the box. This ensures data will be<br />

available whenever needed.<br />

AI saves time<br />

Organizations should look <strong>for</strong> solutions that use artificial intelligence (AI) and machine-learning to identify<br />

suspicious activity and alert administrators to possible ransomware be<strong>for</strong>e it spreads. AI has multiple<br />

benefits, among them, allowing IT professionals to cut wasted time on false alerts and backup<br />

remediation by up to 50%. An AI-powered assistant can think the way a technician does, prioritizing<br />

issues in the most critical systems so your actual technicians can focus on what matters most.<br />

Another thing to keep in mind when considering a unified BCDR solution is opting <strong>for</strong> tools that include<br />

anti-phishing options to protect against credential compromise and account takeover attacks. People are<br />

the first line of defense, and they may accidentally put an organization at risk if they lack security training.<br />

An effective tool maximizes productivity<br />

A unified BCDR solution should offer a single view of the entire data landscape, so technicians do not<br />

have to move between multiple systems. This saves them time and decreases room <strong>for</strong> error. Another<br />

way a BCDR tool can maximize productivity is through automation. Technicians can spend more than a<br />

quarter of their day monitoring, managing and troubleshooting backups. Automated solutions proactively<br />

fix common problems in the backup environment, there<strong>for</strong>e pulling double duty by saving technicians<br />

time and securing the environment.<br />

Don’t let compliance fall through the cracks<br />

Some organizations operate in highly regulated industries such as government or healthcare, which<br />

mandate how data must be secured. Regardless of the industry, most companies must adhere to<br />

compliance standards, especially if they want to be approved <strong>for</strong> cyber insurance. Part of a cyber<br />

resilience plan includes policies around data retention and automated backups to guarantee compliance.<br />

Organizations must be prepared to properly store, archive and recover compliance data as a proactive<br />

measure.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 48<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A BCDR solution with automated disaster recovery (DR) testing capabilities also helps with executing<br />

service level agreements (SLA). It allows organizations to schedule a time and specify the systems that<br />

need to be tested and then takes care of it automatically. If a test identifies an SLA cannot be completed,<br />

adjustments can be made, and tests run again to check if the changes worked. This type of testing<br />

protects against unplanned downtime.<br />

Regardless of where data lives, a unified BCDR solution can help IT professionals rein<strong>for</strong>ce their<br />

organization’s cyber resilience, free up time to focus on more important tasks, adhere to compliance<br />

regulations and ensure SLAs are met.<br />

About the Author<br />

Joe Noonan is the General Manager of Unitrends and Spanning. Joe<br />

has spent over 18 years delivering hardware and software technology<br />

solutions <strong>for</strong> virtualization, cloud, data protection, and disaster<br />

recovery. He has worked <strong>for</strong> Unitrends since 2010 driving its software<br />

product strategy <strong>for</strong> data protection, recovery automation, and cloud<br />

disaster recovery and migration. Joe has also held roles in developing<br />

technology alliances and is now the GM <strong>for</strong> the backup and DR suite at<br />

Kaseya, which includes Unitrends, Spanning and Kaseya-branded<br />

backup solutions. Joe can be reached at unitrends.com/contact.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 49<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

3 <strong>Cyber</strong>security Certainties <strong>for</strong> <strong>2022</strong><br />

By Bill Moore, XONA<br />

As businesses transitioned to hybrid work models in 2021, critical integrations between IT and OT<br />

technologies introduced new vulnerabilities that threat actors exploited with shocking frequency and<br />

effectiveness.<br />

This was especially true <strong>for</strong> manufacturers, energy producers, and utilities, which increasingly rely on<br />

remote operations capacity to empower distributed teams to engage physical infrastructure from<br />

anywhere in the world. As a result, many organizations experienced an ICS/OT cybersecurity incident in<br />

the past year, costing companies millions of dollars in recovery and opportunity costs.<br />

With everything from ransomware attacks to data breaches becoming more prevalent and impactful, it’s<br />

even more important that those charged with protecting critical infrastructure enhance their defensive<br />

postures to meet the moment. As they reflect on their cyber readiness and plan <strong>for</strong> the year ahead, here<br />

are three cybersecurity certainties that should guide their decision-making processes.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 50<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

1. <strong>Cyber</strong>security Incidents Will Become More Expensive<br />

<strong>Cyber</strong>crime is big business, collectively netting more than $1.5 trillion annually, making it more valuable<br />

than many of the biggest companies in the world. Money is the main motivator <strong>for</strong> today’s threat actors,<br />

who often view cybercrime as a low-risk, high-reward financial opportunity.<br />

There<strong>for</strong>e, companies shouldn’t be surprised that cybersecurity incidents are becoming more expensive.<br />

Most notably, ransomware payments are soaring. In 2018, the average ransomware payment<br />

approached $7,000. By 2020, many companies were paying more than $200,000. This year, the average<br />

ransomware payment increased by 518 percent, a shocking surge reflecting digital infrastructure’s<br />

centrality <strong>for</strong> many companies' operational continuity.<br />

At the same time, the cost of a data breach reached a record high in 2021, surpassing $4 million <strong>for</strong> the<br />

first time. With cybersecurity insurance premiums similarly increasing, rapidly, companies are left with<br />

little recourse <strong>for</strong> mitigating the cost of a cybersecurity incident.<br />

While companies may be tempted to rely on previously purchased IT-focused cybersecurity products,<br />

the rising costs of failure are a reminder that investing in an OT-specific cybersecurity solution is an<br />

investment with tremendous returns.<br />

2. Failure to Secure Digital Infrastructure Will Have Real-world Implications<br />

In 2021, cybersecurity failures interfered with manufacturing operations, exposed sensitive data, and<br />

eroded brand reputation. <strong>Cyber</strong>security incidents will have even more heightened real-world implications<br />

that put people at risk in the year ahead.<br />

For example, looking to leverage access to company networks, ransomware gangs are exfiltrating<br />

company data, raising the stakes <strong>for</strong> victims while increasing their leverage to extract high payouts. This<br />

trend will continue in <strong>2022</strong>, compounding the consequences of a cybersecurity incident.<br />

Most importantly, as manufacturers, energy producers, and utilities continue integrating IT and OT<br />

systems, cybersecurity incidents put public safety on the line. A 2021 event in Oldsmar, Florida, where a<br />

threat actor capitalized on an IT vulnerability to access OT capabilities in an attempt to poison the city’s<br />

water supply, is emblematic of the challenges many companies and municipalities face.<br />

This year, cybercriminals demonstrated the capacity to instigate fear, uncertainty, and chaos, causing<br />

long gas lines, production shortages, and close encounters that make it clear that companies need to<br />

prepare <strong>for</strong> the failure to secure digital infrastructure to have real-world implications in <strong>2022</strong>.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 51<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

3. Threat Actors Will Continue to Evolve<br />

<strong>Cyber</strong>criminals are agile, always ready to adapt to exploit new vulnerabilities and circumstances to<br />

maximize impact.<br />

For instance, in November 2021, the Federal Bureau of Investigation (FBI) released a memo to<br />

companies completing “time-sensitive financial events,” noting that threat actors are targeting these<br />

organizations with ransomware attacks, looking to capitalize on the high-stakes, urgent nature of their<br />

work to extract timely payments.<br />

It’s likely that cybercriminals will look to exploit manufacturers, energy producers, and utilities in the same<br />

way. However, this tactical adjustment is a reminder that threat actors are continually evolving, and<br />

companies need to change too.<br />

Especially as companies continue to adopt experimental workplace arrangements, they need to be more<br />

mindful than ever of the ways these changes expose their digital infrastructure to evolving threat trends.<br />

<strong>Cyber</strong>security Risks May Be Likely, But the Prepared Are More Likely to Succeed<br />

Effective cybersecurity practices don’t happen by accident. They are the result of careful assessments,<br />

intentional planning, and successful implementation.<br />

The past year was uniquely challenging as threat actors too often gained the upper hand, exploiting new<br />

vulnerabilities in IT and OT integrations to wreak havoc among critical infrastructure. Their continued<br />

success isn’t inevitable, making today the right time to prepare <strong>for</strong> tomorrow’s challenges.<br />

About the Author<br />

Bill Moore is the CEO and Founder, XONA, providers of a unique<br />

“zero-trust” user access plat<strong>for</strong>m especially tailored <strong>for</strong> remote<br />

Operational Technology (OT) sites. Bill is currently working with<br />

global power, oil and gas, and manufacturing customers to reduce<br />

their remote operations costs and cyber risks. Bill brings more<br />

than 20 years’ experience in security and the high-tech industry,<br />

including positions in sales, marketing, engineering and<br />

operations.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 52<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Is XDR The Right Solution <strong>for</strong> Today’s Security Threats?<br />

Defining XDR’s Role in the Security Stack<br />

By Steve Garrison, VP Marketing, Stellar <strong>Cyber</strong><br />

XDR and Open XR are two of the latest buzzwords in the cybersecurity tools market, but there are many<br />

definitions of XDR and several approaches to delivering it. Let’s clear the air a little.<br />

In general, cybersecurity products use preventive physical and software measures to protect the network<br />

and its assets from unauthorized access, modification, destruction, and misuse. These products typically<br />

protect specific assets on the network:<br />

• Firewalls: prevent unauthorized users from accessing the network by allowing or denying traffic.<br />

• Anti-Virus/Malware software: protects network endpoints and servers from becoming infected<br />

by damaging software that can corrupt files, export sensitive data, or per<strong>for</strong>m other malicious<br />

activities.<br />

• Application Security: systems look <strong>for</strong> and block vulnerability points in application software.<br />

• Network Access Control: systems manage access permissions <strong>for</strong> authorized users and<br />

devices, preventing unauthorized users from gaining access.<br />

• User Behavior Analytics: solutions monitor user activity, baseline normal behavior, and alert on<br />

activities that deviate from normal activity.<br />

• Network Traffic Analysis: Network Detection and Response (NTA/NDR) products analyze<br />

network traffic, look <strong>for</strong> abnormal patterns that can indicate attacks, and act based on the results.<br />

Network traffic does not lie and contains strategic data <strong>for</strong> threat detection.<br />

• Cloud Security: solutions protect resources in the cloud.<br />

• Intrusion Prevention Systems (IPS): monitor <strong>for</strong> and block attacks from outside users or<br />

processes that get past the firewall.<br />

• Security In<strong>for</strong>mation and Event Management (SIEM): SIEM products collect data from various<br />

device logs on the network and can monitor <strong>for</strong> anomalies. Traffic-based NTA/NDR products<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 53<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

complement SIEMs by analyzing logs and acting. In fact, NTA/NDR is critical to advancing<br />

visibility beyond logs.<br />

As you can see, there’s a lot to protect in a network, and a lot of approaches to protecting it. But rather<br />

than having a dozen or more point solutions (each with its own interface console) to manage, wouldn’t it<br />

be easier, faster, and more efficient to have just one? That’s where XDR / Open XDR comes in.<br />

Definitions of XDR<br />

Initial definitions of XDR – eXtended or Everything Detection and Response – envisioned it as a single<br />

plat<strong>for</strong>m that unifies detection and response across the entire security kill chain. The idea is that instead<br />

of manning a dozen or more separate security consoles to monitor and protect the network, XDR unifies<br />

the telemetry from those tools and presents it in a single dashboard. The more advanced products not<br />

only unify the data, but also correlate and analyze it automatically to present a prioritized list of threats<br />

with recommendations about how to neutralize them.<br />

So how does the market define XDR, specifically? That depends on who you ask. According to Rik<br />

Turner, a lead analyst at Omdia who coined the XDR acronym, XDR is “a single, stand-alone solution<br />

that offers integrated threat detection and response capabilities.” To meet Omdia’s criteria to be classified<br />

as a “comprehensive” XDR solution, a product must offer threat detection and response functionality<br />

across endpoints, networks, and cloud computing environments.<br />

Gartner’s definition is similar in that it points to features such as alert and incident correlation, built-in<br />

automation, multiple streams of telemetry, multiple <strong>for</strong>ms of detections (built-in detections), and multiple<br />

methods of response. However, Gartner requires XDR to be achieved through consolidating multiple<br />

proprietary, vendor-specific security products.<br />

Forrester’s definition of XDR requires the plat<strong>for</strong>m to be anchored around an EDR. It defines Native XDR<br />

as EDR integrating with a vendor’s own security tools; Hybrid XDR as EDR integrating with third-party<br />

security tools; a SAP (Security Analytics Plat<strong>for</strong>m) as a plat<strong>for</strong>m without built-in EDR, but with built-in<br />

NAV and SOAR with third-party integrations; and SSA (Standalone Security Analytics) as those plat<strong>for</strong>ms<br />

that rely solely on third-party tools <strong>for</strong> telemetry sources and responses.<br />

Open XDR<br />

Open XDR was initially created by Stellar <strong>Cyber</strong> with the same features Gartner mentions, except that<br />

not all the security products/components have to be from the same vendor. Instead, the plat<strong>for</strong>m is open<br />

and integrates with third-party security tools. Some components are built-in, and others are added<br />

through deep third-party integrations.<br />

The Open XDR moniker was later picked up by vendors who purely rely on a wide ecosystem of thirdparty<br />

tools <strong>for</strong> telemetry sources and response, but who don’t offer any built-in components.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 54<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How Open XDR Helps<br />

Open XDR addresses a key reality in organizational cybersecurity infrastructures, which is that<br />

companies have already invested heavily in security tools, and they don’t want to have to abandon those<br />

investments to adopt XDR. Rather, Open XDR allows companies to leverage these existing investments<br />

while making them more valuable by automatically correlating their data with data from other tools and<br />

sensors.<br />

In addition, the more advanced Open XDR plat<strong>for</strong>ms leverage AI and machine learning to cut down on<br />

analysts’ “alert fatigue.” Instead of managing thousands of alerts from a dozen or more tools, XDR<br />

combines related alerts into higher-level incidents and automatically dismisses many alerts based on<br />

what it “learns” to be normal behavior in any given environment.<br />

Given the rising tide of cybersecurity attacks affecting every type of organization, combined with a global<br />

shortage of cybersecurity analysts and high analyst turnover rates and burnout, any solution that<br />

improves protection along with analyst productivity is welcome indeed. That’s the real promise of XDR.<br />

About the Author<br />

Steve can be reached online at sgarrison@stellarcyber.ai and at our<br />

company website http://stellarcyber.ai.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 55<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why the Future of Threat Detection and Prevention is<br />

Unified Security and Risk Analytics<br />

Why True AI/ML Capabilities are Essential <strong>for</strong> Next-Gen Risk Analytics<br />

By Sanjay Raja, VP of Product Marketing at Gurucul<br />

As cloud adoption continues to grow and remote work becomes the new normal, security teams are<br />

facing increased challenges with decreased visibility and a larger influx of security event data. As<br />

ransomware attacks continues to rise (i.e., recent SonicWall data showed 148% increase through Q3’21),<br />

SecOps teams are struggling to identify attacks be<strong>for</strong>e damage is done. As a result, they’re chasing<br />

solutions that accelerate detection and response, while increasing operational efficiencies.<br />

Un<strong>for</strong>tunately, in many cases vendor claims only provided minimal improvements that are not keeping<br />

pace with the today’s threat actors. Traditional SIEMs and Endpoint-focused XDR are not fulfilling the<br />

promise of reducing the burden on understaffed security teams. The volume of alerts and false positives<br />

make it an uphill battle. For organizations wanting to reduce cyber risk across the on-prem, cloud, and<br />

remote infrastructures commonly supported today, security teams need to leverage unified data<br />

collection, a multitude of analytics, non-rule-based Machine Learning (ML) and Artificial Intelligence (AI),<br />

consolidated investigation interfaces, and targeted automation <strong>for</strong> faster response.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 56<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

A very small set of next-gen SIEM solutions are innovating through more unified security and risk<br />

analytics capabilities that are crucial <strong>for</strong> success today. In this article, I’d like to explore why the future of<br />

threat detection and response is stemming from these new advancements.<br />

SIEM was initially designed primarily <strong>for</strong> log collection and storage <strong>for</strong> compliance, then evolved to include<br />

the correlation of more log data sources <strong>for</strong> threat detection. Over time that functionality increased to<br />

integrate log, network, and endpoint data into a single location and match it up with security events. This<br />

helped analysts investigate commonalities or groups of related events. And as rules were developed<br />

around these related events, the SIEM could help to detect known threats.<br />

Then came the rise of the terms like Machine Learning and Artificial Intelligence (ML/AI) – offering the<br />

promise of a silver bullet to solve threat detection and response. However, these terms were commonly<br />

misused and in reality were just rule-based analytics engines that would conditionally gather more data<br />

<strong>for</strong> greater context. However, as attackers stayed hidden inside the network longer, rule-based analytics<br />

often failed to correlate seemingly disparate events across time and continued to focus on known attacks.<br />

As a result, new, unknown, and emerging attacks and variants were easily able to avoid detection.<br />

Furthermore, SIEM were also traditionally plagued by the lack of cloud-native offerings that were built to<br />

handle both cloud and hybrid infrastructures equally.<br />

Today, newer advancements in SIEM are focused in several areas designed to make it the primary<br />

plat<strong>for</strong>m <strong>for</strong> the security operations center (SOC). This includes security monitoring, improved threat<br />

detection, and playbooks to drive faster response. Many EDR, XDR and SIEM solutions that claim to use<br />

ML/AI continue to use rule-based engines with finite models, patterns and signatures that are not updated<br />

fast enough when new attacks are discovered.<br />

However, there are next-gen SIEM solutions incorporating unified security and risk analytics that are<br />

taking the extra step to deliver out-of-the-box advanced data modeling across cloud, user, network, asset,<br />

endpoint, and log telemetry. The few that offer true ML/AI can automatically detect new, unknown, and<br />

emerging attacks, including subtle variants. Along with an understanding of user access and entitlements,<br />

behavioral modeling, and risk metrics, the end goal of next generation SIEM is to streamline every facet<br />

of the SOC. This includes reducing noise and false positives, prioritizing which IoCs need to be<br />

investigated, consolidating data <strong>for</strong> easier investigations, and providing a high confidence, low-risk<br />

automated response to prevent a successful attack.<br />

What does that mean? Let’s look at the key elements of unified security and risk analytics in a nextgeneration<br />

SIEM.<br />

• Unified Correlation, Continuous Risk Profiling and Behavioral Anomaly Detection – A Nextgeneration<br />

SIEM must unify data collection across the entire infrastructure, on-prem, cloud and<br />

remote, by gathering endpoint, log, user, access, entity/asset, network, and other data to provide<br />

greater context. With risk profiling applied to abnormal behaviors, a behavior-based risk can be<br />

calculated to elevate which events are truly relevant <strong>for</strong> investigation, or can even be used to<br />

determine an immediate threat with conviction. This shrinks the noise created by false positives<br />

and provides more context to enable a much more targeted response, ideally be<strong>for</strong>e an attack<br />

campaign starts to establish itself.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 57<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Identity and Access Analytics – Next-gen SIEM uses Identity Analytics (IdA) leveraging data<br />

science that monitors <strong>for</strong> and identifies risky access controls, entitlements, user behaviors, and<br />

associated abnormal or deviant activity. These types of advanced analytics data can also serve<br />

key indicators <strong>for</strong> provisioning, de-provisioning, authentication, and privileged access<br />

management by IAM teams. IdA surpasses human capabilities by leveraging machine learning<br />

models to define, review and confirm accounts and entitlements <strong>for</strong> access, and works with risk<br />

analytics to prioritize suspicious activity as more malicious.<br />

• Cross-Channel Fraud Prevention – Next-gen SIEM offers modern fraud detection capabilities with<br />

the ability to link data from a multitude of sources to provide a contextual view of what’s happening<br />

in the environment. Such plat<strong>for</strong>ms highlight anomalous transactions based on historic user and<br />

community profiles so analysts can initiate investigations or execute automated remediation<br />

actions. It analyzes online and offline activity, including public records, contact center interactions,<br />

point of sale transactions, ATM transactions, and more. It mines and normalizes data and then<br />

creates a risk score <strong>for</strong> fraud and abuse which can be used <strong>for</strong> real-time decision making.<br />

The ability to combine these elements to best suit the needs of an organization offer SecOps power and<br />

flexibility when protecting users and the business from data exfiltration, cyber fraud, privilege access<br />

abuse, account compromise and more – using behavior and context. As a result, teams can prioritize<br />

risks and alerts, quickly investigate problems, automate risk response, have a comprehensive view of<br />

case management, conduct contextual natural language search and more, all consolidated into a single<br />

management console.<br />

As the consolidation of security capabilities continues, providers are working to layer on more capabilities<br />

to further unify security, including UEBA, SOAR and XDR. They’re also working to provide better security<br />

and to lower capital and operational requirements, including scaling, training, management, and<br />

maintenance. In addition, security operations teams have long invested and been focused on external<br />

threats. This has led to a lack of monitoring <strong>for</strong> insider threats. As part of the foundation of a successful<br />

security program, teams must monitor <strong>for</strong> both external and internal threats. And a mature UEBA set of<br />

capabilities should be incorporated to fully protect the organization.<br />

What questions should you be asking today about your SIEM or to your SIEM provider?<br />

• How is the SIEM plat<strong>for</strong>m delivered? The ability to run as a collection of services entirely within<br />

the cloud makes it ideal <strong>for</strong> risk analysis of security data. Organizations have the advantage of<br />

aggregating and analyzing data from worldwide sources in a single application instance. These<br />

plat<strong>for</strong>ms must also scale (both up and down) to accommodate varying workloads. Furthermore,<br />

a cloud-native solution is often easier to maintain over time since the vendor can per<strong>for</strong>m<br />

upgrades quickly, and in real-time.<br />

• Do they offer open analytics and allow teams to easily modify and build customer ML models?<br />

Open analytics are critical <strong>for</strong> security teams to be able to customize their ML models to suit their<br />

specific needs or build their own models. It’s important to understand exactly what goes into a<br />

model to be confident in its output. With black box analytics, results must be taken on faith since<br />

nobody knows how the answers are obtained, or if the results are valid.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 58<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• What are my options <strong>for</strong> data lake? Where and how data is stored is a critical factor in the flexibility,<br />

speed, quality, and cost of security data processing, ingestion, and storage. Open choice of big<br />

data offers major economic advantages over traditional data warehouses <strong>for</strong> scaling to terabytes<br />

or petabytes. It’s imperative that a SIEM plat<strong>for</strong>m works with what you already have or plan to<br />

purchase versus being locked into a proprietary vendor data lake.<br />

• What does the risk modeling approach look like? Look <strong>for</strong> a plat<strong>for</strong>m that offers self-learning, selftraining,<br />

and contextually aware algorithms that score every transaction as they’re evaluated in<br />

near real time. This requires a comprehensive risk engine that per<strong>for</strong>ms continuous risk scoring<br />

and can provide real time risk prioritized alerts <strong>for</strong> incident analysis. The risk scoring framework<br />

needs to roll up risk scores from multiple contributing elements (with the ability to deliver<br />

normalized user and entity risk scores). As a result, a finite number of targeted response actions<br />

can be defined that are both targeted and driven by high-fidelity automation, and thereby<br />

accelerating threat response.<br />

SIEM is not just about ingesting data sources. To empower security teams these solutions must deliver<br />

a variety of capabilities. This includes providing actionable context of the ingested data, reducing noise,<br />

and identifying and prioritizing the right events associated with an attack. It also means delivering highly<br />

accurate and targeted investigation capabilities with confirmation of the attack and high-confidence<br />

automated responses. Finally, these solutions need to thwart the successful detonation of ransomware<br />

or the execution of the main attack purpose (corruption, disruption, or theft).<br />

A next-generation SIEM with unified security and risk analytics should be the core of a successful security<br />

operations program. Security teams must evaluate innovative technologies that continue to improve and<br />

consolidate analytical capabilities to provide a more usable plat<strong>for</strong>m that also improves the ROI of the<br />

SOC program.<br />

About the Author<br />

Sanjay Raja brings over 20 years of experience in building, marketing<br />

and selling cyber security and networking solutions to enterprises,<br />

medium-to-small business, and managed service providers.<br />

Previously, Sanjay was VP of Marketing at Prevailion, a cyber<br />

intelligence startup. Sanjay has also several successful leadership<br />

roles in Marketing, Product Strategy, Alliances and Engineering at<br />

Digital <strong>Defense</strong> (acquired by Help Systems), Lumeta (acquired by<br />

Firemon), RSA (Netwitness), Cisco Systems, HP Enterprise<br />

Security, Crossbeam Systems, Arbor Networks, Top Layer<br />

Networks, Caw Networks (acquired by Spirent Communications),<br />

Nexsi Systems, 3Com, and Cabletron Systems. Sanjay holds a<br />

B.S.EE and an MBA from Worcester Polytechnic Institute.<br />

Sanjay can be reached online at our company website https://gurucul.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 59<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Tips And Trends <strong>for</strong> OT <strong>Cyber</strong>security In <strong>2022</strong>: More<br />

SOAR, <strong>Cyber</strong> Hygiene And Renewed Compliance<br />

By Peter Lund, Vice President of Product Management at OT security company Industrial<br />

Defender<br />

As of February <strong>2022</strong>, we’re already witnessing an increased focus on OT cybersecurity — and <strong>for</strong> good<br />

reason. The Biden Administration has announced a new plan to secure U.S. water systems from<br />

cyberattacks, an un<strong>for</strong>tunate signal that bad actors are targeting utilities and threatening what Americans<br />

typically view as guarantees. Water, gas, and electricity are all at risk of being contaminated, interfered<br />

with, or even halted, as was the case with the Colonial Pipeline ransomware attack.<br />

Despite the imminent threats, I predict the below trends will help security professionals protect OT<br />

systems this year:<br />

Rein<strong>for</strong>cing today’s standards of security<br />

In <strong>2022</strong>, we’ll see traditional managed security service providers offer OT services to stay at the <strong>for</strong>efront<br />

of the industry. This trend is already apparent with Deloitte's recent acquisition of OT security provider<br />

aeSolutions.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 60<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Additionally, we’ll witness the return to basic hygiene and reliance on preventative controls over threat<br />

intelligence. Threat intelligence is a go-to strategy <strong>for</strong> many in the industry. However, knowing what bad<br />

actors exist has little benefit <strong>for</strong> enterprises if they don't know if the doors and windows (firewalls and<br />

remote access) of their organization are locked. I would go as far as saying is many organizations still<br />

don't know how many doors and windows they have. Taking a step back, <strong>2022</strong> will welcome a renewed<br />

focus on basic hygiene.<br />

Introducing OT cybersecurity's <strong>2022</strong> innovations<br />

Security Orchestration, Automation and Response (SOAR) is standard practice in IT. As the year<br />

continues onward, we'll see more OT cybersecurity experts lean on these guidelines within their own<br />

practice.<br />

Additionally, OT passive monitoring solutions will need to expand active data collection capabilities. Many<br />

enterprises rely on outdated monitoring solutions that don't account <strong>for</strong> real-time data collection. To better<br />

manage OT assets, it will be crucial to expand data collection capabilities.<br />

Finally, Software Bills of Materials (SBOMs) will remain trendy, but adoption will lag because of OEMs. If<br />

the ongoing log4j vulnerability saga has taught us anything, it’s that SBOMs are not optional.<br />

Un<strong>for</strong>tunately, until we get buy-in from the major OEMs that supply the hardware and software that keep<br />

the lights on, customers and security vendors will be behind the eight-ball when it comes to data accuracy<br />

and integrity. Hopefully log4j will be a catalyst to get the industry to agree on a standard <strong>for</strong> publishing<br />

and sharing SBOM data.<br />

Focusing on the big picture<br />

As alternative energy sources gain prominence, we'll see an increased focus on OT security <strong>for</strong><br />

renewable energy sources, by and large renewables have been able to fly under the radar when it comes<br />

to regulations like NERC as well. As we become more and more reliant on renewables we need to ensure<br />

that they are protected, hopefully be<strong>for</strong>e a catastrophic event causes a widespread outage.<br />

As more industries work to stay compliant, the U.S. government will simultaneously double down on the<br />

NIST <strong>Cyber</strong>security Framework <strong>for</strong> standard cybersecurity controls. In <strong>2022</strong>, we can expect NIST to<br />

continue to provide additional updates and recommendations as it aims to standardize cybersecurity<br />

controls. The NIST <strong>Cyber</strong>security Framework is essential <strong>for</strong> enterprises looking to check its<br />

cybersecurity boxes.<br />

What’s next?<br />

Organizations have reason to be wary of cyberattacks in <strong>2022</strong>, but security professionals can breathe a<br />

sigh of relief when tackling the year with a strategic, three-pronged approach. Enterprises must revisit<br />

basic hygiene measures, adopt the latest and greatest tools to stay protected, and remain focused on<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 61<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

the big picture of what’s going on across the United States and in the industry as a whole. Bad actors are<br />

out to cause disruption, but organizations can stay protected with these tips and trends in mind.<br />

About the Author<br />

Peter has a strong technical and business background with over 15<br />

years of experience working with and <strong>for</strong> IT and OT product companies.<br />

Over the last five years, Peter was instrumental in bringing new features<br />

to the market <strong>for</strong> Industrial Defender. In addition to his product<br />

management role, he utilizes a wide range of experience in application<br />

development, systems engineering and marketing. Prior to working with<br />

Industrial Defender, Peter held roles at Dell EMC, Schneider Electric<br />

and KVH Industries.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 62<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Top 10 Reasons <strong>Cyber</strong> <strong>Defense</strong> Firms Should Hire<br />

Veterans<br />

Technology expert and <strong>for</strong>mer military intelligence officer shares insight on the valuable skills<br />

that veterans can bring to the cybersecurity industry<br />

By Bryon Kroger, Founder of Rise8<br />

Following the onset of the global pandemic, the number of data records compromised by cyberattacks<br />

more than doubled from the year prior, from some 15,432 in 2019 to over 37,000 in 2020. Last year, in<br />

2021, malicious cyberattacks remained a present threat as hackers attacked the Colonial Pipeline with<br />

ransomware, and CISA director Jen Easterly noted a massive flaw in Apache’s Log4j logging library that<br />

potentially left hundreds of millions of user devices vulnerable.<br />

Un<strong>for</strong>tunately, as the real and present threat of additional attacks and vulnerabilities continues to<br />

increase, and the technology used in successful attacks and data breaches becomes more sophisticated,<br />

the cybersecurity industry remains heavily understaffed. According to the National Initiative <strong>for</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 63<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong>security Education, the global shortage of qualified cybersecurity personnel is approaching nearly<br />

3 million.<br />

With such a massive shortage of workers, cybersecurity leaders and professionals should look to hire<br />

one sector of the US work<strong>for</strong>ce where applicants are not only in high demand, but also where many are<br />

already certified or qualified in cybersecurity—veterans. In this article, I will list my top 10 reasons and<br />

explain why firms should hire veterans to address critical gaps in their work<strong>for</strong>ce and cybersecurity<br />

defenses.<br />

1. Veterans are accustomed to the responsibilities of leadership<br />

Whether it’s the lessons learned from the first week of boot camp, the first night of a field operation, or<br />

the morning be<strong>for</strong>e giving a briefing, military service trains veterans from day 1 to understand the<br />

importance of leadership. In the realm of cybersecurity, it is often the quality of leaders that determines<br />

a firm’s ability to react and respond to potential threats (or present ones) in a timely manner. In the<br />

military, strong leadership could spell the difference between life or death. For cybersecurity firms, hiring<br />

veterans with leadership experience could spell the difference between overcoming and blocking a<br />

distinct threat, or allowing it to breach their (or their clients’) private data.<br />

2. Most Vets are com<strong>for</strong>table in fast-paced environments<br />

If there is one word that sums up the active-duty lifestyle, it’s “intensity.” During their time in the military,<br />

veterans learn how to adapt to and become com<strong>for</strong>table with ever-changing fast-paced environments,<br />

often with the high-stakes factor of civilians involved as some <strong>for</strong>m of collateral. In cyber defense, the<br />

high-stakes game transitions to one of veterans protecting themselves, their team, as well as civilians<br />

from malicious digital attacks. As such, veterans are already able to place themselves in a mindset that<br />

makes them a prime candidate <strong>for</strong> the cyber defense industry. Additionally, veterans may be better adept<br />

at navigating their peers through potential cyber crises and emerging victorious once a threat is<br />

addressed and nullified.<br />

3. Veterans value and respect constructive feedback<br />

In many field operations during their time in active duty service, one luxury many veterans are not able<br />

to find is the ability to try again if their operation results in failure. However, trial and error is at the<br />

foundation of cyber defense; being able to learn what a threat is as well as how to best assess it and<br />

work around it is at the core of cybersecurity. Knowing this, many veterans in the cyber defense industry<br />

will find their mentors and/or leaders offering constructive feedback and criticism of their per<strong>for</strong>mance,<br />

spurring them to do better next time against the next inevitable threat, regardless of when or where it<br />

occurs.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 64<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

4. Teamwork and individual responsibility is at the heart of military training<br />

The ability to get the job done no matter work, whether individually or as part of a team, is a mindset<br />

almost every veteran is trained to possess. As a result, veterans inherently hold stronger feelings of<br />

personal accountability and accomplishment regarding the success of their mission. Being able to<br />

operate as an individual professional that is part of a team equipped to handle outside threats — in which<br />

each individual is accountable <strong>for</strong> specific metrics of success — is at the heart of both military and cyber<br />

defense training. In the event that a cyber defense firm faces a crisis, veterans are one demographic of<br />

employees best apt to help that firm navigate the intricacies of such an occurrence.<br />

5. Veterans find purpose in delivering meaningful results<br />

Along with teamwork and leadership, the mindset of completing a mission no matter what also helps<br />

drives veterans towards delivering impactful results that their service provides others. In the realm of<br />

cybersecurity and cyber defense, those results could mean the difference between a firm’s longevity and<br />

continued success or its failure if it faces a substantial digital threat. Veterans in the industry are able to<br />

clearly understand how their per<strong>for</strong>mance directly impacts not only their team, leaders, and others around<br />

them, but also outside individuals with a stake in the success of their mission. Having this results-oriented<br />

mindset is what helps make veterans such valuable workers to the cyber defense firms that employ them.<br />

6. Vets are mission driven<br />

Whenever an active-duty veteran is instructed on what their mission means <strong>for</strong> the bigger picture, it helps<br />

instill a sense of purpose. For veterans in cyber defense and cybersecurity, that purpose is derived from<br />

the additional layers of digital protection their work and expertise provide others. When a veteran in cyber<br />

defense understands their purpose is to uphold the integrity of private data and in<strong>for</strong>mation, they dedicate<br />

themselves to upholding that purpose, providing the firms who employ them and their clients with<br />

additional means of protecting their data, which provides over-arching value to the cyber defense industry<br />

as a whole<br />

7. Dependability is vital both in military and cybersecurity service<br />

Veterans are taught to understand that any individual or service — no matter how vital — is only as<br />

valuable as it is dependable; including themselves. For instance, if a core technology a veteran relies on<br />

to conduct their daily tasks becomes unreliable, or a newer/better technology emerges, veterans are<br />

taught to seek out the reliability and value it could bring to their service. LIkewise, dependability is crucial<br />

to the ongoing success of firms within the cyber defense industry, as their services rely upon an ability to<br />

protect and bolster the defenses of vulnerable users and data.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 65<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

8. Vets understand the emphasis of structure and clarity<br />

Without a clearly defined structure, no organization will be able to achieve success or maintain that<br />

success in the long run. Structure, however, is one of the core building blocks that military service helps<br />

instill in veterans, and many veterans seek out that structure in the private sector after their military<br />

service <strong>for</strong>mally concludes. There<strong>for</strong>e, many veterans will find themselves thriving in a role at a cyber<br />

defense firm that offers them a similar sense of structure, as well as clarity regarding their purpose within<br />

the organization. Through finding these, veterans are inherently able to rely upon their military training to<br />

continue providing value to the firms they work <strong>for</strong>.<br />

9. Vets are focused on the impact of driving meaningful change<br />

If you ask a room full of veterans why they initially decided to join the military, most of the responses you<br />

receive are bound to fall along the lines of their desire to be a part of meaningful, positive change in the<br />

world. That meaningful change is precisely what the cybersecurity industry seeks to provide its clients in<br />

the face of an ever-growing and ever-changing digital landscape. In transitioning to cyber defense roles,<br />

veterans are able to carry that focus on driving impactful change into meaningful work in the private<br />

sector, leaning on their military training and background to provide a positive service that protects<br />

everyday people.<br />

10. Veterans are taught how to combat threats and take risks<br />

At its heart, military service teaches veterans how to react to threats of virtually any degree and respond<br />

to them accordingly. In the realm of cyber defense, those threats are as numerous as they are varied in<br />

their potential intensity. Additionally, veterans understand that responding to threats in a timely and<br />

responsible manner can entail the need to take risks—another commonality shared in cybersecurity.<br />

Veterans who seek to transition their skills into the private cyber defense sector are valuable to the firms<br />

which might employ them since they already possess this mindset; they know the importance of their<br />

skills and the purpose they serve in protecting others. Because veterans are inherently trained on how to<br />

combat and overcome threats, even in high-risk situations, this makes them a valuable pool of candidates<br />

<strong>for</strong> the greater cybersecurity industry.<br />

About the Author<br />

Bryon Kroger is the founder of Rise8, which places the bureaucracy of<br />

the US military and the technological innovations of Silicon Valley in the<br />

same realm. As a veteran of the US Air Force, and co-founder of the<br />

DoD’s first software factory Kessel Run, Kroger is bridging the gap<br />

between the archaic practices of govtech and the speed that Silicon<br />

Valley startups are known <strong>for</strong>. Bryon can be reached online at<br />

bryon@rise8.com and at our company website https://rise8.us/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 66<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

5 Reasons Organizations Need Comprehensive AD<br />

Security Across Cloud and On-Prem<br />

Why Organizations Need to Secure Directory Services in a Hybrid Deployment from<br />

Attack Paths<br />

By Justin Kohler, Director of BloodHound Enterprise at SpecterOps<br />

Microsoft Active Directory is one of the most common identity and access management plat<strong>for</strong>ms in the<br />

world, which un<strong>for</strong>tunately makes it a prime target <strong>for</strong> attackers. Attack Paths in Active Directory (AD)<br />

can give attackers nearly unlimited access to the rest of the network, allowing them to steal sensitive<br />

in<strong>for</strong>mation and deploy malware while avoiding detection. Like many other things in security, the task of<br />

securing AD gets more complex as organizations move workloads to the cloud. The public cloud<br />

providers have their own IAM infrastructure (Azure AD & Azure Resource Manager in Azure, IAM and<br />

AWS Organizations in Amazon Web Services, etc.) that organizations need to defend along with onpremises<br />

AD. Hybrid environments allow attacks to move from on-premises AD to the cloud or in reverse,<br />

making use of weak spots in both. Comprehensive protection is the best way to ensure the organization’s<br />

sensitive data remains safe.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 67<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Here are five reasons that organizations need to secure directory services in a hybrid deployment.<br />

1. As cloud use grows, attackers are following the data<br />

In October 2021, Microsoft reported that Azure and other cloud services grew 50% year over year in Q4<br />

2021 and have grown between 47% and 62% every quarter since Q2 2020. The Covid-19 pandemic<br />

accelerated the shift to the cloud across many industries, and the momentum hasn’t slowed down. As<br />

data has moved to the cloud, malware has followed. A survey of CISOs conducted by IDC in mid-2021<br />

found that 98% of respondents suffered at least one cloud data breach in the previous 18 months as<br />

opposed to 79% in 2020. There’s every reason to believe that adversaries will continue to target the cloud<br />

aggressively in <strong>2022</strong>. Security and cloud teams should ensure they are not leaving gaps that attackers<br />

can exploit in their identity and access management infrastructure that make it easier <strong>for</strong> adversaries to<br />

target them.<br />

2. The rapid rate of change in the cloud creates uncertainty and risk<br />

Cloud plat<strong>for</strong>ms are still being actively developed, which means the underlying software changes<br />

frequently, Cloud products and tools get merged with other products, removed, or overhauled on a regular<br />

basis. This volatility increases security risk because it prevents security experts, whether they work inhouse,<br />

<strong>for</strong> a service provider or as a consultant, from understanding the cloud plat<strong>for</strong>m in detail. Every<br />

time something changes, security pros need to re-learn how it works, what its weaknesses are and how<br />

to protect it. Until they do, they’re more likely to make mistakes, overlook security gaps or implement<br />

insecure misconfigurations. Since cloud plat<strong>for</strong>ms are relatively new compared to on-premises software,<br />

the talent pool and library of third-party resources <strong>for</strong> securing them are small to start with. These factors<br />

make the cloud especially risky, and <strong>for</strong>ces organizations to continuously revise their cloud security<br />

policies - increasing the changes something will slip through the cracks.<br />

For comparison, Microsoft Active Directory has been used <strong>for</strong> identity and access management onpremises<br />

<strong>for</strong> two decades. There are a huge number of AD admins that understand the software inside<br />

and out and an enormous library of third-party resources to help them do their job quickly and safely.<br />

While many organizations still struggle to secure AD on-premises, AD security in the cloud has additional<br />

barriers to security that make it even more important that security and cloud teams take it seriously.<br />

3. The cloud has a larger attack surface and authentication is more complex than<br />

on-premises<br />

Cloud authentication systems are easier <strong>for</strong> attackers to exploit in some ways. First, they simply have a<br />

larger attack surface. These systems are exposed to the internet by default, where on-premises AD is<br />

closed to the internet by default. With on-premises AD, adversaries first needed access to the network<br />

through a user’s credentials. In the cloud, they don’t even need that.<br />

The systems that assign permissions to specific users or groups in the major cloud plat<strong>for</strong>ms also tend<br />

to be more complex than they are in on-premises AD. For example, Azure AD uses at least three separate<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 68<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

systems to manage identity and access: Azure Active Directory, Azure Resource Manager, and the Azure<br />

API Apps permissions system. Un<strong>for</strong>tunately, these systems can often conflict and make it unclear which<br />

system is the source of truth. This makes it more difficult <strong>for</strong> security teams to audit who has access to<br />

valuable systems, which in turn makes it harder <strong>for</strong> them to find and close down Attack Paths.<br />

The more difficult it is to assign permissions, the more likely that Cloud or AD engineers will give blanket<br />

permissions to large groups of users or give a problem user admin access to just make everything work.<br />

After all, their main task is to ensure employees have access to the systems they need to do their jobs.<br />

This complexity creates additional attack paths and undermines the expertise of security and Identity<br />

Access Management engineers.<br />

4. Attacks can move from Azure to on-prem AD<br />

Attack Paths in AD don’t just stay on-premise or in the cloud; they can cross between environments. For<br />

example, adversaries can move laterally from on-premise AD to Azure AD, escalate privilege within<br />

Azure, and then move back from Azure to on-premise. They can do this by abusing Microsoft Endpoint<br />

Manager to move laterally from an Azure tenant to an on-prem AD domain. This abuse becomes possible<br />

when Windows devices have been Hybrid-Joined to both the Azure tenant and the on-prem Active<br />

Directory domain. This attack can be carried out by Azure tenant authenticated user — no special<br />

privileges or roles needed. Abusing one of the three endpoint management systems to execute<br />

PowerShell scripts on hybrid-joined devices requires either the “Global Admin” or “Intune Administrator”<br />

roles. This is why it’s vital to protect Active Directory both on-premises and in the cloud - because both<br />

of them give attackers a way in.<br />

5. Attack Paths open orgs up to dangerous attacks like ransomware<br />

Attack Paths are a way <strong>for</strong> adversaries to get powerful access that lets them steal sensitive data, deploy<br />

ransomware or other malware, achieve persistence in the network or add backdoors that will allow them<br />

to instantly re-gain privileged access in the future. An adversary that is well versed in attacking AD (and<br />

most adversaries are) can gain privileges and move freely across Attack Paths leaving minimal risk of<br />

discovery from defenders, achieve persistence, and gain the keys to the kingdom. Ransomware is a<br />

particularly active threat at the moment; approximately 37% of global organizations said they were the<br />

victim of some <strong>for</strong>m of ransomware attack in 2021, according to IDC's "2021 Ransomware Study." The<br />

FBI's Internet Crime Complaint Center received 62% more ransomware reports year-over-year in the first<br />

half of 2021. To reduce their vulnerability to all these attacks and stop problems like ransomware at their<br />

source, organizations should work on eliminating the Attack Paths in their AD environment.<br />

Identity and access management on-premises and in the cloud are two sides of the same coin.<br />

Organizations with a hybrid infrastructure model must protect both in order to keep their users and data<br />

safe.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 69<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Justin Kohler is the director <strong>for</strong> the BloodHound Enterprise product<br />

line at SpecterOps. He is an operations expert who has over a decade<br />

of experience in project and program development. After beginning<br />

his career in the US Air Force, he worked <strong>for</strong> several consulting firms<br />

focused on process and workflow optimization and held positions at<br />

Microsoft and Gigamon. He enjoys building and leading teams<br />

focused on customer delivery at Fortune 500 companies.<br />

Justin can be reached online at @JustinKohler10 and at our company<br />

website https://bloodhoundenterprise.io/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 70<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Directed Analytics - The Future of Data Management<br />

By Simon Rolph, CEO & Founder of Such Sweet Thunder<br />

The world as we know it has changed - it’s undisputed. Industries of all kinds face a wholly<br />

different landscape compared to 18 months ago, and the data industry is no exception. With<br />

each step we take into this new environment, new technologies are being developed to fit unique<br />

business needs, ultimately improving our capabilities.<br />

The data analytics industry has proliferated in recent years, with the global market expected to<br />

value $132.9 billion by 2026, a nearly 500% growth from its valuation of $23 billion in 2019. As<br />

an evolution of data analytics, directed data analytics is an essential step in making efficient and<br />

accurate business decisions.<br />

Defining directed analytics<br />

In comparison to traditional data analytics, directed data analytics offers rapid in<strong>for</strong>mation about<br />

new trends in the market. This allows companies to make data-driven decisions faster, reducing<br />

the delay between analysis and action. Ultimately, data has a short life span, and in today’s fastmoving<br />

world it is vital to act on data as quickly as possible.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 71<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Not only this, directed data analytics means companies can stay on top of a continuous and<br />

increasing stream of data, allowing more extensive databases to be built whilst allowing <strong>for</strong><br />

analysis on a wider scale.<br />

directed data analytics aims to move on from the digital dashboard approach that has been a<br />

core part of the industry <strong>for</strong> so long. Whilst dashboards are fit <strong>for</strong> the purpose they were created<br />

<strong>for</strong>, businesses are now looking <strong>for</strong> solutions that are fluid and fast-changing. Dashboards can’t<br />

provide the speed to keep up with the rapid onslaught of data that exists in the modern world.<br />

Similarly, when dashboards first emerged, they weren’t just a big step <strong>for</strong>ward <strong>for</strong> data<br />

management - they were also a significant advance <strong>for</strong> MIS (Management In<strong>for</strong>mation Systems)<br />

and EIS (Executive In<strong>for</strong>mation Systems). However, they haven’t yet evolved sufficiently to<br />

continue to be efficient and effective in this area.<br />

Being directed in a competitive landscape<br />

Directed data analytics offers the next generation of data reporting, providing a multitude of data<br />

in a short period, displayed in a customised way that is fit <strong>for</strong> the user and company, and<br />

compiling the data into a broader industry context in order to visualise long-term trends and<br />

patterns. This approach is crucial <strong>for</strong> businesses to remain competitive and stay ahead; with<br />

industries changing at a rapid pace and global events happening on an unprecedented scale.<br />

Providing feedback on product per<strong>for</strong>mance, marketing strategies and customer experience,<br />

directed analytics is fundamental <strong>for</strong> businesses in today’s climate. Without this crucial, timely<br />

in<strong>for</strong>mation, leaders cannot confidently make decisions that will allow them to improve<br />

per<strong>for</strong>mance, profitability and employee satisfaction.<br />

The future of data analysis<br />

Many companies have the data analysis tools and infrastructure they need, but the analysis fails<br />

to have a more comprehensive business impact due to red tape and lack of agility. Data can<br />

often remain stuck in dashboards, reports aren’t circulated to the relevant people, and crucial<br />

insights don’t reach senior decision-makers.<br />

The distinction here is that the technology is widely available and often already implemented;<br />

however, it is the corresponding data analysis that fails to have an impact. It’s what the data<br />

means that needs to be communicated, not the data itself.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 72<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Directed analytics allow these insights to become a part of everyday workflows. Integrating<br />

insights into a business’ existing workspaces and tools means that users don’t need to access<br />

specific dashboards or applications to find the data and then analyse it themselves. The future<br />

of directed analytics will mean that employees can ask questions and get simple, straight<strong>for</strong>ward<br />

answers grounded in data, allowing them to work seamlessly, and make smarter decisions at a<br />

faster rate.<br />

In order to progress, the directed data analytics industry needs to become almost invisible; so<br />

seamlessly integrated and providing insights so ef<strong>for</strong>tlessly that it causes no disruption to<br />

business’ daily operations.<br />

About the Author<br />

Simon Rolph, CEO & Founder of Such Sweet Thunder. Simon is the<br />

founder of data analytics firm, Such Sweet Thunder, and has been<br />

CEO since its inception in 2007. As an experienced interim software<br />

engineer, business analyst and IT project manager, specialising in<br />

Data Management and Analysis projects, Simon has over 25 years<br />

of successfully delivering complex, high-value cross sector projects<br />

and programmes <strong>for</strong> ‘Blue Chip’ internationally renowned<br />

organisations.<br />

Simon’s goal as CEO of Sweet Thunder is an aim to create a great<br />

environment <strong>for</strong> people to work delivering simple solutions to complex<br />

problems that make a tangible difference <strong>for</strong> our clients.<br />

Simon can be reached at our company website https://www.sweetthunder.co.uk/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 73<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Phishing Techniques in Disguise: What to Look <strong>for</strong> And<br />

Why You Should<br />

By By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto<br />

Phishing is a familiar concept to cybersecurity professionals - and hackers. According to a recent study,<br />

phishing attacks are the method of choice of cyber criminals attempting to infiltrate an organization. Why?<br />

Because they are easy to deploy and the opportunity <strong>for</strong> human error when clicking on a phishing email<br />

is high.<br />

When many of us hear the term “phishing” we may picture an obvious spam email that came from an<br />

easily recognizable fake email address. But it isn’t always that simple to spot a phishing attempt. It’s<br />

important to educate organizations on ways to avoid falling victim to phishing attempts, including how to<br />

identify the different shapes they can come in. Recently, Datto SaaS <strong>Defense</strong> detected a threat that was<br />

disguised as a communication hosted on a trusted domain, which enabled the attackers to operate below<br />

the radar of detection.<br />

New technique bypasses security detection<br />

This new phishing technique included two key elements that made it impossible <strong>for</strong> most security<br />

solutions to detect. The attack leveraged Adobe InDesign hosting reputation to hide a malicious link in<br />

an inframe. With the goal of harvesting users’ credentials, the attack was sent via email to lure users into<br />

clicking a link to access a shared document. The link directed people to a fake webpage designed using<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 74<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

InDesign and uploaded to indd.adobe.com, a legitimate URL. Hosting a phishing attack in a known URL<br />

is not uncommon, but this was the first time we saw it done in InDesign. The InDesign domain also has<br />

certain characteristics that enabled the bad actors to conceal the malware; the link was hidden in an<br />

image (something that is possible in InDesign) and there<strong>for</strong>e was not identified as a URL when scanned<br />

by many security solutions. This masking technique enables attackers to avoid raising suspicions and<br />

bypass many email detection measures.<br />

This was the first time this type of technique was confirmed as a phishing attack; luckily, it was uncovered<br />

be<strong>for</strong>e causing serious damage. But, this new type of threat shows just how constant - and dangerous -<br />

the evolution of the cybersecurity landscape is. <strong>Cyber</strong> criminals are, un<strong>for</strong>tunately, usually one step<br />

ahead of their targets, and it’s critical to stay up to date on the latest techniques being used to best protect<br />

yourself and your organization. To build a strong cyber detection and prevention plan against phishing<br />

attempts, there are many steps companies can, and should take.<br />

Prepare <strong>for</strong> the worst<br />

So, what are companies or security-based solutions supposed to do when faced with a tricky challenge<br />

like this one?<br />

The first step is to ensure your organization has the most up-to-date and advanced security protections<br />

in place. Basic email security is not enough - it’s critical to have a security plat<strong>for</strong>m in place that can<br />

detect more advanced and emerging phishing techniques, especially the ones that have not yet been<br />

discovered or even developed. It’s also more important than ever that organizations adopt an assumed<br />

breach mentality: plan <strong>for</strong> when a cyber attack will happen, not if. Remote work and increased use of<br />

cloud-based SaaS plat<strong>for</strong>ms are essentially invitations to bad actors. As useful as these technologies<br />

are, it opens up gaps <strong>for</strong> malware to enter a system when you least expect it.<br />

Implementing security solutions to help with detection and prevention are important, but it’s even more<br />

necessary to develop cyber resilience in your company. A strong cybersecurity approach is one that<br />

starts with an assumed breach mentality within an organization, and ends with building a cyber resilience<br />

foundation. <strong>Cyber</strong> resilience is not a product or attitude, but rather an ongoing journey with an evolving<br />

mindset to grow as new threats and technologies continue to emerge. Together with an assumed-breach,<br />

cyber-resilient culture, your company will not only be prepared <strong>for</strong> the next vulnerability around the corner,<br />

but also will have the ability to respond and quickly recover from an adverse cyber event.<br />

In an ever-changing digital environment, security can no longer af<strong>for</strong>d to be afterthought. It is the<br />

responsibility of each organization to ensure that when a threat emerges, they are able to minimize the<br />

risk to prevent the attack from growing and wreaking havoc on themselves or others, such as their<br />

customers. It is too easy <strong>for</strong> cyber attacks to quickly spread and have a ripple effect that can impact<br />

thousands. As dangerous cyber criminals become smarter, we must too, and take the proper steps to<br />

fight back.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 75<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Rotem Shemesh is the Lead Product Marketing Manager <strong>for</strong><br />

Security Solutions at Datto and plays a significant role in<br />

expanding and positioning Datto’s cybersecurity offerings. She<br />

was the head of marketing at BitDam and was responsible <strong>for</strong> all<br />

marketing and Go-to-Market ef<strong>for</strong>ts <strong>for</strong> 3 years. At BitDam, when<br />

it was a small cybersecurity start-up, she established the<br />

company’s marketing ef<strong>for</strong>ts from the ground up and was<br />

instrumental in the company’s success over the years, as well as<br />

the effective merge with Datto. Building BitDam’s marketing<br />

strategy, messaging and brand, as well as driving demand<br />

generation, communications, and channel marketing, she<br />

successfully positioned the company as a disruptive<br />

cybersecurity startup well recognized by the market, analysts, journalists, and other industry players.<br />

Rotem can be reached online at @ShemeshRotem and at our company website Datto.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 76<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Are You Prepared <strong>for</strong> the New Normal of Jekyll and Hyde<br />

Data?<br />

An organization’s data and secrets are simultaneously its greatest assets and its greatest<br />

risks.<br />

By Howard Ting, CEO, <strong>Cyber</strong>haven<br />

Recently Twitch suffered a devastating hack that exposed its most sensitive data and intellectual property<br />

including source code, unreleased product in<strong>for</strong>mation, streamer earnings, and more. For security teams<br />

and enterprise leaders, this attack should make the hair on the back of their necks stand up. This is a<br />

worst-case scenario breach, designed to cause maximum disruption, and yet, there wasn’t any regulated<br />

data in sight.<br />

The attack was all about exposing the IP and trade secrets of the business itself. Recent ransomware<br />

attacks have followed a similar blueprint by threatening to expose an organization’s secrets. This changes<br />

how an organization must view the risk to its data. While a traditional ransomware attack can be<br />

measured in downtime, when secrets are published, the damage is permanent. Data risk must now be<br />

viewed in truly strategic terms, not just operational.<br />

Coincidentally, this was the same week that Facebook was once again scrambling to contain the fallout<br />

from leaked internal documents and in<strong>for</strong>mation. These events require organizations to reassess how<br />

they use and protect their most sensitive data. It isn’t enough to simply quarantine away PCI or HIPAAregulated<br />

data and call it a day. Virtually all enterprise data is now in play when it comes to risk. Yet at<br />

the same time, data is being shared more than ever be<strong>for</strong>e, and collaboration is an essential part of<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 77<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

modern work. Organizations must be ready to navigate this apparent paradox to get the most out of their<br />

data while minimizing the risk.<br />

The Two Faces of Enterprise Data<br />

An organization’s data and secrets are simultaneously its greatest assets and its greatest risks. On its<br />

good side, data is the oxygen that keeps the enterprise alive and lets it thrive. And like oxygen, data<br />

needs to move and be consumed so that users can collaborate and create. And today this sharing occurs<br />

across a constantly evolving suite of applications and services including sanctioned enterprise apps as<br />

well as personal use apps.<br />

Yet all this sharing and collaboration opens the door to loss, misuse, or abuse of that data and can<br />

trans<strong>for</strong>m data from Jekyll to Hyde. Viewed from the perspective of risk, data is less of a life-giving oxygen<br />

and more like a self-spreading, self-replicating virus. Every user that downloads sensitive data could<br />

potentially make a copy. Data could be copy/pasted into another file, uploaded to a personal cloud, or<br />

shared via chat, personal email, or countless other methods. Every data access can turn into a number<br />

of unseen derivatives, each with its own potential <strong>for</strong> loss or misuse.<br />

Focus on the Data Actions<br />

So which is it? Is our data oxygen or a toxic virus? The answer is that it is both. The difference between<br />

data being nourishing or toxic depends on the actions and context surrounding it. The good or bad rests<br />

in how the data moves, is modified, and shared. Just as importantly, we need to know the data’s history.<br />

Where did the data come from? What user or app created it and how has it changed? So not only do we<br />

need to know the actions surrounding a piece of data, we need to know its lineage.<br />

The Way Forward<br />

Organizations need a new approach to data security that can provide this lineage and resolve the Jekyll<br />

and Hyde problem by passively watching how data is created, modified, and shared. Every action must<br />

be tracked and correlated to build a complete history of every piece of data. This opens up a far more<br />

powerful approach to securing data that lets organizations do the following:<br />

• Secure Any Type of Data - Any data can be traced and analyzed without the need <strong>for</strong> signatures<br />

or tagging. This lets organizations protect virtually any type of IP or content based on its actual<br />

value to the enterprise. Source code, ML models, financial projections, and product designs can<br />

all easily be protected equally.<br />

• Safely Enable Work and Collaboration - Users need to share and collaborate to do work without<br />

losing control. Policies can align with business processes to define how data can be shared and<br />

with whom while preventing oversharing or misuse.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 78<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Find Unseen Risk - The hardest part of security is often to control the “unknown unknowns”.<br />

Enterprises need a tool that automatically and continuously traces all data, which can find<br />

sensitive data in places the security team didn’t even know to look.<br />

In the end, data doesn’t have to be treated as Jekyll or Hyde. Instead, security policies can automatically<br />

follow the true value to the enterprise and adapt to how it is actually being used.<br />

About the Author<br />

Howard Ting is the CEO of <strong>Cyber</strong>haven. Howard Ting joined<br />

<strong>Cyber</strong>haven as CEO in June 2020. In the past decade, Howard has<br />

played a critical role in scaling Palo Alto Networks and Nutanix from<br />

initial sales to over $1B in revenue, generating massive value <strong>for</strong><br />

customers, employees, and shareholders. Howard has also served<br />

in GTM and product roles at Redis Labs, Zscaler, Microsoft, and<br />

RSA Security. Howard can be reached on Twitter and at our<br />

company website https://www.cyberhaven.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 79<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How To Defend Railway Subsystems from Targeted<br />

<strong>Cyber</strong>-Attacks<br />

By Michael Cheng, Director at TXOne Networks & C. Max. Farrell, Senior Technical Marketing<br />

Specialist at TXOne Networks<br />

Railways are a critical part of every nation’s vital system. Maintaining the constant operation of railway<br />

systems requires protection from many threats, and disruption can harshly impact a nation’s society,<br />

economy, and culture. As the critical industry of railways continues to grow, the risk of cyber-attacks has<br />

risen sharply.<br />

This creates a need <strong>for</strong> powerful cybersecurity solutions that can be rapidly and conveniently integrated<br />

into routine railway operations to safeguard these critical networks and systems. In addition, these<br />

solutions should be resource efficient and transmit data fast enough to keep up with commuter traffic and<br />

to accommodate the distributed nature of modern railway technologies.<br />

The vulnerable architecture of railway assets<br />

<strong>Cyber</strong> attacks on national utilities and transport networks have increased massively recently, but they are<br />

by no means new. Back in 2015, security specialists set up a realistic simulated rail network at the CeBIT<br />

trade fair in Hannover and put it online to see how much attention it would attract from hackers. Over its<br />

6-week runtime, 2,745,267 cyber attacks were documented, and in “about 10 percent of the attacks”<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 80<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

intruders were able to gain control over simulated assets. 1 Would-be attackers’ knowledge of railway<br />

systems has progressed even further in the seven years since this experiment.<br />

On the one hand the distributed network architecture of the railway infrastructure allows incredible<br />

adaptability and <strong>for</strong> the use of a wide variety of modular assets. On the other hand, many of these assets<br />

are no longer up-to-date or patchable. So, the fast-changing nature of cyber threats clashes with/comes<br />

up against the long service life and diversity of equipment, making the en<strong>for</strong>cement of security policies<br />

daunting. The same high-connectivity pathways that increase accessibility <strong>for</strong> trusted railroad engineers<br />

also increase accessibility <strong>for</strong> malicious intruders, which is why specially designed cybersecurity<br />

appliances and software can be so essential.<br />

Every system needs individual protection<br />

Each rail subsystem is a different set of assets with its own individual cybersecurity requirements. Every<br />

rail subsystem application classified as security-relevant has been systematically type-tested and<br />

secured according to the relevant certifications be<strong>for</strong>e leaving the factory. However, the downside of<br />

certifications is that they introduce general patterns into defenses that hackers can learn to anticipate<br />

and exploit. <strong>Defense</strong>s <strong>for</strong> critical services need to go beyond the bare minimum necessary to meet<br />

certifications or regulations and include protections that give hackers a hard time. Furthermore, the<br />

ongoing support of dedicated security researchers is necessary to adapt these defenses against new<br />

cyber threats.<br />

User-friendly tailored solutions<br />

<strong>Cyber</strong>security begins with education of the staff, but the busy day-to-day work of railway personnel rarely<br />

leaves space <strong>for</strong> that. Thus, all defensive solutions must be as failsafe and streamlined as possible to<br />

promote ease of use. Ideally railway subsystems need appliances that have the necessary protocol<br />

sensitivity to check network traffic <strong>for</strong> suspicious actions and deny unusual or unlikely behavior. Such<br />

appliances have the further benefit of significantly reducing the likelihood of human error.<br />

Each subsystem is dependent on solutions created to meet its specific needs. TXOne Networks suggests<br />

an OT zero trust approach to securing operational environments, which includes three phases:<br />

segmenting networks, scanning inbound and mobile assets with a portable rapid-scan device, and<br />

securing endpoints with defensive solutions tailored to the endpoint’s type (legacy or modernized).<br />

Stop intruders and isolate malware<br />

Traditional intrusion prevention systems (IPSes) were mere filtering systems, which are no longer<br />

adequate protection <strong>for</strong> critical infrastructure networks. Instead, modernized solutions like TXOne’s Edge<br />

series of next-generation IPSes and firewalls bring more sophisticated protection to assets at the station<br />

and wayside. Edge series defenses, based on the OT zero trust methodology, detect suspicious behavior<br />

1<br />

Vlad Gostomelsky, “Securing the Railroads from <strong>Cyber</strong>attacks”, Mass Transit Magazine, Dec 17 2019<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 81<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

on legitimate accounts or from legitimate devices, put a virtual patching “shield” around legacy assets<br />

that cannot be patched or replaced, and segment networks so that they’re much more defensible.<br />

The access points (APs) that a train uses <strong>for</strong> mesh or roaming are often running with limited or hardly<br />

any security, enabling intruders to potentially affect the signal control system. An EdgeIPS solution is<br />

perfect <strong>for</strong> deployment between the AP and its switch, preventing attackers from accessing or affecting<br />

the network.<br />

Safeguarding mobile and stand-alone assets<br />

One common way dangerous threats get into OT environments is devices brought on-site by vendors or<br />

maintenance experts. That is why, in addition to routine scans of deployed technology, security experts<br />

recommend using dedicated mobile security devices <strong>for</strong> pre-scans of new devices be<strong>for</strong>e they are<br />

deployed on the network. Such a device can be used to set up a checkpoint where all laptops and other<br />

devices brought on-site are scanned. This requires a solution with the ability to conduct quick scans<br />

without the need <strong>for</strong> software installations so that it can be used <strong>for</strong> checkpoint scans as well as <strong>for</strong><br />

sensitive equipment that cannot accept installations.<br />

How to protect fixed-use and legacy assets<br />

For fixed-use systems such as ticket vending machines and on-board computers, a trust list-based ICS<br />

endpoint protection application is the ideal solution. Even if malware finds its way into a company’s<br />

working hardware, it cannot be executed because of the trust list-based lockdown. For example,<br />

applications, configurations, data, and USB devices are all locked down with a trust list. It excludes all<br />

unlisted applications from running and unlisted users cannot make changes to data or configurations.<br />

Only administrator-approved USB devices can connect to the device, and only an administrator can grant<br />

a device one-time permission to connect.<br />

Conclusion<br />

In today’s world bad actors and criminal organizations prefer to conduct their attacks over the internet<br />

from the com<strong>for</strong>t of their computer chairs – which makes them even more dangerous. To secure daily<br />

operations and maintain passenger confidence, computation must be protected from disruption while<br />

maintaining maximum availability, with no aspect of the exchange using more time or resources than<br />

necessary. This is why specially designed cybersecurity appliances and software are so essential to the<br />

protection of railway subsystems.<br />

Additional in<strong>for</strong>mation can be found at www.txone-networks.com and https://www.txonenetworks.com/white-papers/content/securing-autonomous-mobile-robots<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 82<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Authors<br />

Michael Cheng is a director at TXOne Networks with 20 years of experience<br />

in global product management, software development, quality assurance,<br />

and cybersecurity <strong>for</strong> IT, OT, and ICS environments. He holds an ISA/IEC<br />

62443 <strong>Cyber</strong>security Expert certification.<br />

Michael Cheng can be reached online at michael_cheng@txonenetworks.com<br />

or at contact@txone-networks.com<br />

C. Max Farrell is a senior technical marketing specialist <strong>for</strong> TXOne<br />

Networks, where he has worked from a background in cybersecurity,<br />

technology, and business since 2019. He conducts research related to<br />

industry-critical technology, economy, and culture.<br />

C. Max Farrell can be reached online at max_farrell@txonenetworks.com<br />

or at contact@txone-networks.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 83<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Biggest <strong>Cyber</strong> Trend in <strong>2022</strong><br />

You Can’t Fix Stupid<br />

By Guy Rosefelt, CPO, Sang<strong>for</strong> Technologies<br />

Stop me if you have heard this one: a customer is working late at night, been a long day, and very tired.<br />

Customer needs to clear a few remaining emails including one from the CEO. Without thinking about it,<br />

customer opens the email from the CEO, barely skims it and opens the attached Word document. Just<br />

as the Word doc opens, customer realizes the email looks a bit odd and then it hits, it is a phishing email.<br />

Laptop infected.<br />

Sound familiar? That just happened to my customer yesterday. And he knows better but was tired and<br />

on autopilot. We spent an hour online trying to figure out how bad the infection was and if he should wipe<br />

out his system and reimage since he had just done a full backup the week be<strong>for</strong>e. We decided to err on<br />

the side of caution and wipe and restore.<br />

The moral of the story is anti-phishing will never be 100% successful. The best security products are only<br />

ninety-nine point something successful, but even at that rate with the number of emails received in an<br />

organization daily, a few are going to get through. And someone will click on one. My customer is normally<br />

very diligent, but he slipped. Worse, there are a few employees in every company that do not really check<br />

to see if emails are suspicious and will open them anyway.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 84<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Why am I rehashing this old trope? Because Barracuda Networks reported a 521% increase in phishing<br />

emails using COVID-19 Omicron variant to entice victims between October 2021 and January <strong>2022</strong>.<br />

People looking <strong>for</strong> home testing kits were prime targets and easy prey. Webroot reported a 440%<br />

increase in May 2021. And more will keep coming.<br />

“So, Guy,” you may ask, “how can you save us from phishing?” Well, I cannot, and no one else can<br />

either. What we need to do is bite the bullet and shift our strategy from trying to block everything to<br />

assuming we are already compromised, breached, hacked, etc. Once you start from that viewpoint, it<br />

does not matter that you cannot fix stupid, you just have to deal with the aftermath. Your focus is now on<br />

threat hunting, looking <strong>for</strong> signs of compromise. Do you have tools that can watch low and slow network<br />

behavior that are indications of stealth scanning? Can you identify regular bursty encrypted traffic being<br />

sent someplace out on the internet that might be data being exfiltrated? Can you track system resource<br />

utilization <strong>for</strong> signs of cryptomining or other malicious behavior?<br />

What makes looking <strong>for</strong> these kinds of behavior difficult is they are all AI-based. That’s right, attackers<br />

have learned to weaponize artificial intelligence (AI) into advanced persistent threats (APTs) and other<br />

malware payloads. The malicious software installed has become so much smarter than you think. It will<br />

look <strong>for</strong> specific targets, domains, even countries be<strong>for</strong>e it decides to activate. It can hide inside legitimate<br />

processes running in memory, evading security scans. In fact, it can disable security software running on<br />

systems without you knowing about it.<br />

There is a powerful batch script available now called Defeat-Defender that can shut down all Windows<br />

Defender processes silently. The best part is Defeat-Defender can masquerade as a legitimate process,<br />

evading the new Windows Tamper Protection functionality. All from opening an infected Word document.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 85<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

I see heads shaking in despair and a few of you getting ready to jump out of your office windows (you<br />

realize some of you work in the basement…). But there is a strategy that can help you through this dark<br />

and difficult time. You need to do 4 extremely simple and painless things:<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 86<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

1. Look <strong>for</strong> and minimize attack surfaces<br />

Conduct external and internal attack surface assessments to find ways <strong>for</strong> the attack malware to breach.<br />

Look <strong>for</strong> signs that those surfaces were exploited. Then work to close those holes.<br />

2. Deploy AI-based detection and response<br />

You need to use AI to combat AI, but not just any AI. Security tools that employ broad-based AI will not<br />

find the signs of stealthy activity or APTs. Purpose-built AI models designed to identify very specific<br />

behaviors are needed, such as looking <strong>for</strong> enormous amounts of abnormal DNS requests going to<br />

malicious domains or finding short periods of bursty HTTPs traffic during off hours; both are indications<br />

of data exfiltration.<br />

3. Improve security system synergy<br />

All security products have a sphere of influence covering their own security domain. But the domains do<br />

not overlap causing gaps that AI-enabled APTs can exploit. Having security products share data realtime<br />

and coordinate responses can close those gaps.<br />

4. Augment security operations and resources by using security services<br />

Face it, you do not have enough time, staff, or resources to go into threat hunting mode. And if you are<br />

breached and under attack, can you really do incident response (IR)? Even the security teams in the<br />

largest organizations are resource limited. Leverage your VAR or security vendor to provide resources<br />

to backfill your team, help conduct assessments and IR, and do managed detection and response. Think<br />

of it as a home security monitoring service available 24 hours a day; that is there when the breach occurs<br />

during off-hours.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 87<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

It isn’t possible to block everything 100% and combating stupid makes it even harder. Since you can’t fix<br />

stupid, these 4 things can minimize and contain the damage caused. More importantly, thinking like an<br />

attacker will help you find signs if you were attacked and close off any holes and vulnerabilities that<br />

attackers will use.<br />

About the Author<br />

Guy Rosefelt, Chief Product Officer, Sang<strong>for</strong> Technologies. Guy is<br />

Chief Product Officer <strong>for</strong> Sang<strong>for</strong> Technologies. He has over 20 years’<br />

experience (though some say it is one year’s experience twenty times)<br />

in application and network security, kicking it off with 10 years in the<br />

U.S. Air Force, reaching rank of captain. After his time in the USAF<br />

building the first fiber to the desktop LAN and other things you would<br />

find in Tom Clancy novels, Guy worked at NGAF, SIEM, WAF and<br />

CASB startups as well as big-name brands like Imperva and Citrix. He<br />

has spoken at numerous conferences around the world and in people's<br />

living rooms, written articles about the coming Internet Apocalypse, and<br />

even managed to occasionally lead teams that designed and built<br />

security stuff. Guy is thrilled to be in his current position at Sang<strong>for</strong> -- partly because he was promised<br />

there would always be Coke Zero in the breakroom. His favorite cake is German Chocolate.<br />

Guy can be reached online at guy.rosefelt@sang<strong>for</strong>.com or on Twitter at @otto38dd and at our company<br />

website https://www.sang<strong>for</strong>.com/en .<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 88<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

On The Frontline in The War Against Hackers<br />

By Damien Fortune, Chief Operations Officer of Secured Communications<br />

In the wake of a global shift toward remote work, crime is moving from physical space to cyberspace.<br />

Businesses are conducting more important and valuable business online than ever be<strong>for</strong>e, and<br />

accordingly, more valuable and sensitive in<strong>for</strong>mation is being transmitted across insecure networks. This<br />

has presented bad actors with the incentive and opportunity to increase their focus on cybercrime and<br />

given the ever-increasing sophistication of cyber threats and access to robust computing power,<br />

cybersecurity companies have been tasked with evolving to better combat these emerging threats.<br />

Over the last decade, data breaches have surged, exposing sensitive in<strong>for</strong>mation, and undermining<br />

customer confidence which is potentially devastating, especially <strong>for</strong> smaller businesses. Companies, now<br />

more than ever, need to know how to keep their data secure while maintaining a seamless and productive<br />

work environment. On the back of these trends, new protocols are emerging to provide additional layers<br />

of defense to corporate communications.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 89<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

One of the newest tools in the fight against cybercrime is Messaging Layer Security (MLS). This next<br />

generation end-to-end encryption (E2EE) security layer encrypts each individual message with a<br />

changing encryption key, allowing <strong>for</strong> Perfect Forward Secrecy (PFS) and Post-Compromise Security,<br />

meaning that if a message were ever intercepted and compromised, that message’s content would be<br />

the only thing exposed, as opposed to jeopardizing entire message chains or providing in<strong>for</strong>mation that<br />

would enable further surveillance through man-in-the-middle attacks. Most communications plat<strong>for</strong>ms on<br />

the market today use older technology of transport layer security (TLS) technology, which does not<br />

provide similar layers of protection, and which is vulnerable to attacks from a variety of vectors.<br />

Alongside digital protection of content itself, tools to protect users are also advancing. Multi-<br />

Factor Authentication (MFA), which requires users to present multiple <strong>for</strong>ms of proof of identity<br />

to access in<strong>for</strong>mation, has become more prevalent. Traditionally, MFA asks <strong>for</strong> either something the<br />

user knows (such as a password); something they have (such as their device); and as the most secure<br />

option – who they are (biometrics using Touch ID or Face ID).<br />

Increasing technical sophistication and access to more computing power by those that choose to hack<br />

into business systems has made the migration to more-sophisticated tools inevitable. With modern<br />

workflows continuing to shift from outdated email systems in favor of messaging and collaboration-centric<br />

tools, we would expect MLS, MFA, and other tools to come to the <strong>for</strong>efront of cybersecurity suites in the<br />

near term.<br />

About the Author<br />

Damien Fortune is the Chief Operations Officer of Secured<br />

Communications, the leading global technology company specializing in<br />

ultra-secure, enterprise communications solutions that are trusted by<br />

businesses, public safety and counter terrorism professionals worldwide.<br />

His career began on Wall Street where he worked as a sell-side analyst<br />

covering energy and industrial equities. From there he transitioned into<br />

private equity as a portfolio manager and eventually into a role as<br />

CFO/COO of a portfolio company.<br />

Damien can be reached online at support@securedcommunications.com<br />

and at our company website http://www.securedcommunications.com.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 90<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

How to Fix Mid-Market Security Using Intelligent<br />

Automation and AI<br />

By Guy Moskowitz, CEO, Coro<br />

Market <strong>for</strong>ces are working against medium-sized businesses, leaving companies that don’t have large,<br />

dedicated security teams and fat cyber security budgets exposed to cyber threats. When combined with<br />

the global pandemic and the fact that cyber criminals have expanded into mid-market targets, mediumsized<br />

companies face greater risk than ever, and it’s time IT leaders and the industry step up to take care<br />

of this gap.<br />

Three factors have arisen that have had dire consequences <strong>for</strong> medium-sized businesses:<br />

1. The cyber security industry has neglected the mid-market in its pursuit of enterprise-grade<br />

security solutions with proportional enterprise price tags.<br />

2. The global pandemic accelerated the trend toward remote work and adoption of cloud plat<strong>for</strong>ms,<br />

leaving many companies with much larger attack surfaces, and an out-of-date cybersecurity<br />

architecture.<br />

3. Due to commoditization of cyber attacks, cyber criminals turned their eyes toward the mid-market,<br />

which has proven to be less sophisticated and less funded in terms of cyber security.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 91<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

The <strong>Cyber</strong> Security Market Has Failed Medium-Sized Businesses<br />

The cyber security market has bifurcated into large, enterprise solutions and niche point solutions. Midmarket<br />

companies are stuck in an inhospitable middle, where they don’t have the budget and resources<br />

to purchase large enterprise solutions, but also have too much complexity and attack surface <strong>for</strong> point<br />

solutions to be effective in providing security.<br />

The high cost of implementing and operating security solutions severely impedes their adoption by midmarket<br />

companies. Companies with 1,500 and fewer employees often have limited cyber security<br />

budgets and very few dedicated security professionals – if they have any specialists at all. Hundreds of<br />

employees and thousands of endpoints create an attack surface that stretches IT teams to their limits.<br />

Mid-market companies are there<strong>for</strong>e <strong>for</strong>ced to make bets on the most probable attack vectors to defend<br />

against, leaving the rest of the attack surface exposed.<br />

The Pandemic-Driven Shift Toward Remote Work Caught IT Departments Flat Footed<br />

Nobody was ready <strong>for</strong> large-scale remote work in 2020. Teams were not culturally prepared to conduct<br />

business online, office software wasn’t designed <strong>for</strong> remote work as its primary use case, and IT<br />

departments had mostly focused on on-site and VPN-style security. The shift to predominantly remote<br />

work in 2020 and 2021 disrupted every aspect of business and created huge opportunities <strong>for</strong> attackers<br />

seeking to exploit the relative naivete of the new cloud working environment.<br />

In Coro’s recent report analyzing mid-market cyber security, we found that while 50% of medium-sized<br />

companies had email malware protection in place in 2021, 88% of them had misconfigured their<br />

protection settings. Meanwhile, only 16% of mid-sized companies had email phishing protection in place,<br />

and 71% of them had misconfigured settings. Other attack vectors fared similarly or worse. This means<br />

many of the technologies deployed by IT teams, and especially the new ones deployed since the<br />

beginning of the pandemic to enable remote work, offer little actual protection against emerging classes<br />

of cyber threats.<br />

<strong>Cyber</strong> Criminals Are Turning Downstream <strong>for</strong> Easier Pickings<br />

A big score against a large enterprise is exciting <strong>for</strong> a cyber criminal, but so is the prospect of several<br />

smaller, easier scores. We observed this in practice in 2021 as attacks on medium-sized companies<br />

increased both in volume and in sophistication.<br />

Specifically, we saw that attacks on mid-market companies increased by 150% in the past two years.<br />

Moreover, these attacks are not just generic (AKA naive) attacks, but are increasingly tailored attacks <strong>for</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 92<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

the particular victims being targeted by the hackers. Customized attacks against mid-market companies<br />

have expanded 4x in 2021. Insider threats, whether accidental or malicious, have also doubled in 2021,<br />

showing the greater role employees have played in cyber vulnerabilities during the pandemic.<br />

Closing the Mid-Market <strong>Cyber</strong> Security Gap with Intelligent Automation and AI<br />

Mid-market spending on cyber security was up in 2021 as companies began to feel the heat from cyber<br />

criminals testing their defenses. But most of the industry’s comprehensive cyber security solutions are<br />

aimed at large enterprise customers – and mid-market companies need options beyond stitching together<br />

piecemeal point solutions.<br />

The three challenges to mid-market cyber security remain: overly expensive and complicated solutions,<br />

greatly expanded attack surface driven by remote work, and increased attacks by hackers seeking to<br />

exploit the mid-market. To overcome these challenges, companies need af<strong>for</strong>dable solutions that<br />

augment existing IT with built-in intelligence and non-disruptive security workflows. This is where<br />

automation and AI come in.<br />

As I said earlier, 88% of email malware solutions are misconfigured – and that doesn’t even account <strong>for</strong><br />

cloud malware, Wi-Fi phishing, and a huge range of emerging attack vectors <strong>for</strong> which most mid-sized<br />

companies have no protections in place. Why should such misconfigurations and omissions leave a<br />

company exposed to cyber threats, especially when a single breach could paralyze a business or cause<br />

enough damage to close its doors <strong>for</strong>ever? Where possible, the responsibility <strong>for</strong> effective cyber defense<br />

needs to be shifted off the shoulders of overstretched IT teams and onto machines. AI must be deployed<br />

to enable small teams with limited resources to effectively manage large and complex situations. Small<br />

companies must seek solutions that simplify the security experience: comprehensive, all-in-one solutions<br />

that are easy to deploy and easy to operate by way of intuitive UX design and AI automation.<br />

The truth is, most small and mid-sized companies don’t need dozens of security professionals to manage<br />

straight<strong>for</strong>ward and common security tasks. Look <strong>for</strong> security solutions that instead make use of<br />

intelligent automation to reduce the load on IT and security teams. Intelligent automation can<br />

automatically block malware threats, prevent accidental or malicious data leakage, lock down rogue<br />

accounts, and prevent the majority of incoming attack attempts, all without human intervention. For the<br />

small percentage of issues that AI and intelligent automation can’t resolve, a concise and clear notification<br />

can be sent to administrators that can be resolved quickly and easily.<br />

Even in this rapidly evolving cyber climate, the cost and complexity of security can be managed, and<br />

escalating cyber threats can be controlled. Comprehensive cyber security can and should be fully<br />

accessible to mid-sized companies. It’s time <strong>for</strong> mid-market IT leaders reconsider the standard point<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 93<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

solutions and seek comprehensive, AI-enabled software with built-in intelligence, designed specifically<br />

<strong>for</strong> their needs: elegant, non-disruptive security within a single, efficient plat<strong>for</strong>m.<br />

About the Author<br />

Guy Moskowitz is the CEO of Coro, one of the fastest growing<br />

security solutions <strong>for</strong> the mid-market, providing all-in-one protection<br />

that empowers organizations to defend against malware,<br />

ransomware, phishing, and bots across devices, users, and cloud<br />

applications. Guy can be reached online at (LinkedIn and Twitter) and<br />

at our company website https://www.coro.net/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 94<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

5 Ways <strong>Cyber</strong>security Will Change In <strong>2022</strong><br />

By Jaime Coreano, Vice President of Sales – Flexxon<br />

The annual cost of cybercrime is set to hit $10.5 trillion by 2025. The losses caused by theft, fraud and<br />

embezzlement are compounded by the disruption that follows. Forensic investigations, restoration and<br />

deletion of hacked data and systems, lost productivity and, inevitably, reputational harm all add to the<br />

bill.<br />

Of course, cybercrime is a shape-shifting enemy that quickly adapts to its surroundings. As more of our<br />

national, corporate and personal business goes digital, new threats emerge and priorities shift.<br />

Fore-warned is <strong>for</strong>e-armed, however! So, to ensure we have the right cybersecurity technologies in place<br />

and carry out meaningful techstack reviews, here are the top five cybersecurity trends that X-PHY has<br />

identified <strong>for</strong> <strong>2022</strong>.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 95<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

#1: Firmware level attacks will increase<br />

The much-cited Security Signals Report published by Microsoft in <strong>March</strong> 2021 noted that at least 80<br />

percent of enterprises in major economies had suffered at least one attempted firmware attack in the<br />

previous two years.<br />

Firmware attacks are daunting precisely because firmware sits ‘below’ the operating system, where the<br />

most common and familiar tools <strong>for</strong> detecting and quarantining malware cannot see them. But until now,<br />

firmware threats have not been treated seriously enough by enterprise security teams. As the Security<br />

Signals Report tells us, only 29 percent of security budgets were allocated to protect firmware.<br />

That has to change.<br />

There are many ways that firmware attacks can be launched against network devices and cause untold<br />

amounts of damage. Equally, there are plenty of basic housekeeping and security steps that can<br />

eliminate a number of potential vulnerabilities. AI-enabled security at the firmware level <strong>for</strong> example,<br />

allows real-time data protection against all sorts of software-based malware, ransomware, and viruses<br />

without human intervention.<br />

#2: More firms will be subject to an inside job<br />

The measures security professionals take to narrow the attack surface are based on the simple idea that<br />

the threat is ‘out there.’ But this focus on preventing and detecting external attacks can create a significant<br />

blind spot: the threat from inside.<br />

Whether from malicious intent or clumsy accident, trusted employees and partners can cause more<br />

damage than ever be<strong>for</strong>e. New ways of working and greater digital engagement change the nature of the<br />

company network and its assets. According to Ponemon Institute’s <strong>2022</strong> Cost of Insider Threats: Global<br />

Report the incident rate is up by 44 percent in the past two years, with costs per incident now at $15.38<br />

million. There is little sign that this is slowing down.<br />

In this environment, the zero-trust model – which leaves no room <strong>for</strong> protocol, courtesy or respect <strong>for</strong><br />

seniority – treats every insider with suspicion. That means proper, multi-factor authentication <strong>for</strong> every<br />

access to every system or service, plus monitoring, logging and effective pattern detection to detect any<br />

anomalous insider behavior. It may be an uncom<strong>for</strong>table idea <strong>for</strong> many, but it is a necessary one.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 96<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

#3: Supply chains will be the big ransomware target<br />

In July 2021, a medical management services provider in New York experienced a ransomware attack<br />

that affected more than 1.2 million individuals – one of the largest breaches of health data reported to the<br />

federal regulators in 2021.<br />

We are all familiar with the threat of ransomware. What is changing is the number of cyberattacks – like<br />

this one – that target trusted third-party vendors who offer services or software that are vital to the supply<br />

chain, but which attack agents regard as softer targets.<br />

IT decision-makers believe that these kinds of supply chain attacks are to become one of the biggest<br />

threats to their organizations in the coming year. But most have not vetted either their current or<br />

prospective suppliers in the past 12 months.<br />

To stay ahead of it, now is the time <strong>for</strong> organisations to put a response strategy into place. Until they do,<br />

this will remain an attractive target.<br />

#4: Increased risk <strong>for</strong> SMBs<br />

The world has changed but the age-old mantra still applies: attack agents will always go <strong>for</strong> the easiest<br />

target. That is what is driving the growth in supply chain attacks – and is also behind the increasing<br />

frequency of attacks on SMBs.<br />

In its 2020 Internet Crime Report, the FBI recorded 791,790 complaints of suspected internet crime<br />

among small businesses (300,000 more than in 2019), and total losses of more than $4.2 billion.<br />

SMBs may not have the resources or expertise to protect themselves adequately, but they still have<br />

valuable in<strong>for</strong>mation residing within their systems. That’s why they are subject to growing numbers of<br />

targeted and complex attacks.<br />

In addition, the recent mass shift toward remote and hybrid working practices has seen people’s private<br />

and professional lives becoming intertwined, often resulting in a less than diligent approach to<br />

cybersecurity. With that, SMBs have experienced a jump in cyberattacks as a result of human error. In<br />

fact, human error is responsible <strong>for</strong> a staggering 95 percent of data breaches, an issue that has only<br />

been heightened by the effects of the pandemic.<br />

As such, it has become clear that just like everyone else, SMBs need robust cybersecurity that includes<br />

all layers, from software to the physical and everything in between.<br />

Enter, AI-infused cybersecurity solutions. AI has the power to reduce human intervention, allowing data<br />

to be secured without the need <strong>for</strong> extensive knowledge or training.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 97<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

#5: Vulnerabilities in critical Infrastructure will be recognized<br />

At the other end of the scale is critical national infrastructure, which is increasingly digitalized but reliant<br />

on security measures <strong>for</strong> control systems that were developed be<strong>for</strong>e data, sensors, and networking were<br />

embedded in core control systems.<br />

Critical infrastructure is no more immune to the natural laws of cybersecurity than any other sector of the<br />

economy: surges in technological development create the perfect environment <strong>for</strong> cyber crime to flourish,<br />

and the targets with the highest value but weakest security will be top of the list.<br />

An attack on just the building management system of just one New York City office block via a connected<br />

vending machine caused damage estimated at $350m. The economic impact of a severe cyber-attack<br />

on the US power-grid could be at least $240bn.<br />

But the motive to hit critical infrastructure isn’t just financial. It can be political too. Hacktivists, terrorists<br />

and <strong>for</strong>eign agents see energy grids, health systems, and transport logistics, as useful bargaining tools.<br />

Intelligent, bullet-proof solutions are needed, ideally a zero-trust architecture with AI-embedded cybersecure<br />

SSD as the last line of defense.<br />

This is X-PHY’s final, unofficial, prediction <strong>for</strong> <strong>2022</strong>. Offense is getting smarter. So will the defense. This<br />

is the year that zero-trust architecture becomes the lens through which all cybersecurity solutions are<br />

viewed.<br />

About the Author<br />

Jaime Coreano is Vice President of Sales at Flexxon. As a Sales<br />

and Business Development executive with 25 years of experience<br />

in semiconductors, electronic components and cybersecurity, his<br />

vision and strategy have greatly impacted the success of his clients<br />

in the Americas. Most recently, he has been involved in emerging<br />

<strong>Cyber</strong> Security solutions based on hardware level AI based<br />

protection against ransomware, data cloning and physical attacks.<br />

our company website https://www.flexxon.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 98<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Executive Order Instructs Certain Organizations to<br />

Improve Their <strong>Cyber</strong>security Stance<br />

Financial Institutions Should Boost Their Ef<strong>for</strong>ts to Thwart <strong>Cyber</strong>attacks<br />

By Bob Thibodeaux, Chief In<strong>for</strong>mation Security Officer, <strong>Defense</strong>Storm<br />

Consumer data is one of the most valuable assets <strong>for</strong> organizations around the world. In fact, it’s been<br />

said that consumer data is as good as gold.<br />

And like gold, data is a commodity. However, companies profiting by accessing and storing this data<br />

have the responsibility to keep it safe. Protecting data has even become a consumer expectation thanks<br />

to breaches such as Equifax in 2017 (which recently finalized a settlement of up to $425 million) and<br />

LinkedIn and Facebook just last year.<br />

Today, however, companies don’t just put consumer interest on the line when building their cybersecurity.<br />

They can now face new, severe legal action.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 99<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Implementing legislation in hopes to minimize damage<br />

The Biden administration recently issued Binding Operational Directive 22-01, requiring most federal<br />

agencies to patch hundreds of cybersecurity vulnerabilities considered major risks <strong>for</strong> damaging<br />

intrusions including data breaches or compromise of government computer systems.<br />

Specifically, “Organizations of all sizes, including the federal government, must protect against malicious<br />

cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives,”<br />

DHS Secretary Alejandro Mayorkas said in a statement alongside the directive. The new order “requires<br />

federal civilian departments and agencies to protect against critical known vulnerabilities, which will<br />

reduce the risk of malicious intrusion and increase our collective cybersecurity.”<br />

What this boils down to is federal institutions, banks, credit unions and fintechs nationwide must find ways<br />

to comply with these new cybersecurity standards and mandates. But how? What if you are already<br />

behind the 8 ball? What can be done not only to improve but catch up?<br />

Meeting challenge with opportunity<br />

While the new government mandate might seem an insurmountable challenge to all but the big<br />

corporations, it isn’t. Rather, it’s an opportunity to shore up security and thwart cyberattacks and data<br />

breaches.<br />

Financial institutions everywhere already abide by considerable cybersecurity, privacy and in<strong>for</strong>mation<br />

security requirements. Further, many have adopted the National Institute of Standards and Technology’s<br />

(NIST) <strong>Cyber</strong>security Framework as their main cyber risk management tool. But financial institutions that<br />

haven’t met those standards could take the order as an impetus to do so and improve their cybersecurity<br />

posture and make improvements in the maturity of their risk management program.<br />

Perhaps, too, federal institutions will view the order as a reason to enact zero-trust policies, procedures,<br />

and relevant technologies. The order mandates executive branch agencies to create zero-trust<br />

environments.<br />

Putting cybersecurity best practices in place<br />

Whether a bank, credit union or fintech adopts a zero-trust model or not, it’s wise to consider these best<br />

practices to increase cybersecurity:<br />

• Proactively monitor total cyber exposure. Consider partnering with a built-<strong>for</strong>-banking<br />

company that provides 24/7, real-time cybersecurity and cyber compliance and sends alerts of<br />

any anomalies.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 100<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

• Stay ahead of fraud. Fraud costs U.S. financial institutions $35 billion a year. Choose a<br />

cybersecurity provider that can integrate In<strong>for</strong>mation Security and the Bank Secrecy Act (BSA) –<br />

also known as the Anti-Money Laundering (AML) law and Fraud departments in a unified plat<strong>for</strong>m<br />

to prevent losses and protect account holders from the growing threat of fraud.<br />

• Extend internal cyber teams and expertise with highly skilled and trained security experts.<br />

Not every financial institution has the resources to adequately monitor and protect their networks,<br />

particularly outside of “banking hours.” As such, many partner with a certified cybersecurity<br />

provider that monitors and investigates alerts and provides around-the-clock protection that aligns<br />

with a company’s specific escalation process. By being that “extra set of eyes,” financial<br />

institutions can focus on their core business.<br />

• Keep up to date with compliance. Choosing a cybersecurity provider that also provides cyber<br />

compliance makes it simple and seamless <strong>for</strong> financial institutions to stay up to date, even though<br />

regulatory requirements seem to be always changing. The right provider allows financial<br />

institutions to leverage an always-on policy and control engine to make sure when compliance<br />

requirements change, organizations can comply.<br />

• Provide ongoing cybersecurity education. An organization is only as secure as its weakest<br />

link. There<strong>for</strong>e, employee education should be a top priority. Employees should understand how<br />

to do things like choose passwords wisely and know how to detect phishing attacks – and what<br />

to do when a questionable email comes their way.<br />

Leveraging a trusted cybersecurity partner<br />

The current administration has prioritized cybersecurity as a national security threat. The mandate aside,<br />

cybersecurity should be a priority <strong>for</strong> everyone and every business.<br />

Financial organizations failing to address cybersecurity could face major damage that includes monetary<br />

loss, legal consequences, and reputational damage – leading to a loss of customers.<br />

Keep in mind, financial institutions face more than 70 million cyber events a day. And most small- to midsized<br />

financial institutions simply don’t have the staff to manage the volume of incidents that can be<br />

generated by these events, particularly those occurring after hours.<br />

An experienced cybersecurity provider can help ensure financial institutions are threat-ready and secure.<br />

The right one can consolidate data from all sources and without volume limits – providing real-time<br />

visibility into the entire network. It can eliminate false positives and prioritize events so you can address<br />

the threats that matter the most.<br />

Because here’s the thing: There are two types of organizations – those that have suffered a data breach<br />

and those that will.<br />

And like the price of gold that keeps rising, so, too will the cost of falling prey to a cyber breach.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 101<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Bob Thibodeaux, Chief In<strong>for</strong>mation Security Officer at<br />

<strong>Defense</strong>Storm, has more than 20 years of experience as a senior<br />

security expert and highly accomplished IT executive and<br />

engineer. Through leadership positions managing IT departments<br />

and programs, technology operations and data center operations,<br />

Bob has driven innovative process improvements, disaster<br />

recovery programs, in<strong>for</strong>mation security strategies, and audit and<br />

compliance improvements. He has been responsible <strong>for</strong> incident<br />

response, risk management and penetration testing <strong>for</strong><br />

community-focused banks, credit unions and high-tech companies<br />

across the United States. Bob is a Certified In<strong>for</strong>mation Systems<br />

Security Professional, Digital Forensics Examiner and GIAC<br />

Penetration Tester. Bob holds a degree in Business and<br />

Management from the University of Maryland and is a retired<br />

USAF Senior Master Sergeant. Bob can be reached online at our<br />

company website https://www.defensestorm.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 102<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Too Hot to Handle:The case <strong>for</strong> Zero Trust and SASE<br />

By Jonathan Lee, Senior Product Manager, Menlo Security<br />

In security today we often see the continued reliance on legacy systems and solutions.<br />

As cybercriminals have evolved their methods, the security adopted by firms has been unable to keep<br />

up with a mindset that is focused on detection and response – and criminals know this.<br />

The recent shift of data, users and applications to the cloud has made the browser the primary place of<br />

work. Yet when it comes to the cloud, those same on-prem security measures that are still heavily relied<br />

upon today are no longer adequate.<br />

To capitalise on this new landscape, threat actors are targeting web browsers with a category of threats,<br />

termed Highly Evasive Adaptive Threats (HEAT) that bypass traditional security defences.<br />

HEAT attacks make web browsers the primary attack vector, deploying various methods to evade<br />

multiple layers of detection in legacy security stacks. This allows them to bypass traditional web security<br />

protection and leverage the standard capabilities of modern web browsers to deliver malware or<br />

compromise credentials.<br />

In its analysis of almost 500,000 malicious domains, Menlo Security Labs discovered that 69% of these<br />

websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 103<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

content to the endpoint by adapting to the targeted environment. Since July of last year, our research<br />

team has seen a 224% increase in HEAT attacks.<br />

Given that many of us now spend around three-quarters of our day using a web browser, it’s an obvious<br />

target.<br />

HEAT attacks leverage one or more of the following core techniques that bypass legacy network security<br />

defences:<br />

1. Evades both static and dynamic content inspection: HEAT attacks evade both signature and<br />

behavioural analysis engines to deliver malicious payloads to the victim using innovative techniques,<br />

such as HTML Smuggling. This technique was used by Nobelium the hacking group behind the<br />

SolarWinds ransomware attack. In a recent case, dubbed ISOMorph, the campaign used the popular<br />

Discord messaging app to host malicious payloads. Menlo Labs identified over 27,000 malware attacks,<br />

which were delivered using HTML Smuggling within the last 90 days.<br />

2. Evades malicious link analysis: These threats evade malicious link analysis engines traditionally<br />

implemented in the email path where links can be analysed be<strong>for</strong>e arriving at the user.<br />

3. Evades offline categorisation and threat detection: HEAT attacks evade web categorisation by<br />

delivering malware from benign websites, either by compromising them, or patiently creating new ones.<br />

Referred to as Good2Bad websites. Menlo Labs has been tracking an active threat campaign dubbed<br />

SolarMarker, which employs SEO poisoning. The campaign started by compromising a large set of low<br />

popularity websites that had been categorised as benign, infecting these websites with malicious content.<br />

Good2Bad websites have increased 137% year-over-year from 2020 to 2021.<br />

4. Evades HTTP Traffic Inspection: In a HEAT attack, malicious content such as browser exploits,<br />

crypto-mining code, phishing kit code and images impersonating known brands’ logos is generated by<br />

JavaScript in the browser by its rendering engine, making any detection technique useless. The top three<br />

brands impersonated in phishing attacks are Microsoft, PayPal, and Amazon. A new phishing website<br />

imitating one of these brands is created every 1.7 minutes.<br />

The case <strong>for</strong> Zero Trust and SASE<br />

Be it file inspections per<strong>for</strong>med by SWG anti-virus engines and sandboxes, network and HTTP-level<br />

inspections, malicious link analysis, offline domain analysis, or indicator of compromise (IOC) feeds,<br />

many legacy defences are rendered near useless when confronted with these evasive techniques.<br />

A significant part of the challenge lies in the fact that HEAT characteristics equally have genuine uses.<br />

There<strong>for</strong>e, they cannot simply be blocked at the function level. Rather, they need to be prevented.<br />

To achieve this, a shift in mindset and an updated security posture is required. Trying to overcome the<br />

challenges of web security with endpoint security creates a square peg in a round hole scenario – it<br />

simply does not guarantee protection.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 104<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Critically, endpoint security only detects a threat once it is written to the file system, at which point a<br />

network will likely have been compromised already. Further, it is not able to protect unmanaged devices,<br />

while also harbouring a high chance of inundating the security operations centre (SOC) with too many<br />

alerts.<br />

In dealing with HEAT, prevention is the best policy. Not only can it help to alleviate pressures on<br />

endpoints, but it can also make the already challenging lives of SOC teams much easier, creating a more<br />

sustainable environment of investigation, escalation and resolution.<br />

This shift begins with a thorough review of existing security policies. Those that still remain built around<br />

a central policy pillar of detection and response need to be adapted and enhanced so they are fit <strong>for</strong><br />

purpose in the modern work environment.<br />

A Zero Trust approach, backed by the Secure Access Service Edge (SASE) framework, which<br />

feature key security technology components will cater to today’s remote and hybrid work<strong>for</strong>ces. SASE<br />

ensures security is built around users, core applications and company data at the edge by converging<br />

connectivity and security stacks. No longer are security stacks on the outside looking in; they are<br />

integrated within the cloud.<br />

In the face of HEAT, organisations should focus on three key tenets to limit their susceptibility to these<br />

types of attacks: shifting from a detection to a prevention mindset, stopping threats be<strong>for</strong>e they hit the<br />

endpoint, and incorporating advanced anti-phishing and isolation capabilities.<br />

For more in<strong>for</strong>mation on HEAT: Too Hot to Handle.<br />

About the Author<br />

Jonathan Lee, Senior Product Manager, Menlo Security.<br />

Jonathan Lee serves as a trusted advisor to enterprise customers,<br />

and works closely with analysts and industry experts to identify<br />

market needs and requirements, and establish Menlo Security as<br />

a thought leader in the Secure Web Gateway (SWG) and Secure<br />

Access Service Edge (SASE) space. Jonathan previously worked<br />

<strong>for</strong> ProofPoint and Websense. As an industry expert, commentator<br />

and speaker, Jonathan is well versed in data protection, threat<br />

analysis, networking, Internet isolation technologies, and clouddelivered<br />

security.<br />

Jonathan can be reached online at @Menlosecurity and at our<br />

company website: https://www.menlosecurity.com/<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 105<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Lessons Learned: In the Principle Of “Least Privilege,”<br />

Where Do Companies Fall Short?<br />

By Raj Dodhiawala, President, Remediant<br />

Lateral movement using compromised admin credentials is integral to almost all ransomware<br />

and malware attacks today. Specifically exploiting privilege sprawl—or the always-on, alwaysavailable<br />

administrative access to servers, workstations, and laptops—has become a lucrative<br />

opportunity <strong>for</strong> cyber attackers, allowing them to significantly increase their rate of success with<br />

stolen credentials and elevated privileges and, due to implicit trust between systems, the ease<br />

of damaging lateral movement. According to Verizon’s 2021 DBIR report, 74% of cyber-attacks<br />

are caused by privilege misuse or compromise, and <strong>for</strong> every cybersecurity team, that<br />

administrative access sprawl and high risk of lateral movement pose as serious, everyday<br />

threats to their resilience to cyberattacks.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 106<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

To prevent lateral movement attacks resulting from stolen and misused privilege access,<br />

in<strong>for</strong>mation security teams are increasingly embracing the Principle of Least Privilege (PoLP),<br />

which NIST defines as “the principle that users and programs should only have the necessary<br />

privileges to complete their tasks.” It states that <strong>for</strong> any user or program that needs elevated<br />

privileges to complete its task or function, IT teams must enable the least amount of privilege,<br />

no more and no less, to get the job done. This directly emphasizes authorization -- meaning that<br />

escalated user privileges must only be allowed to match the computing goals of the task at hand.<br />

While the benefits of PoLP are obvious, there are several challenges that can often get in the<br />

way of achieving them – whether due to the complexity of implementation or the inability to adapt<br />

ingrained processes. For example, unlike Linux’s sudoers subsystem, Windows systems do not<br />

provide granular controls <strong>for</strong> the tasks an administrative user can or cannot per<strong>for</strong>m. Group<br />

Policies also only go so far, especially since interactions between multiple policies may negate<br />

affects to achieve granular control. It’s actually quite common <strong>for</strong> an enterprise’s Active Directory<br />

to have Nested Groups, Domain Admins and Backup Admins, and all other privilege groups<br />

containing broad, obfuscated and over-permissioned configurations that either contradict or<br />

cancel out any least privileged controls in place.<br />

One of the biggest issues with PoLP is that time is not explicitly called out as a privilege, and<br />

thus is simply not considered at all when conferring least privileges. Let’s go back to the alwayson,<br />

always-available administrative access, but now, the access is constrained to the least<br />

computing privileges required <strong>for</strong> the task at hand. The fact that all systems have standing<br />

privileges defeats the goal of granular control, because an administrator on one system labeled<br />

trustworthy can, per convenience or with malintent, administer all other systems they have<br />

standing privileges on, effectively making the principle of least privilege null and void.<br />

The first step in addressing time is through what Gartner calls Zero Standing Privilege (ZSP), or<br />

the removal of all standing privileges and the implementation of Just-In-Time administration<br />

(JITA). First, ZSP removes the privilege sprawl. Then, JITA, bolstered by multi-factor<br />

authentication (MFA), selectively elevates privileges to the specific system that requires<br />

attention, exactly when the administration is needed, and <strong>for</strong> just the right amount of time<br />

necessary to complete the task. If cyber thieves (or insiders) were to get a foothold on a system,<br />

the window of opportunity to steal admin credentials would be significantly narrowed, and most<br />

importantly, they wouldn’t find a plethora of administrative access available to exploit and use to<br />

move laterally within the organization.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 107<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

By combing the Principle of Least Privilege with Zero Standing Privilege and Just-In-Time<br />

administration, companies ensure:<br />

• Measurable reduction of attack surfaces by reducing privilege sprawl, making it less likely,<br />

if not impossible, to hack additional privileged credentials<br />

• The prevention of lateral movement, due to the absence of persistent admin accounts on<br />

other systems; if a privilege credential attack does occur, it is contained to a single system<br />

• Further reduction of risk by using MFA and on-demand, real-time provisioning and<br />

deprovisioning of access as and when required <strong>for</strong> the task at hand<br />

• Protection from insider threats by reducing the likelihood and impact of employee<br />

negligence or intended error by leveraging unnecessary access<br />

• More effective incident response actions by removing admin accounts during an event,<br />

stopping any ongoing incident from installing malware on other systems or proliferating<br />

on the network<br />

• Collectively, these benefits enable governance of privilege and increase maturation<br />

toward Zero Trust<br />

While the Principle of Least Privilege is an important starting point <strong>for</strong> organizations, it remains<br />

incomplete or is weakened by ignoring the element of time. The practice of Zero Standing<br />

Privilege and Just-In-Time administration adds the time-based protective layer companies need<br />

at entry points and to prevent lateral movement malicious actors use to readily attack and breach<br />

their systems today.<br />

About the Author<br />

Raj Dodhiawala, President, Remediant, Inc. Raj Dodhiawala<br />

has over 30 years of experience in enterprise software and<br />

cybersecurity, primarily focused on bringing disruptive<br />

enterprise products to new markets. Currently serving as<br />

President of Remediant, he is bringing focus, agility and<br />

collaboration across sales, marketing, finance and operations<br />

and leading the company through its next phase of growth.<br />

Raj Dodhiawala can be reached online (LinkedIn,) and at our<br />

company website, https://www.remediant.com<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 108<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Redefining Resilience in The New World of Work<br />

By Andrew Lawton, CEO of Reskube Ltd<br />

We are entering a new world of work. The Covid-19 pandemic has accelerated the move towards hybrid<br />

and remote working which was already gaining momentum be<strong>for</strong>e the world went into lockdown. From<br />

one-man-bands to international institutions, workplace and home boundaries have begun to disintegrate.<br />

From Wall Street to Hong Kong to the City of London, traders are now investing millions of dollars and<br />

making complex financial decisions from their homes. Equally, lawyers, journalists, broadcasters, and<br />

work<strong>for</strong>ces across pretty much every sector have had to adjust to <strong>for</strong>ced changes in the way they work,<br />

and are now doing critical work remotely.<br />

Even though pandemic restrictions worldwide are easing, home working – either as part of a fully remote<br />

or hybrid model – is here to stay. But while the likes of monitors, keyboards, stable internet and power<br />

connection, and IT infrastructures were all material mainstays in an office environment, recreating this in<br />

our own homes is less straight<strong>for</strong>ward. This represents a risk to business everywhere.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 109<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

New risks<br />

The scale of this problem is eye-opening. Research by Reskube has found that 64% of people in the UK<br />

who have worked from home in the last year have suffered from an internet or power outage in that time.<br />

That equates to an estimated 12 million people. Of that, we are finding that 5% of home workers in the<br />

UK are doing time critical or high value work. That equates to roughly 470 million hours a year where any<br />

sort of outage would have a severe impact.<br />

The vast majority of home workers do not currently have a setup that is comparable to their office<br />

environment. This exposes them to potential security risks as they seek other <strong>for</strong>ms of connection to<br />

continue working during an outage. This may include connecting to unstable and unvalidated Wi-Fi<br />

sources.<br />

Consider a critical worker who is working from home. Imagine that their Wi-Fi connection goes down and<br />

they are either unable to per<strong>for</strong>m their job, or <strong>for</strong>ced to rely on an unsecure connection to continue. This<br />

could not only have severe knock-on effects <strong>for</strong> their productivity, but also representing operational,<br />

financial, and potentially regulatory risks to the business if security is compromised.<br />

For IT teams, managing disparate hybrid work<strong>for</strong>ces is proving enough of a challenge as is. These issues<br />

on top are a further headache they could do without.<br />

What needs to be done?<br />

Working from home is here to stay, meaning that businesses face growing risks to their operations as<br />

power and network outages threaten critical and day-to-day work.<br />

Up until now, ensuring security and resilience <strong>for</strong> remote workers has tended to be an afterthought, or<br />

something that only comes to attention following an outage or security breach. This need not and should<br />

not be the case.<br />

A home resilience solution is essential <strong>for</strong> businesses where workers are undertaking time and mission<br />

critical work at home, as well as those who rely on a seamless connection <strong>for</strong> productivity and IT security.<br />

Alongside laptop, phone and broadband, now is the time <strong>for</strong> businesses to look at implementing new<br />

measures to guarantee connectivity <strong>for</strong> remote workers. This will enable them to take back control of their<br />

productivity and deliver their best work, uninterrupted.<br />

The good news is there are solutions available on the market today. Adopting such a solution will reduce<br />

the risk of interruptions to the delivery of critical business services or of cybersecurity breaches that could<br />

negatively impact organizations financially, operationally or reputationally. At the same time, it can also<br />

boost productivity and wellbeing across the wider hybrid work<strong>for</strong>ce. I urge businesses and individuals to<br />

explore resilient solutions to minimize the risk to their operations from the new world of remote work.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 110<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

About the Author<br />

Andrew Lawton is CEO of Reskube Ltd. Andrew has<br />

successfully built and lead businesses <strong>for</strong> 25 years, with senior<br />

positions held at large companies such as HP and IBM, as well<br />

as smaller, fast growing companies including Safetynet,<br />

Guardian and Internet Security Systems (ISS).<br />

Andrew has a passion <strong>for</strong> leading high-growth technology<br />

businesses in the B2B Services, Software, IT, networking,<br />

telecom, and internet security industries, as well as a strong<br />

track-record <strong>for</strong> launching new business initiatives and<br />

organisations resulting in aggressive growth.<br />

Andrew Lawton can be reached online here and at the Reskube<br />

company website https://reskube.com/.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 111<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 112<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 113<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 114<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 115<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 116<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 117<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 118<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 119<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 120<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 121<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 122<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 123<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 124<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 125<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 126<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 127<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 128<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 129<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 130<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 131<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 132<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 133<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 134<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong><strong>Defense</strong>.TV now has 200 hotseat interviews and growing…<br />

Market leaders, innovators, CEO hot seat interviews and much more.<br />

A division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 135<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Free Monthly <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> Via Email<br />

Enjoy our monthly electronic editions of our Magazines <strong>for</strong> FREE.<br />

This magazine is by and <strong>for</strong> ethical in<strong>for</strong>mation security professionals with a twist on innovative consumer<br />

products and privacy issues on top of best practices <strong>for</strong> IT security and Regulatory Compliance. Our<br />

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />

ideas, products and services in the in<strong>for</strong>mation technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />

arena plus we’ll in<strong>for</strong>m you as next generation and innovative technology vendors have news worthy of<br />

sharing with you – so enjoy. You get all of this <strong>for</strong> FREE, always, <strong>for</strong> our electronic editions. Click here<br />

to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />

newsletters along with this month’s newsletter.<br />

By signing up, you’ll always be in the loop with CDM.<br />

Copyright (C) <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />

<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Conferences.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com,<br />

<strong>Cyber</strong><strong>Defense</strong>Newswire.com, <strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com,and<br />

<strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability Corporation (LLC) originally incorporated in the United States of<br />

America. Our Tax ID (EIN) is: 45-4188465, <strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong><br />

<strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide.<br />

marketing@cyberdefensemagazine.com<br />

All rights reserved worldwide. Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />

recording, taping or by any in<strong>for</strong>mation storage retrieval system without the written permission of the publisher<br />

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />

the views of the publisher, and the publisher hereby disclaims any responsibility <strong>for</strong> them. Send us great content<br />

and we’ll post it in the magazine <strong>for</strong> free, subject to editorial approval and layout. Email us at<br />

marketing@cyberdefensemagazine.com<br />

<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />

276 Fifth Avenue, Suite 704, New York, NY 1000<br />

EIN: 454-18-8465, DUNS# 078358935.<br />

All rights reserved worldwide.<br />

marketing@cyberdefensemagazine.com<br />

www.cyberdefensemagazine.com<br />


<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 03/01/<strong>2022</strong><br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 136<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />

(with others coming soon...)<br />

10 Years in The Making…<br />

Thank You to our Loyal Subscribers!<br />

We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know What You Think. It's mobile<br />

and tablet friendly and superfast. We hope you like it. In addition, we're past the five nines of 7x24x365<br />

uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />

around the Globe, Faster and More Secure DNS and <strong>Cyber</strong><strong>Defense</strong>Magazine.com up and running as an<br />

array of live mirror sites and our new B2C consumer magazine <strong>Cyber</strong>SecurityMagazine.com. Millions of<br />

monthly readers and new plat<strong>for</strong>ms coming…starting with www.cyberdefenseconferences.com this<br />

month…<br />

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 137<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 138<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 139<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>March</strong> <strong>2022</strong> <strong>Edition</strong> 140<br />

Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!